560495fa1481406b9ac378514576a174b7e8142afcd76dbb5174e758228f224f (1)

Sharing

Copy URL

Twitter E-mail

General

Target

560495fa1481406b9ac378514576a174b7e8142afcd76dbb5174e758228f224f (1)
Size

3.3MB
MD5

6173d0c8be1041cec52f157283983ed6
SHA1

4f9a67c98ea9a85f618133c6da579ab4b0e01b28
SHA256

560495fa1481406b9ac378514576a174b7e8142afcd76dbb5174e758228f224f
SHA512

8530fec7a3def6a1f49b6af03e4749f75265ce46f15808e312f10aa4a4d6526b81b4dd1f1e8c296a8fded10776afb54bafbb3647c092aa9d7d7b1b6e3182f567
SSDEEP

98304:fWUeALhYITNV0vlWnywKqZrlihAYTm2PXdMKrqc:6AdYIkvlWy9wa7X6c

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/Keygen.exe	upx
static1/unpack001/Keygen.exe	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack002/Keygen.exe
unpack003/out.upx
unpack001/Keygen.exe
unpack004/out.upx
unpack001/TBIView/keyhh.exe
unpack001/burncdcc.exe
unpack001/keyhh.exe
unpack001/phylock/phylock.2k.sys
unpack001/phylock/phylock.nt.sys
unpack001/tlibr32.dll

Files

560495fa1481406b9ac378514576a174b7e8142afcd76dbb5174e758228f224f (1)
.7z

Password: infected
Keygen.7z
.7z

Password: infected
Keygen.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Keygen.exe
.exe windows x86

Password: infected

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 4B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 620B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ProtectIt.inf
TBIView/keyhh.exe
.exe windows x86

Password: infected

77a9627b0bc5697d264f08a1b4bde73b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
MapViewOfFile
CreateFileMappingA
lstrcmpiA
GetTickCount
GetModuleFileNameA
CloseHandle
WinExec
MultiByteToWideChar
GetPrivateProfileStringA
GetFullPathNameA
GetWindowsDirectoryA
IsDBCSLeadByte
ExitProcess
LocalAlloc
LocalFree
GetFileAttributesA
SearchPathA
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

CharNextA
LoadIconA
SendMessageA
SetWindowLongA
IsWindow
PostMessageA
EnumWindows
PostQuitMessage
DefWindowProcA
CallWindowProcA
GetClassNameA
GetWindow
MessageBoxA
SetForegroundWindow
wsprintfA
LoadStringA
CharPrevA
GetActiveWindow
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
CharLowerA
FindWindowA
GetWindowLongA

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueA
RegDeleteValueA

ole32

CoCreateInstance
CoInitialize

comdlg32

GetOpenFileNameA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TBIView/license.txt
TBIView/setupdrv.exe
.exe windows x86

Password: infected

1df829cb37ab821aff5c00c41e0f5a84

Code Sign

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:bd:57:34:f7:f8:7c:e3:45:88:ef:6f:35:7c:94:0c:f3:31:0d:3a:6e:8a:05:cc:e3:98:f7:a6:fd:47:b8:5e
Signer

Actual PE Digest

56:bd:57:34:f7:f8:7c:e3:45:88:ef:6f:35:7c:94:0c:f3:31:0d:3a:6e:8a:05:cc:e3:98:f7:a6:fd:47:b8:5e

Digest Algorithm

sha256

PE Digest Matches

true

ab:71:23:34:e3:0c:7a:86:fa:01:ef:29:66:31:bc:4c:14:3a:40:4c
Signer

Actual PE Digest

ab:71:23:34:e3:0c:7a:86:fa:01:ef:29:66:31:bc:4c:14:3a:40:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

lstrlenA
CopyFileA
LoadLibraryA
FreeLibrary
GetConsoleCP
FlushFileBuffers
HeapReAlloc
lstrcatA
GetProcessHeap
GetFileType
SetStdHandle
GetCommandLineW
GetCommandLineA
GetOEMCP
LocalFree
GetModuleHandleA
GetVersionExA
GetSystemDirectoryA
GetCurrentProcess
FindFirstFileA
FindClose
DeleteFileA
GetCurrentDirectoryA
VirtualQuery
VirtualFree
VirtualAlloc
SetLastError
GetLastError
SetFilePointer
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameA
ExitProcess
GetACP
CloseHandle
HeapAlloc
HeapFree
FindFirstFileExA
FindNextFileA
GetConsoleMode

user32

MessageBoxA
SetWindowTextA
GetDlgItem
CreateDialogParamA
ShowWindow
IsDialogMessageA
PostQuitMessage
DispatchMessageA
TranslateMessage
GetMessageA
LoadStringA
DestroyWindow

advapi32

QueryServiceStatus
BuildExplicitAccessWithNameA
SetEntriesInAclA
SetServiceObjectSecurity
QueryServiceObjectSecurity
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl

Sections

.text
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TBIView/tbimount_readme.txt
TBIView/tbimsc.exe
.exe windows x86

Password: infected

be014aceb2b748b62078ee1445dfbadf

Code Sign

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:c9:a4:4e:e4:61:56:05:2b:da:ae:8e:64:23:a2:1a:03:0d:30:4a:ec:87:f5:a3:0d:7f:0f:fa:df:38:ef:cd
Signer

Actual PE Digest

14:c9:a4:4e:e4:61:56:05:2b:da:ae:8e:64:23:a2:1a:03:0d:30:4a:ec:87:f5:a3:0d:7f:0f:fa:df:38:ef:cd

Digest Algorithm

sha256

PE Digest Matches

true

0e:77:3e:0d:f5:c0:13:11:3b:37:1b:93:0b:91:68:58:32:2f:e5:3f
Signer

Actual PE Digest

0e:77:3e:0d:f5:c0:13:11:3b:37:1b:93:0b:91:68:58:32:2f:e5:3f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LoadLibraryA
GetModuleHandleA
Sleep
GetTickCount
GetConsoleCP
VirtualQuery
VirtualFree
VirtualAlloc
SetLastError
GetLastError
FreeLibrary
SetFilePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
IsDebuggerPresent
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameA
ExitProcess
GetCommandLineA
GetCommandLineW
GetACP
CloseHandle
HeapAlloc
HeapFree
FindClose
FindFirstFileExA
FindNextFileA
GetOEMCP
SetEnvironmentVariableA
SetStdHandle
GetFileType
GetProcessHeap
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleMode

advapi32

QueryServiceStatus
OpenServiceA
OpenSCManagerA
ControlService
CloseServiceHandle
StartServiceA

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TBIView/tbiview.exe
.exe windows x86

Password: infected

be100d15bd6881b6495efca80d0a814e

Code Sign

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:9f:9e:e6:f8:89:bb:9b:42:bc:3c:e3:b5:54:13:bd:b7:35:0f:34:43:ea:20:1c:c0:85:c2:13:96:db:f7:e6
Signer

Actual PE Digest

77:9f:9e:e6:f8:89:bb:9b:42:bc:3c:e3:b5:54:13:bd:b7:35:0f:34:43:ea:20:1c:c0:85:c2:13:96:db:f7:e6

Digest Algorithm

sha256

PE Digest Matches

true

9b:57:da:fd:d2:62:51:2e:db:e7:30:44:e6:69:1b:eb:7f:ce:ec:f4
Signer

Actual PE Digest

9b:57:da:fd:d2:62:51:2e:db:e7:30:44:e6:69:1b:eb:7f:ce:ec:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Destroy
ImageList_Create
ImageList_LoadImageW
ord17
ImageList_ReplaceIcon

kernel32

CreateMutexW
CreateDirectoryW
DeleteFileW
FileTimeToLocalFileTime
FindNextFileW
GetFileInformationByHandle
RemoveDirectoryW
SetErrorMode
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
InitializeCriticalSection
DeleteCriticalSection
SearchPathW
DeviceIoControl
WaitForSingleObject
CreateEventW
MultiByteToWideChar
WideCharToMultiByte
GlobalSize
VirtualLock
VirtualUnlock
LocalAlloc
LocalLock
LocalUnlock
LocalFree
GetLogicalDrives
QueryDosDeviceW
ReadFile
WriteFile
ReleaseMutex
lstrlenW
CreateFileA
GetDriveTypeW
GlobalMemoryStatus
GetTickCount
GetCurrentProcess
FlushFileBuffers
GetProcessHeap
GetCommandLineW
LoadLibraryA
GetOEMCP
FindFirstFileExW
HeapSize
HeapReAlloc
GetTimeZoneInformation
SetEndOfFile
HeapFree
HeapAlloc
GetConsoleMode
GetConsoleCP
GetACP
ExitProcess
GetStdHandle
SetStdHandle
SetEnvironmentVariableA
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
RaiseException
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetFileSize
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleA
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
SetFileTime
FindClose
FreeLibrary
CloseHandle
VirtualQuery
VirtualFree
VirtualAlloc
SetLastError
GetLastError
SetFilePointer
GetCommandLineA

user32

GetDesktopWindow
DrawTextW
DrawIcon
GetSystemMenu
GetDialogBaseUnits
CheckDlgButton
DialogBoxIndirectParamW
IsWindow
GetParent
WinHelpW
DestroyWindow
ShowWindow
GetWindowPlacement
SystemParametersInfoW
EndDialog
GetDlgItem
MsgWaitForMultipleObjects
SetTimer
KillTimer
GetMenu
DestroyMenu
CheckMenuItem
EnableMenuItem
GetSubMenu
TrackPopupMenu
RedrawWindow
MessageBeep
GetCursorPos
PtInRect
SetWindowPlacement
SetCapture
OffsetRect
InflateRect
SetRect
FillRect
GetSysColorBrush
InvalidateRect
BeginPaint
ReleaseDC
GetDC
GetSystemMetrics
ReleaseCapture
EndPaint
GetCapture
DrawEdge
OemToCharW
DestroyIcon
SetClassLongW
GetClientRect
GetKeyState
GetFocus
SetFocus
RegisterClipboardFormatW
MoveWindow
PostQuitMessage
SetCursor
RemovePropW
GetPropW
SetPropW
CreateWindowExW
GetClassInfoW
RegisterClassW
DefWindowProcW
ScreenToClient
UpdateWindow
TranslateMessage

gdi32

SelectObject
PatBlt
CreateBitmap
CreatePatternBrush
CreateFontIndirectW
CreateDCW
DeleteDC
DeleteObject

advapi32

RegCreateKeyExW
RegCloseKey

ole32

OleDuplicateData
CoInitialize
CoTaskMemFree
CoUninitialize
ReleaseStgMedium
OleGetClipboard
OleIsCurrentClipboard
OleSetClipboard
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CoTaskMemAlloc

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shell32

SHGetMalloc

Sections

.text
Size: 690KB - Virtual size: 689KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TBIView/tbiview64.exe
.exe windows x64

Password: infected

67cd3cf769d16a6e9b9bbd0c0e537ca1

Code Sign

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

60:77:8a:1a:8e:62:2a:3b:63:b4:fd:00:d8:7c:54:81:48:6e:80:f9:6c:45:91:a8:de:2d:eb:49:b1:9f:50:7d
Signer

Actual PE Digest

60:77:8a:1a:8e:62:2a:3b:63:b4:fd:00:d8:7c:54:81:48:6e:80:f9:6c:45:91:a8:de:2d:eb:49:b1:9f:50:7d

Digest Algorithm

sha256

PE Digest Matches

true

c8:64:88:1f:6a:94:62:51:bc:ec:e2:2f:0b:53:2b:6f:17:f6:49:ae
Signer

Actual PE Digest

c8:64:88:1f:6a:94:62:51:bc:ec:e2:2f:0b:53:2b:6f:17:f6:49:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ImageList_Create
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_LoadImageW
ord17

kernel32

RemoveDirectoryW
SetErrorMode
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FileTimeToSystemTime
GetDateFormatW
GetTimeFormatW
InitializeCriticalSection
DeleteCriticalSection
SearchPathW
GetProcAddress
DeviceIoControl
VirtualAlloc
VirtualFree
GetLastError
WaitForSingleObject
CreateEventW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
GlobalSize
VirtualLock
VirtualUnlock
LocalAlloc
LocalLock
LocalUnlock
LocalFree
GetLogicalDrives
QueryDosDeviceW
ReadFile
SetFilePointer
WriteFile
ReleaseMutex
lstrlenW
GetDriveTypeW
GlobalMemoryStatus
GetTickCount
GetFileSize
FlushFileBuffers
WriteConsoleW
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
HeapSize
HeapReAlloc
EnterCriticalSection
GetTimeZoneInformation
GetFileInformationByHandle
LCMapStringW
CompareStringW
GetFullPathNameW
SetEndOfFile
HeapFree
HeapAlloc
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetACP
ExitProcess
GetStdHandle
SetFilePointerEx
SetStdHandle
GetCurrentDirectoryW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetEnvironmentVariableA
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetFileAttributesExW
RtlPcToFileHeader
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
EncodePointer
SetLastError
RtlUnwindEx
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetFileTime
SetFileAttributesW
FindFirstFileW
FindClose
CreateFileW
GetEnvironmentVariableW
FindNextFileW
FileTimeToLocalFileTime
DeleteFileW
CreateDirectoryW
CreateMutexW
LoadLibraryW
GetVersionExW
GetModuleHandleW
CreateProcessW
ReleaseSemaphore
CreateSemaphoreW
GetModuleFileNameW
CloseHandle
LeaveCriticalSection
GetStringTypeW

user32

LoadStringW
SendMessageW
PostMessageW
DestroyWindow
ShowWindow
GetWindowPlacement
SetWindowPlacement
EndDialog
DrawTextW
SetDlgItemTextW
GetDlgItemTextW
SendDlgItemMessageW
MsgWaitForMultipleObjects
SetTimer
KillTimer
EnableWindow
LoadMenuW
GetMenu
DrawIcon
GetDesktopWindow
WinHelpW
SystemParametersInfoW
GetDlgItem
RegisterClipboardFormatW
GetSystemMenu
GetDialogBaseUnits
CheckDlgButton
DialogBoxIndirectParamW
IsWindow
GetParent
PtInRect
InflateRect
SetRect
FillRect
GetSysColorBrush
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
GetSystemMetrics
ReleaseCapture
SetCapture
GetCapture
DrawEdge
OemToCharW
SetWindowLongW
DestroyIcon
SetClassLongPtrW
GetClientRect
GetKeyState
GetFocus
SetFocus
OffsetRect
MoveWindow
PostQuitMessage
SetCursor
RemovePropW
GetPropW
SetPropW
CreateWindowExW
GetClassInfoW
RegisterClassW
DefWindowProcW
SetWindowLongPtrW
GetWindowLongPtrW
ScreenToClient
UpdateWindow
TranslateAcceleratorW
LoadAcceleratorsW
DialogBoxParamW
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
LoadIconW
LoadCursorW
FindWindowW
GetWindowLongW
GetCursorPos
MessageBeep
MessageBoxW
GetWindowTextLengthW
SetWindowTextW
RedrawWindow
TrackPopupMenu
GetSubMenu
EnableMenuItem
CheckMenuItem
DestroyMenu

gdi32

CreateFontIndirectW
CreateDCW
SelectObject
PatBlt
DeleteObject
CreatePatternBrush
CreateBitmap
DeleteDC

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyW
RegCloseKey
RegCreateKeyExW

ole32

OleDuplicateData
CoInitialize
CoTaskMemFree
CoUninitialize
ReleaseStgMedium
OleGetClipboard
OleIsCurrentClipboard
OleSetClipboard
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CoTaskMemAlloc

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

shell32

SHGetMalloc
SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW

Sections

.text
Size: 675KB - Virtual size: 674KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 146KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TBIView/tbiviewa.exe
.exe windows x86

5ef737637d93829d502019e1c0982ca0

Code Sign

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2d:22:c3:bf:ef:17:07:e7:aa:35:cf:75:6f:4a:c7:2a:bd:bb:d7:3e:b7:02:07:29:ba:a1:af:49:b5:7a:57:de
Signer

Actual PE Digest

2d:22:c3:bf:ef:17:07:e7:aa:35:cf:75:6f:4a:c7:2a:bd:bb:d7:3e:b7:02:07:29:ba:a1:af:49:b5:7a:57:de

Digest Algorithm

sha256

PE Digest Matches

true

47:d3:9c:0b:d8:93:01:30:57:df:de:f9:e3:1c:b4:9d:fe:b4:c5:91
Signer

Actual PE Digest

47:d3:9c:0b:d8:93:01:30:57:df:de:f9:e3:1c:b4:9d:fe:b4:c5:91

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Destroy
ImageList_Create
ImageList_LoadImageA
ord17
ImageList_ReplaceIcon

kernel32

FreeLibrary
CreateMutexA
CreateDirectoryA
DeleteFileA
FileTimeToLocalFileTime
FindNextFileA
GetFileInformationByHandle
RemoveDirectoryA
SetErrorMode
Sleep
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
InitializeCriticalSection
DeleteCriticalSection
SearchPathA
DeviceIoControl
WaitForSingleObject
CreateEventA
MultiByteToWideChar
WideCharToMultiByte
GlobalSize
VirtualLock
VirtualUnlock
LocalAlloc
LocalLock
LocalUnlock
LocalFree
GetLogicalDrives
ReadFile
WriteFile
ReleaseMutex
lstrlenA
QueryDosDeviceA
GetDriveTypeA
GlobalMemoryStatus
GetTickCount
GetCurrentProcess
FlushFileBuffers
GetProcessHeap
LoadLibraryA
GetCommandLineA
GetOEMCP
FindFirstFileExA
HeapSize
HeapReAlloc
SetEndOfFile
HeapFree
GetTimeZoneInformation
HeapAlloc
GetConsoleMode
GetConsoleCP
GetACP
ExitProcess
GetStdHandle
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableA
SetStdHandle
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
RaiseException
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlUnwind
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetModuleHandleA
GetVersionExA
CreateProcessA
ReleaseSemaphore
LeaveCriticalSection
EnterCriticalSection
GetFileSize
SetFileTime
SetFileAttributesA
FindFirstFileA
FindClose
CreateFileA
GetEnvironmentVariableA
CreateSemaphoreA
GetModuleFileNameA
CloseHandle
VirtualQuery
VirtualFree
VirtualAlloc
SetLastError
GetLastError
SetFilePointer
GetCommandLineW

user32

DrawTextA
GetDesktopWindow
WinHelpA
SystemParametersInfoA
DrawIcon
GetParent
PtInRect
OffsetRect
InflateRect
SetRect
FillRect
GetSysColorBrush
InvalidateRect
EndPaint
BeginPaint
ReleaseDC
GetDC
GetSystemMetrics
ReleaseCapture
SetCapture
GetCapture
DrawEdge
DestroyIcon
GetSystemMenu
GetClientRect
GetKeyState
GetFocus
LoadStringA
SendMessageA
PostMessageA
DestroyWindow
ShowWindow
GetWindowPlacement
SetWindowPlacement
EndDialog
GetDlgItem
SetDlgItemTextA
GetDlgItemTextA
SendDlgItemMessageA
MsgWaitForMultipleObjects
SetTimer
KillTimer
LoadMenuA
GetMenu
DestroyMenu
CheckMenuItem
SetFocus
GetDialogBaseUnits
CheckDlgButton
DialogBoxIndirectParamA
IsWindow
SetClassLongA
RegisterClipboardFormatA
MoveWindow
PostQuitMessage
SetCursor
RemovePropA
GetPropA
SetPropA
CreateWindowExA
GetClassInfoA
RegisterClassA
DefWindowProcA
ScreenToClient
UpdateWindow
TranslateAcceleratorA
LoadAcceleratorsA
DialogBoxParamA
PeekMessageA
DispatchMessageA
TranslateMessage
GetMessageA
LoadIconA
LoadCursorA
FindWindowA
GetCursorPos
MessageBeep
MessageBoxA
GetWindowTextLengthA
SetWindowTextA
RedrawWindow
TrackPopupMenu
GetSubMenu
EnableMenuItem
OemToCharA

gdi32

CreateFontIndirectA
PatBlt
DeleteObject
CreatePatternBrush
DeleteDC
SelectObject
CreateDCA
CreateBitmap

comdlg32

GetOpenFileNameA
GetSaveFileNameA

advapi32

RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegCreateKeyExA

ole32

CoInitialize
CoTaskMemFree
CoUninitialize
ReleaseStgMedium
OleDuplicateData
OleIsCurrentClipboard
OleSetClipboard
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
OleGetClipboard
CoTaskMemAlloc

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

shell32

SHGetMalloc
SHGetFileInfoA
SHGetPathFromIDListA
SHBrowseForFolderA

Sections

.text
Size: 681KB - Virtual size: 680KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TeraByteDrive.exe
.exe windows x86

0678a742e9ad8d58d88e7700ed78fbdd

Code Sign

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

39:23:c2:ce:1c:7b:e6:a8:7d:64:38:a6:43:a4:4a:05:5b:29:0a:78:d8:83:47:e8:06:42:d9:c2:e6:73:7e:2c
Signer

Actual PE Digest

39:23:c2:ce:1c:7b:e6:a8:7d:64:38:a6:43:a4:4a:05:5b:29:0a:78:d8:83:47:e8:06:42:d9:c2:e6:73:7e:2c

Digest Algorithm

sha256

PE Digest Matches

true

10:17:af:87:ad:61:33:c2:41:ed:84:ac:4b:33:e1:92:7b:8b:93:42
Signer

Actual PE Digest

10:17:af:87:ad:61:33:c2:41:ed:84:ac:4b:33:e1:92:7b:8b:93:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mpr

WNetCloseEnum

comctl32

InitCommonControlsEx
ImageList_Create
ImageList_Destroy
ImageList_LoadImageW
ImageList_ReplaceIcon

ws2_32

getservbyname
getservbyport
gethostbyaddr
ntohs
listen
inet_ntoa
getsockopt
ioctlsocket
accept
getsockname
setsockopt
sendto
recvfrom
htonl
bind
closesocket
connect
htons
inet_addr
__WSAFDIsSet
recv
select
send
shutdown
WSAStringToAddressW
WSASetLastError
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
socket

kernel32

FileTimeToLocalFileTime
FindClose
GetLogicalDrives
FileTimeToSystemTime
ReadFile
WriteFile
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
GetProcessHeap
ReleaseMutex
GetCurrentThreadId
GetPriorityClass
GetLocalTime
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
ReleaseSemaphore
GetSystemTime
MapViewOfFile
UnmapViewOfFile
GetProcessWorkingSetSize
SetProcessWorkingSetSize
FlushFileBuffers
SetEndOfFile
GetFileSize
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
GetModuleHandleA
LoadLibraryA
LocalFree
WideCharToMultiByte
QueryDosDeviceW
SetErrorMode
lstrlenW
CreateFileA
GetDiskFreeSpaceW
GetVolumeInformationW
InitializeCriticalSection
DeleteCriticalSection
LocalAlloc
LocalLock
LocalUnlock
GetFullPathNameW
SetHandleInformation
CreatePipe
CreateDirectoryW
MoveFileW
SetFileAttributesW
RemoveDirectoryW
GlobalMemoryStatus
VirtualUnlock
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
GetStdHandle
ExitProcess
GetACP
FindFirstFileExW
GetFileType
SetEnvironmentVariableA
FreeLibraryAndExitThread
ResumeThread
ExitThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
RtlUnwind
CreateThread
GetSystemDirectoryA
GetSystemTimeAsFileTime
IsDebuggerPresent
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
VirtualLock
GetCurrentThread
GetCurrentProcess
WaitForSingleObject
SetEvent
Sleep
DeviceIoControl
FreeLibrary
GetCurrentProcessId
CloseHandle
VirtualQuery
VirtualFree
VirtualAlloc
SetLastError
GetLastError
SetFilePointer
HeapReAlloc
SetStdHandle
GetTimeZoneInformation
GetOEMCP
HeapSize
GetCommandLineA
GetCommandLineW
GetTickCount
MultiByteToWideChar

user32

OemToCharW
SystemParametersInfoW
WinHelpW
GetDesktopWindow
DrawIcon
EnableMenuItem
GetSystemMenu
GetSystemMetrics
GetDialogBaseUnits
CheckDlgButton
DialogBoxIndirectParamW
PtInRect
FillRect
DrawFocusRect
UpdateWindow
SendNotifyMessageW
ShowWindow
DestroyMenu
TrackPopupMenu
GetCursorPos
TranslateMessage
PostQuitMessage
DestroyWindow
GetDlgItem
DrawFrameControl
EndPaint
BeginPaint
GetWindowDC
GetIconInfo
DestroyIcon
GetParent
GetSysColor
ScreenToClient
GetFocus
SetForegroundWindow
SetCursor
ExitWindowsEx
WaitMessage
IsWindow
IsChild
SetWindowPos
IsWindowVisible
IsIconic
EndDialog
SetFocus
GetActiveWindow
GetKeyState
GetAsyncKeyState
SetTimer
KillTimer
CreateIconIndirect
MessageBeep
GetWindowRect
GetClientRect
InvalidateRect
ReleaseDC
GetDC
CreatePopupMenu
IsWindowEnabled

gdi32

DeleteDC
CreateCompatibleDC
DeleteObject
GetStockObject
SelectObject
SetBkMode
SetTextColor
GetMapMode
SetMapMode
DPtoLP
LPtoDP
CreateSolidBrush
CreateDCW
GetDeviceCaps

advapi32

RegCloseKey
LookupPrivilegeValueW
StartServiceW
QueryServiceStatus
OpenServiceW
DeleteService
CreateServiceW
ControlService
AdjustTokenPrivileges
OpenProcessToken
ReportEventW
CryptGenRandom
CryptReleaseContext
RegisterEventSourceW
DeregisterEventSource
OpenThreadToken
GetTokenInformation
LookupAccountSidW
LogonUserW
CloseServiceHandle
EnumServicesStatusW
OpenSCManagerW

ole32

CoUninitialize
CoInitializeEx
CoSetProxyBlanket
CreateStreamOnHGlobal
CoTaskMemFree
CLSIDFromString
CoCreateInstance

oleaut32

VariantClear
OleLoadPicture
SysStringByteLen
VariantInit
VariantTimeToSystemTime
SysFreeString
SysAllocStringByteLen
SysAllocString

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 322KB - Virtual size: 321KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1001KB - Virtual size: 1000KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TeraByteDrivex64.exe
.exe windows x64

f6d9f9b2e3ff3519f196f8d700c39276

Code Sign

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f1:b5:b8:2a:71:0e:70:29:36:d1:73:88:d0:3e:5a:88:d0:c6:44:60:e8:e0:08:3e:36:c5:54:9c:40:30:2d:1c
Signer

Actual PE Digest

f1:b5:b8:2a:71:0e:70:29:36:d1:73:88:d0:3e:5a:88:d0:c6:44:60:e8:e0:08:3e:36:c5:54:9c:40:30:2d:1c

Digest Algorithm

sha256

PE Digest Matches

true

7d:48:d7:99:50:4b:fa:8c:42:34:07:4a:fe:89:b1:31:6a:4e:0c:23
Signer

Actual PE Digest

7d:48:d7:99:50:4b:fa:8c:42:34:07:4a:fe:89:b1:31:6a:4e:0c:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

mpr

WNetEnumResourceW
WNetOpenEnumW
WNetCancelConnection2W
WNetAddConnection3W
WNetCloseEnum
WNetGetConnectionW

comctl32

ImageList_LoadImageW
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Create
ImageList_Destroy

ws2_32

getservbyname
getservbyport
gethostbyaddr
ntohs
listen
inet_ntoa
getsockopt
ioctlsocket
accept
WSAIoctl
getsockname
setsockopt
sendto
recvfrom
htonl
bind
closesocket
connect
htons
inet_addr
WSAStringToAddressW
WSAAddressToStringW
WSASetLastError
WSAGetLastError
WSACleanup
WSAStartup
gethostbyname
socket
shutdown
send
select
recv
__WSAFDIsSet

kernel32

GetComputerNameW
GetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
HeapAlloc
HeapFree
GetProcessHeap
ReleaseMutex
CreateMutexW
GetCurrentThreadId
CreateProcessW
GetPriorityClass
GetLocalTime
GetSystemDirectoryW
GetVersionExW
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
ExpandEnvironmentStringsW
QueryPerformanceCounter
QueryPerformanceFrequency
ResetEvent
ReleaseSemaphore
GetSystemTime
GetWindowsDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetProcessWorkingSetSize
SetProcessWorkingSetSize
CreateSemaphoreW
DeleteFileW
FlushFileBuffers
GetDiskFreeSpaceExW
GetFileAttributesW
SetEndOfFile
SetFilePointer
GetFileSize
FreeResource
LoadResource
LockResource
SizeofResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
MulDiv
FindResourceW
SetLastError
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
QueryDosDeviceW
lstrlenW
GetDiskFreeSpaceW
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
SetErrorMode
LocalAlloc
LocalLock
LocalUnlock
GetFullPathNameW
CreateDirectoryW
MoveFileW
SetFileAttributesW
RemoveDirectoryW
GlobalMemoryStatus
GetLastError
GetTimeZoneInformation
SetStdHandle
HeapReAlloc
GetStringTypeW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
GetStdHandle
GetModuleFileNameA
ExitProcess
GetACP
FindFirstFileExW
GetFileType
GetCurrentDirectoryA
SetCurrentDirectoryA
SetEnvironmentVariableW
SetEnvironmentVariableA
GetFullPathNameA
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
GetFileAttributesExW
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
RtlPcToFileHeader
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwindEx
CreateThread
LoadLibraryA
GetSystemDirectoryA
InitializeSListHead
GetSystemTimeAsFileTime
GetStartupInfoW
IsDebuggerPresent
WaitForSingleObjectEx
InitializeCriticalSectionAndSpinCount
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WriteFile
ReadFile
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
GetLogicalDrives
GetDriveTypeW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToLocalFileTime
GetTickCount
LocalFree
VirtualUnlock
VirtualLock
VirtualFree
VirtualAlloc
GetModuleHandleW
GetCurrentThread
GetCurrentProcess
SearchPathW
CreateEventW
WaitForSingleObject
SetEvent
Sleep
DeviceIoControl
CreateFileW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCurrentProcessId
CloseHandle
GetCPInfo
IsValidCodePage
GetOEMCP
HeapSize
HeapQueryInformation
FindFirstFileExA
LeaveCriticalSection
FindNextFileA
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetConsoleCtrlHandler
OutputDebugStringA
OutputDebugStringW
WriteConsoleW
GetVolumeInformationW
RtlUnwind

user32

DrawFrameControl
GetWindowLongW
EndPaint
BeginPaint
GetWindowDC
GetIconInfo
CreateIconIndirect
LoadImageW
DestroyIcon
LoadIconW
SendNotifyMessageW
FillRect
GetSysColor
ScreenToClient
MessageBeep
GetWindowRect
GetClientRect
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
UpdateWindow
FindWindowW
DrawFocusRect
PtInRect
DialogBoxIndirectParamW
CheckDlgButton
GetDialogBaseUnits
GetSystemMetrics
ShowWindow
DestroyMenu
TrackPopupMenu
GetSystemMenu
EnableMenuItem
DrawIcon
GetDesktopWindow
WinHelpW
SystemParametersInfoW
OemToCharW
SetWindowLongW
GetDC
GetCursorPos
GetMessageW
TranslateMessage
DispatchMessageW
SendMessageW
PostQuitMessage
DestroyWindow
CreateDialogIndirectParamW
GetDlgItem
SetDlgItemTextW
GetDlgItemTextW
GetFocus
EnableWindow
SetForegroundWindow
SetWindowTextW
MessageBoxW
SetCursor
InvalidateRect
ReleaseDC
GetParent
DrawTextW
AppendMenuW
CreatePopupMenu
IsWindowEnabled
KillTimer
SetTimer
GetAsyncKeyState
GetKeyState
GetActiveWindow
SetFocus
DefDlgProcW
SendDlgItemMessageW
EndDialog
DialogBoxParamW
CreateDialogParamW
IsIconic
IsWindowVisible
SetWindowPos
IsChild
IsWindow
CreateWindowExW
RegisterClassW
CallWindowProcW
DefWindowProcW
WaitMessage
PostMessageW
ExitWindowsEx
PeekMessageW
RegisterWindowMessageW
LoadStringW
IsDialogMessageW
LoadCursorW
SetWindowLongPtrW
GetWindowLongPtrW

gdi32

GetTextExtentPoint32W
SelectObject
SetBkMode
GetStockObject
GetDeviceCaps
GetTextMetricsW
DeleteObject
DeleteDC
CreateFontIndirectW
CreateCompatibleDC
GetMapMode
SetMapMode
DPtoLP
LPtoDP
CreateSolidBrush
CreateDCW
GetObjectW
SetTextColor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegCreateKeyExW
StartServiceW
QueryServiceStatus
OpenServiceW
DeleteService
CreateServiceW
CryptGenRandom
ControlService
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenSCManagerW
EnumServicesStatusW
CryptReleaseContext
CryptAcquireContextW
CloseServiceHandle
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteKeyW
RegUnLoadKeyW
RegLoadKeyW
RegOpenKeyW
RegCreateKeyW
RegEnumValueW
LogonUserW
LookupAccountSidW
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegCloseKey
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
OpenThreadToken

shell32

SHGetFileInfoW
ShellExecuteW

ole32

CoCreateInstance
CreateStreamOnHGlobal
CoTaskMemFree
CoSetProxyBlanket
CoInitializeEx
CoUninitialize
CLSIDFromString

oleaut32

SysAllocStringByteLen
SysStringByteLen
OleLoadPicture
VariantClear
VariantInit
SysFreeString
SysAllocString
VariantTimeToSystemTime
GetErrorInfo
VariantChangeType
SetErrorInfo
CreateErrorInfo

Sections

.text
Size: 2.3MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 528KB - Virtual size: 527KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1001KB - Virtual size: 1000KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Tlibr16.dll
bartpe.exe
.exe windows x86

eb1353e800edc091c24be383a5b325ae

Code Sign

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

58:e7:b0:9c:08:46:b3:77:6d:50:ef:25:18:13:e0:95:11:18:b6:3c:39:ee:b7:a9:84:ea:4c:f5:9e:af:da:14
Signer

Actual PE Digest

58:e7:b0:9c:08:46:b3:77:6d:50:ef:25:18:13:e0:95:11:18:b6:3c:39:ee:b7:a9:84:ea:4c:f5:9e:af:da:14

Digest Algorithm

sha256

PE Digest Matches

true

a4:67:63:70:1b:51:ae:f4:a5:d6:e6:b7:74:05:1e:13:9f:06:f8:c0
Signer

Actual PE Digest

a4:67:63:70:1b:51:ae:f4:a5:d6:e6:b7:74:05:1e:13:9f:06:f8:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

kernel32

FindClose
FindFirstFileA
LocalUnlock
MultiByteToWideChar
LocalFree
LocalLock
LocalAlloc
ReadFile
CloseHandle
SetFilePointer
GetFileSize
CreateFileA
WriteFile
CompareStringW
CompareStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
GetTimeZoneInformation
GetLocaleInfoA
CreateDirectoryA
LCMapStringW
LCMapStringA
GetProcessHeap
SetEndOfFile
GetConsoleMode
GetConsoleCP
SetStdHandle
LoadLibraryA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
GetCurrentDirectoryA
PeekNamedPipe
GetFileInformationByHandle
GetFullPathNameA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
SetHandleCount
GetEnvironmentStringsW
WideCharToMultiByte
CopyFileA
GetLastError
WritePrivateProfileStringA
GetVersionExA
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapAlloc
GetFileAttributesA
SetFileAttributesA
GetCommandLineA
GetStartupInfoA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapFree
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetFileType
SetEnvironmentVariableA

user32

TranslateMessage
DispatchMessageA
DialogBoxIndirectParamA
GetSystemMetrics
DrawTextA
GetDialogBaseUnits
IsWindow
CheckDlgButton
SetFocus
GetSystemMenu
EnableMenuItem
SetWindowLongA
EndDialog
WinHelpA
BeginPaint
DrawIcon
EndPaint
SystemParametersInfoA
GetDesktopWindow
MessageBeep
MessageBoxA
GetDlgItemTextA
LoadStringA
DestroyWindow
GetDlgItem
SendMessageA
EnableWindow
PostQuitMessage
DefDlgProcA
SendDlgItemMessageA
SetDlgItemTextA
LoadIconA
LoadCursorA
RegisterClassA
CreateDialogParamA
FindWindowA
IsIconic
ShowWindow
SetForegroundWindow
GetMessageA
IsDialogMessageA

gdi32

CreateDCA
SelectObject
DeleteDC
CreateFontIndirectA
DeleteObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetMalloc

ole32

CoUninitialize
CoInitializeEx

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bingburn.exe
.exe windows x86

fb22ca065a38670bc0830908029b65b8

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:fc:45:db:58:d5:29:03:f1:59:00:18:2b:e1:26:8b
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

23/10/2009, 00:00

Not After

12/12/2012, 23:59

Subject

CN=TeraByte\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=TeraByte Unlimited,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:4a:2f:c0:d2:ae:49:73:0a:1a:0b:9d:1f:f5:dd:78:66:9f:f5:6a
Signer

Actual PE Digest

71:4a:2f:c0:d2:ae:49:73:0a:1a:0b:9d:1f:f5:dd:78:66:9f:f5:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

SetLastError
GetVersion
InitializeCriticalSectionAndSpinCount
GetEnvironmentVariableA
DeviceIoControl
CreateFileA
CloseHandle
GetVersionExA
GetLastError
VirtualFree
FreeLibrary
GetProcAddress
LoadLibraryA
SetErrorMode
VirtualAlloc
WaitForSingleObject
CreateEventA
CreateMutexA
lstrlenA
ReleaseMutex
WriteFile
ReadFile
SetFilePointer
GetLogicalDrives
QueryDosDeviceA
GetDriveTypeA
WideCharToMultiByte
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetProcessHeap
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleHandleA
Sleep
FlushFileBuffers
ExitThread
ResumeThread
CreateThread
GetSystemTimeAsFileTime
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
GetFileAttributesA
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
GetCommandLineA
GetStartupInfoA
GetCurrentDirectoryA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
ExitProcess
LCMapStringA
MultiByteToWideChar
LCMapStringW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
RaiseException
SetHandleCount
GetStdHandle
SetStdHandle
HeapCreate
HeapSize
GetModuleFileNameA
DeleteFileA

user32

IsIconic
SetForegroundWindow
GetMessageA
TranslateMessage
DispatchMessageA
IsDialogMessageA
LoadIconA
LoadCursorA
RegisterClassA
CreateDialogParamA
RegisterWindowMessageA
DefWindowProcA
PostQuitMessage
PostMessageA
FindWindowA
GetWindowRect
GetSystemMetrics
MoveWindow
LoadStringA
SetWindowTextA
SendMessageA
MessageBoxA
SendDlgItemMessageA
ShowWindow
GetDlgItem
EnableWindow
GetDlgItemTextA
DestroyWindow
SetDlgItemTextA

comdlg32

GetSaveFileNameA
GetOpenFileNameA

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 109KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
burncdcc.exe
.exe windows x86

769a042445d4dac9c6dc7dd913175807

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ord17

kernel32

CreateFileA
GetLastError
CloseHandle
GetVersionExA
VirtualFree
FreeLibrary
GetProcAddress
LoadLibraryA
SetErrorMode
VirtualAlloc
WaitForSingleObject
CreateEventA
CreateMutexA
lstrlenA
ReleaseMutex
WriteFile
ReadFile
SetFilePointer
GetLogicalDrives
QueryDosDeviceA
GetModuleFileNameA
LocalUnlock
MultiByteToWideChar
LocalFree
LocalLock
LocalAlloc
GetDriveTypeA
SetEnvironmentVariableA
CompareStringW
CompareStringA
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
HeapSize
HeapReAlloc
GetTimeZoneInformation
GetProcessHeap
SetEndOfFile
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
EnterCriticalSection
LeaveCriticalSection
GetStringTypeW
GetStringTypeA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
HeapCreate
DeleteCriticalSection
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
LCMapStringW
LCMapStringA
ExitProcess
RaiseException
DeviceIoControl
GetEnvironmentVariableA
InitializeCriticalSectionAndSpinCount
GetVersion
SetLastError
WideCharToMultiByte
GetModuleHandleA
Sleep
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FindFirstFileA
ExitThread
ResumeThread
CreateThread
GetCommandLineA
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
GetFullPathNameA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
HeapFree
GetCurrentDirectoryA
HeapAlloc
GetFileAttributesA

user32

DialogBoxIndirectParamA
DrawTextA
GetDialogBaseUnits
IsWindow
CheckDlgButton
SetFocus
GetSystemMenu
EnableMenuItem
SetWindowLongA
EndDialog
WinHelpA
BeginPaint
DrawIcon
EndPaint
SystemParametersInfoA
GetDesktopWindow
MessageBeep
GetMessageA
TranslateMessage
DispatchMessageA
IsDialogMessageA
LoadIconA
LoadCursorA
RegisterClassA
CreateDialogParamA
RegisterWindowMessageA
DefWindowProcA
PostQuitMessage
PostMessageA
FindWindowA
GetWindowRect
GetSystemMetrics
MoveWindow
ShowWindow
wsprintfA
GetDlgItemTextA
MessageBoxA
LoadStringA
SetWindowTextA
SendDlgItemMessageA
SendMessageA
GetDlgItem
EnableWindow
DestroyWindow
SetDlgItemTextA

gdi32

CreateDCA
SelectObject
DeleteDC
CreateFontIndirectA
DeleteObject

comdlg32

GetOpenFileNameA

Sections

.text
Size: 110KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
buylink.htm
cdboot.f35
cdboot.ifd
cdboot.ifl
contextbackup.cmd
.cmd .vbs
ifw.ini
keyhh.exe
.exe windows x86

77a9627b0bc5697d264f08a1b4bde73b

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCommandLineA
MapViewOfFile
CreateFileMappingA
lstrcmpiA
GetTickCount
GetModuleFileNameA
CloseHandle
WinExec
MultiByteToWideChar
GetPrivateProfileStringA
GetFullPathNameA
GetWindowsDirectoryA
IsDBCSLeadByte
ExitProcess
LocalAlloc
LocalFree
GetFileAttributesA
SearchPathA
GetModuleHandleA
LoadLibraryA
GetProcAddress

user32

CharNextA
LoadIconA
SendMessageA
SetWindowLongA
IsWindow
PostMessageA
EnumWindows
PostQuitMessage
DefWindowProcA
CallWindowProcA
GetClassNameA
GetWindow
MessageBoxA
SetForegroundWindow
wsprintfA
LoadStringA
CharPrevA
GetActiveWindow
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
CharLowerA
FindWindowA
GetWindowLongA

advapi32

RegCreateKeyExA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegSetValueA
RegDeleteValueA

ole32

CoCreateInstance
CoInitialize

comdlg32

GetOpenFileNameA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
partinfg.exe
.exe windows x86

4cef2482154c56181cd9a8d098f4cadf

Code Sign

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5c:4b:77:bb:4b:12:15:88:dd:7a:86:af:27:75:9d:1c:e4:3d:27:65:f9:4a:fd:70:f6:fc:f6:29:b9:3c:16:9f
Signer

Actual PE Digest

5c:4b:77:bb:4b:12:15:88:dd:7a:86:af:27:75:9d:1c:e4:3d:27:65:f9:4a:fd:70:f6:fc:f6:29:b9:3c:16:9f

Digest Algorithm

sha256

PE Digest Matches

true

21:d4:1d:e9:da:93:af:94:59:57:63:ed:44:0f:9d:61:60:b9:32:6d
Signer

Actual PE Digest

21:d4:1d:e9:da:93:af:94:59:57:63:ed:44:0f:9d:61:60:b9:32:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_AddMasked
ImageList_Create
CreateToolbarEx
InitCommonControlsEx
ImageList_Destroy

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetTickCount
QueryPerformanceCounter
GetModuleFileNameW
VirtualAlloc
CreateMutexW
GetProcAddress
GetLastError
LoadLibraryW
SetErrorMode
GetVersionExW
FreeLibrary
VirtualFree
lstrlenW
DeviceIoControl
WaitForSingleObject
ReleaseMutex
ReadFile
SetFilePointer
GetLogicalDrives
QueryDosDeviceW
Sleep
CreateFileA
GetDriveTypeW
FlushFileBuffers
WriteConsoleW
WriteFile
WriteConsoleA
CreateFileW
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
LoadLibraryA
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
LCMapStringA
LCMapStringW
GetCurrentProcessId
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
CloseHandle
SetStdHandle
GetLocalTime
GetModuleHandleW
GetConsoleOutputCP
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapAlloc
HeapFree
HeapReAlloc
GetStartupInfoW
GetSystemTimeAsFileTime
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement

user32

EndDialog
DestroyWindow
IsDialogMessageW
SendMessageW
LoadAcceleratorsW
PeekMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
WaitMessage
LoadIconW
LoadCursorW
RegisterClassExW
DialogBoxParamW
DefWindowProcW
LoadStringW
BeginPaint
GetSysColor
FillRect
EndPaint
SetFocus
PostQuitMessage
LoadBitmapW
SetDlgItemTextW
GetClientRect
MoveWindow
GetFocus
GetMenu
EnableMenuItem
CheckMenuItem
CreateWindowExW
UpdateWindow
MessageBoxW
CreateDialogParamW
GetWindowRect
SetWindowPos
ShowWindow
SetForegroundWindow
GetDlgItem
SetWindowTextW
SetWindowLongW

gdi32

DeleteObject
CreateSolidBrush

comdlg32

GetSaveFileNameW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
partinfg64.exe
.exe windows x64

7afb2c4bfe44b636dd8518c31c1c3d19

Code Sign

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:b3:83:fd:98:11:ff:b2:bf:c1:94:db:9a:00:92:f4:a7:10:bc:20:08:70:74:59:e8:c5:0e:56:5c:b4:9d:08
Signer

Actual PE Digest

19:b3:83:fd:98:11:ff:b2:bf:c1:94:db:9a:00:92:f4:a7:10:bc:20:08:70:74:59:e8:c5:0e:56:5c:b4:9d:08

Digest Algorithm

sha256

PE Digest Matches

true

7a:ea:92:e6:ce:d5:94:69:de:93:2f:b3:3a:dc:91:85:9d:1b:0c:75
Signer

Actual PE Digest

7a:ea:92:e6:ce:d5:94:69:de:93:2f:b3:3a:dc:91:85:9d:1b:0c:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ImageList_AddMasked
ImageList_Create
CreateToolbarEx
InitCommonControlsEx
ImageList_Destroy

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetTickCount
QueryPerformanceCounter
GetModuleFileNameW
VirtualAlloc
CreateMutexW
GetProcAddress
GetLastError
LoadLibraryW
SetErrorMode
GetVersionExW
FreeLibrary
VirtualFree
lstrlenW
DeviceIoControl
WaitForSingleObject
ReleaseMutex
ReadFile
SetFilePointer
GetLogicalDrives
QueryDosDeviceW
Sleep
CreateFileA
GetDriveTypeW
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
InitializeCriticalSectionAndSpinCount
LoadLibraryA
LCMapStringA
LCMapStringW
GetCurrentProcessId
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlUnwindEx
HeapSize
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
CreateFileW
CloseHandle
GetLocalTime
WriteFile
GetModuleHandleW
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapAlloc
HeapFree
HeapReAlloc
GetStartupInfoW
GetSystemTimeAsFileTime
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc

user32

EndDialog
IsDialogMessageW
SendMessageW
LoadAcceleratorsW
PeekMessageW
TranslateAcceleratorW
TranslateMessage
DispatchMessageW
WaitMessage
LoadIconW
LoadCursorW
RegisterClassExW
DialogBoxParamW
DefWindowProcW
LoadStringW
BeginPaint
GetSysColor
FillRect
EndPaint
SetFocus
PostQuitMessage
LoadBitmapW
SetWindowLongPtrW
SetDlgItemTextW
GetClientRect
MoveWindow
GetFocus
GetMenu
EnableMenuItem
CheckMenuItem
CreateWindowExW
UpdateWindow
MessageBoxW
CreateDialogParamW
GetWindowRect
SetWindowPos
ShowWindow
SetForegroundWindow
GetDlgItem
SetWindowTextW
DestroyWindow

gdi32

CreateSolidBrush
DeleteObject

comdlg32

GetSaveFileNameW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phylock/phylock.2k.sys
.exe windows x86

fc9f2bc42319818c7ed15571ec455bda

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExfInterlockedRemoveHeadList
KeSetEvent
ExfInterlockedInsertTailList
InterlockedIncrement
IoReleaseRemoveLockEx
InterlockedDecrement
memmove
ZwCreateFile
swprintf
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
IofCompleteRequest
IoAcquireRemoveLockEx
KeInitializeSpinLock
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
PoCallDriver
PoStartNextPowerIrp
InterlockedExchange
KeDelayExecutionThread
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
IofCallDriver
ExFreePool
ExDeleteNPagedLookasideList
IoFreeIrp
IoFreeMdl
MmUnlockPages
IoBuildAsynchronousFsdRequest
_allmul
KeQueryInterruptTime
ExAllocatePoolWithTag
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
KeLeaveCriticalRegion
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
KeEnterCriticalRegion
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
_aulldiv
ExInitializeNPagedLookasideList
MmMapLockedPagesSpecifyCache
ZwQueryValueKey
ZwOpenKey
KeTickCount
KeBugCheckEx
InterlockedCompareExchange
ExInterlockedPushEntrySList
ObfDereferenceObject
ExInterlockedPopEntrySList

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 946B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 768B - Virtual size: 718B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phylock/phylock.nt.sys
.exe windows x86

d1104fe07129cddd9c256b6a2abbac84

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_allmul
InterlockedCompareExchange
IofCallDriver
ExfInterlockedRemoveHeadList
KeSetEvent
ExfInterlockedInsertTailList
InterlockedIncrement
InterlockedDecrement
memmove
ZwCreateFile
swprintf
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
IofCompleteRequest
KeInitializeSpinLock
ExFreePool
ExAllocatePoolWithTag
IoDeleteDevice
ObfDereferenceObject
IoAttachDeviceToDeviceStack
IoGetDeviceObjectPointer
RtlFreeUnicodeString
IoCreateDevice
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeTickCount
IoGetConfigurationInformation
InterlockedExchange
KeDelayExecutionThread
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
ExDeleteNPagedLookasideList
IoFreeIrp
IoFreeMdl
MmUnlockPages
IoBuildAsynchronousFsdRequest
InterlockedExchangeAdd
KeLeaveCriticalRegion
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
KeEnterCriticalRegion
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
_aulldiv
ExInitializeNPagedLookasideList
MmMapLockedPages
ZwQueryValueKey
ZwOpenKey
KeBugCheckEx
KeQueryTimeIncrement
ExInterlockedPushEntrySList
sprintf
ExInterlockedPopEntrySList

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 768B - Virtual size: 682B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phylock/phylock.w10.sys
.exe windows x86

26cd06f892ede1e584fbb5ff48beabf4

Code Sign

33:00:00:00:12:b0:54:93:ea:dd:ce:eb:4b:00:00:00:00:00:12
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/02/2016, 00:59

Not After

12/05/2017, 00:59

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:e4:49:d3:20:73:de:78:e6:e3:24:1b:9f:5d:cc:ef:c9:27:cf:51:21:1b:49:d3:ad:cd:5c:cf:12:75:d0:cf
Signer

Actual PE Digest

22:e4:49:d3:20:73:de:78:e6:e3:24:1b:9f:5d:cc:ef:c9:27:cf:51:21:1b:49:d3:ad:cd:5c:cf:12:75:d0:cf

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExfInterlockedRemoveHeadList
KeSetEvent
ExfInterlockedInsertTailList
IoReleaseRemoveLockEx
memmove
memset
ZwCreateFile
swprintf
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
IofCompleteRequest
IoAcquireRemoveLockEx
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
PoCallDriver
PoStartNextPowerIrp
KeDelayExecutionThread
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
ObfDereferenceObject
ExFreePoolWithTag
IofCallDriver
IoFreeIrp
IoFreeMdl
MmUnlockPages
IoBuildAsynchronousFsdRequest
_allmul
KeQueryInterruptTime
ExAllocatePoolWithTag
memcpy
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
KeLeaveCriticalRegion
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
KeEnterCriticalRegion
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
_aulldiv
ExInitializeNPagedLookasideList
MmMapLockedPagesSpecifyCache
ZwQueryValueKey
ZwOpenKey
KeTickCount
KeBugCheckEx
InterlockedPushEntrySList
InterlockedPopEntrySList
ExDeleteNPagedLookasideList
KeInitializeEvent

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 323B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 957B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phylock/phylock.w10.x64.sys
.exe windows x64

e76a6181048aa3d2f6938d46b933809f

Code Sign

33:00:00:00:12:b0:54:93:ea:dd:ce:eb:4b:00:00:00:00:00:12
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/02/2016, 00:59

Not After

12/05/2017, 00:59

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e5:f5:14:dc:f6:fe:96:73:da:11:22:33:6e:b6:d8:c3:bb:cb:88:c9:e6:76:e5:b9:0f:94:07:90:59:c2:3f:b8
Signer

Actual PE Digest

e5:f5:14:dc:f6:fe:96:73:da:11:22:33:6e:b6:d8:c3:bb:cb:88:c9:e6:76:e5:b9:0f:94:07:90:59:c2:3f:b8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoAcquireRemoveLockEx
ExReleaseFastMutexUnsafe
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
KeLeaveCriticalRegion
ExInitializeNPagedLookasideList
KeSetPriorityThread
IoDeleteDevice
KeSetEvent
swprintf
ExpInterlockedPushEntrySList
KeInitializeEvent
IoReleaseRemoveLockEx
ExpInterlockedPopEntrySList
IoDetachDevice
IoFreeMdl
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
IoBuildAsynchronousFsdRequest
ZwQueryValueKey
ExInterlockedInsertTailList
PsTerminateSystemThread
PoStartNextPowerIrp
ZwClose
IofCompleteRequest
ExQueryDepthSList
IoReleaseRemoveLockAndWaitEx
ObReferenceObjectByHandle
KeWaitForSingleObject
IoFreeIrp
IoAttachDeviceToDeviceStack
PoCallDriver
ExInterlockedRemoveHeadList
MmUnlockPages
ObfDereferenceObject
IoInitializeRemoveLockEx
IoCreateDevice
ExDeleteNPagedLookasideList
IofCallDriver
ZwOpenKey
KeBugCheckEx

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phylock/phylock.w7.sys
.exe windows x86

26cd06f892ede1e584fbb5ff48beabf4

Code Sign

06:56:a7:17:46:f5:c2:3f:99:5b:fc:55:8e:98:c7:02
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

22:e4:49:d3:20:73:de:78:e6:e3:24:1b:9f:5d:cc:ef:c9:27:cf:51:21:1b:49:d3:ad:cd:5c:cf:12:75:d0:cf
Signer

Actual PE Digest

22:e4:49:d3:20:73:de:78:e6:e3:24:1b:9f:5d:cc:ef:c9:27:cf:51:21:1b:49:d3:ad:cd:5c:cf:12:75:d0:cf

Digest Algorithm

sha256

PE Digest Matches

true

98:80:ce:28:7d:47:56:21:0f:75:74:b2:c8:73:78:94:bf:6c:bc:a9
Signer

Actual PE Digest

98:80:ce:28:7d:47:56:21:0f:75:74:b2:c8:73:78:94:bf:6c:bc:a9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExfInterlockedRemoveHeadList
KeSetEvent
ExfInterlockedInsertTailList
IoReleaseRemoveLockEx
memmove
memset
ZwCreateFile
swprintf
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
IofCompleteRequest
IoAcquireRemoveLockEx
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
PoCallDriver
PoStartNextPowerIrp
KeDelayExecutionThread
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
ObfDereferenceObject
ExFreePoolWithTag
IofCallDriver
IoFreeIrp
IoFreeMdl
MmUnlockPages
IoBuildAsynchronousFsdRequest
_allmul
KeQueryInterruptTime
ExAllocatePoolWithTag
memcpy
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
KeLeaveCriticalRegion
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
KeEnterCriticalRegion
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
_aulldiv
ExInitializeNPagedLookasideList
MmMapLockedPagesSpecifyCache
ZwQueryValueKey
ZwOpenKey
KeTickCount
KeBugCheckEx
InterlockedPushEntrySList
InterlockedPopEntrySList
ExDeleteNPagedLookasideList
KeInitializeEvent

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 323B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 957B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 646B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phylock/phylock.w7.x64.sys
.exe windows x64

e76a6181048aa3d2f6938d46b933809f

Code Sign

06:56:a7:17:46:f5:c2:3f:99:5b:fc:55:8e:98:c7:02
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e5:f5:14:dc:f6:fe:96:73:da:11:22:33:6e:b6:d8:c3:bb:cb:88:c9:e6:76:e5:b9:0f:94:07:90:59:c2:3f:b8
Signer

Actual PE Digest

e5:f5:14:dc:f6:fe:96:73:da:11:22:33:6e:b6:d8:c3:bb:cb:88:c9:e6:76:e5:b9:0f:94:07:90:59:c2:3f:b8

Digest Algorithm

sha256

PE Digest Matches

true

10:01:d2:82:e5:b5:1f:b9:0a:7f:fb:93:4b:7b:0c:7a:e2:54:b7:9c
Signer

Actual PE Digest

10:01:d2:82:e5:b5:1f:b9:0a:7f:fb:93:4b:7b:0c:7a:e2:54:b7:9c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoAcquireRemoveLockEx
ExReleaseFastMutexUnsafe
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
KeLeaveCriticalRegion
ExInitializeNPagedLookasideList
KeSetPriorityThread
IoDeleteDevice
KeSetEvent
swprintf
ExpInterlockedPushEntrySList
KeInitializeEvent
IoReleaseRemoveLockEx
ExpInterlockedPopEntrySList
IoDetachDevice
IoFreeMdl
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
IoBuildAsynchronousFsdRequest
ZwQueryValueKey
ExInterlockedInsertTailList
PsTerminateSystemThread
PoStartNextPowerIrp
ZwClose
IofCompleteRequest
ExQueryDepthSList
IoReleaseRemoveLockAndWaitEx
ObReferenceObjectByHandle
KeWaitForSingleObject
IoFreeIrp
IoAttachDeviceToDeviceStack
PoCallDriver
ExInterlockedRemoveHeadList
MmUnlockPages
ObfDereferenceObject
IoInitializeRemoveLockEx
IoCreateDevice
ExDeleteNPagedLookasideList
IofCallDriver
ZwOpenKey
KeBugCheckEx

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phylock/phylock.x64.sys
.exe windows x64

e76a6181048aa3d2f6938d46b933809f

Code Sign

06:56:a7:17:46:f5:c2:3f:99:5b:fc:55:8e:98:c7:02
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3b:e3:0c:e4:91:34:e0:c7:88:df:51:05:69:26:ba:b4:21:a8:66:35:d5:4b:5d:05:10:f0:e8:e4:de:61:62:67
Signer

Actual PE Digest

3b:e3:0c:e4:91:34:e0:c7:88:df:51:05:69:26:ba:b4:21:a8:66:35:d5:4b:5d:05:10:f0:e8:e4:de:61:62:67

Digest Algorithm

sha256

PE Digest Matches

true

84:8e:ed:4a:9c:e3:ba:5f:c4:2f:b8:e4:6c:3a:06:b2:b0:b0:4f:6a
Signer

Actual PE Digest

84:8e:ed:4a:9c:e3:ba:5f:c4:2f:b8:e4:6c:3a:06:b2:b0:b0:4f:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
IoAcquireRemoveLockEx
ExReleaseFastMutexUnsafe
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
KeLeaveCriticalRegion
ExInitializeNPagedLookasideList
KeSetPriorityThread
IoDeleteDevice
KeSetEvent
swprintf
ExpInterlockedPushEntrySList
KeInitializeEvent
IoReleaseRemoveLockEx
ExpInterlockedPopEntrySList
IoDetachDevice
IoFreeMdl
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe
KeDelayExecutionThread
ZwCreateFile
PsCreateSystemThread
MmMapLockedPagesSpecifyCache
IoBuildAsynchronousFsdRequest
ZwQueryValueKey
ExInterlockedInsertTailList
PsTerminateSystemThread
PoStartNextPowerIrp
ZwClose
IofCompleteRequest
ExQueryDepthSList
IoReleaseRemoveLockAndWaitEx
ObReferenceObjectByHandle
KeWaitForSingleObject
IoFreeIrp
IoAttachDeviceToDeviceStack
PoCallDriver
ExInterlockedRemoveHeadList
MmUnlockPages
ObfDereferenceObject
IoInitializeRemoveLockEx
IoCreateDevice
ExDeleteNPagedLookasideList
IofCallDriver
ZwOpenKey
KeBugCheckEx

Sections

.text
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 340B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phylock/phylock.xp.sys
.exe windows x86

26cd06f892ede1e584fbb5ff48beabf4

Code Sign

06:56:a7:17:46:f5:c2:3f:99:5b:fc:55:8e:98:c7:02
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c6:cd:90:e7:13:19:57:1f:07:73:0b:83:44:32:35:2c:d2:95:08:26:6b:89:8e:43:22:b2:a5:47:f0:88:6f:76
Signer

Actual PE Digest

c6:cd:90:e7:13:19:57:1f:07:73:0b:83:44:32:35:2c:d2:95:08:26:6b:89:8e:43:22:b2:a5:47:f0:88:6f:76

Digest Algorithm

sha256

PE Digest Matches

true

e0:dc:cf:55:d7:70:f9:56:31:1b:61:5e:93:b3:c6:11:47:a6:5b:50
Signer

Actual PE Digest

e0:dc:cf:55:d7:70:f9:56:31:1b:61:5e:93:b3:c6:11:47:a6:5b:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExfInterlockedRemoveHeadList
KeSetEvent
ExfInterlockedInsertTailList
IoReleaseRemoveLockEx
memmove
memset
ZwCreateFile
swprintf
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
IofCompleteRequest
IoAcquireRemoveLockEx
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
IoCreateDevice
PoCallDriver
PoStartNextPowerIrp
KeDelayExecutionThread
ZwClose
ObReferenceObjectByHandle
PsCreateSystemThread
ObfDereferenceObject
ExFreePoolWithTag
IofCallDriver
IoFreeIrp
IoFreeMdl
MmUnlockPages
IoBuildAsynchronousFsdRequest
_allmul
KeQueryInterruptTime
ExAllocatePoolWithTag
memcpy
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
KeLeaveCriticalRegion
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
KeEnterCriticalRegion
PsTerminateSystemThread
KeSetPriorityThread
KeGetCurrentThread
_aulldiv
ExInitializeNPagedLookasideList
MmMapLockedPagesSpecifyCache
ZwQueryValueKey
ZwOpenKey
KeTickCount
KeBugCheckEx
InterlockedPushEntrySList
InterlockedPopEntrySList
ExDeleteNPagedLookasideList
KeInitializeEvent

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 323B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 957B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 640B - Virtual size: 606B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
phylock/readme.txt
phylock/setup.exe
.exe windows x86

8f2cb8561d405bbd6480e0950eea329e

Code Sign

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a5:63:4b:66:09:73:14:02:08:d0:db:76:72:68:e4:d9:5a:79:0a:47:5d:43:99:97:65:ea:c2:66:60:11:de:31
Signer

Actual PE Digest

a5:63:4b:66:09:73:14:02:08:d0:db:76:72:68:e4:d9:5a:79:0a:47:5d:43:99:97:65:ea:c2:66:60:11:de:31

Digest Algorithm

sha256

PE Digest Matches

true

90:3f:70:48:f7:15:71:c7:e1:72:32:d3:5b:ba:d1:c3:a5:55:e3:12
Signer

Actual PE Digest

90:3f:70:48:f7:15:71:c7:e1:72:32:d3:5b:ba:d1:c3:a5:55:e3:12

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetVersionExA
DeleteFileA
CopyFileA
FindClose
FindFirstFileA
GetSystemDirectoryA
lstrlenA
GetCurrentDirectoryA
GetProcAddress
GetCurrentProcess
GetStringTypeW
GetStringTypeA
LCMapStringW
MultiByteToWideChar
LCMapStringA
GetLocaleInfoA
lstrcpyA
lstrcatA
InitializeCriticalSectionAndSpinCount
GetVersion
SetLastError
WideCharToMultiByte
GetModuleHandleA
Sleep
RtlUnwind
GetCommandLineA
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
HeapSize

user32

CreateDialogParamA
GetDlgItem
SetWindowTextA
SetWindowLongA
ShowWindow
GetMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
DestroyWindow
GetWindowLongA
LoadStringA
MessageBoxA
PostQuitMessage

advapi32

RegDeleteValueA
RegCreateKeyExA
RegSetValueExA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegDeleteKeyA
RegQueryValueExA

Sections

.text
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tbicd2hd.exe
.exe windows x86

5edea50186e6115f8dade153a4734de7

Code Sign

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

84:46:59:9d:9b:0e:9a:03:92:7a:26:c4:1d:57:62:08:fd:06:f8:50:f0:8b:3b:ed:e2:67:06:7b:8a:5a:3d:bd
Signer

Actual PE Digest

84:46:59:9d:9b:0e:9a:03:92:7a:26:c4:1d:57:62:08:fd:06:f8:50:f0:8b:3b:ed:e2:67:06:7b:8a:5a:3d:bd

Digest Algorithm

sha256

PE Digest Matches

true

1f:7a:f6:83:86:70:0b:ef:67:96:1a:8b:06:2e:6a:75:de:b4:f9:10
Signer

Actual PE Digest

1f:7a:f6:83:86:70:0b:ef:67:96:1a:8b:06:2e:6a:75:de:b4:f9:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
GetModuleHandleA
WideCharToMultiByte
SetLastError
GetVersion
InitializeCriticalSectionAndSpinCount
CreateFileA
GetFileSize
SetFilePointer
VirtualFree
WriteFile
ReadFile
GetLastError
VirtualAlloc
CloseHandle
SetConsoleCursorPosition
GetConsoleScreenBufferInfo
SetConsoleMode
GetConsoleMode
GetFileAttributesA
GetModuleHandleW
GetProcAddress
ExitProcess
GetCommandLineA
HeapFree
HeapAlloc
ReadConsoleInputA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
GetCurrentThreadId
LCMapStringA
MultiByteToWideChar
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
GetModuleFileNameA
DeleteCriticalSection
LoadLibraryA
RaiseException
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoA
GetConsoleCP
HeapSize
SetStdHandle
FlushFileBuffers

user32

GetKeyState

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tbinotify.exe
.exe windows x86

1bd468e94e56a9f5754a6975997bbead

Code Sign

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:e2:41:39:ea:6f:f1:ae:44:88:01:7c:f8:f5:b7:3b:47:50:de:62:4e:4d:16:e9:e8:fd:9b:fc:f2:a4:a0:5d
Signer

Actual PE Digest

01:e2:41:39:ea:6f:f1:ae:44:88:01:7c:f8:f5:b7:3b:47:50:de:62:4e:4d:16:e9:e8:fd:9b:fc:f2:a4:a0:5d

Digest Algorithm

sha256

PE Digest Matches

true

0d:8d:bb:d8:71:7e:1e:9f:42:9f:36:90:c2:45:17:0a:dd:0d:d1:33
Signer

Actual PE Digest

0d:8d:bb:d8:71:7e:1e:9f:42:9f:36:90:c2:45:17:0a:dd:0d:d1:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

ImageList_Destroy
ImageList_Create
ImageList_ReplaceIcon
InitCommonControlsEx

kernel32

UnmapViewOfFile
GetModuleHandleA
Sleep
FileTimeToSystemTime
GetSystemDirectoryA
LoadLibraryA
GetVersionExA
GetDateFormatA
CloseHandle
SearchPathA
CreateFileMappingA
SystemTimeToFileTime
FreeLibrary
SystemTimeToTzSpecificLocalTime
GetSystemTime
CreateSemaphoreA
MapViewOfFile
GetPrivateProfileStringA
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
GetConsoleMode
GetConsoleCP
HeapSize
GetProcessHeap
SetStdHandle
GetCommandLineW
GetCommandLineA
GetOEMCP
FindNextFileA
FindFirstFileExA
FindClose
HeapReAlloc
GetFileType
HeapFree
HeapAlloc
GetACP
ExitProcess
WriteFile
GetStdHandle
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
RaiseException
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DeleteCriticalSection
GetTimeFormatA
WaitForSingleObject
CreateMutexA
GetEnvironmentVariableA
GetCurrentDirectoryA
ReleaseSemaphore
GetCurrentProcess
GetModuleFileNameA
VirtualQuery
VirtualFree
VirtualAlloc
SetLastError
GetLastError
SetFilePointer
LeaveCriticalSection
EnterCriticalSection
RtlUnwind
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FlushFileBuffers

user32

SystemParametersInfoA
PostQuitMessage
GetDesktopWindow
SetForegroundWindow
GetCursorPos
AppendMenuA
GetDlgItem
LoadIconA
GetMessageA
LoadImageA
DispatchMessageA
GetWindowRect
LoadCursorA
DestroyWindow
SetWindowPos
LoadStringA
PostMessageA
ScreenToClient
EndDialog
CreatePopupMenu
DialogBoxParamA
TrackPopupMenu
GetActiveWindow
ShowWindow
OffsetRect
GetDlgItemTextA
DestroyIcon
MessageBoxA
RegisterClassA
DefWindowProcA
DestroyMenu
CreateWindowExA
TranslateMessage
SetDlgItemTextA
SendMessageA

gdi32

GetStockObject
CreateFontIndirectA
DeleteObject
GetObjectA

advapi32

RegQueryValueExA
RegOpenKeyExA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
RegCloseKey
GetTokenInformation

shell32

ShellExecuteA
SHGetSpecialFolderLocation
SHGetPathFromIDListA
Shell_NotifyIconA

ole32

CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitializeEx

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 278KB - Virtual size: 277KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tboflhelper.sys
.exe windows x86

7414c8b14514f587dd340e92bf78e6c0

Code Sign

06:56:a7:17:46:f5:c2:3f:99:5b:fc:55:8e:98:c7:02
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:18:a7:c6:4e:da:38:3a:9f:79:00:00:00:00:00:18
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/02/2017, 20:47

Not After

09/05/2018, 20:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:c6:22:16:36:8f:3c:b4:1d:e5:47:ae:49:f1:7e:17:38:7c:fc:2d:07:a4:5f:43:a8:ac:99:d8:e8:01:60:74
Signer

Actual PE Digest

3e:c6:22:16:36:8f:3c:b4:1d:e5:47:ae:49:f1:7e:17:38:7c:fc:2d:07:a4:5f:43:a8:ac:99:d8:e8:01:60:74

Digest Algorithm

sha256

PE Digest Matches

true

2f:6e:ae:a2:60:23:9d:8e:af:a3:84:ea:72:91:90:8e:38:df:a0:00
Signer

Actual PE Digest

2f:6e:ae:a2:60:23:9d:8e:af:a3:84:ea:72:91:90:8e:38:df:a0:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
ZwClose
ObfDereferenceObject
ExFreePoolWithTag
ObQueryNameString
ExAllocatePoolWithTag
ObReferenceObjectByHandle
IoFileObjectType
ZwDuplicateObject
ZwOpenProcess
_except_handler3
_local_unwind2
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeTickCount

Sections

.text
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 388B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 710B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 384B - Virtual size: 370B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tboflhelper64.sys
.exe windows x64

d93807b520bd3b5df509f43a0e8cda9e

Code Sign

06:56:a7:17:46:f5:c2:3f:99:5b:fc:55:8e:98:c7:02
Certificate

Issuer

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

02:c4:d1:e5:8a:4a:68:0c:56:8d:a3:04:7e:7e:4d:5f
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert High Assurance Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:18:a7:c6:4e:da:38:3a:9f:79:00:00:00:00:00:18
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/02/2017, 20:47

Not After

09/05/2018, 20:47

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ae:09:57:18:a8:60:96:2d:21:36:22:b7:19:f8:db:cd:e1:90:e4:be:dc:2c:d9:2e:38:65:ef:ae:de:65:38:0f
Signer

Actual PE Digest

ae:09:57:18:a8:60:96:2d:21:36:22:b7:19:f8:db:cd:e1:90:e4:be:dc:2c:d9:2e:38:65:ef:ae:de:65:38:0f

Digest Algorithm

sha256

PE Digest Matches

true

3e:13:f3:0d:ed:63:43:6e:ae:8d:27:fc:21:db:4b:dd:d7:56:74:2e
Signer

Actual PE Digest

3e:13:f3:0d:ed:63:43:6e:ae:8d:27:fc:21:db:4b:dd:d7:56:74:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
__C_specific_handler
ZwClose
ObfDereferenceObject
ExFreePoolWithTag
ObQueryNameString
ExAllocatePoolWithTag
ObReferenceObjectByHandle
IoFileObjectType
ZwDuplicateObject
ZwOpenProcess
_local_unwind
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 672B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 886B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tlibr32.dll
.dll windows x86

9c23770d684b67bda154937130267455

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
SUnMapLS_IP_EBP_12
SMapLS_IP_EBP_16
SUnMapLS_IP_EBP_16
ThunkConnect32
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
SMapLS_IP_EBP_12
HeapFree
WriteFile
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
GetCPInfo
GetACP
GetOEMCP
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
InterlockedDecrement
InterlockedIncrement

Exports

Exports

_GetDiskParms@12
_ReadHD@16
_WriteHD@16
thk_ThunkData32

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vss64.exe
.exe windows x64

f1f333bb7924d94161cb0c7c87fbaea5

Code Sign

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/08/2016, 00:00

Not After

28/10/2019, 12:00

Subject

CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28/07/2016, 00:00

Not After

28/07/2019, 23:59

Subject

SERIALNUMBER=C27039-2001,CN=TeraByte\, Inc.,O=TeraByte\, Inc.,L=Las Vegas,ST=Nevada,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#13064e6576616461,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4d:99:49:f0:ca:7e:d0:db:6b:86:23:94:5d:d5:24:f0:0f:2f:85:93:c4:c4:92:8d:6c:14:27:e4:1f:bd:9e:c8
Signer

Actual PE Digest

4d:99:49:f0:ca:7e:d0:db:6b:86:23:94:5d:d5:24:f0:0f:2f:85:93:c4:c4:92:8d:6c:14:27:e4:1f:bd:9e:c8

Digest Algorithm

sha256

PE Digest Matches

true

41:9f:1a:38:a3:ee:41:aa:6c:a3:db:4f:d3:d9:5d:3e:83:59:47:d4
Signer

Actual PE Digest

41:9f:1a:38:a3:ee:41:aa:6c:a3:db:4f:d3:d9:5d:3e:83:59:47:d4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReadFile
GetStdHandle
WriteFile
GetVersionExW
Sleep
LoadLibraryW
GetProcAddress
ExitProcess
FreeLibrary
GetModuleHandleW
ExpandEnvironmentStringsW
GetLastError
CreateFileW
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapSize
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapReAlloc
HeapFree
HeapAlloc
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
CloseHandle
SetStdHandle
GetStringTypeW

ole32

CoUninitialize
CoInitializeEx
CLSIDFromString

oleaut32

SysFreeString

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/protectit.sys
.exe windows x64

f7ea3f098843f71b4e7f5d0ac2fb8a48

Code Sign

33:00:00:00:1e:e1:1d:60:9e:7d:97:60:71:00:00:00:00:00:1e
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/10/2017, 17:44

Not After

05/10/2018, 17:44

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:e0:3d:17:d8:fa:4b:1e:39:8f:2b:eb:37:e1:cf:a2:23:e1:ee:d4:8c:a2:88:9f:8c:64:92:aa:94:ad:91:c0
Signer

Actual PE Digest

d4:e0:3d:17:d8:fa:4b:1e:39:8f:2b:eb:37:e1:cf:a2:23:e1:ee:d4:8c:a2:88:9f:8c:64:92:aa:94:ad:91:c0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeBugCheckEx
PsGetProcessId
RtlPrefixUnicodeString
RtlEqualUnicodeString
IoIs32bitProcess
RtlInitUnicodeString
ExFreePoolWithTag
ExAllocatePoolWithTag
IoThreadToProcess
__C_specific_handler

fltmgr.sys

FltAcquirePushLockShared
FltStartFiltering
FltParseFileNameInformation
FltRegisterFilter
FltAcquirePushLockExclusive
FltBuildDefaultSecurityDescriptor
FltCloseCommunicationPort
FltReleasePushLock
FltUnregisterFilter
FltInitializePushLock
FltCloseClientPort
FltCreateCommunicationPort
FltFreeSecurityDescriptor
FltGetFileNameInformation

Sections

.text
Size: 1024B - Virtual size: 564B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 696B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 703B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x86/protectit.sys
.exe windows x86

6f36188c3d5977e70c2b18950c6449a9

Code Sign

33:00:00:00:1e:e1:1d:60:9e:7d:97:60:71:00:00:00:00:00:1e
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

05/10/2017, 17:44

Not After

05/10/2018, 17:44

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:f6:c7:4c:b3:d7:78:fd:ce:1d:ec:e3:1c:29:cb:e6:1b:eb:ea:05:b3:24:b6:db:ec:89:bf:02:cb:29:5e:9a
Signer

Actual PE Digest

10:f6:c7:4c:b3:d7:78:fd:ce:1d:ec:e3:1c:29:cb:e6:1b:eb:ea:05:b3:24:b6:db:ec:89:bf:02:cb:29:5e:9a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

KeTickCount
RtlInitUnicodeString
ExAllocatePoolWithTag
IoThreadToProcess
PsGetProcessId
ExFreePoolWithTag
RtlPrefixUnicodeString
RtlEqualUnicodeString
RtlUnwind
KeBugCheckEx

fltmgr.sys

FltCloseClientPort
FltInitializePushLock
FltRegisterFilter
FltBuildDefaultSecurityDescriptor
FltCreateCommunicationPort
FltFreeSecurityDescriptor
FltStartFiltering
FltAcquirePushLockShared
FltAcquirePushLockExclusive
FltUnregisterFilter
FltCloseCommunicationPort
FltParseFileNameInformation
FltGetFileNameInformation
FltReleasePushLock

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 640B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 640B - Virtual size: 620B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 214B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 40KB

UPX1 Size: 6KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 8KB - Virtual size: 8KB

DATA Size: 512B - Virtual size: 204B

BSS Size: - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 806B

.tls Size: - Virtual size: 4B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 1024B - Virtual size: 620B

.rsrc Size: 1024B - Virtual size: 1024B

Password: infected

Headers

File Characteristics

Sections

UPX0 Size: - Virtual size: 40KB

UPX1 Size: 6KB - Virtual size: 8KB

.rsrc Size: 512B - Virtual size: 4KB

Headers

File Characteristics

Sections

CODE Size: 8KB - Virtual size: 8KB

DATA Size: 512B - Virtual size: 204B

BSS Size: - Virtual size: 1KB

.idata Size: 1024B - Virtual size: 806B

.tls Size: - Virtual size: 4B

.rdata Size: 512B - Virtual size: 24B

.reloc Size: 1024B - Virtual size: 620B

.rsrc Size: 1024B - Virtual size: 1024B

Password: infected

77a9627b0bc5697d264f08a1b4bde73b

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ole32

comdlg32

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 4KB - Virtual size: 1KB

.data Size: 4KB - Virtual size: 1KB

.rsrc Size: 4KB - Virtual size: 3KB

Password: infected

1df829cb37ab821aff5c00c41e0f5a84

Code Sign

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2bCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

UPX0
Size: - Virtual size: 40KB

UPX1
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 4KB

CODE
Size: 8KB - Virtual size: 8KB

DATA
Size: 512B - Virtual size: 204B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 806B

.tls
Size: - Virtual size: 4B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 1024B - Virtual size: 620B

.rsrc
Size: 1024B - Virtual size: 1024B

UPX0
Size: - Virtual size: 40KB

UPX1
Size: 6KB - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 4KB

CODE
Size: 8KB - Virtual size: 8KB

DATA
Size: 512B - Virtual size: 204B

BSS
Size: - Virtual size: 1KB

.idata
Size: 1024B - Virtual size: 806B

.tls
Size: - Virtual size: 4B

.rdata
Size: 512B - Virtual size: 24B

.reloc
Size: 1024B - Virtual size: 620B

.rsrc
Size: 1024B - Virtual size: 1024B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 4KB - Virtual size: 1KB

.data
Size: 4KB - Virtual size: 1KB

.rsrc
Size: 4KB - Virtual size: 3KB

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

56:bd:57:34:f7:f8:7c:e3:45:88:ef:6f:35:7c:94:0c:f3:31:0d:3a:6e:8a:05:cc:e3:98:f7:a6:fd:47:b8:5e
Signer

ab:71:23:34:e3:0c:7a:86:fa:01:ef:29:66:31:bc:4c:14:3a:40:4c
Signer

.text
Size: 47KB - Virtual size: 47KB

.rdata
Size: 25KB - Virtual size: 24KB

.data
Size: 2KB - Virtual size: 13KB

.rsrc
Size: 14KB - Virtual size: 14KB

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

76:14:09:9f:34:01:fb:84:c9:4c:bd:9e:11:9c:ad:2b
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

14:c9:a4:4e:e4:61:56:05:2b:da:ae:8e:64:23:a2:1a:03:0d:30:4a:ec:87:f5:a3:0d:7f:0f:fa:df:38:ef:cd
Signer

0e:77:3e:0d:f5:c0:13:11:3b:37:1b:93:0b:91:68:58:32:2f:e5:3f
Signer

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 2KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

0c:53:32:08:0f:46:95:53:68:e8:d2:19:f8:44:f8:e2
Certificate