ch-20230211T153105Z-001[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

ch-20230211T153105Z-001.zip
Size

27.1MB
MD5

3d8ca25f0f1c09b5c59ea90308f24c0d
SHA1

09c77cd1889a19a531dc845fffde64337165067f
SHA256

360179597b27ae614c84bdc83c9d40ac8ce95432f325eeb597c6f6705eec560a
SHA512

2135e203b243c2dd40a92b0be88293e2ff4dd2e77bff4f6cbeb4623c963bf42c6d4db69ab7686b8e10f495023005252e466ed1672783f98539827b9b928b6124
SSDEEP

786432:bOEhQmdJNAT/tcQZp2UkO53f8h9lyercnkeDS1LTp:SE/nNElcqp2RO5vuf

Score

1^/10

Malware Config

Signatures

Files

ch-20230211T153105Z-001.zip
.zip
ch/Cheat Engine.exe
.exe windows x86

6a3885cc44153a7a3807b94e1a4fcd9a

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

97:2c:b4:ab:82:f8:ae:aa:93:a9:78:41:06:cd:f5:79:86:6d:41:32:8f:bf:5f:31:66:58:7b:94:9c:d1:cb:d6
Signer

Actual PE Digest

97:2c:b4:ab:82:f8:ae:aa:93:a9:78:41:06:cd:f5:79:86:6d:41:32:8f:bf:5f:31:66:58:7b:94:9c:d1:cb:d6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

26-10-2020 08:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

3d:56:7b:79:dd:ca:e3:c7:57:a8:83:9a:f7:d1:f6:dd:af:5f:7c:88
Signer

Actual PE Digest

3d:56:7b:79:dd:ca:e3:c7:57:a8:83:9a:f7:d1:f6:dd:af:5f:7c:88

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

26-10-2020 08:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetStdHandle
GetConsoleMode
TlsGetValue
GetLastError
SetLastError
ExitProcess
GetStartupInfoA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageW
CreateFileW
GetFileAttributesW
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetWindowsDirectoryA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GetDateFormatW
VirtualFree
GetLocalTime
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetSystemMetrics
MessageBeep

shell32

ShellExecuteW

Sections

.text
Size: 237KB - Virtual size: 236KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 69KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ch/CheatEngine.chm
.chm
ch/DotNetDataCollector32.exe
.exe windows x86

527cfa642ac8a84a0b0628cb5f479c9c

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fd:9d:59:96:ce:68:4a:4f:80:c1:59:cb:f4:40:f9:4f:0e:4b:17:34:f2:08:00:b9:2c:5b:55:23:9a:93:57:f6
Signer

Actual PE Digest

fd:9d:59:96:ce:68:4a:4f:80:c1:59:cb:f4:40:f9:4f:0e:4b:17:34:f2:08:00:b9:2c:5b:55:23:9a:93:57:f6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 08:56
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

75:69:bd:af:01:b1:f8:ba:f7:1f:09:e7:58:4d:d5:5d:fe:39:57:a8
Signer

Actual PE Digest

75:69:bd:af:01:b1:f8:ba:f7:1f:09:e7:58:4d:d5:5d:fe:39:57:a8

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 08:56
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

StrCpyW
StrCmpW
StrCatW

kernel32

ReadFile
EnterCriticalSection
WriteFile
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
OpenProcess
GetLastError
GetCurrentProcessId
LoadLibraryW
Wow64GetThreadContext
GetThreadContext
ReadProcessMemory
OpenThread
FindFirstFileW
lstrlenW
CreateNamedPipeW
FindClose
GetModuleHandleA
CreateToolhelp32Snapshot
OutputDebugStringW
LoadLibraryA
Module32FirstW
GetProcAddress
Module32NextW
ConnectNamedPipe
HeapReAlloc
HeapSize
SetFilePointerEx
GetFileSizeEx
CreateFileW
WriteConsoleW
FindNextFileW
GetConsoleMode
GetConsoleCP
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwind
RaiseException
DecodePointer
SetLastError
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
LCMapStringW
GetFileType
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers

user32

PeekMessageW
MessageBoxA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

ole32

CoInitialize

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/DotNetDataCollector64.exe
.exe windows x64

251b2a02e42c648284cca0f3e0076947

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5e:8b:5f:fb:43:4a:c7:5d:4b:07:dd:b8:53:89:22:17:40:5e:97:01:00:8f:c2:07:ce:45:2f:fd:0f:e1:e4:73
Signer

Actual PE Digest

5e:8b:5f:fb:43:4a:c7:5d:4b:07:dd:b8:53:89:22:17:40:5e:97:01:00:8f:c2:07:ce:45:2f:fd:0f:e1:e4:73

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 08:56
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

c7:ae:d3:bf:47:86:bf:e1:8e:4f:c7:e9:5c:8d:cc:3f:84:92:eb:c6
Signer

Actual PE Digest

c7:ae:d3:bf:47:86:bf:e1:8e:4f:c7:e9:5c:8d:cc:3f:84:92:eb:c6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 08:56
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

shlwapi

StrCpyW
StrCmpW
StrCatW

kernel32

ReadFile
EnterCriticalSection
WriteFile
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
OpenProcess
GetLastError
GetCurrentProcessId
LoadLibraryW
Wow64GetThreadContext
GetThreadContext
ReadProcessMemory
OpenThread
FindFirstFileW
lstrlenW
CreateNamedPipeW
FindClose
GetModuleHandleA
CreateToolhelp32Snapshot
OutputDebugStringW
LoadLibraryA
Module32FirstW
GetProcAddress
Module32NextW
ConnectNamedPipe
HeapReAlloc
HeapSize
SetFilePointerEx
GetFileSizeEx
CreateFileW
WriteConsoleW
FindNextFileW
RtlPcToFileHeader
GetConsoleMode
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RaiseException
SetLastError
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetStdHandle
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
HeapAlloc
HeapFree
LCMapStringW
GetFileType
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
GetProcessHeap
FlushFileBuffers

user32

PeekMessageW
MessageBoxA

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

ole32

CoInitialize

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/Kernelmoduleunloader.exe.sig
ch/Tutorial-i386.exe
.exe windows x86

b0c7f46b85f63a6aa41409d533de2cbb

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:12:39:da:46:a2:9c:98:b8:a1:50:77
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

05-04-2019 12:55

Not After

03-06-2020 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:12:39:da:46:a2:9c:98:b8:a1:50:77
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

05-04-2019 12:55

Not After

03-06-2020 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a3:4f:7a:a4:56:6d:94:6c:e1:1b:ab:4b:33:4f:af:ed:cb:94:8a:5c:a8:1e:01:2f:fb:15:1e:ca:7a:cd:13:48
Signer

Actual PE Digest

a3:4f:7a:a4:56:6d:94:6c:e1:1b:ab:4b:33:4f:af:ed:cb:94:8a:5c:a8:1e:01:2f:fb:15:1e:ca:7a:cd:13:48

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

24-07-2019 20:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

55:da:9b:fc:38:bb:ab:ef:52:43:ef:5d:3b:a5:db:32:2c:4b:fe:89
Signer

Actual PE Digest

55:da:9b:fc:38:bb:ab:ef:52:43:ef:5d:3b:a5:db:32:2c:4b:fe:89

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

24-07-2019 20:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetStdHandle
GetConsoleMode
TlsGetValue
GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageW
CreateFileW
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
FormatMessageA
GlobalAddAtomA
GetWindowsDirectoryA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GetDateFormatW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
PeekNamedPipe
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx
SetLayeredWindowAttributes

ole32

OleInitialize
OleUninitialize

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 370KB - Virtual size: 370KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 443KB - Virtual size: 442KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ch/Tutorial-x86_64.exe
.exe windows x64

6f1da32c530b48247a2c9f75eec65bda

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:12:39:da:46:a2:9c:98:b8:a1:50:77
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

05-04-2019 12:55

Not After

03-06-2020 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:12:39:da:46:a2:9c:98:b8:a1:50:77
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

05-04-2019 12:55

Not After

03-06-2020 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:e0:3f:44:f8:2a:45:13:65:25:95:3a:4f:d9:34:42:28:99:8b:14:f0:88:f0:63:b8:d1:6e:6d:08:39:04:97
Signer

Actual PE Digest

21:e0:3f:44:f8:2a:45:13:65:25:95:3a:4f:d9:34:42:28:99:8b:14:f0:88:f0:63:b8:d1:6e:6d:08:39:04:97

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

24-07-2019 20:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

d7:3f:c0:08:e6:e4:73:9f:a7:1d:cc:2a:a8:bf:81:ab:6d:c9:13:b4
Signer

Actual PE Digest

d7:3f:c0:08:e6:e4:73:9f:a7:1d:cc:2a:a8:bf:81:ab:6d:c9:13:b4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

24-07-2019 20:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetStdHandle
GetConsoleMode
TlsGetValue
GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageW
CreateFileW
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
FormatMessageA
GlobalAddAtomA
GetWindowsDirectoryA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetModuleFileNameW
GetCommandLineW
CompareStringW
GetLocaleInfoW
GetDateFormatW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
MulDiv
GetLocalTime
PeekNamedPipe
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongPtrA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongPtrW
SetWindowLongPtrW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx
SetLayeredWindowAttributes

ole32

OleInitialize
OleUninitialize

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 403KB - Virtual size: 402KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 833KB - Virtual size: 833KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 125KB - Virtual size: 125KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/allochook-i386.dll
.dll windows x86

a67985a7fa183a89fb79233f2a5c95ad

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2d:8f:1a:70:1d:f5:40:37:81:60:fb:00:e2:12:ac:c9:e3:c2:eb:fb:2e:c1:c6:5b:1c:e0:d3:a0:b2:33:eb:a2
Signer

Actual PE Digest

2d:8f:1a:70:1d:f5:40:37:81:60:fb:00:e2:12:ac:c9:e3:c2:eb:fb:2e:c1:c6:5b:1c:e0:d3:a0:b2:33:eb:a2

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

f2:fe:20:59:8e:04:99:7d:bc:61:1f:ee:44:d2:17:ff:88:c4:26:18
Signer

Actual PE Digest

f2:fe:20:59:8e:04:99:7d:bc:61:1f:ee:44:d2:17:ff:88:c4:26:18

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetLastError
SetLastError
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetProcAddress
CreateFileW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
FormatMessageA
OutputDebugStringA
FindResourceA
FindResourceExA
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
GetWindowsDirectoryA
GetVersionExA
CompareStringA
GetLocaleInfoA
EnumCalendarInfoA
CompareStringW
FreeResource
LockResource
VirtualFree
VirtualQuery
GetProcessHeaps
HeapLock
HeapUnlock
HeapWalk
LoadResource
SizeofResource
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetSystemMetrics
MessageBeep

Exports

Exports

CEHasHandledItEvent
CEInitializationFinished
CeAllocateVirtualMemory
CeFreeVirtualMemory
CeInitializeAllocHook
CeRtlAllocateHeap
CeRtlDestroyHeap
CeRtlFreeHeap
HasSetupDataEvent
HookEventData
NtAllocateVirtualMemoryOrig
NtFreeVirtualMemoryOrig
RtlAllocateHeapOrig
RtlDestroyHeapOrig
RtlFreeHeapOrig

Sections

.text
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 17KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stab
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/allochook-x86_64.dll
.dll windows x64

a78657ca64fcb752ff706804b8a7dece

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

51:28:ad:e5:e1:23:fc:51:31:32:56:e3:b5:b8:db:c8:d6:7b:bf:d1:50:cf:f7:8c:8e:e4:c9:e5:ad:a1:62:07
Signer

Actual PE Digest

51:28:ad:e5:e1:23:fc:51:31:32:56:e3:b5:b8:db:c8:d6:7b:bf:d1:50:cf:f7:8c:8e:e4:c9:e5:ad:a1:62:07

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

7c:a9:e3:fe:cd:31:a5:34:3f:ff:68:a4:f6:b4:74:bd:b6:9f:bd:b7
Signer

Actual PE Digest

7c:a9:e3:fe:cd:31:a5:34:3f:ff:68:a4:f6:b4:74:bd:b6:9f:bd:b7

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetLastError
SetLastError
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetProcAddress
CreateFileW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
FormatMessageA
OutputDebugStringA
FindResourceA
FindResourceExA
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
GetWindowsDirectoryA
GetVersionExA
CompareStringA
GetLocaleInfoA
EnumCalendarInfoA
CompareStringW
FreeResource
LockResource
VirtualQuery
GetProcessHeaps
HeapLock
HeapUnlock
HeapWalk
LoadResource
SizeofResource
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetSystemMetrics
MessageBeep

Exports

Exports

CEHasHandledItEvent
CEInitializationFinished
CeAllocateVirtualMemory
CeFreeVirtualMemory
CeInitializeAllocHook
CeRtlAllocateHeap
CeRtlDestroyHeap
CeRtlFreeHeap
HasSetupDataEvent
HookEventData
NtAllocateVirtualMemoryOrig
NtFreeVirtualMemoryOrig
RtlAllocateHeapOrig
RtlDestroyHeapOrig
RtlFreeHeapOrig

Sections

.text
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/4
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/16
Size: 512B - Virtual size: 452B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/30
Size: 1024B - Virtual size: 927B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

/42
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/autorun/DotNetInject.lua
ch/autorun/DotNetInterface.lua
.js
ch/autorun/addtonewgroup.lua
.js
ch/autorun/autosave.lua
.js
ch/autorun/bigendian.lua
.js
ch/autorun/ceshare.lua
.js
ch/autorun/ceshare/ceshare_account.lua
.js
ch/autorun/ceshare/ceshare_comments.lua
.js
ch/autorun/ceshare/ceshare_fulltablelist.lua
.js
ch/autorun/ceshare/ceshare_permissions.lua
.js
ch/autorun/ceshare/ceshare_processlistextention.lua
.js
ch/autorun/ceshare/ceshare_publish.lua
.js
ch/autorun/ceshare/ceshare_querycheats.lua
.js
ch/autorun/ceshare/ceshare_requests.lua
.js
ch/autorun/ceshare/forms/BrowseCheats.FRM
.xml .ps1
ch/autorun/ceshare/forms/CommentsOrRequests.FRM
.xml
ch/autorun/ceshare/forms/InitialSetup.FRM
.xml
ch/autorun/ceshare/forms/Permissions.FRM
.xml
ch/autorun/ceshare/forms/PublishCheat.FRM
.xml
ch/autorun/ceshare/forms/UpdateOrNew.FRM
.xml
ch/autorun/ceshare/images/link.png
.png
ch/autorun/dlls/32/CEJVMTI.dll
.dll windows x86

f169cd83c1b5a46b223f247f34ac4096

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03-02-2015 00:00

Not After

03-03-2026 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:6e:d7:c0:bc:cc:41:4e:44:b3:51:50:de:3a:b6:f9:9d
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

21-07-2015 14:34

Not After

21-09-2016 11:08

Subject

CN=Cheat Engine,O=Cheat Engine,L=Eindhoven,C=NL,1.2.840.113549.1.9.1=#0c156461726b5f6279746540686f746d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dc:1b:76:93:c1:f1:c7:ea:51:8d:8d:ac:a8:61:de:6f:9b:64:79:14
Signer

Actual PE Digest

dc:1b:76:93:c1:f1:c7:ea:51:8d:8d:ac:a8:61:de:6f:9b:64:79:14

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Cheat Engine,O=Cheat Engine,L=Eindhoven,C=NL,1.2.840.113549.1.9.1=#0c156461726b5f6279746540686f746d61696c2e636f6d

24-12-2015 18:23
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OutputDebugStringA
GetCurrentProcessId
CreateNamedPipeW
ConnectNamedPipe
Sleep
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReadFile
WriteFile
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetSystemTimeAsFileTime

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z

msvcr90

??0exception@std@@QAE@XZ
free
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
memmove_s
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
__clean_type_info_names_internal
malloc
_vswprintf_c_l
??3@YAXPAX@Z
??2@YAPAXI@Z
??0exception@std@@QAE@ABQBD@Z
?what@exception@std@@UBEPBDXZ
??0exception@std@@QAE@ABV01@@Z
??1exception@std@@UAE@XZ
_amsg_exit
_invalid_parameter_noinfo
calloc
_CxxThrowException
__CxxFrameHandler3
memset

Exports

Exports

??4CCEJVMTI@@QAEAAV0@ABV0@@Z
_Agent_OnAttach@12
_Agent_OnLoad@12

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/autorun/dlls/64/CEJVMTI.dll
.dll windows x64

323de1ff7655e597353e5677c1bc8a83

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

13-04-2019 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:06:a0:81:d3:3f:d8:7a:e5:82:4c:c1:6b:52:09:4e:03
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

03-02-2015 00:00

Not After

03-03-2026 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:6e:d7:c0:bc:cc:41:4e:44:b3:51:50:de:3a:b6:f9:9d
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

21-07-2015 14:34

Not After

21-09-2016 11:08

Subject

CN=Cheat Engine,O=Cheat Engine,L=Eindhoven,C=NL,1.2.840.113549.1.9.1=#0c156461726b5f6279746540686f746d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bc:49:c7:33:0c:3c:dd:77:11:eb:34:d1:57:43:1b:81:d3:6d:88:1a
Signer

Actual PE Digest

bc:49:c7:33:0c:3c:dd:77:11:eb:34:d1:57:43:1b:81:d3:6d:88:1a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Cheat Engine,O=Cheat Engine,L=Eindhoven,C=NL,1.2.840.113549.1.9.1=#0c156461726b5f6279746540686f746d61696c2e636f6d

24-12-2015 18:24
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

OutputDebugStringA
GetCurrentProcessId
CreateNamedPipeW
ConnectNamedPipe
Sleep
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
ReadFile
WriteFile
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime

msvcp90

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@AEBV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QEAA@PEBD@Z

msvcr90

_invalid_parameter_noinfo
__C_specific_handler
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_initterm
_initterm_e
??0exception@std@@QEAA@XZ
_amsg_exit
__CppXcptFilter
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
free
malloc
_vswprintf_c_l
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memmove_s
??0exception@std@@QEAA@AEBQEBD@Z
?what@exception@std@@UEBAPEBDXZ
??0exception@std@@QEAA@AEBV01@@Z
_encoded_null
??1exception@std@@UEAA@XZ
calloc
_CxxThrowException
__CxxFrameHandler3
memset

Exports

Exports

??4CCEJVMTI@@QEAAAEAV0@AEBV0@@Z
Agent_OnAttach
Agent_OnLoad

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 198B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/autorun/dlls/DotNetInterface.deps.json
ch/autorun/dlls/DotNetInterface.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/autorun/dlls/MonoDataCollector32.dll
.dll windows x86

e7887ec2f66f5872997a7a195437342d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:af:3c:22:be:6d:92:aa:91:16:75:1f:85:50:4a:7c:83:b6:37:a2:ae:a9:7f:ae:9d:93:d6:92:46:d5:b0:6c
Signer

Actual PE Digest

7a:af:3c:22:be:6d:92:aa:91:16:75:1f:85:50:4a:7c:83:b6:37:a2:ae:a9:7f:ae:9d:93:d6:92:46:d5:b0:6c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 08:56
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

2e:ba:a0:8f:74:24:59:ed:86:4a:d1:0e:90:96:43:a2:22:d6:f9:97
Signer

Actual PE Digest

2e:ba:a0:8f:74:24:59:ed:86:4a:d1:0e:90:96:43:a2:22:d6:f9:97

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 08:56
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ReadFile
EnterCriticalSection
WriteFile
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
OutputDebugStringA
CreateThread
CreateFileW
FreeLibraryAndExitThread
GetModuleHandleA
Sleep
GetCurrentThread
TerminateThread
GetProcAddress
GetCurrentProcessId
CreateNamedPipeW
GetCurrentThreadId
CreateToolhelp32Snapshot
GetLastError
Module32FirstW
AddVectoredExceptionHandler
GetModuleHandleW
WideCharToMultiByte
Module32NextW
ConnectNamedPipe
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
MultiByteToWideChar
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlUnwind
RaiseException
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
HeapReAlloc
GetTimeZoneInformation
SetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW

Exports

Exports

MDC_ServerPipe

Sections

.text
Size: 262KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/autorun/dlls/MonoDataCollector64.dll
.dll windows x64

74b975218b10bb5ec452830411e264de

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:c9:e6:0e:bb:60:f4:d9:36:42:9c:bb:48:1f:2c:b9:0d:c0:1f:ba:ba:18:85:80:ad:87:d6:39:a8:f4:e9:b6
Signer

Actual PE Digest

06:c9:e6:0e:bb:60:f4:d9:36:42:9c:bb:48:1f:2c:b9:0d:c0:1f:ba:ba:18:85:80:ad:87:d6:39:a8:f4:e9:b6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 08:56
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

58:56:d8:d7:13:ae:40:c0:39:e7:c1:a2:9b:c7:1b:07:66:dc:3d:92
Signer

Actual PE Digest

58:56:d8:d7:13:ae:40:c0:39:e7:c1:a2:9b:c7:1b:07:66:dc:3d:92

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 08:56
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReadFile
EnterCriticalSection
WriteFile
LeaveCriticalSection
InitializeCriticalSection
CloseHandle
OutputDebugStringA
CreateThread
CreateFileW
FreeLibraryAndExitThread
GetModuleHandleA
Sleep
GetCurrentThread
TerminateThread
GetProcAddress
GetCurrentProcessId
CreateNamedPipeW
GetCurrentThreadId
CreateToolhelp32Snapshot
GetLastError
Module32FirstW
AddVectoredExceptionHandler
GetModuleHandleW
WideCharToMultiByte
Module32NextW
ConnectNamedPipe
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
MultiByteToWideChar
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
DecodePointer
GetStringTypeW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
HeapReAlloc
GetTimeZoneInformation
SetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW

Exports

Exports

MDC_ServerPipe

Sections

.text
Size: 333KB - Virtual size: 332KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/autorun/dlls/src/Common/Pipe.cpp
ch/autorun/dlls/src/Common/Pipe.h
ch/autorun/dlls/src/Java/CEJVMTI/CEJVMTI.sln
ch/autorun/dlls/src/Java/CEJVMTI/CEJVMTI/CEJVMTI.cpp
ch/autorun/dlls/src/Java/CEJVMTI/CEJVMTI/CEJVMTI.h
ch/autorun/dlls/src/Java/CEJVMTI/CEJVMTI/CEJVMTI.vcproj
.xml
ch/autorun/dlls/src/Java/CEJVMTI/CEJVMTI/JavaEventServer.cpp
.js
ch/autorun/dlls/src/Java/CEJVMTI/CEJVMTI/JavaEventServer.h
ch/autorun/dlls/src/Java/CEJVMTI/CEJVMTI/JavaServer.cpp
.js
ch/autorun/dlls/src/Java/CEJVMTI/CEJVMTI/JavaServer.h
ch/autorun/dlls/src/Java/CEJVMTI/CEJVMTI/dllmain.cpp
ch/autorun/dlls/src/Java/CEJVMTI/CEJVMTI/stdafx.cpp
ch/autorun/dlls/src/Java/CEJVMTI/CEJVMTI/stdafx.h
ch/autorun/dlls/src/Java/CEJVMTI/CEJVMTI/targetver.h
ch/autorun/dlls/src/Mono/MonoDataCollector.sln
ch/autorun/dlls/src/Mono/MonoDataCollector/Metadata.h
ch/autorun/dlls/src/Mono/MonoDataCollector/MonoDataCollector.cpp
ch/autorun/dlls/src/Mono/MonoDataCollector/MonoDataCollector.h
ch/autorun/dlls/src/Mono/MonoDataCollector/MonoDataCollector.vcproj
.xml
ch/autorun/dlls/src/Mono/MonoDataCollector/PipeServer.cpp
.js
ch/autorun/dlls/src/Mono/MonoDataCollector/PipeServer.h
ch/autorun/dlls/src/Mono/MonoDataCollector/dllmain.cpp
ch/autorun/dlls/src/Mono/MonoDataCollector/stdafx.cpp
ch/autorun/dlls/src/Mono/MonoDataCollector/targetver.h
ch/autorun/dotnetinfo.lua
.js
ch/autorun/dotnetsearch.lua
.js
ch/autorun/forms/DotNetInfo.frm
.xml
ch/autorun/forms/DotNetSearch.frm
.xml
ch/autorun/forms/MonoDataCollector.frm
.xml
ch/autorun/images/export128x128.png
.png
ch/autorun/images/import128x128.png
.png
ch/autorun/java.lua
ch/autorun/javaClassEditor.lua
ch/autorun/javaclass.lua
ch/autorun/luasymbols.lua
ch/autorun/modulelistscan.lua
.js
ch/autorun/monoscript.lua
.js
ch/autorun/patchscan.lua
.js
ch/autorun/pseudocode.lua
.js
ch/autorun/pseudocodediagram.lua
.js
ch/autorun/savesession.lua
.js
ch/autorun/versioncheck.lua
.js
ch/autorun/xml/xmlSimple.lua
ch/badassets/bullet.png
.png
ch/badassets/door.png
.png
ch/badassets/infobutton.png
.png
ch/badassets/lock.png
.png
ch/badassets/pausebutton.png
.png
ch/badassets/platformenemy.png
.png
ch/badassets/platformplayer.png
.png
ch/badassets/playership.png
.png
ch/badassets/scoreboard.png
.png
ch/badassets/shieldedtarget.png
.png
ch/badassets/target.png
.png
ch/badassets/xxx.png
.png
ch/badassets/xxx2.png
.png
ch/badassets/xxx3.png
.png
ch/ced3d10hook.dll
.dll windows x86

54e6baf4a7fc30cce7ae3af2ae401782

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bd:be:1c:37:94:22:c4:12:f9:57:59:9d:9e:d9:69:c8:c7:5f:45:5f:29:42:f7:33:31:0f:d9:ff:d0:95:ea:13
Signer

Actual PE Digest

bd:be:1c:37:94:22:c4:12:f9:57:59:9d:9e:d9:69:c8:c7:5f:45:5f:29:42:f7:33:31:0f:d9:ff:d0:95:ea:13

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

90:9d:b0:40:58:f8:27:4b:fc:2f:c8:ee:82:5b:7c:3e:02:83:20:b1
Signer

Actual PE Digest

90:9d:b0:40:58:f8:27:4b:fc:2f:c8:ee:82:5b:7c:3e:02:83:20:b1

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3dx10_43

D3DXMatrixRotationZ
D3DX10CompileFromFileA
D3DX10CreateTextureFromMemory
D3DX10SaveTextureToMemory
D3DX10SaveTextureToFileA

kernel32

VirtualFree
FlushFileBuffers
CreateFileA
WriteFile
VirtualQuery
CloseHandle
WaitForSingleObject
OutputDebugStringA
SetEvent
GetTickCount
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapAlloc
GetLastError
HeapReAlloc
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetModuleHandleA
VirtualAlloc
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

user32

GetClientRect
GetAsyncKeyState
ScreenToClient
GetCursorPos

Exports

Exports

D3D10Hook_DrawAuto_imp
D3D10Hook_DrawIndexedInstanced_imp
D3D10Hook_DrawIndexed_imp
D3D10Hook_DrawInstanced_imp
D3D10Hook_Draw_imp
D3D10Hook_SwapChain_Present_imp
D3D10Hook_SwapChain_ResizeBuffers_imp

Sections

.text
Size: 75KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/ced3d10hook64.dll
.dll windows x64

9ecc17e8125484bf6d22b853aa6333a7

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ac:0e:d5:0f:7b:93:84:98:5d:ad:8e:3d:e1:92:46:cf:1b:09:ba:54:93:90:74:92:c2:60:3e:5b:1a:39:5a:5d
Signer

Actual PE Digest

ac:0e:d5:0f:7b:93:84:98:5d:ad:8e:3d:e1:92:46:cf:1b:09:ba:54:93:90:74:92:c2:60:3e:5b:1a:39:5a:5d

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

16:11:4c:cc:ce:00:52:f1:da:59:c0:20:76:16:ac:65:32:89:4f:b5
Signer

Actual PE Digest

16:11:4c:cc:ce:00:52:f1:da:59:c0:20:76:16:ac:65:32:89:4f:b5

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3dx10_43

D3DXMatrixRotationZ
D3DX10CompileFromFileA
D3DX10CreateTextureFromMemory
D3DX10SaveTextureToMemory
D3DX10SaveTextureToFileA

kernel32

GetStdHandle
FlushFileBuffers
WriteConsoleW
CreateFileA
WriteFile
VirtualQuery
CloseHandle
WaitForSingleObject
OutputDebugStringA
SetEvent
GetTickCount
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
HeapAlloc
GetLastError
HeapReAlloc
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
HeapSize
GetModuleHandleW
GetProcAddress
ExitProcess
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA

user32

GetClientRect
GetAsyncKeyState
ScreenToClient
GetCursorPos

Exports

Exports

D3D10Hook_DrawAuto_imp
D3D10Hook_DrawIndexedInstanced_imp
D3D10Hook_DrawIndexed_imp
D3D10Hook_DrawInstanced_imp
D3D10Hook_Draw_imp
D3D10Hook_SwapChain_Present_imp
D3D10Hook_SwapChain_ResizeBuffers_imp

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/ced3d11hook.dll
.dll windows x86

a3258c6ee97d726a9efc2336a95f2c30

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:cc:b3:71:9c:07:8b:4b:84:b6:b8:13:d6:43:81:62:1b:a7:ee:3f:04:77:d4:62:d4:0d:8f:91:ac:16:7b:19
Signer

Actual PE Digest

05:cc:b3:71:9c:07:8b:4b:84:b6:b8:13:d6:43:81:62:1b:a7:ee:3f:04:77:d4:62:d4:0d:8f:91:ac:16:7b:19

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

1c:27:96:c2:8f:cf:24:e6:9d:e0:46:2f:b9:64:6f:47:a6:69:f9:2f
Signer

Actual PE Digest

1c:27:96:c2:8f:cf:24:e6:9d:e0:46:2f:b9:64:6f:47:a6:69:f9:2f

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3dx11_43

D3DX11CompileFromFileA
D3DX11CreateTextureFromMemory
D3DX11SaveTextureToMemory
D3DX11SaveTextureToFileA

kernel32

VirtualFree
FlushFileBuffers
EnterCriticalSection
CreateFileA
WriteFile
VirtualQuery
CloseHandle
LeaveCriticalSection
WaitForSingleObject
OutputDebugStringA
SetEvent
InitializeCriticalSection
GetTickCount
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapAlloc
GetLastError
HeapReAlloc
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
DeleteCriticalSection
GetModuleHandleA
VirtualAlloc
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

user32

GetClientRect
GetAsyncKeyState
ScreenToClient
GetCursorPos

Exports

Exports

D3D11Hook_DrawAuto_imp
D3D11Hook_DrawIndexedInstanced_imp
D3D11Hook_DrawIndexed_imp
D3D11Hook_DrawInstanced_imp
D3D11Hook_Draw_imp
D3D11Hook_SwapChain_Present_imp
D3D11Hook_SwapChain_ResizeBuffers_imp

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/ced3d11hook64.dll
.dll windows x64

7b490c73f6a24a175ff2ab5985e57ccc

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a3:0c:7a:88:66:a8:cf:56:48:4b:0b:3a:33:74:9c:aa:03:22:cf:0e:e9:9a:29:99:ea:f4:de:91:b0:09:57:18
Signer

Actual PE Digest

a3:0c:7a:88:66:a8:cf:56:48:4b:0b:3a:33:74:9c:aa:03:22:cf:0e:e9:9a:29:99:ea:f4:de:91:b0:09:57:18

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

02:05:3b:2b:7a:d9:f6:4a:bf:53:64:7b:49:65:12:f2:45:93:9e:60
Signer

Actual PE Digest

02:05:3b:2b:7a:d9:f6:4a:bf:53:64:7b:49:65:12:f2:45:93:9e:60

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3dx11_43

D3DX11CompileFromFileA
D3DX11CreateTextureFromMemory
D3DX11SaveTextureToMemory
D3DX11SaveTextureToFileA

kernel32

GetProcAddress
FlushFileBuffers
EnterCriticalSection
CreateFileA
WriteFile
VirtualQuery
CloseHandle
LeaveCriticalSection
WaitForSingleObject
OutputDebugStringA
SetEvent
InitializeCriticalSection
GetTickCount
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapAlloc
GetLastError
HeapReAlloc
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
HeapSize
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

user32

GetClientRect
GetAsyncKeyState
ScreenToClient
GetCursorPos

Exports

Exports

D3D11Hook_DrawAuto_imp
D3D11Hook_DrawIndexedInstanced_imp
D3D11Hook_DrawIndexed_imp
D3D11Hook_DrawInstanced_imp
D3D11Hook_Draw_imp
D3D11Hook_SwapChain_Present_imp
D3D11Hook_SwapChain_ResizeBuffers_imp

Sections

.text
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/ced3d9hook.dll
.dll windows x86

1918101ac90906330d7a2616375c55e0

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d9:d9:47:08:30:fc:4e:55:fb:22:f7:9e:29:5a:d2:7e:55:6b:dc:5f:2b:9d:7b:c3:44:a6:0b:b3:47:70:2a:81
Signer

Actual PE Digest

d9:d9:47:08:30:fc:4e:55:fb:22:f7:9e:29:5a:d2:7e:55:6b:dc:5f:2b:9d:7b:c3:44:a6:0b:b3:47:70:2a:81

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

d9:06:4e:65:86:aa:82:4d:ab:65:3f:97:82:7b:dc:ec:91:1c:7c:3a
Signer

Actual PE Digest

d9:06:4e:65:86:aa:82:4d:ab:65:3f:97:82:7b:dc:ec:91:1c:7c:3a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

d3dx9_43

D3DXCreateSprite
D3DXMatrixTransformation2D
D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXMatrixTransformation
D3DXSaveSurfaceToFileInMemory
D3DXSaveSurfaceToFileA

kernel32

EnterCriticalSection
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
CreateFileA
WriteFile
VirtualQuery
CloseHandle
WaitForSingleObject
OutputDebugStringA
SetEvent
GetTickCount
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
HeapAlloc
GetLastError
HeapReAlloc
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
DeleteCriticalSection
LeaveCriticalSection
GetModuleHandleA
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW

user32

GetClientRect
GetAsyncKeyState
ScreenToClient
GetCursorPos

Exports

Exports

D3D9Hook_DrawIndexedPrimitiveUP_imp
D3D9Hook_DrawIndexedPrimitive_imp
D3D9Hook_DrawPrimitiveUP_imp
D3D9Hook_DrawPrimitive_imp
D3D9Hook_DrawRectPatch_imp
D3D9Hook_DrawTriPatch_imp
D3D9Hook_Present_imp
D3D9Hook_Reset_imp

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/ced3d9hook64.dll
.dll windows x64

4b9b84d7aa5c3523fdc75de4312d466e

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

15:25:9f:28:1c:da:6a:d0:91:39:07:e3:a8:7e:88:b3:f0:fd:02:38:da:dd:68:fe:a0:30:10:07:87:23:fe:35
Signer

Actual PE Digest

15:25:9f:28:1c:da:6a:d0:91:39:07:e3:a8:7e:88:b3:f0:fd:02:38:da:dd:68:fe:a0:30:10:07:87:23:fe:35

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

ea:f3:85:05:5b:92:37:23:6b:00:fe:d7:bb:f7:f6:53:25:01:b8:3d
Signer

Actual PE Digest

ea:f3:85:05:5b:92:37:23:6b:00:fe:d7:bb:f7:f6:53:25:01:b8:3d

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

d3dx9_43

D3DXCreateSprite
D3DXMatrixTransformation2D
D3DXCreateTextureFromFileInMemory
D3DXCreateTextureFromFileInMemoryEx
D3DXMatrixTransformation
D3DXSaveSurfaceToFileInMemory
D3DXSaveSurfaceToFileA

kernel32

ExitProcess
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
CreateFileA
WriteFile
VirtualQuery
CloseHandle
WaitForSingleObject
OutputDebugStringA
SetEvent
GetTickCount
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
HeapAlloc
GetLastError
HeapReAlloc
HeapFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
HeapSize
GetModuleHandleW
GetProcAddress
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar

user32

GetClientRect
GetAsyncKeyState
ScreenToClient
GetCursorPos

Exports

Exports

D3D9Hook_DrawIndexedPrimitiveUP_imp
D3D9Hook_DrawIndexedPrimitive_imp
D3D9Hook_DrawPrimitiveUP_imp
D3D9Hook_DrawPrimitive_imp
D3D9Hook_DrawRectPatch_imp
D3D9Hook_DrawTriPatch_imp
D3D9Hook_Present_imp
D3D9Hook_Reset_imp

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/cedebug.txt
ch/celua.txt
ch/ceregreset.exe
.exe windows x86

596f6736a6381c6d0307595ea9a05b11

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b0:db:74:ad:21:26:ec:5f:b2:54:48:d4:69:54:54:5f:1d:6d:a6:ae:b8:81:30:3d:54:d8:3c:d5:5c:a3:bf:f4
Signer

Actual PE Digest

b0:db:74:ad:21:26:ec:5f:b2:54:48:d4:69:54:54:5f:1d:6d:a6:ae:b8:81:30:3d:54:d8:3c:d5:5c:a3:bf:f4

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

25-05-2017 00:58
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

44:a3:3c:4c:df:6e:46:9d:80:89:e6:a2:38:8a:0f:a5:57:0b:6d:83
Signer

Actual PE Digest

44:a3:3c:4c:df:6e:46:9d:80:89:e6:a2:38:8a:0f:a5:57:0b:6d:83

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

25-05-2017 00:58
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
GetProcAddress
CreateFileW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
FormatMessageA
GetWindowsDirectoryA
GetVersionExA
CompareStringA
GetLocaleInfoA
EnumCalendarInfoA
CompareStringW
VirtualFree
FileTimeToSystemTime
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetSystemMetrics
MessageBeep

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
RegFlushKey

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/cheatengine-i386.exe
.exe windows x86

2938361072f8f6406268be80e6f19999

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

32:95:97:7b:36:e7:d9:0e:36:8e:77:92:88:f4:ce:27:fc:78:10:9e:7d:3e:78:2f:53:58:0a:a5:62:f9:28:f8
Signer

Actual PE Digest

32:95:97:7b:36:e7:d9:0e:36:8e:77:92:88:f4:ce:27:fc:78:10:9e:7d:3e:78:2f:53:58:0a:a5:62:f9:28:f8

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 09:29
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

a2:ba:de:09:35:cb:7d:88:29:9b:f7:57:8a:ac:95:98:97:21:9f:62
Signer

Actual PE Digest

a2:ba:de:09:35:cb:7d:88:29:9b:f7:57:8a:ac:95:98:97:21:9f:62

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 09:29
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetStdHandle
GetConsoleMode
TlsGetValue
GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
GetFileSize
SetEndOfFile
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageW
DeleteFileW
MoveFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
SetEnvironmentVariableW
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
GetShortPathNameA
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateSemaphoreA
CreateFileMappingA
OpenFileMappingA
GetLogicalDriveStringsA
LoadLibraryExA
OutputDebugStringA
FindResourceA
FindResourceExA
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
GlobalAddAtomA
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
GetDiskFreeSpaceA
CreateFileA
CreateNamedPipeA
GetComputerNameA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetModuleFileNameW
GetCommandLineW
GetSystemDirectoryW
CreateProcessW
FindFirstFileW
FindNextFileW
CompareStringW
GetLocaleInfoW
GetDateFormatW
FreeResource
LockResource
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalMemoryStatus
FlushInstructionCache
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualQuery
VirtualQueryEx
GetProcessAffinityMask
GetProcessWorkingSetSize
SetProcessWorkingSetSize
OpenProcess
TerminateProcess
SetProcessAffinityMask
GetExitCodeProcess
CreateRemoteThread
GetCurrentThread
SetThreadAffinityMask
GetExitCodeThread
GetThreadSelectorEntry
SetErrorMode
WriteProcessMemory
ReleaseSemaphore
WaitForMultipleObjects
LoadResource
SizeofResource
GlobalDeleteAtom
FlushFileBuffers
DeviceIoControl
FindClose
GetFileTime
SetFileTime
DuplicateHandle
MulDiv
GetLocalTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToDosDateTime
DosDateTimeToFileTime
CreatePipe
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
MapViewOfFile
UnmapViewOfFile
QueryPerformanceCounter
QueryPerformanceFrequency
CancelIo
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID
GetOverlappedResult
GetFileSizeEx

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
RegisterWindowMessageA
PeekMessageA
SendMessageA
SendMessageTimeoutA
PostMessageA
PostThreadMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
RegisterClassExA
CreateWindowExA
SendDlgItemMessageA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
SetWindowLongA
GetClassLongA
SetClassLongA
FindWindowA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
UnregisterHotKey
AttachThreadInput
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
CloseWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
GetDlgItem
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetAsyncKeyState
keybd_event
mouse_event
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
GetCaretBlinkTime
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
IsRectEmpty
PtInRect
GetDesktopWindow
GetParent
SetParent
EnumChildWindows
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
DrawIconEx
FlashWindowEx
SetLayeredWindowAttributes
GetComboBoxInfo

advapi32

LookupAccountSidA
LookupPrivilegeValueA
RegQueryInfoKeyA
ChangeServiceConfigA
CreateServiceA
OpenSCManagerA
OpenServiceA
StartServiceA
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
AllocateAndInitializeSid
SetKernelObjectSecurity
RegCloseKey
RegFlushKey
CloseServiceHandle

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx
ChoosePixelFormat
SetPixelFormat
SwapBuffers

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ExtractIconA
ShellExecuteA
Shell_NotifyIconA
DragQueryFileW
Shell_NotifyIconW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SHGetPathFromIDListW
SHBrowseForFolderW

opengl32

wglUseFontBitmapsA
wglCreateContext
wglMakeCurrent
wglGetProcAddress

ole32

CoCreateGuid
CoTaskMemFree
OleInitialize
OleUninitialize
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CLSIDFromProgID
CoInitialize
CoTaskMemAlloc
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

shlwapi

AssocQueryStringW

comdlg32

ChooseColorA
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
ChooseFontW

imm32

ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmNotifyIME

imagehlp

StackWalk64
SymSetOptions
SymGetOptions
SymCleanup
SymEnumerateModules64
SymEnumerateModules
SymEnumerateSymbols
SymGetModuleInfo
SymLoadModule64
SymInitialize
SymSetContext
SymEnumSymbols
SymGetTypeInfo
SymEnumTypes
SymGetTypeFromName

lua53-32

lua_close
lua_newthread
lua_atpanic
lua_rotate
lua_rawlen
lua_absindex
lua_gettop
lua_settop
lua_pushvalue
lua_isnumber
lua_isinteger
lua_isstring
lua_iscfunction
lua_isuserdata
lua_type
lua_tonumberx
lua_tointegerx
lua_toboolean
lua_tolstring
lua_tocfunction
lua_touserdata
lua_pushnil
lua_pushnumber
lua_pushinteger
lua_pushlstring
lua_pushstring
lua_pushcclosure
lua_pushboolean
lua_pushlightuserdata
lua_gettable
lua_rawgeti
lua_createtable
lua_newuserdata
lua_getmetatable
lua_settable
lua_rawseti
lua_setmetatable
lua_callk
lua_pcallk
lua_load
lua_dump
lua_gc
lua_error
lua_next
lua_setglobal
lua_getglobal
lua_getinfo
lua_getlocal
lua_sethook
luaL_argerror
luaL_ref
luaL_unref
luaL_loadfilex
luaL_loadstring
luaL_newstate
luaL_openlibs

hhctrl.ocx

HtmlHelpA

ws2_32

accept
bind
closesocket
connect
ioctlsocket
getpeername
htons
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket
WSAStartup
WSACleanup
WSAGetLastError
__WSAFDIsSet

wsock32

closesocket
ioctlsocket
select
gethostbyaddr
gethostbyname
WSAStartup

wininet

InternetOpenA
InternetCloseHandle
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetQueryDataAvailable
HttpOpenRequestA
HttpSendRequestA

Sections

.text
Size: 6.0MB - Virtual size: 6.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 521KB - Virtual size: 520KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 200KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 630KB - Virtual size: 630KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/cheatengine-i386.exe.sig
ch/cheatengine-x86_64-SSE4-AVX2.exe
.exe windows x64

46bfd51c8926494db1d6e245498abc5f

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

06:45:23:da:f8:5d:2d:e9:6f:ee:d1:5d:17:10:48:ce:2d:b0:88:a3:cd:65:5e:51:40:79:17:a3:0a:5c:9a:49
Signer

Actual PE Digest

06:45:23:da:f8:5d:2d:e9:6f:ee:d1:5d:17:10:48:ce:2d:b0:88:a3:cd:65:5e:51:40:79:17:a3:0a:5c:9a:49

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 09:29
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

74:71:f8:96:8a:a1:1f:44:7a:65:6c:70:c1:aa:9a:55:ef:8f:4c:b0
Signer

Actual PE Digest

74:71:f8:96:8a:a1:1f:44:7a:65:6c:70:c1:aa:9a:55:ef:8f:4c:b0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 09:29
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetStdHandle
GetConsoleMode
TlsGetValue
GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
GetFileSize
SetEndOfFile
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageW
DeleteFileW
MoveFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
SetEnvironmentVariableW
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
GetShortPathNameA
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateSemaphoreA
CreateFileMappingA
OpenFileMappingA
GetLogicalDriveStringsA
LoadLibraryExA
OutputDebugStringA
FindResourceA
FindResourceExA
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
GlobalAddAtomA
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
GetDiskFreeSpaceA
CreateFileA
CreateNamedPipeA
GetComputerNameA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetModuleFileNameW
GetCommandLineW
GetSystemDirectoryW
CreateProcessW
FindFirstFileW
FindNextFileW
CompareStringW
GetLocaleInfoW
GetDateFormatW
FreeResource
LockResource
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalMemoryStatus
FlushInstructionCache
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualQuery
VirtualQueryEx
GetProcessAffinityMask
GetProcessWorkingSetSize
SetProcessWorkingSetSize
OpenProcess
TerminateProcess
SetProcessAffinityMask
GetExitCodeProcess
CreateRemoteThread
GetCurrentThread
SetThreadAffinityMask
GetExitCodeThread
SetErrorMode
WriteProcessMemory
ReleaseSemaphore
WaitForMultipleObjects
LoadResource
SizeofResource
GlobalDeleteAtom
FlushFileBuffers
DeviceIoControl
FindClose
GetFileTime
SetFileTime
DuplicateHandle
MulDiv
GetLocalTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToDosDateTime
DosDateTimeToFileTime
CreatePipe
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
MapViewOfFile
UnmapViewOfFile
QueryPerformanceCounter
QueryPerformanceFrequency
CancelIo
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID
GetOverlappedResult
GetFileSizeEx

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
RegisterWindowMessageA
PeekMessageA
SendMessageA
SendMessageTimeoutA
PostMessageA
PostThreadMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
RegisterClassExA
CreateWindowExA
SendDlgItemMessageA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
SetWindowLongA
GetClassLongPtrA
SetClassLongPtrA
FindWindowA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongPtrW
SetWindowLongPtrW
TranslateMessage
UnregisterHotKey
AttachThreadInput
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
CloseWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
GetDlgItem
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetAsyncKeyState
keybd_event
mouse_event
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
GetCaretBlinkTime
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
IsRectEmpty
PtInRect
GetDesktopWindow
GetParent
SetParent
EnumChildWindows
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
DrawIconEx
FlashWindowEx
SetLayeredWindowAttributes
GetComboBoxInfo
AllowSetForegroundWindow

advapi32

LookupAccountSidA
LookupPrivilegeValueA
RegQueryInfoKeyA
ChangeServiceConfigA
CreateServiceA
OpenSCManagerA
OpenServiceA
StartServiceA
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
AllocateAndInitializeSid
SetKernelObjectSecurity
RegCloseKey
RegFlushKey
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorA

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx
ChoosePixelFormat
SetPixelFormat
SwapBuffers
AddFontMemResourceEx
RemoveFontMemResourceEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ExtractIconA
ShellExecuteA
Shell_NotifyIconA
DragQueryFileW
Shell_NotifyIconW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SHGetPathFromIDListW
SHBrowseForFolderW

opengl32

wglUseFontBitmapsA
wglCreateContext
wglMakeCurrent
wglGetProcAddress

ole32

CoCreateGuid
CoTaskMemFree
OleInitialize
OleUninitialize
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CLSIDFromProgID
CoInitialize
CoTaskMemAlloc
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

shlwapi

AssocQueryStringW

comdlg32

ChooseColorA
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
ChooseFontW

imm32

ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmNotifyIME

ntdll

ZwCreateSection
ZwMapViewOfSection
NtResumeProcess
NtSuspendProcess
ZwUnmapViewOfSection
RtlCompareMemory

ws2_32

__WSAFDIsSet
accept
bind
closesocket
connect
ioctlsocket
getpeername
htons
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

closesocket
ioctlsocket
select
gethostbyaddr
gethostbyname
WSAStartup

imagehlp

StackWalk64
SymSetOptions
SymGetOptions
SymCleanup
SymEnumerateModules64
SymEnumerateSymbols64
SymGetModuleInfo64
SymInitialize
SymLoadModule64
SymSetContext
SymEnumSymbols
SymGetTypeInfo
SymEnumTypes
SymGetTypeFromName

psapi

GetMappedFileNameA
GetDeviceDriverFileNameA

hhctrl.ocx

HtmlHelpA

lua53-64

lua_close
lua_newthread
lua_atpanic
lua_rotate
lua_rawlen
lua_absindex
lua_gettop
lua_settop
lua_pushvalue
lua_isnumber
lua_isinteger
lua_isstring
lua_iscfunction
lua_isuserdata
lua_type
lua_tonumberx
lua_tointegerx
lua_toboolean
lua_tolstring
lua_tocfunction
lua_touserdata
lua_pushnil
lua_pushnumber
lua_pushinteger
lua_pushlstring
lua_pushstring
lua_pushcclosure
lua_pushboolean
lua_pushlightuserdata
lua_gettable
lua_rawgeti
lua_createtable
lua_newuserdata
lua_getmetatable
lua_settable
lua_rawseti
lua_setmetatable
lua_callk
lua_pcallk
lua_load
lua_dump
lua_gc
lua_error
lua_next
lua_setglobal
lua_getglobal
lua_getinfo
lua_getlocal
lua_sethook
luaL_argerror
luaL_ref
luaL_unref
luaL_loadfilex
luaL_loadstring
luaL_newstate
luaL_openlibs

wininet

InternetOpenA
InternetCloseHandle
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetQueryDataAvailable
HttpOpenRequestA
HttpSendRequestA

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 203KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 630KB - Virtual size: 630KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/cheatengine-x86_64-SSE4-AVX2.exe.sig
ch/cheatengine-x86_64.exe
.exe windows x64

46bfd51c8926494db1d6e245498abc5f

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:04:17:eb:45:98:36:62:f5:60:ff:37:a8:d1:ab:e1:e0:38:42:5f:fd:33:27:b1:54:af:11:e7:29:21:65:e9
Signer

Actual PE Digest

50:04:17:eb:45:98:36:62:f5:60:ff:37:a8:d1:ab:e1:e0:38:42:5f:fd:33:27:b1:54:af:11:e7:29:21:65:e9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 09:29
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

e4:6c:a7:b5:36:e0:64:02:06:fd:84:aa:b1:e9:18:2d:19:d7:9b:ca
Signer

Actual PE Digest

e4:6c:a7:b5:36:e0:64:02:06:fd:84:aa:b1:e9:18:2d:19:d7:9b:ca

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 09:29
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetStdHandle
GetConsoleMode
TlsGetValue
GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
GetFileSize
SetEndOfFile
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageW
DeleteFileW
MoveFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetFullPathNameW
SetEnvironmentVariableW
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
GetShortPathNameA
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
CreateSemaphoreA
CreateFileMappingA
OpenFileMappingA
GetLogicalDriveStringsA
LoadLibraryExA
OutputDebugStringA
FindResourceA
FindResourceExA
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
BeginUpdateResourceA
UpdateResourceA
EndUpdateResourceA
GlobalAddAtomA
GetSystemDirectoryA
GetTempPathA
GetWindowsDirectoryA
GetDiskFreeSpaceA
CreateFileA
CreateNamedPipeA
GetComputerNameA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetModuleFileNameW
GetCommandLineW
GetSystemDirectoryW
CreateProcessW
FindFirstFileW
FindNextFileW
CompareStringW
GetLocaleInfoW
GetDateFormatW
FreeResource
LockResource
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalMemoryStatus
FlushInstructionCache
VirtualAlloc
VirtualAllocEx
VirtualFree
VirtualFreeEx
VirtualQuery
VirtualQueryEx
GetProcessAffinityMask
GetProcessWorkingSetSize
SetProcessWorkingSetSize
OpenProcess
TerminateProcess
SetProcessAffinityMask
GetExitCodeProcess
CreateRemoteThread
GetCurrentThread
SetThreadAffinityMask
GetExitCodeThread
SetErrorMode
WriteProcessMemory
ReleaseSemaphore
WaitForMultipleObjects
LoadResource
SizeofResource
GlobalDeleteAtom
FlushFileBuffers
DeviceIoControl
FindClose
GetFileTime
SetFileTime
DuplicateHandle
MulDiv
GetLocalTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
FileTimeToDosDateTime
DosDateTimeToFileTime
CreatePipe
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
MapViewOfFile
UnmapViewOfFile
QueryPerformanceCounter
QueryPerformanceFrequency
CancelIo
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID
GetOverlappedResult
GetFileSizeEx

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
RegisterWindowMessageA
PeekMessageA
SendMessageA
SendMessageTimeoutA
PostMessageA
PostThreadMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
RegisterClassExA
CreateWindowExA
SendDlgItemMessageA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
SetWindowTextA
GetWindowTextA
GetWindowTextLengthA
GetWindowLongA
SetWindowLongA
GetClassLongPtrA
SetClassLongPtrA
FindWindowA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
PostMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongPtrW
SetWindowLongPtrW
TranslateMessage
UnregisterHotKey
AttachThreadInput
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
CloseWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
GetDlgItem
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetAsyncKeyState
keybd_event
mouse_event
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
GetCaretBlinkTime
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
IsRectEmpty
PtInRect
GetDesktopWindow
GetParent
SetParent
EnumChildWindows
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
DrawIconEx
FlashWindowEx
SetLayeredWindowAttributes
GetComboBoxInfo
AllowSetForegroundWindow

advapi32

LookupAccountSidA
LookupPrivilegeValueA
RegQueryInfoKeyA
ChangeServiceConfigA
CreateServiceA
OpenSCManagerA
OpenServiceA
StartServiceA
RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumValueW
RegOpenKeyExW
OpenProcessToken
GetTokenInformation
AdjustTokenPrivileges
AllocateAndInitializeSid
SetKernelObjectSecurity
RegCloseKey
RegFlushKey
CloseServiceHandle
ConvertStringSecurityDescriptorToSecurityDescriptorA

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx
ChoosePixelFormat
SetPixelFormat
SwapBuffers
AddFontMemResourceEx
RemoveFontMemResourceEx

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ExtractIconA
ShellExecuteA
Shell_NotifyIconA
DragQueryFileW
Shell_NotifyIconW
DragFinish
DragAcceptFiles
SHGetSpecialFolderLocation
SHGetMalloc
SHGetPathFromIDListA
SHGetPathFromIDListW
SHBrowseForFolderW

opengl32

wglUseFontBitmapsA
wglCreateContext
wglMakeCurrent
wglGetProcAddress

ole32

CoCreateGuid
CoTaskMemFree
OleInitialize
OleUninitialize
CoUninitialize
CoFreeUnusedLibraries
CoCreateInstance
CLSIDFromProgID
CoInitialize
CoTaskMemAlloc
GetErrorInfo

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

shlwapi

AssocQueryStringW

comdlg32

ChooseColorA
CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW
ChooseFontW

imm32

ImmGetContext
ImmReleaseContext
ImmGetCompositionStringW
ImmNotifyIME

ntdll

ZwCreateSection
ZwMapViewOfSection
NtResumeProcess
NtSuspendProcess
ZwUnmapViewOfSection
RtlCompareMemory

ws2_32

__WSAFDIsSet
accept
bind
closesocket
connect
ioctlsocket
getpeername
htons
listen
ntohs
recv
recvfrom
select
send
sendto
setsockopt
socket
WSAStartup
WSACleanup
WSAGetLastError

wsock32

closesocket
ioctlsocket
select
gethostbyaddr
gethostbyname
WSAStartup

imagehlp

StackWalk64
SymSetOptions
SymGetOptions
SymCleanup
SymEnumerateModules64
SymEnumerateSymbols64
SymGetModuleInfo64
SymInitialize
SymLoadModule64
SymSetContext
SymEnumSymbols
SymGetTypeInfo
SymEnumTypes
SymGetTypeFromName

psapi

GetMappedFileNameA
GetDeviceDriverFileNameA

hhctrl.ocx

HtmlHelpA

lua53-64

lua_close
lua_newthread
lua_atpanic
lua_rotate
lua_rawlen
lua_absindex
lua_gettop
lua_settop
lua_pushvalue
lua_isnumber
lua_isinteger
lua_isstring
lua_iscfunction
lua_isuserdata
lua_type
lua_tonumberx
lua_tointegerx
lua_toboolean
lua_tolstring
lua_tocfunction
lua_touserdata
lua_pushnil
lua_pushnumber
lua_pushinteger
lua_pushlstring
lua_pushstring
lua_pushcclosure
lua_pushboolean
lua_pushlightuserdata
lua_gettable
lua_rawgeti
lua_createtable
lua_newuserdata
lua_getmetatable
lua_settable
lua_rawseti
lua_setmetatable
lua_callk
lua_pcallk
lua_load
lua_dump
lua_gc
lua_error
lua_next
lua_setglobal
lua_getglobal
lua_getinfo
lua_getlocal
lua_sethook
luaL_argerror
luaL_ref
luaL_unref
luaL_loadfilex
luaL_loadstring
luaL_newstate
luaL_openlibs

wininet

InternetOpenA
InternetCloseHandle
InternetConnectA
InternetOpenUrlA
InternetReadFile
InternetQueryDataAvailable
HttpOpenRequestA
HttpSendRequestA

Sections

.text
Size: 6.9MB - Virtual size: 6.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 619KB - Virtual size: 619KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 5.6MB - Virtual size: 5.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 203KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 630KB - Virtual size: 630KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

/4
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/cheatengine-x86_64.exe.sig
ch/clibs32/lfs.dll
.dll windows x86

d400931e77c340fafc1f8396b41bc875

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

lua53-32

lua_touserdata
lua_pushboolean
luaL_error
luaL_optinteger
lua_newuserdata
lua_isstring
lua_pushlstring
lua_gettop
lua_pushfstring
lua_setmetatable
lua_pushvalue
luaL_checkudata
luaL_optnumber
lua_setglobal
lua_getfield
lua_pushstring
luaL_argerror
lua_pushinteger
lua_pushnil
luaL_newmetatable
lua_pushcclosure
lua_setfield
lua_settable
luaL_checkversion_
lua_type
lua_rawset
lua_createtable
luaL_checklstring
luaL_checkoption
luaL_setfuncs
lua_tolstring

kernel32

Sleep
LCMapStringW
CompareStringW
HeapSize
SetEndOfFile
GetStringTypeW
WriteConsoleW
FlushFileBuffers
GetTimeZoneInformation
HeapReAlloc
OutputDebugStringW
LoadLibraryExW
CreateFileW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
RtlUnwind
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetConsoleCP
FreeEnvironmentStringsW
CreateFileA
GetLastError
CloseHandle
LockFileEx
UnlockFileEx
HeapFree
HeapAlloc
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
LocalFileTimeToFileTime
SetFileTime
SystemTimeToFileTime
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentDirectoryA
ReadFile
GetDriveTypeW
GetFullPathNameA
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
SetStdHandle
GetFileType
EnterCriticalSection
LeaveCriticalSection
SetFilePointerEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
GetStdHandle
DeleteCriticalSection
GetProcessHeap
FindFirstFileExW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetModuleFileNameW
FindNextFileW
CreateDirectoryW
GetSystemTimeAsFileTime
RemoveDirectoryW
GetConsoleMode
ReadConsoleW
GetCurrentDirectoryW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetEnvironmentStringsW

Exports

Exports

luaopen_lfs

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/clibs64/lfs.dll
.dll windows x64

4f96687c5feff2c3645a5c06bd5349eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

lua53-64

lua_touserdata
lua_pushboolean
luaL_error
luaL_optinteger
lua_newuserdata
lua_isstring
lua_pushlstring
lua_gettop
lua_pushfstring
lua_setmetatable
lua_pushvalue
luaL_checkudata
luaL_optnumber
lua_setglobal
lua_getfield
lua_pushstring
luaL_argerror
lua_pushinteger
lua_pushnil
luaL_newmetatable
lua_pushcclosure
lua_setfield
lua_settable
luaL_checkversion_
lua_type
lua_rawset
lua_createtable
luaL_checklstring
luaL_checkoption
luaL_setfuncs
lua_tolstring

kernel32

InitializeCriticalSectionAndSpinCount
LCMapStringW
CompareStringW
HeapSize
SetEndOfFile
GetStringTypeW
WriteConsoleW
FlushFileBuffers
GetTimeZoneInformation
HeapReAlloc
OutputDebugStringW
LoadLibraryExW
CreateFileW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetConsoleCP
FreeEnvironmentStringsW
GetEnvironmentStringsW
CreateFileA
GetLastError
CloseHandle
LockFileEx
UnlockFileEx
HeapFree
HeapAlloc
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
LocalFileTimeToFileTime
SetFileTime
SystemTimeToFileTime
SetEnvironmentVariableA
SetCurrentDirectoryA
GetCurrentDirectoryA
ReadFile
GetDriveTypeW
GetFullPathNameA
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
SetStdHandle
GetFileType
EnterCriticalSection
LeaveCriticalSection
SetFilePointerEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
RtlUnwindEx
GetStdHandle
DeleteCriticalSection
GetProcessHeap
FindFirstFileExW
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
WriteFile
GetModuleFileNameW
FindNextFileW
CreateDirectoryW
GetSystemTimeAsFileTime
RemoveDirectoryW
GetConsoleMode
ReadConsoleW
GetCurrentDirectoryW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId

Exports

Exports

luaopen_lfs

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/commonmodulelist.txt
ch/d3dhook.dll
.dll windows x86

a4cee279203b8eef2b26aa769c0003a5

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

db:62:b3:07:f7:fb:1c:7f:a5:80:2a:7d:d7:42:08:fd:62:21:2f:29:f3:b1:b7:25:10:4b:fa:8a:96:f1:c1:59
Signer

Actual PE Digest

db:62:b3:07:f7:fb:1c:7f:a5:80:2a:7d:d7:42:08:fd:62:21:2f:29:f3:b1:b7:25:10:4b:fa:8a:96:f1:c1:59

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

b7:8f:0f:b1:70:d8:43:04:dd:64:4b:77:96:93:f6:23:64:9d:dc:d5
Signer

Actual PE Digest

b7:8f:0f:b1:70:d8:43:04:dd:64:4b:77:96:93:f6:23:64:9d:dc:d5

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateThread
OutputDebugStringA
GetModuleHandleW
LoadLibraryA
GetProcAddress
SetEvent
WaitForSingleObject
GetLastError
GetCurrentProcessId
OpenFileMappingA
MapViewOfFile
OpenEventA
CloseHandle
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
HeapAlloc
HeapFree
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
HeapSize
ExitProcess
RaiseException
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA
GetModuleHandleA

user32

SetWindowLongW
GetWindowLongW
CallWindowProcW
PtInRect
ClipCursor
ClientToScreen
GetClientRect
DefWindowProcA
ToAscii
GetKeyboardState
DestroyWindow
CreateWindowExW
AdjustWindowRect
RegisterClassExW
LoadCursorW
DefWindowProcW

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/d3dhook64.dll
.dll windows x64

e1df8870766f8039f1e65ca890989bfe

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dc:2f:d1:2f:d9:e4:b1:1e:ec:f0:43:93:2b:e9:00:26:fd:18:f5:30:c2:5d:db:c2:6b:05:9b:00:74:ea:35:fb
Signer

Actual PE Digest

dc:2f:d1:2f:d9:e4:b1:1e:ec:f0:43:93:2b:e9:00:26:fd:18:f5:30:c2:5d:db:c2:6b:05:9b:00:74:ea:35:fb

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

c0:dc:20:7b:2f:2f:12:5d:4d:8c:5b:e8:f6:0f:e9:17:a1:71:90:8c
Signer

Actual PE Digest

c0:dc:20:7b:2f:2f:12:5d:4d:8c:5b:e8:f6:0f:e9:17:a1:71:90:8c

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateThread
OutputDebugStringA
GetModuleHandleW
LoadLibraryA
GetProcAddress
SetEvent
WaitForSingleObject
GetLastError
GetCurrentProcessId
OpenFileMappingA
MapViewOfFile
OpenEventA
CloseHandle
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCurrentThreadId
FlsSetValue
GetCommandLineA
HeapAlloc
HeapFree
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
Sleep
HeapSize
ExitProcess
RtlUnwindEx
RaiseException
RtlPcToFileHeader
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
InitializeCriticalSectionAndSpinCount
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoA

user32

SetWindowLongPtrW
GetWindowLongPtrW
CallWindowProcW
PtInRect
ClipCursor
ClientToScreen
GetClientRect
DefWindowProcA
ToAscii
GetKeyboardState
DestroyWindow
CreateWindowExW
AdjustWindowRect
RegisterClassExW
LoadCursorW
DefWindowProcW

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/dbk32.sys
.exe windows x86

06ece7fe03f3cb756899e2a347387609

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:12:39:da:46:a2:9c:98:b8:a1:50:77
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

05-04-2019 12:55

Not After

03-06-2020 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c8:bb:f0:c4:c8:f3:22:0d:07:21:2d:f1:bd:d2:44:36:83:9c:02:d4
Signer

Actual PE Digest

c8:bb:f0:c4:c8:f3:22:0d:07:21:2d:f1:bd:d2:44:36:83:9c:02:d4

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

24-07-2019 21:01
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ObUnRegisterCallbacks
ZwClose
ZwOpenKey
ZwQueryValueKey
SeSinglePrivilegeCheck
PsSetCreateProcessNotifyRoutineEx
memset
KeInitializeDpc
KeInsertQueueDpc
KeSetTargetProcessorDpc
KeFlushQueuedDpcs
KeRevertToUserAffinityThreadEx
KeSetSystemAffinityThreadEx
KeQueryActiveProcessors
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
PsGetCurrentProcessId
PsGetCurrentThreadId
_allmul
KeGetCurrentThread
KeDelayExecutionThread
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdl
PsWrapApcWow64Thread
IoAllocateMdl
IoFreeMdl
IoGetCurrentProcess
ObReferenceObjectByHandle
ObfDereferenceObject
ObRegisterCallbacks
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
MmGetPhysicalMemoryRanges
MmGetPhysicalAddress
PsSetCreateThreadNotifyRoutine
PsGetProcessId
PsGetThreadProcessId
KeAttachProcess
KeDetachProcess
KeStackAttachProcess
KeUnstackDetachProcess
PsLookupProcessByProcessId
IoDeleteSymbolicLink
ZwAllocateVirtualMemory
_vsnwprintf
KeInitializeApc
KeInsertQueueApc
ZwOpenThread
ZwQueryInformationProcess
_allrem
memcpy
KeTickCount
PsProcessType
PsThreadType
DbgBreakPointWithStatus
RtlGetVersion
MmGetVirtualForPhysical
PsLookupThreadByThreadId
_allshl
_aullshr
KeClearEvent
ExAcquireResourceSharedLite
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlGetElementGenericTable
KeReleaseSemaphore
KeInitializeSemaphore
KeWaitForMultipleObjects
MmBuildMdlForNonPagedPool
ZwCreateFile
ZwWriteFile
_aullrem
HalDispatchTable
wcsncpy
KeInitializeMutex
KeReleaseMutex
KeSetSystemAffinityThread
KeQueryMaximumProcessorCount
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemory
PsCreateSystemThread
ZwDeleteFile
ZwWaitForSingleObject
MmMapIoSpace
MmUnmapIoSpace
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
MmAllocateContiguousMemory
ZwQueryInformationFile
ZwReadFile
KeBugCheckEx
RtlUnwind
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
IofCompleteRequest
MmGetSystemRoutineAddress
ExDeleteResourceLite
ExInitializeResourceLite
ExFreePoolWithTag
RtlCopyUnicodeString
ExAllocatePool
DbgPrint
ObOpenObjectByPointer
RtlInitUnicodeString

hal

ExAcquireFastMutex
KfLowerIrql
KeRaiseIrqlToDpcLevel
ExReleaseFastMutex
KeGetCurrentIrql

wdfldr.sys

WdfVersionBind
WdfVersionBindClass
WdfVersionUnbind
WdfVersionUnbindClass

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/dbk64.sys
.exe windows x64

a25418fd0a8315a448370f5bfd329b4e

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-04-2011 19:55

Not After

15-04-2021 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:3a:6a:e3:33:70:8f:da:7a:7b:00:00:00:00:00:3a
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-03-2020 17:31

Not After

05-03-2021 17:31

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fd:2d:40:7d:88:ee:6c:fb:20:bf:aa:a3:bc:b7:9f:99:59:55:b1:67:7d:ef:36:2f:af:b9:30:0f:1d:8a:09:ac
Signer

Actual PE Digest

fd:2d:40:7d:88:ee:6c:fb:20:bf:aa:a3:bc:b7:9f:99:59:55:b1:67:7d:ef:36:2f:af:b9:30:0f:1d:8a:09:ac

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09-03-2023 19:03
Valid: false

0b:1c:77:f3:58:d4:ae:5f:72:e0:6f:e0:9b:36:15:e3:c3:21:8a:fd
Signer

Actual PE Digest

0b:1c:77:f3:58:d4:ae:5f:72:e0:6f:e0:9b:36:15:e3:c3:21:8a:fd

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

05-09-2020 08:40
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ksecdd.sys

BCryptVerifySignature
BCryptCreateHash
BCryptDestroyKey
BCryptFinishHash
BCryptDestroyHash
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptHashData
BCryptOpenAlgorithmProvider

ntoskrnl.exe

MmGetSystemRoutineAddress
IofCompleteRequest
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
ObUnRegisterCallbacks
ZwClose
ZwOpenKey
ZwQueryValueKey
SeSinglePrivilegeCheck
PsSetCreateProcessNotifyRoutineEx
KeInitializeDpc
KeInsertQueueDpc
KeSetTargetProcessorDpc
KeFlushQueuedDpcs
KeRevertToUserAffinityThreadEx
KeSetSystemAffinityThreadEx
KeQueryActiveProcessors
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
PsGetCurrentProcessId
PsGetCurrentThreadId
KeDelayExecutionThread
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmAllocatePagesForMdl
PsWrapApcWow64Thread
IoAllocateMdl
IoFreeMdl
IoGetCurrentProcess
ObReferenceObjectByHandle
ObfDereferenceObject
ObRegisterCallbacks
ZwOpenSection
ZwMapViewOfSection
ZwUnmapViewOfSection
MmGetPhysicalMemoryRanges
MmGetPhysicalAddress
PsSetCreateThreadNotifyRoutine
PsGetProcessId
PsGetThreadProcessId
KeAttachProcess
KeDetachProcess
ExInitializeResourceLite
KeUnstackDetachProcess
PsLookupProcessByProcessId
ObOpenObjectByPointer
ZwAllocateVirtualMemory
KeInitializeApc
KeInsertQueueApc
ZwOpenThread
ZwQueryInformationProcess
PsProcessType
PsThreadType
DbgBreakPointWithStatus
RtlGetVersion
MmGetVirtualForPhysical
PsLookupThreadByThreadId
__C_specific_handler
KeQueryActiveProcessorCount
KeClearEvent
ExAcquireResourceSharedLite
RtlInitializeGenericTable
RtlInsertElementGenericTable
RtlDeleteElementGenericTable
RtlLookupElementGenericTable
RtlGetElementGenericTable
KeReleaseSemaphore
KeInitializeSemaphore
KeWaitForMultipleObjects
ExAcquireFastMutex
ExReleaseFastMutex
MmBuildMdlForNonPagedPool
ZwCreateFile
ZwWriteFile
HalDispatchTable
KeInitializeMutex
KeReleaseMutex
KeSetSystemAffinityThread
KeQueryMaximumProcessorCount
MmAllocateContiguousMemorySpecifyCache
MmFreeContiguousMemory
PsCreateSystemThread
ZwDeleteFile
ZwWaitForSingleObject
swprintf_s
MmMapIoSpace
MmUnmapIoSpace
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
MmAllocateContiguousMemory
ZwQueryInformationFile
ZwReadFile
RtlAppendUnicodeToString
DbgPrint
RtlCompareMemory
ZwQueryInformationThread
RtlUnwind
RtlAnsiCharToUnicodeChar
KeBugCheckEx
ExDeleteResourceLite
RtlCopyUnicodeString
ExFreePoolWithTag
ExAllocatePool
RtlInitUnicodeString
KeStackAttachProcess

wdfldr.sys

WdfVersionBind
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionUnbind

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/defines.lua
ch/donottrace.txt
ch/gtutorial-i386.exe
.exe windows x86

74e2d81efeaa90d8d91b5ee4cba858ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetStdHandle
GetConsoleMode
TlsGetValue
GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageW
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
GlobalAddAtomA
GetWindowsDirectoryA
GetFileAttributesA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetModuleFileNameW
GetCommandLineW
SetFileAttributesW
CreateProcessW
FindFirstFileW
FindNextFileW
CompareStringW
GetLocaleInfoW
GetDateFormatW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
VirtualFree
TerminateProcess
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
FindClose
GetFileTime
SetFileTime
DuplicateHandle
MulDiv
GetLocalTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
CreatePipe
PeekNamedPipe
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongW
SetWindowLongW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx
SetLayeredWindowAttributes

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoInitialize
GetErrorInfo

advapi32

RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx
ChoosePixelFormat
SetPixelFormat
SwapBuffers

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles

opengl32

wglCreateContext
wglMakeCurrent
wglGetProcAddress

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 379KB - Virtual size: 378KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 527KB - Virtual size: 527KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 31KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ch/gtutorial-x86_64.exe
.exe windows x64

e16ec66c3b55d21c3d3a1a9ff07776b4

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetStdHandle
GetConsoleMode
TlsGetValue
GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageW
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
GetEnvironmentStringsW
FreeEnvironmentStringsW
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetEnvironmentStringsA
FreeEnvironmentStringsA
FormatMessageA
GlobalAddAtomA
GetWindowsDirectoryA
GetFileAttributesA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
GetModuleFileNameW
GetCommandLineW
SetFileAttributesW
CreateProcessW
FindFirstFileW
FindNextFileW
CompareStringW
GetLocaleInfoW
GetDateFormatW
GlobalAlloc
GlobalReAlloc
GlobalSize
GlobalLock
GlobalUnlock
TerminateProcess
GetExitCodeProcess
GetExitCodeThread
GlobalDeleteAtom
FindClose
GetFileTime
SetFileTime
DuplicateHandle
MulDiv
GetLocalTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
CreatePipe
PeekNamedPipe
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
PeekMessageA
SendMessageA
PostMessageA
DefWindowProcA
CallWindowProcA
RegisterClassA
UnregisterClassA
GetClassInfoA
CreateWindowExA
RegisterClipboardFormatA
GetClipboardFormatNameA
CharToOemA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetMenuItemInfoA
SetPropA
GetPropA
RemovePropA
EnumPropsA
GetWindowLongA
SetWindowLongA
SetClassLongPtrA
GetClassNameA
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
SystemParametersInfoA
DispatchMessageW
PeekMessageW
SendMessageW
DefWindowProcW
CallWindowProcW
RegisterClassW
UnregisterClassW
GetClassInfoW
CreateWindowExW
InsertMenuItemW
GetMenuItemInfoW
SetMenuItemInfoW
DrawTextW
DrawStateW
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
MessageBoxW
GetWindowLongPtrW
SetWindowLongPtrW
TranslateMessage
PostQuitMessage
GetDoubleClickTime
IsWindow
IsMenu
DestroyWindow
ShowWindow
ShowWindowAsync
ShowOwnedPopups
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsWindowVisible
IsIconic
BringWindowToTop
IsZoomed
OpenClipboard
CloseClipboard
SetClipboardData
GetClipboardData
CountClipboardFormats
EnumClipboardFormats
EmptyClipboard
IsClipboardFormatAvailable
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetCapture
SetCapture
ReleaseCapture
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
IsWindowEnabled
GetSystemMetrics
GetMenu
SetMenu
DrawMenuBar
GetSystemMenu
CreateMenu
CreatePopupMenu
DestroyMenu
EnableMenuItem
GetSubMenu
GetMenuItemCount
RemoveMenu
DeleteMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
WindowFromDC
GetDC
GetDCEx
GetWindowDC
ReleaseDC
BeginPaint
EndPaint
GetUpdateRect
SetWindowRgn
InvalidateRect
InvalidateRgn
RedrawWindow
ScrollWindowEx
ShowScrollBar
EnableScrollBar
GetClientRect
GetWindowRect
AdjustWindowRectEx
MessageBeep
SetCursorPos
SetCursor
GetCursorPos
CreateCaret
DestroyCaret
HideCaret
ShowCaret
SetCaretPos
GetCaretPos
ClientToScreen
ScreenToClient
MapWindowPoints
WindowFromPoint
GetSysColor
GetSysColorBrush
SetSysColors
DrawFocusRect
FillRect
FrameRect
SetRect
InflateRect
IntersectRect
OffsetRect
GetDesktopWindow
GetParent
SetParent
EnumThreadWindows
GetTopWindow
GetWindowThreadProcessId
GetLastActivePopup
GetWindow
CallNextHookEx
DestroyCursor
DestroyIcon
CopyImage
CreateIconIndirect
GetIconInfo
SetScrollInfo
GetScrollInfo
DrawEdge
DrawFrameControl
TrackPopupMenuEx
ChildWindowFromPointEx
FlashWindowEx
SetLayeredWindowAttributes

ole32

OleInitialize
OleUninitialize
CoUninitialize
CoInitialize
GetErrorInfo

advapi32

RegSetValueExW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
RegFlushKey

gdi32

CreateFontIndirectA
EnumFontFamiliesA
GetCharABCWidthsA
GetTextExtentPointA
GetTextMetricsA
GetObjectA
ExtTextOutA
CreateFontIndirectW
EnumFontFamiliesExW
GetCharABCWidthsW
GetTextExtentPoint32W
GetTextExtentExPointW
GetObjectW
TextOutW
ExtTextOutW
GetRandomRgn
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDIBitmap
CreateEllipticRgn
CreatePen
CreatePenIndirect
CreatePatternBrush
CreateRectRgn
CreateRoundRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
Ellipse
EqualRgn
ExcludeClipRect
ExtCreateRegion
ExtFloodFill
FillRgn
GetROP2
GetBkColor
GetBitmapBits
GetClipBox
GetClipRgn
GetCurrentObject
GetDeviceCaps
GetDIBits
GetMapMode
GetObjectType
GetPixel
GetRegionData
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LineTo
MaskBlt
OffsetRgn
PatBlt
Pie
PaintRgn
PtInRegion
RectInRegion
RectVisible
Rectangle
RestoreDC
RealizePalette
RoundRect
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectObject
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetPixel
SetPolyFillMode
StretchBlt
SetRectRgn
SetROP2
SetStretchBltMode
SetTextCharacterExtra
SetTextColor
SetTextAlign
CreateDIBSection
SetArcDirection
ExtCreatePen
MoveToEx
CreatePolygonRgn
DPtoLP
LPtoDP
Polygon
Polyline
PolyBezier
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
SetBrushOrgEx
GetDCOrgEx
ChoosePixelFormat
SetPixelFormat
SwapBuffers

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

DragQueryFileA
ShellExecuteA
DragQueryFileW
DragFinish
DragAcceptFiles

opengl32

wglCreateContext
wglMakeCurrent
wglGetProcAddress

comctl32

InitCommonControls
ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_SetImageCount
ImageList_Add
ImageList_Replace
ImageList_AddMasked
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_Remove
ImageList_Copy
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
_TrackMouseEvent

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 411KB - Virtual size: 411KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1006KB - Virtual size: 1006KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 33KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 196KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ch/languages/How to add languages.txt
ch/languages/Java.po
ch/languages/SaveSessions.po
ch/languages/VersionCheck.po
ch/languages/cheatengine-x86_64.po
ch/languages/language.ini
ch/languages/lclstrconsts.po
ch/languages/monoscript.po
ch/languages/patchscan.po
ch/languages/pseudocodediagram.po
ch/languages/tutorial-x86_64.po
ch/libipt-32.dll
.dll windows x86

1555e32b624d5f5e3a4b0f72821c0777

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f4:ac:eb:10:b8:28:a9:d0:be:91:7b:7a:31:aa:3d:2f:74:dd:77:de:45:2e:84:39:fc:fe:2e:86:ae:e3:83:28
Signer

Actual PE Digest

f4:ac:eb:10:b8:28:a9:d0:be:91:7b:7a:31:aa:3d:2f:74:dd:77:de:45:2e:84:39:fc:fe:2e:86:ae:e3:83:28

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

ea:0c:4e:23:27:3c:f1:b3:e2:2e:3e:a8:db:33:36:c8:da:43:4e:7a
Signer

Actual PE Digest

ea:0c:4e:23:27:3c:f1:b3:e2:2e:3e:a8:db:33:36:c8:da:43:4e:7a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
MapViewOfFile
UnmapViewOfFile
GetLastError
CreateFileMappingA
GetSystemInfo
CloseHandle
HeapFree
HeapAlloc
ReadFile
FileTimeToLocalFileTime
GetFileInformationByHandle
GetFileType
PeekNamedPipe
FileTimeToSystemTime
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
MultiByteToWideChar
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
DeleteCriticalSection
GetStartupInfoW
CreateFileW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
CompareStringW
LCMapStringW
LoadLibraryExW
OutputDebugStringW
RtlUnwind
FlushFileBuffers
GetConsoleCP
GetTimeZoneInformation
SetEndOfFile
HeapReAlloc
HeapSize
WriteConsoleW
SetEnvironmentVariableA

Exports

Exports

pt_alloc_encoder
pt_cpu_errata
pt_cpu_read
pt_enc_get_config
pt_enc_get_offset
pt_enc_next
pt_enc_sync_set
pt_errstr
pt_free_encoder
pt_image_add_file
pt_image_alloc
pt_image_copy
pt_image_free
pt_image_name
pt_image_remove_by_asid
pt_image_remove_by_filename
pt_image_set_callback
pt_insn_alloc_decoder
pt_insn_core_bus_ratio
pt_insn_free_decoder
pt_insn_get_config
pt_insn_get_image
pt_insn_get_offset
pt_insn_get_sync_offset
pt_insn_next
pt_insn_set_image
pt_insn_sync_backward
pt_insn_sync_forward
pt_insn_sync_set
pt_insn_time
pt_library_version
pt_pkt_alloc_decoder
pt_pkt_free_decoder
pt_pkt_get_config
pt_pkt_get_offset
pt_pkt_get_sync_offset
pt_pkt_next
pt_pkt_sync_backward
pt_pkt_sync_forward
pt_pkt_sync_set
pt_qry_alloc_decoder
pt_qry_cond_branch
pt_qry_core_bus_ratio
pt_qry_event
pt_qry_free_decoder
pt_qry_get_config
pt_qry_get_offset
pt_qry_get_sync_offset
pt_qry_indirect_branch
pt_qry_sync_backward
pt_qry_sync_forward
pt_qry_sync_set
pt_qry_time

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/libipt-64.dll
.dll windows x64

e32e16398aad7a038ba38d4ca24cf3c9

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:df:6f:7c:27:f1:90:3f:02:6c:ce:bb:5e:3c:dd:54:16:6a:00:24:e9:4b:43:80:8f:31:12:46:a2:8f:78:c5
Signer

Actual PE Digest

99:df:6f:7c:27:f1:90:3f:02:6c:ce:bb:5e:3c:dd:54:16:6a:00:24:e9:4b:43:80:8f:31:12:46:a2:8f:78:c5

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

bb:0d:27:0e:2f:a3:ef:47:61:7f:45:f2:b1:36:03:ce:8b:b9:cf:4b
Signer

Actual PE Digest

bb:0d:27:0e:2f:a3:ef:47:61:7f:45:f2:b1:36:03:ce:8b:b9:cf:4b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CreateFileA
MapViewOfFile
UnmapViewOfFile
GetLastError
CreateFileMappingA
GetSystemInfo
CloseHandle
HeapFree
HeapAlloc
ReadFile
FileTimeToLocalFileTime
GetFileInformationByHandle
GetFileType
PeekNamedPipe
FileTimeToSystemTime
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
MultiByteToWideChar
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetProcAddress
AreFileApisANSI
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameW
GetConsoleMode
ReadConsoleW
RtlUnwindEx
SetFilePointerEx
DeleteCriticalSection
GetStartupInfoW
CreateFileW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
CompareStringW
LCMapStringW
LoadLibraryExW
OutputDebugStringW
FlushFileBuffers
GetConsoleCP
GetTimeZoneInformation
SetEndOfFile
HeapReAlloc
HeapSize
WriteConsoleW
SetEnvironmentVariableA

Exports

Exports

pt_alloc_encoder
pt_cpu_errata
pt_cpu_read
pt_enc_get_config
pt_enc_get_offset
pt_enc_next
pt_enc_sync_set
pt_errstr
pt_free_encoder
pt_image_add_file
pt_image_alloc
pt_image_copy
pt_image_free
pt_image_name
pt_image_remove_by_asid
pt_image_remove_by_filename
pt_image_set_callback
pt_insn_alloc_decoder
pt_insn_core_bus_ratio
pt_insn_free_decoder
pt_insn_get_config
pt_insn_get_image
pt_insn_get_offset
pt_insn_get_sync_offset
pt_insn_next
pt_insn_set_image
pt_insn_sync_backward
pt_insn_sync_forward
pt_insn_sync_set
pt_insn_time
pt_library_version
pt_pkt_alloc_decoder
pt_pkt_free_decoder
pt_pkt_get_config
pt_pkt_get_offset
pt_pkt_get_sync_offset
pt_pkt_next
pt_pkt_sync_backward
pt_pkt_sync_forward
pt_pkt_sync_set
pt_qry_alloc_decoder
pt_qry_cond_branch
pt_qry_core_bus_ratio
pt_qry_event
pt_qry_free_decoder
pt_qry_get_config
pt_qry_get_offset
pt_qry_get_sync_offset
pt_qry_indirect_branch
pt_qry_sync_backward
pt_qry_sync_forward
pt_qry_sync_set
pt_qry_time

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/libmikmod32.dll
.dll windows x86

83efea949fe36df0b049975dd492d8a8

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2a:1a:4a:93:85:c8:c3:e8:de:7f:a9:ca:0f:e6:9f:6d:be:fb:5e:98:e7:15:f9:cc:7f:6b:e9:fa:00:a4:dc:a6
Signer

Actual PE Digest

2a:1a:4a:93:85:c8:c3:e8:de:7f:a9:ca:0f:e6:9f:6d:be:fb:5e:98:e7:15:f9:cc:7f:6b:e9:fa:00:a4:dc:a6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

ce:a3:a2:89:fc:5c:05:34:ec:2f:d6:e8:14:66:09:05:b8:69:ae:9b
Signer

Actual PE Digest

ce:a3:a2:89:fc:5c:05:34:ec:2f:d6:e8:14:66:09:05:b8:69:ae:9b

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dsound

ord1

kernel32

WaitForSingleObject
SetEvent
CreateEventA
ReleaseMutex
CloseHandle
ResumeThread
CreateThread
Sleep
CreateMutexA
HeapSize
OutputDebugStringW
WriteConsoleW
LCMapStringW
GetLastError
HeapFree
HeapReAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
ReadFile
GetCommandLineA
GetCurrentThreadId
GetProcessHeap
EncodePointer
DecodePointer
CreateFileW
GetFileType
GetModuleHandleW
GetProcAddress
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
DeleteCriticalSection
GetStartupInfoW
RtlUnwind
HeapAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetConsoleMode
ReadConsoleW
WriteFile
GetConsoleCP
SetFilePointerEx
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEndOfFile
GetModuleFileNameW
LoadLibraryExW
FlushFileBuffers
GetStringTypeW
DeleteFileW

user32

GetForegroundWindow

winmm

waveOutUnprepareHeader
waveOutWrite
waveOutGetNumDevs
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutReset

Exports

Exports

MikMod_Active
MikMod_DisableOutput
MikMod_DriverFromAlias
MikMod_EnableOutput
MikMod_Exit
MikMod_GetVersion
MikMod_InfoDriver
MikMod_InfoLoader
MikMod_Init
MikMod_InitThreads
MikMod_Lock
MikMod_RegisterAllDrivers
MikMod_RegisterAllLoaders
MikMod_RegisterDriver
MikMod_RegisterErrorHandler
MikMod_RegisterLoader
MikMod_RegisterPlayer
MikMod_Reset
MikMod_SetNumVoices
MikMod_Unlock
MikMod_Update
MikMod_critical
MikMod_errno
MikMod_strerror
Player_Active
Player_Free
Player_GetChannelPeriod
Player_GetChannelVoice
Player_GetLoop
Player_GetModule
Player_GetWrap
Player_Load
Player_LoadFP
Player_LoadGeneric
Player_LoadTitle
Player_LoadTitleFP
Player_Mute
Player_Muted
Player_NextPosition
Player_Paused
Player_PrevPosition
Player_SetLoop
Player_SetPosition
Player_SetSpeed
Player_SetTempo
Player_SetVolume
Player_SetWrap
Player_Start
Player_Stop
Player_ToggleMute
Player_TogglePause
Player_Unmute
Sample_Free
Sample_Load
Sample_LoadFP
Sample_LoadGeneric
Sample_Play
VC_Exit
VC_Init
VC_PlayStart
VC_PlayStop
VC_SampleLength
VC_SampleLoad
VC_SampleSpace
VC_SampleUnload
VC_SetNumVoices
VC_SilenceBytes
VC_VoiceGetFrequency
VC_VoiceGetPanning
VC_VoiceGetPosition
VC_VoiceGetVolume
VC_VoicePlay
VC_VoiceRealVolume
VC_VoiceSetFrequency
VC_VoiceSetPanning
VC_VoiceSetVolume
VC_VoiceStop
VC_VoiceStopped
VC_WriteBytes
Voice_GetFrequency
Voice_GetPanning
Voice_GetPosition
Voice_GetVolume
Voice_Play
Voice_RealVolume
Voice_SetFrequency
Voice_SetPanning
Voice_SetVolume
Voice_Stop
Voice_Stopped
drv_ds
drv_nos
drv_raw
drv_stdout
drv_wav
drv_win
load_669
load_amf
load_dsm
load_far
load_gdm
load_imf
load_it
load_m15
load_med
load_mod
load_mtm
load_okt
load_s3m
load_stm
load_stx
load_ult
load_uni
load_xm
md_device
md_driver
md_mixfreq
md_mode
md_musicvolume
md_pansep
md_reverb
md_sndfxvolume
md_volume

Sections

.text
Size: 220KB - Virtual size: 219KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/libmikmod64.dll
.dll windows x64

2620c385706125032143f584b27b115a

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

37:4b:14:1e:be:cc:84:d4:50:f3:3d:d6:7b:2e:b7:10:78:65:52:03:fd:b9:bb:41:7f:f8:63:e3:bc:2a:f4:73
Signer

Actual PE Digest

37:4b:14:1e:be:cc:84:d4:50:f3:3d:d6:7b:2e:b7:10:78:65:52:03:fd:b9:bb:41:7f:f8:63:e3:bc:2a:f4:73

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

cb:0b:67:63:bb:28:f7:4c:fc:8d:57:88:36:c8:19:c3:5e:c4:e5:66
Signer

Actual PE Digest

cb:0b:67:63:bb:28:f7:4c:fc:8d:57:88:36:c8:19:c3:5e:c4:e5:66

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dsound

ord1

kernel32

WaitForSingleObject
SetEvent
CreateEventA
ReleaseMutex
CloseHandle
ResumeThread
CreateThread
Sleep
CreateMutexA
HeapSize
OutputDebugStringW
WriteConsoleW
LCMapStringW
GetLastError
HeapFree
HeapReAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
ReadFile
GetCommandLineA
GetCurrentThreadId
GetProcessHeap
EncodePointer
DecodePointer
CreateFileW
GetFileType
GetModuleHandleW
GetProcAddress
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
RtlUnwindEx
GetStdHandle
DeleteCriticalSection
GetStartupInfoW
HeapAlloc
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetConsoleMode
ReadConsoleW
WriteFile
GetConsoleCP
SetFilePointerEx
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEndOfFile
GetModuleFileNameW
LoadLibraryExW
FlushFileBuffers
GetStringTypeW
DeleteFileW

user32

GetForegroundWindow

winmm

waveOutUnprepareHeader
waveOutWrite
waveOutGetNumDevs
waveOutPrepareHeader
waveOutClose
waveOutOpen
waveOutReset

Exports

Exports

MikMod_Active
MikMod_DisableOutput
MikMod_DriverFromAlias
MikMod_EnableOutput
MikMod_Exit
MikMod_GetVersion
MikMod_InfoDriver
MikMod_InfoLoader
MikMod_Init
MikMod_InitThreads
MikMod_Lock
MikMod_RegisterAllDrivers
MikMod_RegisterAllLoaders
MikMod_RegisterDriver
MikMod_RegisterErrorHandler
MikMod_RegisterLoader
MikMod_RegisterPlayer
MikMod_Reset
MikMod_SetNumVoices
MikMod_Unlock
MikMod_Update
MikMod_critical
MikMod_errno
MikMod_strerror
Player_Active
Player_Free
Player_GetChannelPeriod
Player_GetChannelVoice
Player_GetLoop
Player_GetModule
Player_GetWrap
Player_Load
Player_LoadFP
Player_LoadGeneric
Player_LoadTitle
Player_LoadTitleFP
Player_Mute
Player_Muted
Player_NextPosition
Player_Paused
Player_PrevPosition
Player_SetLoop
Player_SetPosition
Player_SetSpeed
Player_SetTempo
Player_SetVolume
Player_SetWrap
Player_Start
Player_Stop
Player_ToggleMute
Player_TogglePause
Player_Unmute
Sample_Free
Sample_Load
Sample_LoadFP
Sample_LoadGeneric
Sample_Play
VC_Exit
VC_Init
VC_PlayStart
VC_PlayStop
VC_SampleLength
VC_SampleLoad
VC_SampleSpace
VC_SampleUnload
VC_SetNumVoices
VC_SilenceBytes
VC_VoiceGetFrequency
VC_VoiceGetPanning
VC_VoiceGetPosition
VC_VoiceGetVolume
VC_VoicePlay
VC_VoiceRealVolume
VC_VoiceSetFrequency
VC_VoiceSetPanning
VC_VoiceSetVolume
VC_VoiceStop
VC_VoiceStopped
VC_WriteBytes
Voice_GetFrequency
Voice_GetPanning
Voice_GetPosition
Voice_GetVolume
Voice_Play
Voice_RealVolume
Voice_SetFrequency
Voice_SetPanning
Voice_SetVolume
Voice_Stop
Voice_Stopped
drv_ds
drv_nos
drv_raw
drv_stdout
drv_wav
drv_win
load_669
load_amf
load_dsm
load_far
load_gdm
load_imf
load_it
load_m15
load_med
load_mod
load_mtm
load_okt
load_s3m
load_stm
load_stx
load_ult
load_uni
load_xm
md_device
md_driver
md_mixfreq
md_mode
md_musicvolume
md_pansep
md_reverb
md_sndfxvolume
md_volume

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/lua53-32.dll
.dll windows x86

3991c01e50953690ce06a82b4aab452d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:f1:82:b9:ac:cb:79:f5:91:30:16:5e:f7:1d:55:44:76:8b:4c:b7:eb:fa:3a:28:1b:2b:36:3d:99:e1:ae:e6
Signer

Actual PE Digest

66:f1:82:b9:ac:cb:79:f5:91:30:16:5e:f7:1d:55:44:76:8b:4c:b7:eb:fa:3a:28:1b:2b:36:3d:99:e1:ae:e6

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 09:03
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

b7:e3:aa:fa:3a:68:03:ad:48:ef:fc:5e:b7:36:a9:f6:9a:06:cc:08
Signer

Actual PE Digest

b7:e3:aa:fa:3a:68:03:ad:48:ef:fc:5e:b7:36:a9:f6:9a:06:cc:08

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 09:03
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleFileNameA
LoadLibraryExA
GetLastError
GetProcAddress
FreeLibrary
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RaiseException
CloseHandle
DuplicateHandle
CreateProcessA
GetTempPathW
ReadFile
ExitProcess
GetModuleHandleExW
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
HeapReAlloc
GetACP
ReadConsoleW
WaitForSingleObject
GetExitCodeProcess
GetFileAttributesExW
CreatePipe
CreateFileW
SetFilePointerEx
GetStringTypeW
DeleteFileW
GetTimeZoneInformation
MoveFileExW
GetCPInfo
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
SetStdHandle
WriteConsoleW
HeapSize
SetEndOfFile
DecodePointer

Exports

Exports

luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_buffinitsize
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_checkversion_
luaL_error
luaL_execresult
luaL_fileresult
luaL_getmetafield
luaL_getsubtable
luaL_gsub
luaL_len
luaL_loadbufferx
luaL_loadfilex
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffsize
luaL_pushmodule
luaL_pushresult
luaL_pushresultsize
luaL_ref
luaL_requiref
luaL_setfuncs
luaL_setmetatable
luaL_testudata
luaL_tolstring
luaL_traceback
luaL_unref
luaL_where
lua_absindex
lua_arith
lua_atpanic
lua_callk
lua_checkstack
lua_close
lua_compare
lua_concat
lua_copy
lua_createtable
lua_dump
lua_error
lua_gc
lua_getallocf
lua_getfield
lua_getglobal
lua_gethook
lua_gethookcount
lua_gethookmask
lua_geti
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_getuservalue
lua_iscfunction
lua_isinteger
lua_isnumber
lua_isstring
lua_isuserdata
lua_isyieldable
lua_len
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_pcallk
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawgetp
lua_rawlen
lua_rawset
lua_rawseti
lua_rawsetp
lua_resume
lua_rotate
lua_setallocf
lua_setfield
lua_setglobal
lua_sethook
lua_seti
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_setuservalue
lua_status
lua_stringtonumber
lua_toboolean
lua_tocfunction
lua_tointegerx
lua_tolstring
lua_tonumberx
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_upvalueid
lua_upvaluejoin
lua_version
lua_xmove
lua_yieldk
luaopen_base
luaopen_bit32
luaopen_coroutine
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table
luaopen_utf8

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/lua53-64.dll
.dll windows x64

779703c2d47ce86829a9221b077786f6

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

19-05-2020 09:15

Not After

04-07-2022 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:24:f5:6e:29:14:f8:4e:f1:41:77:d6:d5:6f:d1:de:1e:6f:c9:aa:eb:80:59:e4:25:e8:0a:a4:2e:7e:d4:28
Signer

Actual PE Digest

81:24:f5:6e:29:14:f8:4e:f1:41:77:d6:d5:6f:d1:de:1e:6f:c9:aa:eb:80:59:e4:25:e8:0a:a4:2e:7e:d4:28

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 09:03
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

63:38:84:cf:4a:92:39:93:31:3d:d1:94:0f:fe:b6:98:63:14:7b:89
Signer

Actual PE Digest

63:38:84:cf:4a:92:39:93:31:3d:d1:94:0f:fe:b6:98:63:14:7b:89

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

01-11-2020 09:03
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Irenelaan 24,L=Waalre,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleFileNameA
LoadLibraryExA
GetLastError
GetProcAddress
FreeLibrary
FormatMessageA
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
SetLastError
EncodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlPcToFileHeader
CloseHandle
DuplicateHandle
CreateProcessA
GetTempPathW
ReadFile
ExitProcess
GetModuleHandleExW
QueryPerformanceFrequency
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
HeapReAlloc
GetACP
ReadConsoleW
WaitForSingleObject
GetExitCodeProcess
GetFileAttributesExW
CreatePipe
CreateFileW
SetFilePointerEx
GetStringTypeW
DeleteFileW
GetTimeZoneInformation
MoveFileExW
GetCPInfo
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
SetStdHandle
WriteConsoleW
HeapSize
SetEndOfFile
RtlUnwind

Exports

Exports

?luaL_buffinit@@YAXPEAUlua_State@@PEAUluaL_Buffer@@@Z
?luaL_openlib@@YAXPEAUlua_State@@PEBDPEBUluaL_Reg@@H@Z
?luaL_pushmodule@@YAXPEAUlua_State@@PEBDH@Z
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinitsize
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_checkversion_
luaL_error
luaL_execresult
luaL_fileresult
luaL_getmetafield
luaL_getsubtable
luaL_gsub
luaL_len
luaL_loadbufferx
luaL_loadfilex
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffsize
luaL_pushresult
luaL_pushresultsize
luaL_ref
luaL_requiref
luaL_setfuncs
luaL_setmetatable
luaL_testudata
luaL_tolstring
luaL_traceback
luaL_unref
luaL_where
lua_absindex
lua_arith
lua_atpanic
lua_callk
lua_checkstack
lua_close
lua_compare
lua_concat
lua_copy
lua_createtable
lua_dump
lua_error
lua_gc
lua_getallocf
lua_getfield
lua_getglobal
lua_gethook
lua_gethookcount
lua_gethookmask
lua_geti
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_getuservalue
lua_iscfunction
lua_isinteger
lua_isnumber
lua_isstring
lua_isuserdata
lua_isyieldable
lua_len
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_pcallk
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawgetp
lua_rawlen
lua_rawset
lua_rawseti
lua_rawsetp
lua_resume
lua_rotate
lua_setallocf
lua_setfield
lua_setglobal
lua_sethook
lua_seti
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_setuservalue
lua_status
lua_stringtonumber
lua_toboolean
lua_tocfunction
lua_tointegerx
lua_tolstring
lua_tonumberx
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_upvalueid
lua_upvaluejoin
lua_version
lua_xmove
lua_yieldk
luaopen_base
luaopen_bit32
luaopen_coroutine
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table
luaopen_utf8

Sections

.text
Size: 374KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/luaclient-i386.dll
.dll windows x86

def566e51c77199de7f626db0f0362ab

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:c6:d2:98:7a:71:19:59:31:0f:c5:d1:97:f9:93:89:0d:f2:70:9b:99:a8:d7:09:a1:2b:8d:67:a1:76:e6:44
Signer

Actual PE Digest

4a:c6:d2:98:7a:71:19:59:31:0f:c5:d1:97:f9:93:89:0d:f2:70:9b:99:a8:d7:09:a1:2b:8d:67:a1:76:e6:44

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

dd:e2:1f:05:28:5a:20:00:8b:6c:5b:4d:76:b8:8a:51:1a:8b:5e:e6
Signer

Actual PE Digest

dd:e2:1f:05:28:5a:20:00:8b:6c:5b:4d:76:b8:8a:51:1a:8b:5e:e6

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
GetProcAddress
CreateFileW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
FormatMessageA
GetWindowsDirectoryA
CreateFileA
GetVersionExA
CompareStringA
GetLocaleInfoA
EnumCalendarInfoA
CompareStringW
VirtualFree
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetSystemMetrics
MessageBeep

Exports

Exports

CELUA_ExecuteFunction
CELUA_ExecuteFunctionAsync
CELUA_ExecuteFunctionByReference
CELUA_GetFunctionReferenceFromName
CELUA_Initialize
CELUA_ServerName

Sections

.text
Size: 128KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/luaclient-x86_64.dll
.dll windows x64

693df4c5ee4798e4b60b6be55e39aa75

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a6:77:26:68:3b:47:ce:fd:04:86:62:10:91:01:88:73:00:6f:f2:3e:33:48:c2:f7:02:27:9c:7e:8e:20:7f:2e
Signer

Actual PE Digest

a6:77:26:68:3b:47:ce:fd:04:86:62:10:91:01:88:73:00:6f:f2:3e:33:48:c2:f7:02:27:9c:7e:8e:20:7f:2e

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

31:b3:b1:74:b9:5e:2d:48:7d:0f:84:0f:85:23:03:ac:79:e9:04:f0
Signer

Actual PE Digest

31:b3:b1:74:b9:5e:2d:48:7d:0f:84:0f:85:23:03:ac:79:e9:04:f0

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
GetProcAddress
CreateFileW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
FormatMessageA
GetWindowsDirectoryA
CreateFileA
GetVersionExA
CompareStringA
GetLocaleInfoA
EnumCalendarInfoA
CompareStringW
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetSystemMetrics
MessageBeep

Exports

Exports

CELUA_ExecuteFunction
CELUA_ExecuteFunctionAsync
CELUA_ExecuteFunctionByReference
CELUA_GetFunctionReferenceFromName
CELUA_Initialize
CELUA_ServerName

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/main.lua
ch/overlay.fx
ch/plugins/c# template/CEPluginLibrary.sln
ch/plugins/c# template/CEPluginLibrary/CEPluginLibrary.csproj
ch/plugins/c# template/CEPluginLibrary/PluginExample.cs
.js
ch/plugins/c# template/CEPluginLibrary/PluginExampleForm.Designer.cs
ch/plugins/c# template/CEPluginLibrary/PluginExampleForm.cs
.js
ch/plugins/c# template/CEPluginLibrary/PluginExampleForm.resx
.vbs
ch/plugins/c# template/CEPluginLibrary/Properties/AssemblyInfo.cs
ch/plugins/c# template/CEPluginLibrary/SDK/CEObjectWrapper.cs
ch/plugins/c# template/CEPluginLibrary/SDK/CESDK.cs
ch/plugins/c# template/CEPluginLibrary/SDK/CESDKLua.cs
ch/plugins/c# template/CEPluginLibrary/SDK/FoundList.cs
ch/plugins/c# template/CEPluginLibrary/SDK/MemScan.cs
ch/plugins/c# template/CEPluginLibrary/bin/Release/CEPluginExample.dll
.dll windows x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mscoree

_CorDllMain

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/plugins/cepluginsdk.h
ch/plugins/cepluginsdk.pas
.js
ch/plugins/example-c/bla.h
ch/plugins/example-c/example-c.c
ch/plugins/example-c/example-c.def
ch/plugins/example-c/example-c.sln
ch/plugins/example-c/example-c.vcproj
.xml
ch/plugins/example-c/example-c.vcxproj
ch/plugins/example-c/example-c.vcxproj.filters
ch/plugins/lauxlib.h
ch/plugins/lua.h
ch/plugins/lua.hpp
ch/plugins/lua53-32.lib
ch/plugins/lua53-64.lib
ch/plugins/luaconf.h
ch/plugins/lualib.h
ch/speedhack-i386.dll
.dll windows x86

5e630116f4d694afc4101c9e0d26d4f6

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:27:df:22:70:95:a9:1b:a9:68:8a:17:49:cc:7f:24:67:d5:66:3f:d8:7d:07:1f:25:ce:81:6e:6d:c1:f7:0c
Signer

Actual PE Digest

03:27:df:22:70:95:a9:1b:a9:68:8a:17:49:cc:7f:24:67:d5:66:3f:d8:7d:07:1f:25:ce:81:6e:6d:c1:f7:0c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

db:ff:9a:2e:2e:13:db:a9:c3:b7:08:f0:b0:90:bc:8f:ba:2a:87:4e
Signer

Actual PE Digest

db:ff:9a:2e:2e:13:db:a9:c3:b7:08:f0:b0:90:bc:8f:ba:2a:87:4e

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
LoadLibraryA
GetProcAddress
CreateFileW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
FormatMessageA
GetWindowsDirectoryA
GetVersionExA
CompareStringA
GetLocaleInfoA
EnumCalendarInfoA
CompareStringW
VirtualFree
QueryPerformanceCounter
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetSystemMetrics
MessageBeep

Exports

Exports

InitializeSpeedhack
realGetTickCount
realGetTickCount64
realQueryPerformanceCounter
speedhackversion_GetTickCount
speedhackversion_GetTickCount64
speedhackversion_QueryPerformanceCounter

Sections

.text
Size: 132KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/speedhack-x86_64.dll
.dll windows x64

5665fc753ef1d84a6a296568fcb5f05d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4a:02:a3:8a:22:0b:b0:d2:d9:6d:da:28
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

27-02-2017 15:50

Not After

03-04-2018 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

11:21:06:f1:0f:ce:68:f0:9b:fa:e5:5b:18:cd:8f:20:01:77
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for Advanced - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

34:5b:db:86:09:27:74:b8:d3:11:2a:8e:5f:f4:4e:e6:54:cd:9d:94:28:6f:7a:60:4f:cf:1f:b8:dd:18:44:a9
Signer

Actual PE Digest

34:5b:db:86:09:27:74:b8:d3:11:2a:8e:5f:f4:4e:e6:54:cd:9d:94:28:6f:7a:60:4f:cf:1f:b8:dd:18:44:a9

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:24
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

ba:52:40:30:70:40:9c:ce:47:a1:48:fd:2d:81:63:74:7d:7e:75:72
Signer

Actual PE Digest

ba:52:40:30:70:40:9c:ce:47:a1:48:fd:2d:81:63:74:7d:7e:75:72

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

20-04-2017 10:23
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
CreateFileW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
FormatMessageA
GetWindowsDirectoryA
GetVersionExA
CompareStringA
GetLocaleInfoA
EnumCalendarInfoA
CompareStringW
QueryPerformanceCounter
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetSystemMetrics
MessageBeep

Exports

Exports

InitializeSpeedhack
realGetTickCount
realGetTickCount64
realQueryPerformanceCounter
speedhackversion_GetTickCount
speedhackversion_GetTickCount64
speedhackversion_QueryPerformanceCounter

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/standalonephase1.dat
.exe windows x86

8d92fa1956a6a631c642190121740197

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathAddBackslashA
PathStripPathA
PathRemoveFileSpecA

kernel32

GetModuleFileNameA
FindResourceA
GetModuleHandleA
SizeofResource
LoadResource
GetTempPathA
CreateDirectoryA
DeleteFileA
CreateFileA
WriteFile
CloseHandle
CreateProcessA
WaitForSingleObject
RemoveDirectoryA
FlushFileBuffers
GetTempFileNameA
GetCurrentThreadId
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize

user32

MessageBoxA

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorA

Sections

.text
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 788B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/standalonephase2.dat
.exe windows x86

1a209ae45f4e8f52826f76d22f42a5e3

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
GetProcAddress
DeleteFileW
CreateFileW
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
FormatMessageA
GetWindowsDirectoryA
CreateProcessA
GetVersionExA
CompareStringA
GetLocaleInfoA
EnumCalendarInfoA
FindFirstFileW
FindNextFileW
CompareStringW
VirtualFree
FindClose
FileTimeToLocalFileTime
FileTimeToDosDateTime
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetSystemMetrics
MessageBeep

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 14KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ch/vehdebug-i386.dll
.dll windows x86

5e7c73d37d44319a40c093a56c0eafa1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetStdHandle
GetConsoleMode
TlsGetValue
GetLastError
SetLastError
ExitProcess
GetStartupInfoA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageW
CreateFileW
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsFree
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
OpenFileMappingA
OutputDebugStringA
GetWindowsDirectoryA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
CompareStringW
GetDateFormatW
VirtualFree
GetCurrentThread
WaitForMultipleObjects
GetLocalTime
MapViewOfFile
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID
SetThreadContext

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetSystemMetrics
MessageBeep

ole32

CoUninitialize
CoInitialize
GetErrorInfo

Exports

Exports

ConfigName
InitializeVEH
UnloadVEH
fm

Sections

.text
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/vehdebug-x86_64.dll
.dll windows x64

76083037bd7ee81e7939b58f20e87b85

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetStdHandle
GetConsoleMode
TlsGetValue
GetLastError
SetLastError
ExitProcess
GetStartupInfoA
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
GetSystemInfo
LoadLibraryW
LoadLibraryA
GetProcAddress
FreeLibrary
FormatMessageW
CreateFileW
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsFree
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
OpenFileMappingA
OutputDebugStringA
GetWindowsDirectoryA
GetVersionExA
CompareStringA
GetLocaleInfoA
GetDateFormatA
EnumCalendarInfoA
CompareStringW
GetDateFormatW
GetCurrentThread
WaitForMultipleObjects
GetLocalTime
MapViewOfFile
GetCPInfo
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID
SetThreadContext

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayRedim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayPtrOfIndex
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetSystemMetrics
MessageBeep

ole32

CoUninitialize
CoInitialize
GetErrorInfo

Exports

Exports

ConfigName
InitializeVEH
UnloadVEH
fm

Sections

.text
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/vmdisk.img
.vbs
ch/vmdisk.img.sig
ch/win32/dbghelp.dll
.dll windows x86

c4677aef9c8c5ed50bde782c8933dff3

Code Sign

33:00:00:00:33:e5:27:86:a3:0e:4a:2a:80:00:00:00:00:00:33
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

27-03-2013 20:08

Not After

27-06-2014 20:08

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-01-2013 22:33

Not After

24-04-2014 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30-08-2012 17:49

Not After

30-11-2013 17:49

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:33:53:5a:9c:b4:5c:8c:68:9b:e3:e4:db:67:6e:1a:b8:91:3c:b6:ee:5c:62:7a:86:02:27:31:b2:4b:c0:86
Signer

Actual PE Digest

39:33:53:5a:9c:b4:5c:8c:68:9b:e3:e4:db:67:6e:1a:b8:91:3c:b6:ee:5c:62:7a:86:02:27:31:b2:4b:c0:86

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09-03-2023 19:03
Valid: false

a8:71:0f:4c:84:bb:29:4e:8b:2d:d2:44:73:f2:ea:47:05:53:73:60
Signer

Actual PE Digest

a8:71:0f:4c:84:bb:29:4e:8b:2d:d2:44:73:f2:ea:47:05:53:73:60

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

22-08-2013 05:03
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_lseeki64
_write
_isatty
__pioinfo
__badioinfo
_read
ferror
wctomb
_itoa
_snprintf
_iob
__mb_cur_max
mbtowc
_fileno
isleadbyte
??1type_info@@UAE@XZ
_onexit
__dllonexit
_unlock
_lock
memset
memcpy
_ismbblead
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UBEPBDXZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
??0exception@@QAE@XZ
memmove
__CxxFrameHandler
_errno
iswspace
calloc
_wcsdup
towlower
tolower
_wcslwr
_wctime
time
_ltoa
_strnicmp
_purecall
ctime
malloc
strncmp
isspace
_stricmp
_strlwr
_vsnwprintf
iswprint
fprintf
fflush
atol
fclose
iswdigit
__unDName
bsearch
strchr
fread
fseek
_wfsopen
wcstoul
_wfullpath
_wgetenv
_chsize
_close
_get_osfhandle
_open_osfhandle
ftell
_mbscmp
_memicmp
wcsrchr
strstr
free
realloc
qsort
iswxdigit
wcsncmp
wcschr
_wcsnicmp
_wcsicmp
wcsstr
_wsopen
memcmp

kernel32

InitializeCriticalSectionAndSpinCount
DeviceIoControl
GetFileType
CopyFileExW
SetFileAttributesW
LCMapStringW
InterlockedDecrement
InterlockedIncrement
LoadLibraryExA
GetModuleHandleW
MapViewOfFileEx
FlushViewOfFile
LocalFree
GetSystemTimeAsFileTime
GetVersion
RtlUnwind
GetThreadSelectorEntry
TerminateThread
HeapCreate
HeapDestroy
VirtualQueryEx
GetThreadTimes
GetThreadPriority
GetPriorityClass
GetThreadContext
ResumeThread
SuspendThread
CreateFileMappingA
GetSystemInfo
LoadLibraryA
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlCaptureContext
ReadProcessMemory
GetFileAttributesA
SetErrorMode
OutputDebugStringA
WriteFile
VirtualFree
OpenProcess
GetCurrentProcessId
GetModuleHandleA
MapViewOfFile
DuplicateHandle
VirtualProtect
LocalAlloc
RaiseException
SetLastError
FindClose
EnterCriticalSection
LeaveCriticalSection
GetLastError
DeleteCriticalSection
ExitThread
GetTickCount
CloseHandle
InitializeCriticalSection
CreateThread
WaitForSingleObject
GetExitCodeThread
CreateFileA
GetFileSize
ReadFile
TlsGetValue
TlsSetValue
FreeLibrary
TlsAlloc
TlsFree
GetVersionExA
GetProcessHeap
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
Sleep
SetEnvironmentVariableA
SetFilePointer
VirtualAlloc
GetCurrentProcess
UnmapViewOfFile
CreateDirectoryA
DelayLoadFailureHook

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetSymLoadError
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
RangeMapAddPeImageSections
RangeMapCreate
RangeMapFree
RangeMapRead
RangeMapRemove
RangeMapWrite
RemoveInvalidModuleList
ReportSymbolLoadSummary
SearchTreeForFile
SearchTreeForFileW
SetCheckUserInterruptShared
SetSymLoadError
StackWalk
StackWalk64
StackWalkEx
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymAddrIncludeInlineTrace
SymCleanup
SymCompareInlineTrace
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsEx
SymEnumSymbolsExW
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromInlineContext
SymFromInlineContextW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymFunctionTableAccess64AccessRoutines
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromInlineContext
SymGetLineFromInlineContextW
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymQueryInlineTrace
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetScopeFromInlineContext
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
inlinedbg
itoldyouso
lmi
lminfo
omap
optdbgdump
optdbgdumpaddr
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/win32/sqlite3.dll
.dll windows x86

230a27f853cf10a1df9e740ea4395684

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FormatMessageA
FormatMessageW
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
SystemTimeToFileTime
TlsGetValue
TryEnterCriticalSection
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile

msvcrt

__dllonexit
_beginthreadex
_endthreadex
_errno
_iob
abort
calloc
fflush
free
fwrite
localtime
malloc
memcmp
memcpy
memmove
realloc
strcmp
strncmp
vfprintf

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.eh_fram
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/win32/symsrv.dll
.dll windows x86

ca78522ba405c0c8288d5fa9c2ce9d3d

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-09-2012 21:12

Not After

04-12-2013 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-01-2013 22:33

Not After

24-04-2014 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30-08-2012 17:49

Not After

30-11-2013 17:49

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:ad:14:63:ef:9a:58:78:51:54:bb:d7:db:7e:12:c8:c7:df:8b:59:f3:77:57:d3:8e:70:e2:de:ba:85:bf:5c
Signer

Actual PE Digest

8e:ad:14:63:ef:9a:58:78:51:54:bb:d7:db:7e:12:c8:c7:df:8b:59:f3:77:57:d3:8e:70:e2:de:ba:85:bf:5c

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09-03-2023 19:03
Valid: false

d7:e9:d2:52:42:10:7c:c1:f5:56:81:33:ea:85:f0:5c:b7:07:24:e9
Signer

Actual PE Digest

d7:e9:d2:52:42:10:7c:c1:f5:56:81:33:ea:85:f0:5c:b7:07:24:e9

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

22-08-2013 05:04
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

ferror
wctomb
_itoa
_snprintf
_iob
__mb_cur_max
mbtowc
_fileno
isleadbyte
memset
_initterm
_amsg_exit
_XcptFilter
_errno
__badioinfo
__pioinfo
_vsnwprintf
malloc
free
_wtoi64
_wcslwr
strrchr
_isatty
_write
_lseeki64
memcpy
fclose
wcsrchr
fgetws
_wfopen
_stricmp
getenv
iswspace
wcsstr
tolower
isspace
towlower
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsnicmp
_wcsicmp
wcschr

kernel32

LoadLibraryExA
RaiseException
GetModuleHandleA
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlUnwind
OutputDebugStringA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
SetErrorMode
GlobalFree
ReleaseMutex
LocalFileTimeToFileTime
DeleteFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFileTime
SetFilePointer
CreateFileA
DosDateTimeToFileTime
FileTimeToDosDateTime
DeleteCriticalSection
InitializeCriticalSection
CreateThread
GetSystemTime
GetFileTime
ReadFile
WaitForSingleObject
SetWaitableTimer
GetFileSize
LoadLibraryA
LocalFree
DebugBreak
CloseHandle
LocalAlloc
LeaveCriticalSection
GetLastError
SetLastError
EnterCriticalSection
GetCurrentProcess
GetTickCount
GetSystemTimeAsFileTime
WriteFile
LocalReAlloc

advapi32

GetTokenInformation
EqualSid
AllocateAndInitializeSid
FreeSid
RegCloseKey
OpenProcessToken

shlwapi

PathIsUNCServerW
PathFindNextComponentW
PathIsUNCW

ws2_32

GetAddrInfoW
WSACleanup
WSAStartup
FreeAddrInfoW

Exports

Exports

EulaDlgProc
RunDllEntry
SymbolServer
SymbolServerByIndex
SymbolServerByIndexW
SymbolServerClose
SymbolServerDeltaName
SymbolServerDeltaNameW
SymbolServerGetIndexString
SymbolServerGetIndexStringW
SymbolServerGetOptions
SymbolServerGetSupplement
SymbolServerGetSupplementW
SymbolServerGetVersion
SymbolServerIsStore
SymbolServerIsStoreW
SymbolServerPing
SymbolServerPingW
SymbolServerPingWEx
SymbolServerSetOptions
SymbolServerSetOptionsW
SymbolServerStoreFile
SymbolServerStoreFileW
SymbolServerStoreSupplement
SymbolServerStoreSupplementW
SymbolServerW
SymbolServerWEx
httpCloseHandle
httpOpenFileHandle
httpOpenFileHandleW
httpQueryDataAvailable
httpReadFile

Sections

.text
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/win64/dbghelp.dll
.dll windows x64

1070d0a734a349d697cec96febe8448f

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-09-2012 21:12

Not After

04-12-2013 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24-01-2013 22:33

Not After

24-04-2014 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:16:11:04:b4:88:38:8c:be:c3:00:00:00:00:00:16
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30-08-2012 17:49

Not After

30-11-2013 17:49

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

68:87:e2:48:69:c7:7c:2e:c6:a9:c0:b9:fc:ce:a2:ee:7d:25:4f:ba:15:68:4c:d7:09:17:df:2c:d2:bd:00:d3
Signer

Actual PE Digest

68:87:e2:48:69:c7:7c:2e:c6:a9:c0:b9:fc:ce:a2:ee:7d:25:4f:ba:15:68:4c:d7:09:17:df:2c:d2:bd:00:d3

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09-03-2023 19:03
Valid: false

bd:f5:ff:62:11:dc:7f:f9:cc:14:b8:b8:6f:f4:51:08:f7:ff:de:8a
Signer

Actual PE Digest

bd:f5:ff:62:11:dc:7f:f9:cc:14:b8:b8:6f:f4:51:08:f7:ff:de:8a

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

22-08-2013 12:18
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_lseeki64
_write
_isatty
__pioinfo
__badioinfo
_read
ferror
wctomb
_itoa
_snprintf
_iob
__mb_cur_max
mbtowc
_fileno
isleadbyte
??1type_info@@UEAA@XZ
_onexit
__dllonexit
_unlock
_lock
memset
memcpy
_ismbblead
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
_callnewh
?what@exception@@UEBAPEBDXZ
??1exception@@UEAA@XZ
??0exception@@QEAA@AEBV0@@Z
??0exception@@QEAA@AEBQEBDH@Z
memmove
__CxxFrameHandler
_errno
iswspace
calloc
_wcsdup
towlower
tolower
_wcslwr
_wctime
time
_ltoa
_strnicmp
_purecall
ctime
malloc
strncmp
isspace
_stricmp
_strlwr
_vsnwprintf
iswprint
fprintf
fflush
atol
fclose
iswdigit
__unDName
bsearch
memcmp
strchr
fread
fseek
_wfsopen
wcstoul
_wfullpath
_time64
_chsize
_close
_get_osfhandle
_open_osfhandle
ftell
_mbscmp
_memicmp
_wgetenv
wcsrchr
strstr
free
realloc
qsort
iswxdigit
wcsncmp
wcschr
_wcsnicmp
_wcsicmp
wcsstr
_wsopen
strcmp
wcscmp

kernel32

SetFileAttributesW
__chkstk
LCMapStringW
LocalFree
CopyFileExW
GetVersion
LoadLibraryExA
GetModuleHandleW
GetFileType
DeviceIoControl
InitializeCriticalSectionAndSpinCount
MapViewOfFileEx
FlushViewOfFile
MoveFileW
HeapCreate
HeapDestroy
VirtualQueryEx
GetThreadTimes
GetThreadPriority
GetPriorityClass
GetThreadContext
ResumeThread
SuspendThread
CreateFileMappingA
IsProcessorFeaturePresent
GetSystemInfo
LoadLibraryA
lstrcmpiW
GetCurrentThreadId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ReadProcessMemory
LoadLibraryW
GetSystemDirectoryW
GetFileAttributesA
SetErrorMode
GetVersionExW
OutputDebugStringW
OutputDebugStringA
WriteFile
VirtualFree
OpenProcess
GetCurrentProcessId
GetModuleHandleA
MapViewOfFile
LocalAlloc
RaiseException
FormatMessageW
SetLastError
FindFirstFileW
FindClose
FindNextFileW
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
GetLastError
DeleteCriticalSection
ExitThread
GetTickCount
CloseHandle
InitializeCriticalSection
CreateThread
WaitForSingleObject
GetExitCodeThread
DeleteFileW
RemoveDirectoryW
CreateFileA
GetFileSize
ReadFile
TlsGetValue
TlsSetValue
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsAlloc
TlsFree
GetVersionExA
GetTempPathW
GetProcessHeap
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
Sleep
GetEnvironmentVariableW
SetEnvironmentVariableA
GetModuleFileNameW
CreateFileW
CopyFileW
CreateDirectoryW
CreateFileMappingW
SetFilePointer
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameW
GetFileAttributesW
CreateDirectoryA
VirtualAlloc
VirtualProtect
DuplicateHandle
GetCurrentProcess
UnmapViewOfFile
DelayLoadFailureHook

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegOpenKeyExA
RegQueryValueExW
RegQueryValueExA
RegQueryInfoKeyW

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesEx
EnumerateLoadedModulesExW
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindDebugInfoFileExW
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetSymLoadError
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MiniDumpReadDumpStream
MiniDumpWriteDump
RangeMapAddPeImageSections
RangeMapCreate
RangeMapFree
RangeMapRead
RangeMapRemove
RangeMapWrite
RemoveInvalidModuleList
ReportSymbolLoadSummary
SearchTreeForFile
SearchTreeForFileW
SetCheckUserInterruptShared
SetSymLoadError
StackWalk
StackWalk64
StackWalkEx
SymAddSourceStream
SymAddSourceStreamA
SymAddSourceStreamW
SymAddSymbol
SymAddSymbolW
SymAddrIncludeInlineTrace
SymCleanup
SymCompareInlineTrace
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFileTokens
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsEx
SymEnumSymbolsExW
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesByName
SymEnumTypesByNameW
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindDebugInfoFile
SymFindDebugInfoFileW
SymFindExecutableImage
SymFindExecutableImageW
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromInlineContext
SymFromInlineContextW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymFunctionTableAccess64AccessRoutines
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromInlineContext
SymGetLineFromInlineContextW
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOmaps
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymGetUnwindInfo
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymQueryInlineTrace
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetScopeFromAddr
SymSetScopeFromIndex
SymSetScopeFromInlineContext
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexInfo
SymSrvGetFileIndexInfoW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
WinDbgExtensionDllInit
block
chksym
dbghelp
dh
fptr
homedir
inlinedbg
itoldyouso
lmi
lminfo
omap
optdbgdump
optdbgdumpaddr
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/win64/sqlite3.dll
.dll windows x64

6cc72dfd29b7bcfb61ec75e3082dfc41

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetProcAddress
GetLastError
GetTempPathW
FlushFileBuffers
MultiByteToWideChar
CreateFileW
ReadFile
GetFileAttributesW
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
GetVersionExW
FormatMessageW
Sleep
LoadLibraryW
WideCharToMultiByte
WriteFile
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
GetTickCount
OutputDebugStringW
WaitForSingleObjectEx
LockFile
UnlockFile
WaitForSingleObject
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
FreeLibrary
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
DeleteFileA
AreFileApisANSI
GetSystemTime
LocalFree
GetTempPathA
GetCurrentProcessId
DeleteFileW
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
CreateThread
ExitThread
LoadLibraryExW
GetCommandLineA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetCurrentProcess
TerminateProcess
GetStartupInfoW
GetModuleHandleW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
GetTimeZoneInformation
SetLastError
GetCurrentThread
RtlUnwindEx
GetFileType
InitializeCriticalSectionAndSpinCount
InitOnceExecuteOnce
GetModuleFileNameA
GetTickCount64
GetEnvironmentStringsW
FreeEnvironmentStringsW
FatalAppExitA
SetConsoleCtrlHandler
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetTimeFormatEx
GetDateFormatEx
CompareStringEx
GetLocaleInfoEx
GetUserDefaultLocaleName
LCMapStringEx
IsValidLocaleName
EnumSystemLocalesEx
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableA
SetStdHandle
SetFilePointerEx
WriteConsoleW

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_database_name
sqlite3_column_database_name16
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_origin_name
sqlite3_column_origin_name16
sqlite3_column_table_name
sqlite3_column_table_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_data_directory
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/win64/symsrv.dll
.dll windows x64

9e212ffe0679a2b77355884e27f8770c

Code Sign

33:00:00:00:59:d6:73:cd:51:8e:f0:22:c5:00:00:00:00:00:59
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23-05-2014 17:13

Not After

23-08-2015 17:13

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:ca:6c:d5:32:12:35:c4:e1:55:00:01:00:00:00:ca
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22-04-2014 17:39

Not After

22-07-2015 17:39

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:7b:a2:81:0b:87:11:ab:e7:fc:00:00:00:00:00:7b
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01-10-2014 18:06

Not After

01-01-2016 18:06

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:16:5a:7f:4e:7a:38:4c:53:a9:04:b6:29:44:95:c1:12:7c:0a:c0:ae:e2:33:bc:71:e1:e4:8a:12:21:50:90
Signer

Actual PE Digest

17:16:5a:7f:4e:7a:38:4c:53:a9:04:b6:29:44:95:c1:12:7c:0a:c0:ae:e2:33:bc:71:e1:e4:8a:12:21:50:90

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

09-03-2023 19:03
Valid: false

15:c1:af:8a:58:5a:d0:36:44:c3:55:7d:9c:d1:ca:34:ca:13:e4:cb
Signer

Actual PE Digest

15:c1:af:8a:58:5a:d0:36:44:c3:55:7d:9c:d1:ca:34:ca:13:e4:cb

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

false

Verification

Signing Certificate

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

25-10-2014 02:01
Valid: false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

ferror
wctomb
_itoa
_snprintf
_iob
__mb_cur_max
mbtowc
_fileno
isleadbyte
memset
memcpy
__C_specific_handler
_initterm
_amsg_exit
_XcptFilter
__badioinfo
__pioinfo
_errno
_isatty
_write
_lseeki64
_vsnwprintf
malloc
free
_wtoi64
_wcslwr
strrchr
fclose
wcsrchr
fgetws
_wfopen
_stricmp
??2@YAPEAX_K@Z
getenv
iswspace
??3@YAXPEAX@Z
wcsstr
tolower
isspace
towlower
_wcsnicmp
_wcsicmp
wcschr
wcscmp

kernel32

FreeLibrary
LoadLibraryExA
VirtualQuery
RaiseException
GetSystemInfo
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
OutputDebugStringA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VirtualProtect
Sleep
SetErrorMode
GetDriveTypeW
GlobalFree
ReleaseMutex
OpenMutexW
LoadLibraryW
GetSystemDirectoryW
GetPrivateProfileSectionW
GetPrivateProfileIntW
GetModuleFileNameW
LocalFileTimeToFileTime
ExpandEnvironmentStringsW
DeleteFileA
GetFileInformationByHandle
FileTimeToLocalFileTime
SetFileTime
SetFilePointer
CreateFileA
DosDateTimeToFileTime
FileTimeToDosDateTime
DeleteCriticalSection
InitializeCriticalSection
CreateThread
GetSystemTime
CopyFileW
LeaveCriticalSection
GetFileAttributesW
GetLastError
SetLastError
EnterCriticalSection
GetEnvironmentVariableW
GetCurrentProcess
CreateDirectoryW
OutputDebugStringW
GetModuleHandleW
GetTickCount
GetSystemTimeAsFileTime
WriteFile
WideCharToMultiByte
FormatMessageW
GetVersionExW
LocalReAlloc
CreateFileW
MultiByteToWideChar
GetProcAddress
LocalAlloc
RemoveDirectoryW
CloseHandle
DebugBreak
LocalFree
DeleteFileW
GetFileSize
CopyFileExW
SetWaitableTimer
WaitForSingleObject
ReadFile
MoveFileW
CreateWaitableTimerW
GetFileTime
LoadLibraryA

advapi32

GetTokenInformation
EqualSid
AllocateAndInitializeSid
FreeSid
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegCloseKey
OpenProcessToken

shlwapi

PathIsUNCServerW
PathFindNextComponentW
PathIsUNCW

ws2_32

WSAStartup
FreeAddrInfoW
GetAddrInfoW
WSACleanup

Exports

Exports

EulaDlgProc
RunDllEntry
SymbolServer
SymbolServerByIndex
SymbolServerByIndexW
SymbolServerClose
SymbolServerDeltaName
SymbolServerDeltaNameW
SymbolServerGetIndexString
SymbolServerGetIndexStringW
SymbolServerGetOptions
SymbolServerGetSupplement
SymbolServerGetSupplementW
SymbolServerGetVersion
SymbolServerIsStore
SymbolServerIsStoreW
SymbolServerPing
SymbolServerPingW
SymbolServerPingWEx
SymbolServerSetOptions
SymbolServerSetOptionsW
SymbolServerStoreFile
SymbolServerStoreFileW
SymbolServerStoreSupplement
SymbolServerStoreSupplementW
SymbolServerW
SymbolServerWEx
httpCloseHandle
httpOpenFileHandle
httpOpenFileHandleW
httpQueryDataAvailable
httpReadFile

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/windowsrepair.exe
.exe windows x86

7107c2ceeefdd44e30adb2412dcff15d

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13-04-2011 10:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24-05-2016 00:00

Not After

24-06-2027 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:97:06:fd:e6:92:d8:8c:a9:9b:82:2d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

26-01-2018 17:35

Not After

04-05-2019 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:25:07:1d:f9:af
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-11-2009 10:00

Not After

18-03-2019 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:97:06:fd:e6:92:d8:8c:a9:9b:82:2d
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

26-01-2018 17:35

Not After

04-05-2019 16:21

Subject

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

19-02-2018 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign TSA for Advanced - G2

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02-08-2011 10:00

Not After

29-03-2029 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

be:c3:ce:65:f6:d1:30:24:6e:1b:21:ab:06:bb:e9:76:25:d4:86:f7:b4:d1:f4:b1:cd:2a:ec:47:7c:b0:40:c0
Signer

Actual PE Digest

be:c3:ce:65:f6:d1:30:24:6e:1b:21:ab:06:bb:e9:76:25:d4:86:f7:b4:d1:f4:b1:cd:2a:ec:47:7c:b0:40:c0

Digest Algorithm

sha256

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

31-05-2018 09:08
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

ba:69:2d:b1:6f:02:eb:35:bc:5e:3a:c9:52:a8:a5:ab:90:91:94:84
Signer

Actual PE Digest

ba:69:2d:b1:6f:02:eb:35:bc:5e:3a:c9:52:a8:a5:ab:90:91:94:84

Digest Algorithm

sha1

PE Digest Matches

true

Signature Validations

Trusted

true

Verification

Signing Certificate

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

31-05-2018 09:08
Valid: true

Chain 1

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Chain 2

SERIALNUMBER=50212036,CN=Cheat Engine,O=Cheat Engine,STREET=Frankendaal 32,L=Eindhoven,ST=Noord-Brabant,C=NL,1.3.6.1.4.1.311.60.2.1.3=#13024e4c,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
GetProcAddress
CreateFileW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
GetWindowsDirectoryA
GetVersionExA
CompareStringA
GetLocaleInfoA
EnumCalendarInfoA
FormatMessageW
CompareStringW
VirtualFree
FileTimeToSystemTime
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetSystemMetrics
MessageBeep

advapi32

RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyExA
RegEnumValueA
RegOpenKeyExA
RegQueryInfoKeyA
RegCloseKey
RegFlushKey

Sections

.text
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
ch/winhook-i386.dll
.dll windows x86

8dd5d4ff3e866b9254cc9c354b552c82

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
CreateFileW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
SetUnhandledExceptionFilter
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
FormatMessageA
GetWindowsDirectoryA
CreateFileA
CreateNamedPipeA
GetVersionExA
CompareStringA
GetLocaleInfoA
EnumCalendarInfoA
CompareStringW
VirtualFree
ConnectNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
DefWindowProcA
CallWindowProcA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetWindowLongA
SetWindowLongA
GetSystemMetrics
MessageBeep

Sections

.text
Size: 130KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ch/winhook-x86_64.dll
.dll windows x64

034adb495720bb8c8c9627801fee7e55

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetLastError
SetLastError
GetTickCount
ExitProcess
GetStartupInfoA
GetStdHandle
GetCommandLineA
GetCurrentProcessId
GetCurrentThreadId
GetCurrentProcess
ReadProcessMemory
GetModuleFileNameA
GetModuleHandleA
WriteFile
ReadFile
CloseHandle
SetFilePointer
SetEndOfFile
FreeLibrary
GetSystemInfo
LoadLibraryA
GetProcAddress
CreateFileW
GetConsoleMode
GetConsoleOutputCP
GetOEMCP
GetProcessHeap
HeapAlloc
HeapFree
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
CreateThread
ExitThread
LocalAlloc
LocalFree
Sleep
SuspendThread
ResumeThread
TerminateThread
WaitForSingleObject
SetThreadPriority
GetThreadPriority
CreateEventA
ResetEvent
SetEvent
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
RaiseException
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetConsoleCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
EnumResourceTypesA
EnumResourceNamesA
EnumResourceLanguagesA
FindResourceA
FindResourceExA
LoadResource
SizeofResource
LockResource
FreeResource
FormatMessageA
GetWindowsDirectoryA
CreateFileA
CreateNamedPipeA
GetVersionExA
CompareStringA
GetLocaleInfoA
EnumCalendarInfoA
CompareStringW
ConnectNamedPipe
GetThreadLocale
SetThreadLocale
GetUserDefaultLCID

oleaut32

SysAllocStringLen
SysFreeString
SysReAllocStringLen

user32

MessageBoxA
CharUpperBuffW
CharLowerBuffW
DefWindowProcA
CallWindowProcA
CharUpperA
CharUpperBuffA
CharLowerA
CharLowerBuffA
GetWindowLongPtrA
SetWindowLongPtrA
GetSystemMetrics
MessageBeep

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

6a3885cc44153a7a3807b94e1a4fcd9a

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17Certificate

Extended Key Usages

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17Certificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

97:2c:b4:ab:82:f8:ae:aa:93:a9:78:41:06:cd:f5:79:86:6d:41:32:8f:bf:5f:31:66:58:7b:94:9c:d1:cb:d6Signer

Signature Validations

Verification

26-10-2020 08:23 Valid: true

Chain 1

3d:56:7b:79:dd:ca:e3:c7:57:a8:83:9a:f7:d1:f6:dd:af:5f:7c:88Signer

Signature Validations

Verification

26-10-2020 08:23 Valid: true

Chain 1

Headers

File Characteristics

Imports

kernel32

oleaut32

user32

shell32

Sections

.text Size: 237KB - Virtual size: 236KB

.data Size: 10KB - Virtual size: 10KB

.rdata Size: 42KB - Virtual size: 41KB

.bss Size: - Virtual size: 11KB

.CRT Size: 512B - Virtual size: 12B

.idata Size: 3KB - Virtual size: 2KB

.rsrc Size: 69KB - Virtual size: 68KB

527cfa642ac8a84a0b0628cb5f479c9c

Code Sign

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17Certificate

Extended Key Usages

Key Usages

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0fCertificate

Extended Key Usages

Key Usages

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17Certificate

Extended Key Usages

Key Usages

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3aCertificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:31:89:c6:50:04Certificate

Key Usages

fd:9d:59:96:ce:68:4a:4f:80:c1:59:cb:f4:40:f9:4f:0e:4b:17:34:f2:08:00:b9:2c:5b:55:23:9a:93:57:f6Signer

Signature Validations

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

97:2c:b4:ab:82:f8:ae:aa:93:a9:78:41:06:cd:f5:79:86:6d:41:32:8f:bf:5f:31:66:58:7b:94:9c:d1:cb:d6
Signer

26-10-2020 08:23
Valid: true

3d:56:7b:79:dd:ca:e3:c7:57:a8:83:9a:f7:d1:f6:dd:af:5f:7c:88
Signer

26-10-2020 08:23
Valid: true

.text
Size: 237KB - Virtual size: 236KB

.data
Size: 10KB - Virtual size: 10KB

.rdata
Size: 42KB - Virtual size: 41KB

.bss
Size: - Virtual size: 11KB

.CRT
Size: 512B - Virtual size: 12B

.idata
Size: 3KB - Virtual size: 2KB

.rsrc
Size: 69KB - Virtual size: 68KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

fd:9d:59:96:ce:68:4a:4f:80:c1:59:cb:f4:40:f9:4f:0e:4b:17:34:f2:08:00:b9:2c:5b:55:23:9a:93:57:f6
Signer

01-11-2020 08:56
Valid: true

75:69:bd:af:01:b1:f8:ba:f7:1f:09:e7:58:4d:d5:5d:fe:39:57:a8
Signer

01-11-2020 08:56
Valid: true

.text
Size: 107KB - Virtual size: 107KB

.rdata
Size: 32KB - Virtual size: 31KB

.data
Size: 3KB - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 5KB - Virtual size: 4KB

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

69:36:cd:67:6b:6c:40:a3:d5:54:1f:17
Certificate

0c:a7:cf:5d:07:07:24:ac:89:e7:9a:3a
Certificate

04:00:00:00:00:01:31:89:c6:50:04
Certificate

5e:8b:5f:fb:43:4a:c7:5d:4b:07:dd:b8:53:89:22:17:40:5e:97:01:00:8f:c2:07:ce:45:2f:fd:0f:e1:e4:73
Signer

01-11-2020 08:56
Valid: true

c7:ae:d3:bf:47:86:bf:e1:8e:4f:c7:e9:5c:8d:cc:3f:84:92:eb:c6
Signer

01-11-2020 08:56
Valid: true

.text
Size: 114KB - Virtual size: 113KB

.rdata
Size: 47KB - Virtual size: 47KB

.data
Size: 3KB - Virtual size: 7KB