dcrypt_[.]zip | Triage

Sharing

Copy URL Twitter E-mail

General

Target

dcrypt_.zip
Size

710KB
MD5

5228455ecc02ba908b240ae6f0bb38b1
SHA1

57860274ee6092c05a485d6ef1ba4e963fe4da49
SHA256

377b4fcaaf9b8de6fd328d239f949d235f9d25b63a3d5038b64d241a947affdb
SHA512

a4d006359286a3c61e63df2c35bdaef38f5b07c6df3aba53bc47ae730ff01baffbcfab622c3ece04afa312e979ae8970ecaf70b3e217f267105fb1f829d190ad
SSDEEP

12288:alAqgTlYWwk55u9oNfZbiUibE+o4K6Z+SGcQNtxwrw1mvrQLUBVrI0eV/OaA:ayqGlYWpjUfbEMK6ZTGcMtKrwUcLUBVf

Score

1^/10

Malware Config

Signatures

Files

dcrypt_.zip
.zip

Password: infected
2d71423a2b6e918ed5dc08a4ca824a7e136f0e2a
.zip

Password: infected
amd64/dc_fsf.sys
.dll windows x64

Password: infected

1c6664045578f25770f6189432a95080

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2010, 23:59

Subject

CN=ReactOS Foundation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ReactOS Foundation,L=Moscow,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:c9:18:d4:c4:cd:38:d6:04:12:12:a4:fe:d9:2c:09:33:8f:4d:f7
Signer

Actual PE Digest

aa:c9:18:d4:c4:cd:38:d6:04:12:12:a4:fe:d9:2c:09:33:8f:4d:f7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

RtlInitUnicodeString
IoDeleteDevice
IoCreateDevice
ExQueueWorkItem
_wcsicmp
ExAllocatePoolWithTag
ExFreePoolWithTag
KeInitializeMutex
_wcsnicmp
IoDetachDevice
KeReleaseMutex
ZwClose
IofCompleteRequest
IoAttachDeviceToDeviceStack
ZwQueryInformationFile
IoRegisterFsRegistrationChange
IofCallDriver
_snwprintf
KeSetEvent
KeInitializeEvent
ObQueryNameString
ZwCreateFile
KeWaitForSingleObject
__C_specific_handler

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 726B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64/dcapi.dll
.dll windows x64

Password: infected

2343cb06fee7a117068e1459228b975d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2010, 23:59

Subject

CN=ReactOS Foundation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ReactOS Foundation,L=Moscow,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ac:00:5d:d9:78:83:f9:0a:a3:f6:ca:ab:24:5b:34:94:69:c5:6e:a3
Signer

Actual PE Digest

ac:00:5d:d9:78:83:f9:0a:a3:f6:ca:ab:24:5b:34:94:69:c5:6e:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

GetMessageTime
GetClipboardOwner
SetWindowsHookExW
GetCursor
GetActiveWindow
GetCaretPos
GetDesktopWindow
GetWindowTextW
GetInputState
GetWindowThreadProcessId
GetGUIThreadInfo
GetForegroundWindow
GetKBCodePage
GetCapture
GetQueueStatus
EnumWindows
GetClientRect
GetWindowInfo
CallNextHookEx
GetCursorInfo
GetShellWindow
GetWindowRect
GetLastActivePopup
GetOpenClipboardWindow
GetFocus

msvcrt

__C_specific_handler
_amsg_exit
_initterm
_XcptFilter
wcsncpy
malloc
free
memmove
wcschr
isprint
tolower
isspace
_snwprintf
mbstowcs
floor
memcpy

psapi

GetProcessMemoryInfo

advapi32

FreeSid
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW
AdjustTokenPrivileges
CheckTokenMembership
AllocateAndInitializeSid
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCloseKey
RegFlushKey
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW

kernel32

GetCurrentProcess
SetEndOfFile
SetFilePointer
GetFileSize
GetSystemTimeAsFileTime
Sleep
GetThreadTimes
GetCurrentProcessId
GetCurrentThreadId
GetOEMCP
GlobalMemoryStatusEx
GetProcessTimes
GetProcessHeap
GetCurrentThread
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
VirtualLock
GetProcAddress
VirtualUnlock
GetVersionExW
LoadLibraryW
FindNextFileW
FindClose
FindFirstFileW
GetFileAttributesW
CopyFileW
GetSystemDirectoryW
FindFirstVolumeW
GetLastError
FindNextVolumeW
DeleteVolumeMountPointW
TlsSetValue
TlsGetValue
FindVolumeClose
DeviceIoControl
TlsAlloc
LockResource
DisableThreadLibraryCalls
FreeLibrary
GetModuleFileNameW
SizeofResource
LoadResource
FindResourceW
CreateMutexW
DeleteFileW
VirtualFree
WriteFile
ReadFile
CreateFileW
GetFileSizeEx
VirtualAlloc
CloseHandle

Exports

Exports

dc_add_keyfiles
dc_add_password
dc_add_seed
dc_backup_header
dc_benchmark
dc_change_password
dc_clean_pass_cache
dc_close_device
dc_dec_step
dc_disk_close
dc_disk_open
dc_disk_read
dc_disk_write
dc_done_format
dc_driver_status
dc_dsk_get_size
dc_enc_step
dc_encrypt_cd
dc_extract_rsrc
dc_first_volume
dc_format_byte_size
dc_format_fs
dc_format_step
dc_get_boot_device
dc_get_boot_disk
dc_get_bsod
dc_get_cipher_name
dc_get_conf_flags
dc_get_device_status
dc_get_drive_info
dc_get_hw_name
dc_get_mbr_config
dc_get_random
dc_get_version
dc_install_driver
dc_is_old_runned
dc_load_conf
dc_lock_memory
dc_make_iso
dc_make_pxe
dc_mbr_config_by_partition
dc_mount_all
dc_mount_volume
dc_next_volume
dc_open_device
dc_remove_driver
dc_restore_header
dc_save_conf
dc_set_boot
dc_set_conf_flags
dc_set_mbr
dc_set_mbr_config
dc_start_decrypt
dc_start_encrypt
dc_start_format
dc_start_re_encrypt
dc_sync_enc_state
dc_unlock_memory
dc_unmount_all
dc_unmount_volume
dc_unset_mbr
dc_update_boot
dc_update_driver
enable_privilege
is_admin
is_win_vista
is_wow64
load_file
rnd_init
rnd_reseed_now
save_file
secure_alloc
secure_free

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 396B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64/dccon.exe
.exe windows x64

Password: infected

18985b7050bebfb7776ae7dd82bc58cc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2010, 23:59

Subject

CN=ReactOS Foundation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ReactOS Foundation,L=Moscow,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4b:3c:fc:14:ce:84:05:38:8e:19:92:32:b1:48:38:d8:63:dd:84:23
Signer

Actual PE Digest

4b:3c:fc:14:ce:84:05:38:8e:19:92:32:b1:48:38:d8:63:dd:84:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dcapi

secure_free
secure_alloc
dc_enc_step
dc_get_device_status
dc_sync_enc_state
dc_done_format
dc_format_step
dc_dec_step
dc_set_mbr
dc_add_keyfiles
dc_encrypt_cd
dc_get_bsod
dc_get_random
dc_save_conf
dc_load_conf
dc_restore_header
save_file
dc_backup_header
dc_benchmark
dc_format_fs
dc_start_format
rnd_reseed_now
dc_start_re_encrypt
dc_start_decrypt
dc_start_encrypt
dc_add_password
dc_clean_pass_cache
dc_unmount_all
dc_unmount_volume
dc_mount_all
dc_mount_volume
dc_get_cipher_name
dc_get_boot_device
rnd_init
dc_update_driver
dc_remove_driver
dc_install_driver
dc_is_old_runned
dc_get_version
dc_open_device
dc_driver_status
is_admin
dc_first_volume
dc_next_volume
dc_get_boot_disk
dc_dsk_get_size
dc_get_hw_name
dc_get_mbr_config
dc_unset_mbr
dc_update_boot
dc_set_boot
dc_mbr_config_by_partition
dc_make_iso
dc_set_mbr_config
dc_make_pxe
dc_format_byte_size
dc_change_password
load_file

msvcrt

qsort
wcsncpy
__wgetmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
exit
_initterm
_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
?terminate@@YAXXZ
_kbhit
memcmp
_wcslwr
memcpy
mbstowcs
_putch
_wcsicmp
tolower
isdigit
_wtoi
_getch
_snwprintf
free
wscanf
wprintf
printf

kernel32

SetConsoleCursorPosition
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
GetStdHandle
GetCommandLineA
GetCommandLineW
SetVolumeMountPointW
SetUnhandledExceptionFilter
GetModuleHandleW
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
Sleep

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 201KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 624B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64/dcrypt.exe
.exe windows x64

Password: infected

d5a620801bdc7bdf742c16a196d76a67

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2010, 23:59

Subject

CN=ReactOS Foundation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ReactOS Foundation,L=Moscow,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e6:85:2f:5a:59:43:78:05:1f:71:cd:57:54:01:0b:fb:8d:f7:f9:5a
Signer

Actual PE Digest

e6:85:2f:5a:59:43:78:05:1f:71:cd:57:54:01:0b:fb:8d:f7:f9:5a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

dcapi

dc_unmount_all
dc_mount_all
dc_mount_volume
secure_free
dc_change_password
dc_clean_pass_cache
save_file
dc_backup_header
dc_install_driver
dc_remove_driver
dc_update_driver
dc_driver_status
dc_load_conf
rnd_init
is_win_vista
dc_get_version
dc_is_old_runned
is_admin
dc_get_boot_disk
dc_get_hw_name
dc_next_volume
dc_first_volume
dc_mbr_config_by_partition
dc_set_boot
dc_start_decrypt
dc_add_keyfiles
secure_alloc
load_file
rnd_reseed_now
dc_encrypt_cd
dc_start_re_encrypt
dc_start_encrypt
dc_start_format
dc_save_conf
dc_get_bsod
enable_privilege
dc_get_random
dc_unmount_volume
dc_enc_step
dc_dec_step
dc_open_device
dc_sync_enc_state
dc_format_step
dc_get_device_status
dc_close_device
dc_set_mbr
dc_make_iso
dc_make_pxe
dc_get_mbr_config
dc_set_mbr_config
dc_get_drive_info
dc_unset_mbr
dc_update_boot
dc_disk_open
dc_disk_close
dc_get_boot_device
dc_dsk_get_size
dc_format_byte_size
dc_benchmark
dc_get_cipher_name
dc_done_format
dc_format_fs
dc_restore_header

msvcrt

_snwprintf
wcstoul
wcsstr
qsort
_wcslwr
_snprintf
wcsncat
free
memset
wcsrchr
wcsncpy
malloc
memcmp
_wtoi
?terminate@@YAXXZ
__set_app_type
_fmode
_commode
__setusermatherr
_amsg_exit
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
_vsnwprintf
wcschr

comctl32

ImageList_Draw
ord17
ImageList_Create
ImageList_Add
ImageList_GetIconSize
ImageList_DrawEx

shlwapi

PathFileExistsW

ntdll

NtQueryInformationProcess

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
GetStartupInfoW
GetCurrentProcessId
GetLogicalDrives
LoadLibraryW
FindResourceW
SizeofResource
LoadResource
LockResource
ExitProcess
DeleteVolumeMountPointW
SuspendThread
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetVolumeInformationW
InitializeCriticalSection
GetModuleHandleA
GlobalFindAtomW
GetFileSize
CreateFileW
ReadFile
SetVolumeMountPointW
CreateThread
SetThreadPriority
ResumeThread
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
CreateProcessW
CloseHandle
OpenProcess
WaitForSingleObject
Sleep
GetModuleFileNameW
GlobalAddAtomW

user32

GetWindowLongW
PostQuitMessage
GetCursorPos
DestroyWindow
EnumChildWindows
SetFocus
CreatePopupMenu
AppendMenuW
GetMessagePos
TrackPopupMenu
DestroyMenu
IsWindowVisible
GetWindowTextA
GetSystemMetrics
SetWindowTextA
SetMenuItemInfoW
GetClientRect
MapDialogRect
GetWindowRect
IsWindowEnabled
LookupIconIdFromDirectoryEx
CreateIconFromResourceEx
SetWindowLongPtrW
GetDC
GetClassNameW
DrawEdge
GetDialogBaseUnits
CreateDialogParamW
GetDlgItem
DrawStateW
DrawTextExW
FillRect
SetWindowPos
GetKeyState
LoadBitmapW
LoadCursorW
ScreenToClient
MoveWindow
ReleaseDC
DestroyIcon
EndDialog
GetWindowLongPtrW
CallWindowProcW
TrackMouseEvent
SetCursor
GetWindowTextW
InvalidateRect
SetWindowTextW
SetTimer
KillTimer
LoadIconW
RegisterClassW
FindWindowW
ShowWindow
SetForegroundWindow
DefDlgProcW
DialogBoxParamW
GetMenuItemCount
GetMenu
EnableMenuItem
EnableWindow
GetWindowInfo
GetParent
GetSysColor
ExitWindowsEx
SendMessageW
RegisterHotKey
UnregisterHotKey
MessageBoxW

gdi32

GetTextMetricsW
ExtTextOutW
CreateFontIndirectW
SetBkMode
SetTextColor
SetDCBrushColor
GetStockObject
SelectObject
GetTextExtentPoint32W
SetBkColor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegDeleteValueW
RegOpenKeyW
RegSetValueExW
RegCreateKeyW
RegCloseKey

shell32

Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amd64/dcrypt.sys
.dll windows x64

Password: infected

1fd2fbbdb045450dd192f9c400a18d1d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2010, 23:59

Subject

CN=ReactOS Foundation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ReactOS Foundation,L=Moscow,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:f1:f9:d1:ea:9c:21:c9:85:c7:2f:b7:90:e1:5e:e7:07:b7:a2:c2
Signer

Actual PE Digest

41:f1:f9:d1:ea:9c:21:c9:85:c7:2f:b7:90:e1:5e:e7:07:b7:a2:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

MmUnmapIoSpace
MmMapIoSpace
_wcsicmp
ExAcquireResourceExclusiveLite
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExAcquireResourceSharedLite
ExReleaseResourceLite
ObfReferenceObject
ObfDereferenceObject
ExInitializeResourceLite
IoAcquireRemoveLockEx
IoDeleteSymbolicLink
IoRegisterDriverReinitialization
RtlInitUnicodeString
IoDeleteDevice
ZwQueryValueKey
PsTerminateSystemThread
PoStartNextPowerIrp
ZwClose
PsGetVersion
IoCreateSymbolicLink
IoCreateDevice
ObOpenObjectByPointer
ZwOpenKey
ExReleaseFastMutex
ExAcquireFastMutex
PsSetLoadImageNotifyRoutine
KeInitializeEvent
MmFreeContiguousMemory
MmBuildMdlForNonPagedPool
IoFreeMdl
KeBugCheck
IoAllocateMdl
MmAllocateContiguousMemory
KeSetEvent
KeReleaseMutex
ExInterlockedInsertTailList
ExInterlockedRemoveHeadList
KeQueryActiveProcessors
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExpInterlockedPopEntrySList
ZwWaitForSingleObject
ExQueryDepthSList
ExDeleteNPagedLookasideList
ZwDeviceIoControlFile
ProbeForWrite
IoReleaseRemoveLockEx
IofCompleteRequest
ExFreePoolWithTag
MmUnmapLockedPages
MmMapLockedPagesSpecifyCache
IoGetCurrentProcess
MmProbeAndLockPages
MmUnlockPages
RtlSubAuthoritySid
RtlLengthRequiredSid
RtlVolumeDeviceToDosName
IoBuildDeviceIoControlRequest
RtlCreateAcl
IoBuildSynchronousFsdRequest
ZwQuerySymbolicLinkObject
RtlSetDaclSecurityDescriptor
ZwOpenSymbolicLinkObject
RtlAddAccessAllowedAce
KeDelayExecutionThread
ObQueryNameString
ZwCreateFile
PsCreateSystemThread
KeWaitForSingleObject
ZwSetSecurityObject
RtlInitializeSid
RtlCreateSecurityDescriptor
ExQueueWorkItem
PoCallDriver
ZwFsControlFile
KeInitializeMutex
IoGetAttachedDevice
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
wcsncmp
ExUuidCreate
IoGetStackLimits
ExGetPreviousMode
MmQuerySystemSize
RtlRandom
IoGetInitialStack
IoGetTopLevelIrp
PsGetCurrentThreadId
PsGetCurrentProcessId
PsGetProcessExitTime
KeQueryPriorityThread
_snwprintf
ZwReadFile
ZwSetInformationFile
ZwQueryVolumeInformationFile
ZwWriteFile
IofCallDriver
ExAllocatePoolWithTag
__C_specific_handler

hal

KeQueryPerformanceCounter

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
amd64/diskspeed.exe
.exe windows x64

Password: infected

7e154455a791fbd6ba4d032e040b0b57

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2010, 23:59

Subject

CN=ReactOS Foundation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ReactOS Foundation,L=Moscow,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

09:3a:77:b0:c5:11:ef:91:d0:9d:e7:e3:df:dd:c1:e3:41:6b:1e:c4
Signer

Actual PE Digest

09:3a:77:b0:c5:11:ef:91:d0:9d:e7:e3:df:dd:c1:e3:41:6b:1e:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

msvcrt

_amsg_exit
__setusermatherr
_commode
_fmode
__set_app_type
_initterm
?terminate@@YAXXZ
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
_snwprintf
wcsncpy
_wcsicmp
_wtoi
malloc
free
wprintf

kernel32

GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
GetModuleHandleW
SetUnhandledExceptionFilter
Sleep
CreateFileW
GetTickCount
SetFilePointer
ReadFile
WriteFile
CloseHandle
GetSystemTimeAsFileTime

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bartpe/dc_fsf.sys
.dll windows x86

Password: infected

70a0b1145a2ab525c3e5df0661dd85c3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2010, 23:59

Subject

CN=ReactOS Foundation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ReactOS Foundation,L=Moscow,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:1e:2a:51:fd:9a:65:83:11:c4:86:bc:fc:54:9f:aa:8b:d5:4d:22
Signer

Actual PE Digest

05:1e:2a:51:fd:9a:65:83:11:c4:86:bc:fc:54:9f:aa:8b:d5:4d:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
ExQueueWorkItem
_wcsicmp
ExAllocatePoolWithTag
ExFreePoolWithTag
memmove
KeInitializeMutex
_wcsnicmp
IoDetachDevice
KeReleaseMutex
KeGetCurrentThread
IoDeleteDevice
IofCompleteRequest
IoAttachDeviceToDeviceStack
ZwQueryInformationFile
IoRegisterFsRegistrationChange
IofCallDriver
_snwprintf
KeSetEvent
KeInitializeEvent
ObQueryNameString
ZwCreateFile
KeWaitForSingleObject
ZwClose
RtlInitUnicodeString
_except_handler3

hal

KeGetCurrentIrql

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 718B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bartpe/dcapi.dll
.dll windows x86

6de043aaad2888906776e064ea49e636

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2010, 23:59

Subject

CN=ReactOS Foundation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ReactOS Foundation,L=Moscow,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:8a:8a:ad:31:1f:41:6a:35:50:4d:58:75:68:ee:54:d8:84:bd:5b
Signer

Actual PE Digest

6a:8a:8a:ad:31:1f:41:6a:35:50:4d:58:75:68:ee:54:d8:84:bd:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetOpenClipboardWindow
GetClipboardOwner
SetWindowsHookExW
GetCursor
GetActiveWindow
GetCaretPos
GetDesktopWindow
GetWindowTextW
GetInputState
GetMessageTime
GetGUIThreadInfo
GetForegroundWindow
GetKBCodePage
GetCapture
GetQueueStatus
EnumWindows
GetClientRect
GetWindowInfo
CallNextHookEx
GetCursorInfo
GetShellWindow
GetWindowRect
GetLastActivePopup
GetWindowThreadProcessId
GetFocus

msvcrt

_adjust_fdiv
_initterm
wcsncpy
malloc
free
memmove
wcschr
isprint
tolower
isspace
_snwprintf
mbstowcs
memcpy
floor

psapi

GetProcessMemoryInfo

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
AdjustTokenPrivileges
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCloseKey
RegFlushKey
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW

kernel32

VirtualLock
VirtualUnlock
GetVersionExW
LoadLibraryW
SetThreadAffinityMask
GetThreadPriority
SetThreadPriority
GetThreadTimes
GetCurrentProcessId
GetCurrentThreadId
GetOEMCP
GlobalMemoryStatusEx
GetProcessTimes
GetProcessHeap
GetCurrentThread
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetCurrentProcess
FreeLibrary
SetEndOfFile
SetFilePointer
GetFileSize
FindNextFileW
FindClose
FindFirstFileW
GetFileAttributesW
CopyFileW
GetSystemDirectoryW
FindFirstVolumeW
GetLastError
FindNextVolumeW
DeleteVolumeMountPointW
TlsSetValue
TlsGetValue
FindVolumeClose
DeviceIoControl
TlsAlloc
LockResource
DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameW
VirtualFree
WriteFile
ReadFile
CreateFileW
GetFileSizeEx
VirtualAlloc
CloseHandle
DeleteFileW
CreateMutexW
FindResourceW
LoadResource
SizeofResource

Exports

Exports

dc_add_keyfiles
dc_add_password
dc_add_seed
dc_backup_header
dc_benchmark
dc_change_password
dc_clean_pass_cache
dc_close_device
dc_dec_step
dc_disk_close
dc_disk_open
dc_disk_read
dc_disk_write
dc_done_format
dc_driver_status
dc_dsk_get_size
dc_enc_step
dc_encrypt_cd
dc_extract_rsrc
dc_first_volume
dc_format_byte_size
dc_format_fs
dc_format_step
dc_get_boot_device
dc_get_boot_disk
dc_get_bsod
dc_get_cipher_name
dc_get_conf_flags
dc_get_device_status
dc_get_drive_info
dc_get_hw_name
dc_get_mbr_config
dc_get_random
dc_get_version
dc_install_driver
dc_is_old_runned
dc_load_conf
dc_lock_memory
dc_make_iso
dc_make_pxe
dc_mbr_config_by_partition
dc_mount_all
dc_mount_volume
dc_next_volume
dc_open_device
dc_remove_driver
dc_restore_header
dc_save_conf
dc_set_boot
dc_set_conf_flags
dc_set_mbr
dc_set_mbr_config
dc_start_decrypt
dc_start_encrypt
dc_start_format
dc_start_re_encrypt
dc_sync_enc_state
dc_unlock_memory
dc_unmount_all
dc_unmount_volume
dc_unset_mbr
dc_update_boot
dc_update_driver
enable_privilege
is_admin
is_win_vista
is_wow64
load_file
rnd_init
rnd_reseed_now
save_file
secure_alloc
secure_free

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bartpe/dccon.exe
.exe windows x86

8240de3b822207e64d543448b4eef284

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2010, 23:59

Subject

CN=ReactOS Foundation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ReactOS Foundation,L=Moscow,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c1:6c:71:f8:d5:50:76:bf:a7:28:a4:04:12:e7:be:e0:0c:32:a5:1b
Signer

Actual PE Digest

c1:6c:71:f8:d5:50:76:bf:a7:28:a4:04:12:e7:be:e0:0c:32:a5:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dcapi

dc_get_hw_name
dc_dsk_get_size
dc_get_boot_disk
dc_next_volume
dc_first_volume
rnd_reseed_now
secure_free
secure_alloc
dc_enc_step
dc_get_device_status
dc_sync_enc_state
dc_done_format
dc_format_step
dc_dec_step
dc_set_mbr
dc_add_keyfiles
dc_encrypt_cd
dc_get_bsod
dc_get_random
dc_save_conf
dc_load_conf
dc_restore_header
save_file
dc_backup_header
dc_get_mbr_config
dc_format_fs
dc_start_format
dc_change_password
dc_start_re_encrypt
dc_start_decrypt
dc_start_encrypt
dc_add_password
dc_clean_pass_cache
dc_unmount_all
dc_unmount_volume
dc_mount_all
dc_mount_volume
dc_get_cipher_name
dc_get_boot_device
rnd_init
dc_update_driver
dc_remove_driver
dc_install_driver
dc_is_old_runned
dc_get_version
dc_open_device
dc_driver_status
is_admin
is_wow64
dc_unset_mbr
dc_update_boot
dc_set_boot
dc_mbr_config_by_partition
dc_make_iso
dc_set_mbr_config
dc_make_pxe
dc_format_byte_size
dc_benchmark
load_file

msvcrt

mbstowcs
_wcslwr
_kbhit
printf
qsort
wcsncpy
_c_exit
_exit
_XcptFilter
_cexit
exit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
_wcsicmp
tolower
isdigit
_wtoi
_getch
_snwprintf
free
wscanf
wprintf
_putch

kernel32

SetConsoleCursorPosition
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
GetStdHandle
GetCommandLineA
GetCommandLineW
SetVolumeMountPointW
GetModuleHandleA
Sleep

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bartpe/dcrypt.exe
.exe windows x86

22c36423dd01fc4a588840381ca408f5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2010, 23:59

Subject

CN=ReactOS Foundation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ReactOS Foundation,L=Moscow,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:f9:4d:7b:ea:f9:a0:27:87:92:22:49:0b:ce:d0:7a:35:20:1f:68
Signer

Actual PE Digest

39:f9:4d:7b:ea:f9:a0:27:87:92:22:49:0b:ce:d0:7a:35:20:1f:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dcapi

dc_set_boot
dc_format_fs
dc_get_random
dc_done_format
dc_get_cipher_name
dc_benchmark
dc_format_byte_size
dc_dsk_get_size
dc_get_boot_device
dc_disk_close
dc_disk_open
dc_update_boot
dc_unset_mbr
dc_get_drive_info
dc_make_iso
dc_set_mbr_config
dc_get_mbr_config
dc_make_pxe
dc_set_mbr
dc_close_device
dc_get_device_status
dc_format_step
dc_sync_enc_state
dc_open_device
dc_dec_step
dc_enc_step
dc_unmount_volume
secure_free
dc_mount_volume
dc_mount_all
dc_unmount_all
dc_change_password
dc_clean_pass_cache
save_file
dc_backup_header
dc_restore_header
dc_install_driver
enable_privilege
dc_get_bsod
dc_save_conf
dc_start_format
dc_start_encrypt
dc_start_re_encrypt
dc_encrypt_cd
rnd_reseed_now
load_file
secure_alloc
dc_add_keyfiles
dc_start_decrypt
is_win_vista
dc_mbr_config_by_partition
dc_first_volume
dc_next_volume
dc_get_hw_name
dc_get_boot_disk
is_admin
is_wow64
dc_is_old_runned
dc_get_version
rnd_init
dc_load_conf
dc_driver_status
dc_update_driver
dc_remove_driver

comctl32

ImageList_Create
ord17
ImageList_Draw
ImageList_GetIconSize
ImageList_Add
ImageList_DrawEx

shlwapi

PathFileExistsW

ntdll

NtQueryInformationProcess

user32

GetClassNameW
DrawEdge
GetDialogBaseUnits
MessageBoxW
UnregisterHotKey
RegisterHotKey
SendMessageW
GetSysColor
GetParent
GetWindowInfo
EnableWindow
EnableMenuItem
GetMenu
GetDlgItem
GetMenuItemCount
DialogBoxParamW
DefDlgProcW
SetForegroundWindow
ShowWindow
FindWindowW
RegisterClassW
LoadIconW
KillTimer
SetTimer
SetWindowTextW
InvalidateRect
GetWindowTextW
TrackMouseEvent
SetCursor
CallWindowProcW
GetWindowLongW
EndDialog
DestroyIcon
ReleaseDC
MoveWindow
ScreenToClient
GetDC
SetWindowLongW
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
IsWindowEnabled
GetWindowRect
MapDialogRect
GetClientRect
SetMenuItemInfoW
SetWindowTextA
CreateDialogParamW
GetWindowTextA
IsWindowVisible
DestroyMenu
TrackPopupMenu
GetMessagePos
AppendMenuW
CreatePopupMenu
SetFocus
EnumChildWindows
DestroyWindow
GetCursorPos
PostQuitMessage
GetSystemMetrics
ExitWindowsEx
LoadCursorW
LoadBitmapW
GetKeyState
SetWindowPos
FillRect
DrawTextExW
DrawStateW

msvcrt

_except_handler3
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_vsnwprintf
wcsncat
_snprintf
wcschr
_wtoi
_ftol
malloc
wcsncpy
wcsrchr
memset
free
_wcslwr
qsort
wcsstr
wcstoul
_snwprintf

kernel32

GetFileSize
GetStartupInfoW
LoadLibraryW
FindResourceW
SizeofResource
LoadResource
ExitProcess
DeleteVolumeMountPointW
SuspendThread
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetVolumeInformationW
InitializeCriticalSection
GetModuleHandleA
GlobalFindAtomW
GlobalAddAtomW
CreateFileW
ReadFile
SetVolumeMountPointW
CreateThread
SetThreadPriority
ResumeThread
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
CreateProcessW
CloseHandle
OpenProcess
WaitForSingleObject
Sleep
GetModuleFileNameW
GetLogicalDrives
LockResource

gdi32

GetTextMetricsW
ExtTextOutW
CreateFontIndirectW
SetBkMode
SetTextColor
SetDCBrushColor
GetStockObject
SelectObject
GetTextExtentPoint32W
SetBkColor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegDeleteValueW
RegOpenKeyW
RegSetValueExW
RegCreateKeyW
RegCloseKey

shell32

Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bartpe/dcrypt.inf
bartpe/dcrypt.sys
.dll windows x86

c7425526c48fc5688352fbbb87592da2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2010, 23:59

Subject

CN=ReactOS Foundation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ReactOS Foundation,L=Moscow,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:e0:35:64:96:9a:93:99:53:1c:e9:67:d2:e2:4e:07:63:5b:87:f1
Signer

Actual PE Digest

d0:e0:35:64:96:9a:93:99:53:1c:e9:67:d2:e2:4e:07:63:5b:87:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAcquireResourceExclusiveLite
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExAcquireResourceSharedLite
ExReleaseResourceLite
ObfReferenceObject
ObfDereferenceObject
ExInitializeResourceLite
IoAcquireRemoveLockEx
IoDeleteSymbolicLink
IoRegisterDriverReinitialization
RtlInitUnicodeString
IoDeleteDevice
ZwQueryValueKey
PsTerminateSystemThread
PoStartNextPowerIrp
ZwClose
PsGetVersion
IoCreateSymbolicLink
IoCreateDevice
ObOpenObjectByPointer
ZwOpenKey
PsSetLoadImageNotifyRoutine
KeInitializeEvent
MmFreeContiguousMemory
MmBuildMdlForNonPagedPool
IoFreeMdl
KeBugCheck
IoAllocateMdl
MmAllocateContiguousMemory
KeSetEvent
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
KeReleaseMutex
ExInterlockedPushEntrySList
KeQueryActiveProcessors
ExInitializeNPagedLookasideList
ZwWaitForSingleObject
ExDeleteNPagedLookasideList
ExInterlockedPopEntrySList
ZwDeviceIoControlFile
ProbeForWrite
IoReleaseRemoveLockEx
IofCompleteRequest
IofCallDriver
MmUnmapLockedPages
MmMapLockedPagesSpecifyCache
IoGetCurrentProcess
MmProbeAndLockPages
_wcsicmp
RtlSubAuthoritySid
RtlLengthRequiredSid
RtlVolumeDeviceToDosName
IoBuildDeviceIoControlRequest
RtlCreateAcl
IoBuildSynchronousFsdRequest
ZwQuerySymbolicLinkObject
RtlSetDaclSecurityDescriptor
ZwOpenSymbolicLinkObject
RtlAddAccessAllowedAce
KeDelayExecutionThread
ObQueryNameString
ZwCreateFile
PsCreateSystemThread
KeWaitForSingleObject
ZwSetSecurityObject
RtlInitializeSid
RtlCreateSecurityDescriptor
ExQueueWorkItem
PoCallDriver
ZwFsControlFile
KeInitializeMutex
IoGetAttachedDevice
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
wcsncmp
ExUuidCreate
IoGetStackLimits
ExGetPreviousMode
KeQueryInterruptTime
KeQuerySystemTime
MmQuerySystemSize
KeGetCurrentThread
RtlRandom
IoGetInitialStack
KeTickCount
IoGetTopLevelIrp
PsGetCurrentThreadId
PsGetCurrentProcessId
PsGetProcessExitTime
KeQueryPriorityThread
_snwprintf
ZwReadFile
ZwSetInformationFile
ZwQueryVolumeInformationFile
ZwWriteFile
MmMapIoSpace
MmUnmapIoSpace
ExFreePoolWithTag
MmUnlockPages
ExAllocatePoolWithTag
memcpy
_allmul
_except_handler3

hal

ExReleaseFastMutex
KeGetCurrentIrql
KeQueryPerformanceCounter
ExAcquireFastMutex

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bartpe/dcrypt.xml
changes.txt
i386/dc_fsf.sys
.dll windows x86

70a0b1145a2ab525c3e5df0661dd85c3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2010, 23:59

Subject

CN=ReactOS Foundation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ReactOS Foundation,L=Moscow,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:1e:2a:51:fd:9a:65:83:11:c4:86:bc:fc:54:9f:aa:8b:d5:4d:22
Signer

Actual PE Digest

05:1e:2a:51:fd:9a:65:83:11:c4:86:bc:fc:54:9f:aa:8b:d5:4d:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoCreateDevice
ExQueueWorkItem
_wcsicmp
ExAllocatePoolWithTag
ExFreePoolWithTag
memmove
KeInitializeMutex
_wcsnicmp
IoDetachDevice
KeReleaseMutex
KeGetCurrentThread
IoDeleteDevice
IofCompleteRequest
IoAttachDeviceToDeviceStack
ZwQueryInformationFile
IoRegisterFsRegistrationChange
IofCallDriver
_snwprintf
KeSetEvent
KeInitializeEvent
ObQueryNameString
ZwCreateFile
KeWaitForSingleObject
ZwClose
RtlInitUnicodeString
_except_handler3

hal

KeGetCurrentIrql

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1024B - Virtual size: 718B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 524B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
i386/dcapi.dll
.dll windows x86

6de043aaad2888906776e064ea49e636

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2010, 23:59

Subject

CN=ReactOS Foundation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ReactOS Foundation,L=Moscow,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:8a:8a:ad:31:1f:41:6a:35:50:4d:58:75:68:ee:54:d8:84:bd:5b
Signer

Actual PE Digest

6a:8a:8a:ad:31:1f:41:6a:35:50:4d:58:75:68:ee:54:d8:84:bd:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

user32

GetOpenClipboardWindow
GetClipboardOwner
SetWindowsHookExW
GetCursor
GetActiveWindow
GetCaretPos
GetDesktopWindow
GetWindowTextW
GetInputState
GetMessageTime
GetGUIThreadInfo
GetForegroundWindow
GetKBCodePage
GetCapture
GetQueueStatus
EnumWindows
GetClientRect
GetWindowInfo
CallNextHookEx
GetCursorInfo
GetShellWindow
GetWindowRect
GetLastActivePopup
GetWindowThreadProcessId
GetFocus

msvcrt

_adjust_fdiv
_initterm
wcsncpy
malloc
free
memmove
wcschr
isprint
tolower
isspace
_snwprintf
mbstowcs
memcpy
floor

psapi

GetProcessMemoryInfo

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
AdjustTokenPrivileges
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW
RegCloseKey
RegFlushKey
RegDeleteValueW
RegOpenKeyW
RegQueryValueExW
RegCreateKeyW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW

kernel32

VirtualLock
VirtualUnlock
GetVersionExW
LoadLibraryW
SetThreadAffinityMask
GetThreadPriority
SetThreadPriority
GetThreadTimes
GetCurrentProcessId
GetCurrentThreadId
GetOEMCP
GlobalMemoryStatusEx
GetProcessTimes
GetProcessHeap
GetCurrentThread
GetTickCount
QueryPerformanceCounter
GetModuleHandleA
GetCurrentProcess
FreeLibrary
SetEndOfFile
SetFilePointer
GetFileSize
FindNextFileW
FindClose
FindFirstFileW
GetFileAttributesW
CopyFileW
GetSystemDirectoryW
FindFirstVolumeW
GetLastError
FindNextVolumeW
DeleteVolumeMountPointW
TlsSetValue
TlsGetValue
FindVolumeClose
DeviceIoControl
TlsAlloc
LockResource
DisableThreadLibraryCalls
GetProcAddress
GetModuleFileNameW
VirtualFree
WriteFile
ReadFile
CreateFileW
GetFileSizeEx
VirtualAlloc
CloseHandle
DeleteFileW
CreateMutexW
FindResourceW
LoadResource
SizeofResource

Exports

Exports

dc_add_keyfiles
dc_add_password
dc_add_seed
dc_backup_header
dc_benchmark
dc_change_password
dc_clean_pass_cache
dc_close_device
dc_dec_step
dc_disk_close
dc_disk_open
dc_disk_read
dc_disk_write
dc_done_format
dc_driver_status
dc_dsk_get_size
dc_enc_step
dc_encrypt_cd
dc_extract_rsrc
dc_first_volume
dc_format_byte_size
dc_format_fs
dc_format_step
dc_get_boot_device
dc_get_boot_disk
dc_get_bsod
dc_get_cipher_name
dc_get_conf_flags
dc_get_device_status
dc_get_drive_info
dc_get_hw_name
dc_get_mbr_config
dc_get_random
dc_get_version
dc_install_driver
dc_is_old_runned
dc_load_conf
dc_lock_memory
dc_make_iso
dc_make_pxe
dc_mbr_config_by_partition
dc_mount_all
dc_mount_volume
dc_next_volume
dc_open_device
dc_remove_driver
dc_restore_header
dc_save_conf
dc_set_boot
dc_set_conf_flags
dc_set_mbr
dc_set_mbr_config
dc_start_decrypt
dc_start_encrypt
dc_start_format
dc_start_re_encrypt
dc_sync_enc_state
dc_unlock_memory
dc_unmount_all
dc_unmount_volume
dc_unset_mbr
dc_update_boot
dc_update_driver
enable_privilege
is_admin
is_win_vista
is_wow64
load_file
rnd_init
rnd_reseed_now
save_file
secure_alloc
secure_free

Sections

.text
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
i386/dccon.exe
.exe windows x86

8240de3b822207e64d543448b4eef284

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2010, 23:59

Subject

CN=ReactOS Foundation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ReactOS Foundation,L=Moscow,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c1:6c:71:f8:d5:50:76:bf:a7:28:a4:04:12:e7:be:e0:0c:32:a5:1b
Signer

Actual PE Digest

c1:6c:71:f8:d5:50:76:bf:a7:28:a4:04:12:e7:be:e0:0c:32:a5:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dcapi

dc_get_hw_name
dc_dsk_get_size
dc_get_boot_disk
dc_next_volume
dc_first_volume
rnd_reseed_now
secure_free
secure_alloc
dc_enc_step
dc_get_device_status
dc_sync_enc_state
dc_done_format
dc_format_step
dc_dec_step
dc_set_mbr
dc_add_keyfiles
dc_encrypt_cd
dc_get_bsod
dc_get_random
dc_save_conf
dc_load_conf
dc_restore_header
save_file
dc_backup_header
dc_get_mbr_config
dc_format_fs
dc_start_format
dc_change_password
dc_start_re_encrypt
dc_start_decrypt
dc_start_encrypt
dc_add_password
dc_clean_pass_cache
dc_unmount_all
dc_unmount_volume
dc_mount_all
dc_mount_volume
dc_get_cipher_name
dc_get_boot_device
rnd_init
dc_update_driver
dc_remove_driver
dc_install_driver
dc_is_old_runned
dc_get_version
dc_open_device
dc_driver_status
is_admin
is_wow64
dc_unset_mbr
dc_update_boot
dc_set_boot
dc_mbr_config_by_partition
dc_make_iso
dc_set_mbr_config
dc_make_pxe
dc_format_byte_size
dc_benchmark
load_file

msvcrt

mbstowcs
_wcslwr
_kbhit
printf
qsort
wcsncpy
_c_exit
_exit
_XcptFilter
_cexit
exit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
_wcsicmp
tolower
isdigit
_wtoi
_getch
_snwprintf
free
wscanf
wprintf
_putch

kernel32

SetConsoleCursorPosition
FillConsoleOutputCharacterW
GetConsoleScreenBufferInfo
GetStdHandle
GetCommandLineA
GetCommandLineW
SetVolumeMountPointW
GetModuleHandleA
Sleep

Sections

.text
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
i386/dcrypt.exe
.exe windows x86

22c36423dd01fc4a588840381ca408f5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2010, 23:59

Subject

CN=ReactOS Foundation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ReactOS Foundation,L=Moscow,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:f9:4d:7b:ea:f9:a0:27:87:92:22:49:0b:ce:d0:7a:35:20:1f:68
Signer

Actual PE Digest

39:f9:4d:7b:ea:f9:a0:27:87:92:22:49:0b:ce:d0:7a:35:20:1f:68

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

dcapi

dc_set_boot
dc_format_fs
dc_get_random
dc_done_format
dc_get_cipher_name
dc_benchmark
dc_format_byte_size
dc_dsk_get_size
dc_get_boot_device
dc_disk_close
dc_disk_open
dc_update_boot
dc_unset_mbr
dc_get_drive_info
dc_make_iso
dc_set_mbr_config
dc_get_mbr_config
dc_make_pxe
dc_set_mbr
dc_close_device
dc_get_device_status
dc_format_step
dc_sync_enc_state
dc_open_device
dc_dec_step
dc_enc_step
dc_unmount_volume
secure_free
dc_mount_volume
dc_mount_all
dc_unmount_all
dc_change_password
dc_clean_pass_cache
save_file
dc_backup_header
dc_restore_header
dc_install_driver
enable_privilege
dc_get_bsod
dc_save_conf
dc_start_format
dc_start_encrypt
dc_start_re_encrypt
dc_encrypt_cd
rnd_reseed_now
load_file
secure_alloc
dc_add_keyfiles
dc_start_decrypt
is_win_vista
dc_mbr_config_by_partition
dc_first_volume
dc_next_volume
dc_get_hw_name
dc_get_boot_disk
is_admin
is_wow64
dc_is_old_runned
dc_get_version
rnd_init
dc_load_conf
dc_driver_status
dc_update_driver
dc_remove_driver

comctl32

ImageList_Create
ord17
ImageList_Draw
ImageList_GetIconSize
ImageList_Add
ImageList_DrawEx

shlwapi

PathFileExistsW

ntdll

NtQueryInformationProcess

user32

GetClassNameW
DrawEdge
GetDialogBaseUnits
MessageBoxW
UnregisterHotKey
RegisterHotKey
SendMessageW
GetSysColor
GetParent
GetWindowInfo
EnableWindow
EnableMenuItem
GetMenu
GetDlgItem
GetMenuItemCount
DialogBoxParamW
DefDlgProcW
SetForegroundWindow
ShowWindow
FindWindowW
RegisterClassW
LoadIconW
KillTimer
SetTimer
SetWindowTextW
InvalidateRect
GetWindowTextW
TrackMouseEvent
SetCursor
CallWindowProcW
GetWindowLongW
EndDialog
DestroyIcon
ReleaseDC
MoveWindow
ScreenToClient
GetDC
SetWindowLongW
CreateIconFromResourceEx
LookupIconIdFromDirectoryEx
IsWindowEnabled
GetWindowRect
MapDialogRect
GetClientRect
SetMenuItemInfoW
SetWindowTextA
CreateDialogParamW
GetWindowTextA
IsWindowVisible
DestroyMenu
TrackPopupMenu
GetMessagePos
AppendMenuW
CreatePopupMenu
SetFocus
EnumChildWindows
DestroyWindow
GetCursorPos
PostQuitMessage
GetSystemMetrics
ExitWindowsEx
LoadCursorW
LoadBitmapW
GetKeyState
SetWindowPos
FillRect
DrawTextExW
DrawStateW

msvcrt

_except_handler3
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_vsnwprintf
wcsncat
_snprintf
wcschr
_wtoi
_ftol
malloc
wcsncpy
wcsrchr
memset
free
_wcslwr
qsort
wcsstr
wcstoul
_snwprintf

kernel32

GetFileSize
GetStartupInfoW
LoadLibraryW
FindResourceW
SizeofResource
LoadResource
ExitProcess
DeleteVolumeMountPointW
SuspendThread
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetVolumeInformationW
InitializeCriticalSection
GetModuleHandleA
GlobalFindAtomW
GlobalAddAtomW
CreateFileW
ReadFile
SetVolumeMountPointW
CreateThread
SetThreadPriority
ResumeThread
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
CreateProcessW
CloseHandle
OpenProcess
WaitForSingleObject
Sleep
GetModuleFileNameW
GetLogicalDrives
LockResource

gdi32

GetTextMetricsW
ExtTextOutW
CreateFontIndirectW
SetBkMode
SetTextColor
SetDCBrushColor
GetStockObject
SelectObject
GetTextExtentPoint32W
SetBkColor

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegQueryValueExW
RegDeleteValueW
RegOpenKeyW
RegSetValueExW
RegCreateKeyW
RegCloseKey

shell32

Shell_NotifyIconW
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteW

Sections

.text
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
i386/dcrypt.sys
.dll windows x86

c7425526c48fc5688352fbbb87592da2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2010, 23:59

Subject

CN=ReactOS Foundation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ReactOS Foundation,L=Moscow,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d0:e0:35:64:96:9a:93:99:53:1c:e9:67:d2:e2:4e:07:63:5b:87:f1
Signer

Actual PE Digest

d0:e0:35:64:96:9a:93:99:53:1c:e9:67:d2:e2:4e:07:63:5b:87:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ExAcquireResourceExclusiveLite
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExAcquireResourceSharedLite
ExReleaseResourceLite
ObfReferenceObject
ObfDereferenceObject
ExInitializeResourceLite
IoAcquireRemoveLockEx
IoDeleteSymbolicLink
IoRegisterDriverReinitialization
RtlInitUnicodeString
IoDeleteDevice
ZwQueryValueKey
PsTerminateSystemThread
PoStartNextPowerIrp
ZwClose
PsGetVersion
IoCreateSymbolicLink
IoCreateDevice
ObOpenObjectByPointer
ZwOpenKey
PsSetLoadImageNotifyRoutine
KeInitializeEvent
MmFreeContiguousMemory
MmBuildMdlForNonPagedPool
IoFreeMdl
KeBugCheck
IoAllocateMdl
MmAllocateContiguousMemory
KeSetEvent
ExfInterlockedInsertTailList
ExfInterlockedRemoveHeadList
KeReleaseMutex
ExInterlockedPushEntrySList
KeQueryActiveProcessors
ExInitializeNPagedLookasideList
ZwWaitForSingleObject
ExDeleteNPagedLookasideList
ExInterlockedPopEntrySList
ZwDeviceIoControlFile
ProbeForWrite
IoReleaseRemoveLockEx
IofCompleteRequest
IofCallDriver
MmUnmapLockedPages
MmMapLockedPagesSpecifyCache
IoGetCurrentProcess
MmProbeAndLockPages
_wcsicmp
RtlSubAuthoritySid
RtlLengthRequiredSid
RtlVolumeDeviceToDosName
IoBuildDeviceIoControlRequest
RtlCreateAcl
IoBuildSynchronousFsdRequest
ZwQuerySymbolicLinkObject
RtlSetDaclSecurityDescriptor
ZwOpenSymbolicLinkObject
RtlAddAccessAllowedAce
KeDelayExecutionThread
ObQueryNameString
ZwCreateFile
PsCreateSystemThread
KeWaitForSingleObject
ZwSetSecurityObject
RtlInitializeSid
RtlCreateSecurityDescriptor
ExQueueWorkItem
PoCallDriver
ZwFsControlFile
KeInitializeMutex
IoGetAttachedDevice
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
IoAttachDeviceToDeviceStack
IoInitializeRemoveLockEx
wcsncmp
ExUuidCreate
IoGetStackLimits
ExGetPreviousMode
KeQueryInterruptTime
KeQuerySystemTime
MmQuerySystemSize
KeGetCurrentThread
RtlRandom
IoGetInitialStack
KeTickCount
IoGetTopLevelIrp
PsGetCurrentThreadId
PsGetCurrentProcessId
PsGetProcessExitTime
KeQueryPriorityThread
_snwprintf
ZwReadFile
ZwSetInformationFile
ZwQueryVolumeInformationFile
ZwWriteFile
MmMapIoSpace
MmUnmapIoSpace
ExFreePoolWithTag
MmUnlockPages
ExAllocatePoolWithTag
memcpy
_allmul
_except_handler3

hal

ExReleaseFastMutex
KeGetCurrentIrql
KeQueryPerformanceCounter
ExAcquireFastMutex

Sections

.text
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
i386/diskspeed.exe
.exe windows x86

e031aa3b69b3b41c96ec2f63d300b7b5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

19/05/2009, 00:00

Not After

19/05/2010, 23:59

Subject

CN=ReactOS Foundation,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ReactOS Foundation,L=Moscow,ST=Russia,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:10:c1:d9:1a:58:cd:54:4c:58:1b:82:4a:40:e6:4f:f2:a2:64:9b
Signer

Actual PE Digest

dd:10:c1:d9:1a:58:cd:54:4c:58:1b:82:4a:40:e6:4f:f2:a2:64:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

msvcrt

_exit
_XcptFilter
_cexit
exit
__winitenv
__wgetmainargs
_initterm
__setusermatherr
_c_exit
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
_snwprintf
wcsncpy
_wcsicmp
_wtoi
malloc
free
_adjust_fdiv
wprintf

kernel32

CreateFileW
GetTickCount
SetFilePointer
ReadFile
WriteFile
CloseHandle
GetModuleHandleA

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
license.txt

Sharing

General

Malware Config

Signatures

Files

Password: infected

Password: infected

Password: infected

1c6664045578f25770f6189432a95080

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:ebCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

aa:c9:18:d4:c4:cd:38:d6:04:12:12:a4:fe:d9:2c:09:33:8f:4d:f7Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 328B

.pdata Size: 1024B - Virtual size: 732B

INIT Size: 1024B - Virtual size: 726B

.rsrc Size: 1024B - Virtual size: 704B

.reloc Size: 512B - Virtual size: 112B

Password: infected

2343cb06fee7a117068e1459228b975d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2Certificate

Extended Key Usages

Key Usages

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:ebCertificate

Extended Key Usages

Key Usages

ac:00:5d:d9:78:83:f9:0a:a3:f6:ca:ab:24:5b:34:94:69:c5:6e:a3Signer

Headers

DLL Characteristics

File Characteristics

Imports

user32

msvcrt

psapi

advapi32

kernel32

Exports

Exports

Sections

.text Size: 77KB - Virtual size: 76KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 26KB - Virtual size: 26KB

.pdata Size: 2KB - Virtual size: 2KB

.rsrc Size: 24KB - Virtual size: 23KB

.reloc Size: 512B - Virtual size: 396B

Password: infected

18985b7050bebfb7776ae7dd82bc58cc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

aa:c9:18:d4:c4:cd:38:d6:04:12:12:a4:fe:d9:2c:09:33:8f:4d:f7
Signer

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 328B

.pdata
Size: 1024B - Virtual size: 732B

INIT
Size: 1024B - Virtual size: 726B

.rsrc
Size: 1024B - Virtual size: 704B

.reloc
Size: 512B - Virtual size: 112B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

ac:00:5d:d9:78:83:f9:0a:a3:f6:ca:ab:24:5b:34:94:69:c5:6e:a3
Signer

.text
Size: 77KB - Virtual size: 76KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 26KB - Virtual size: 26KB

.pdata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 24KB - Virtual size: 23KB

.reloc
Size: 512B - Virtual size: 396B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

4b:3c:fc:14:ce:84:05:38:8e:19:92:32:b1:48:38:d8:63:dd:84:23
Signer

.text
Size: 15KB - Virtual size: 15KB

.rdata
Size: 27KB - Virtual size: 26KB

.data
Size: 512B - Virtual size: 201KB

.pdata
Size: 1024B - Virtual size: 624B

.rsrc
Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate

e6:85:2f:5a:59:43:78:05:1f:71:cd:57:54:01:0b:fb:8d:f7:f9:5a
Signer

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 3KB - Virtual size: 4KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 43KB - Virtual size: 42KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

5a:b2:6d:b0:59:d7:5f:68:df:aa:c1:cf:f1:2b:de:eb
Certificate