InputRemapper_1_0_03_Release[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

InputRemapper_1_0_03_Release.exe
Size

1.4MB
MD5

e09bf210a7ab456433076fd586bfce62
SHA1

f2a5382dc0062cab84b555cda69b70ea63c56e5c
SHA256

916f0f0a24d53f00d6aaca4db93eb8f27a2e2626b73b83c1d37f65af72633bbf
SHA512

9e526ddfe976106ef52e86f90c9eb08da7001c103c95ba124ac5af2b02bdafdfc597d18eb83153dcf06e1b52546d58751e314559e4bfcfc5ca37b2d3266eb62f
SSDEEP

24576:ZPQyccm3t4QOPHE5mVJu0atI99+8pEsM7EUl8LA/57nnNJC5:ZPQyV8tVQEsru0atEc8pEdr8C7nNy

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/dbghelp.dll
unpack001/symsrv.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_1

Files

InputRemapper_1_0_03_Release.exe
.exe windows:4 windows x86 arch:x86

9c523d8653da5455667e3f82274f2f88

Code Sign

01:00:00:00:00:01:0f:a5:04:46:6b
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

21/12/2006, 12:37

Not After

21/12/2007, 12:37

Subject

CN=Erik Olofsson,C=SE,1.2.840.113549.1.9.1=#0c126572696b406f6c6f6673736f6e2e696e666f

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c4:35:34:48:8c:21:c9:21:f2:5b:fb:ee:01:b9:df:dc:a1:93:b2:92
Signer

Actual PE Digest

c4:35:34:48:8c:21:c9:21:f2:5b:fb:ee:01:b9:df:dc:a1:93:b2:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
SetFileTime
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
CreateFileA
GetFileSize
GetModuleFileNameA
GetTickCount
lstrcmpiA
CopyFileA
ExitProcess
GetCommandLineA
GetWindowsDirectoryA
GetTempPathA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
lstrcmpA
GetEnvironmentVariableA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
SetErrorMode
GetModuleHandleA
LoadLibraryA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetCurrentProcess

user32

ScreenToClient
GetWindowRect
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxA
CharPrevA
DispatchMessageA
PeekMessageA
CreateDialogParamA
DestroyWindow
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
TrackPopupMenu
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetMalloc
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
MultiByteToWideChar
GlobalAlloc

user32

GetDlgCtrlID
GetClientRect
SetWindowRgn
MapWindowPoints
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
PtInRect
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
LoadIconA

gdi32

SetTextColor
GetObjectA
SelectObject
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
CreateCompatibleDC

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetDesktopFolder
SHGetMalloc
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 954B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Installer.ini
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

28d94e5199b88ad374b3cb2118e31a66

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpynA
GlobalAlloc
MulDiv
GetModuleHandleA
GlobalFree
FindClose
FindNextFileA
FindFirstFileA
lstrcmpiA
lstrcatA
lstrcpyA

user32

GetMessageA
IsDialogMessageA
PostMessageA
CallWindowProcA
TranslateMessage
CheckDlgButton
ShowWindow
LoadIconA
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextA
SendMessageA
IsDlgButtonChecked
GetWindowTextA
DispatchMessageA
DestroyWindow
GetDlgItem
CreateDialogParamA
SetWindowLongA
wsprintfA
GetWindowLongA

gdi32

GetTextMetricsA
SelectObject

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListA

Exports

Exports

Init
Select
Show

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 460B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
Closing started Input Remapper Tray Icon
HIDTranslator.x64.sys
.sys windows:6 windows x64 arch:x64

ce6c0c451d9f9faf3e409f7ef7fd4a9f

Code Sign

01:00:00:00:00:01:0f:a5:04:46:6b
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

21/12/2006, 12:37

Not After

21/12/2007, 12:37

Subject

CN=Erik Olofsson,C=SE,1.2.840.113549.1.9.1=#0c126572696b406f6c6f6673736f6e2e696e666f

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bc:c7:39:d0:78:28:10:98:64:ea:21:c9:21:09:a4:85:ea:2c:ad:88
Signer

Actual PE Digest

bc:c7:39:d0:78:28:10:98:64:ea:21:c9:21:09:a4:85:ea:2c:ad:88

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoReleaseRemoveLockEx
IoDetachDevice
PoStartNextPowerIrp
IofCompleteRequest
IoReleaseRemoveLockAndWaitEx
KeWaitForSingleObject
IoGetAttachedDeviceReference
IoAttachDeviceToDeviceStack
PoCallDriver
IoIsWdmVersionAvailable
ObfDereferenceObject
IoInitializeRemoveLockEx
IoCreateDevice
IoAcquireRemoveLockEx
IofCallDriver
KeBugCheckEx

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 428B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 108B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 854B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HIDTranslator.x86.sys
.sys windows:6 windows x86 arch:x86

d96b395d109651153576f90082337ac7

Code Sign

01:00:00:00:00:01:0f:a5:04:46:6b
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

21/12/2006, 12:37

Not After

21/12/2007, 12:37

Subject

CN=Erik Olofsson,C=SE,1.2.840.113549.1.9.1=#0c126572696b406f6c6f6673736f6e2e696e666f

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:2d:ca:2e:d2:16:22:df:f1:b1:9e:c5:ee:7a:32:05:4b:d3:93:90
Signer

Actual PE Digest

5b:2d:ca:2e:d2:16:22:df:f1:b1:9e:c5:ee:7a:32:05:4b:d3:93:90

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoInitializeRemoveLockEx
IoDeleteDevice
IoAttachDeviceToDeviceStack
IoCreateDevice
ObfDereferenceObject
IoGetAttachedDeviceReference
IoIsWdmVersionAvailable
IoReleaseRemoveLockEx
IofCallDriver
IofCompleteRequest
IoAcquireRemoveLockEx
KeSetEvent
PoCallDriver
PoStartNextPowerIrp
KeWaitForSingleObject
KeInitializeEvent
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
KeTickCount

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 256B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 128B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 768B - Virtual size: 708B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 256B - Virtual size: 158B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InputRemapper.exe
.exe windows:4 windows x86 arch:x86

72b2a109954b9cad4b2db6e066527cdb

Code Sign

01:00:00:00:00:01:0f:a5:04:46:6b
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

21/12/2006, 12:37

Not After

21/12/2007, 12:37

Subject

CN=Erik Olofsson,C=SE,1.2.840.113549.1.9.1=#0c126572696b406f6c6f6673736f6e2e696e666f

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9a:44:18:a6:07:3e:79:d8:42:d6:d6:ca:c8:86:8a:87:80:b6:76:1f
Signer

Actual PE Digest

9a:44:18:a6:07:3e:79:d8:42:d6:d6:ca:c8:86:8a:87:80:b6:76:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CloseHandle
GetExitCodeProcess
CreateProcessW
GetCurrentProcess
WaitForSingleObject
GetProcAddress
GetCommandLineW
GetModuleHandleA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 104KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InputRemapper.x64.exe
.exe windows:4 windows x64 arch:x64

3240e8d6ad9a06ea7dec2bcdc20160a0

Code Sign

01:00:00:00:00:01:0f:a5:04:46:6b
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

21/12/2006, 12:37

Not After

21/12/2007, 12:37

Subject

CN=Erik Olofsson,C=SE,1.2.840.113549.1.9.1=#0c126572696b406f6c6f6673736f6e2e696e666f

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4f:62:92:77:1e:25:46:13:82:e6:23:50:7b:30:c9:5e:1d:f0:05:1c
Signer

Actual PE Digest

4f:62:92:77:1e:25:46:13:82:e6:23:50:7b:30:c9:5e:1d:f0:05:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

IsDebuggerPresent
RtlCaptureContext
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
RtlPcToFileHeader
LeaveCriticalSection
EnterCriticalSection
GetModuleFileNameA
RtlUnwindEx
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetLocaleInfoA
GetLocaleInfoW
GetStringTypeA
GetStringTypeW
RtlVirtualUnwind
RtlLookupFunctionEntry
CompareStringW
UnhandledExceptionFilter
lstrcmpW
lstrcmpA
EnumResourceLanguagesW
ConvertDefaultLocale
WritePrivateProfileStringW
lstrlenW
lstrlenA
GlobalFlags
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
SetFilePointer
GetThreadLocale
SetErrorMode
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
DeleteCriticalSection
GetStartupInfoA
GetFileType
SetHandleCount
InitializeCriticalSection
GetStartupInfoW
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetCommandLineW
GetFileTime
MoveFileW
GetSystemInfo
DeleteFileW
GlobalLock
ExitProcess
VirtualAlloc
GlobalAlloc
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetFullPathNameW
CreateSemaphoreW
CreateThread
LoadLibraryA
ResetEvent
SetFilePointerEx
VirtualFree
TlsSetValue
TlsAlloc
GetStdHandle
GetTimeZoneInformation
GetFileSizeEx
CreateEventA
GlobalFree
TlsFree
VirtualQuery
RaiseException
TerminateProcess
DuplicateHandle
OutputDebugStringA
GlobalUnlock
GetFileAttributesW
SetUnhandledExceptionFilter
CopyFileW
GetModuleHandleA
TlsGetValue
ReleaseSemaphore
QueryPerformanceFrequency
MultiByteToWideChar
GlobalAddAtomW
FreeResource
GlobalFindAtomW
GetTickCount
GlobalDeleteAtom
MulDiv
GetVersionExW
GetVersion
FreeLibrary
LocalFree
FormatMessageW
GetProcAddress
GetModuleHandleW
LoadLibraryW
SetLastError
FindVolumeClose
FindNextVolumeW
FindFirstVolumeW
GetDriveTypeW
ReadFile
DeviceIoControl
SetNamedPipeHandleState
CreateFileW
CreateFileA
GetFileSize
MoveFileExA
WaitForSingleObjectEx
ConnectNamedPipe
GetNativeSystemInfo
GetCurrentThread
GetEnvironmentVariableA
SetThreadPriority
GetCurrentProcess
OutputDebugStringW
SetPriorityClass
FindFirstChangeNotificationA
SetEvent
ReadFileEx
SleepEx
CancelIo
FindNextChangeNotification
DisconnectNamedPipe
FlushFileBuffers
CreateNamedPipeA
GetOverlappedResult
CreateEventW
GetCurrentThreadId
WriteFile
FindCloseChangeNotification
lstrcpyW
GetExitCodeProcess
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
FindResourceW
WriteConsoleW
LoadResource
LockResource
SizeofResource
GetCurrentProcessId
GetCommandLineA
CreateMutexA
Sleep
CloseHandle
WaitForSingleObject
OpenProcess
GetLastError

user32

SetCursor
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
ValidateRect
GetActiveWindow
GetMessageW
DialogBoxIndirectParamW
GetDlgItem
BringWindowToTop
EndDialog
IsWindowVisible
EqualRect
GetWindowThreadProcessId
WindowFromPoint
PtInRect
SetCapture
GetCapture
PostMessageW
ReleaseCapture
IsRectEmpty
WindowFromDC
DrawFocusRect
GetMenuItemCount
GetMenuInfo
SystemParametersInfoW
GetMenuState
LoadMenuW
DrawEdge
GetWindowDC
CallNextHookEx
SetWindowLongW
IsMenu
TabbedTextOutW
SetPropW
GetDesktopWindow
GetWindowLongPtrW
GetClassNameW
DrawTextW
CallWindowProcW
IntersectRect
FillRect
GetMessagePos
DrawTextExW
GetSysColor
RemovePropW
ModifyMenuW
SetWindowLongPtrW
GetPropW
OffsetRect
GetSubMenu
GrayStringW
InsertMenuW
DrawStateW
GetMenuItemID
SetRect
IsWindow
UnhookWindowsHookEx
UnregisterClassW
SetWindowsHookExW
GetMenuDefaultItem
InflateRect
RedrawWindow
ClientToScreen
CopyRect
GetDC
InvalidateRect
GetParent
MonitorFromPoint
GetNextDlgTabItem
DestroyIcon
ReleaseDC
LoadBitmapW
KillTimer
GetFocus
GetMenu
DestroyMenu
GetLastActivePopup
GetForegroundWindow
SetWindowTextW
GetWindowLongW
GetWindowTextW
UnregisterClassA
DestroyWindow
DefWindowProcW
RegisterClassA
MessageBoxA
PostThreadMessageW
SetWindowPos
ShowWindow
GetWindowPlacement
GetMonitorInfoW
EnumDisplayMonitors
GetKeyState
MonitorFromWindow
GetWindowRect
DefRawInputProc
GetRawInputData
SetProcessWindowStation
CreateWindowExA
OpenWindowStationW
RegisterRawInputDevices
GetRawInputDeviceInfoA
GetRawInputDeviceList
WaitMessage
DispatchMessageW
MessageBoxW
TranslateMessage
PeekMessageW
SetThreadDesktop
CloseWindowStation
CloseDesktop
GetUserObjectInformationW
OpenInputDesktop
GetSystemMenu
GetClientRect
CreatePopupMenu
DrawIcon
AppendMenuW
GetSystemMetrics
SendMessageW
IsIconic
ScreenToClient
SetForegroundWindow
GetCursorPos
LoadIconW
SetMenuDefaultItem
GetSysColorBrush
LoadCursorW
SetTimer
EnableWindow
PostQuitMessage
BeginPaint
EndPaint
GetMenuStringW
CreateDialogIndirectParamW
IsDialogMessageW
IsWindowEnabled
RegisterWindowMessageW
SendDlgItemMessageA
SendDlgItemMessageW
WinHelpW
GetClassLongPtrW
SetFocus
GetWindowTextLengthW
SetActiveWindow
GetTopWindow
GetMessageTime
MapWindowPoints
TrackPopupMenu
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
SystemParametersInfoA
GetWindow
GetMenuItemInfoW

gdi32

SaveDC
RestoreDC
SetBkMode
SetMapMode
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DPtoLP
GetCurrentObject
SelectObject
RectVisible
CreateRectRgn
CreateCompatibleBitmap
GetObjectW
CreateFontIndirectW
Rectangle
TextOutW
CreateCompatibleDC
ExtTextOutW
DeleteObject
RoundRect
SetBrushOrgEx
GetPixel
SetPixel
BitBlt
UnrealizeObject
GetNearestColor
CreatePen
SelectClipRgn
GetDeviceCaps
Escape
CreateSolidBrush
CreateRectRgnIndirect
PtVisible
CombineRgn
GetStockObject
SetViewportOrgEx
GetTextExtentPoint32W
CreateFontW

msimg32

GradientFill

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

SetSecurityDescriptorDacl
QueryServiceConfigW
RegQueryValueW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumKeyW
RegQueryInfoKeyW
RegOpenKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
CreateProcessAsUserW
DuplicateTokenEx
StartServiceCtrlDispatcherW
OpenProcessToken
AddAccessAllowedAce
InitializeAcl
CreateWellKnownSid
InitializeSecurityDescriptor
OpenSCManagerW
StartServiceW
CloseServiceHandle
RegisterServiceCtrlHandlerA
DeleteService
ChangeServiceConfigA
ChangeServiceConfig2W
SetServiceStatus
OpenServiceA
CreateServiceA
ControlService
QueryServiceStatus
QueryServiceStatusEx

shell32

ExtractIconExW
CommandLineToArgvW
Shell_NotifyIconW

comctl32

ord17
ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantInit
VariantChangeType
VariantClear

psapi

GetModuleBaseNameW

setupapi

SetupDiGetClassDevsExW
SetupDiGetDeviceInfoListDetailW
CM_Get_Device_ID_ExW
SetupDiSetClassInstallParamsW
SetupDiCallClassInstaller
SetupDiGetDeviceInstallParamsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

winmm

mciSendCommandW
timeEndPeriod
timeBeginPeriod

Sections

.code
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

AMD64_CO
Size: 512B - Virtual size: 7B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.var
Size: 26KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.const
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InputRemapper.x86.exe
.exe windows:4 windows x86 arch:x86

c18287474584fa5f257e6b17cf7d38b5

Code Sign

01:00:00:00:00:01:0f:a5:04:46:6b
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

21/12/2006, 12:37

Not After

21/12/2007, 12:37

Subject

CN=Erik Olofsson,C=SE,1.2.840.113549.1.9.1=#0c126572696b406f6c6f6673736f6e2e696e666f

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:32:62:b3:c8:44:c1:1a:c0:9d:7e:c4:48:08:d9:77:d7:0f:42:ae
Signer

Actual PE Digest

1b:32:62:b3:c8:44:c1:1a:c0:9d:7e:c4:48:08:d9:77:d7:0f:42:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

EnterCriticalSection
UnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetFileType
GetStartupInfoA
InterlockedExchange
InitializeCriticalSection
GetModuleFileNameW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
LCMapStringW
GetLocaleInfoA
GetLocaleInfoW
GetStringTypeA
GetStringTypeW
CompareStringW
lstrcmpW
lstrcmpA
ConvertDefaultLocale
WritePrivateProfileStringW
lstrlenW
lstrlenA
GlobalFlags
LocalAlloc
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetThreadLocale
SetFilePointer
SetErrorMode
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
LeaveCriticalSection
DeleteCriticalSection
GetModuleFileNameA
InterlockedDecrement
InterlockedIncrement
RtlUnwind
GetStartupInfoW
GetProcessHeap
HeapAlloc
GetVersionExA
HeapFree
GetSystemInfo
SetUnhandledExceptionFilter
TerminateProcess
LoadLibraryA
GetCommandLineW
CreateThread
MoveFileW
DeleteFileW
CopyFileW
GetFileTime
GetFileSizeEx
SetFilePointerEx
GetFullPathNameW
DuplicateHandle
VirtualFree
VirtualAlloc
GetStdHandle
GetFileAttributesW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
VirtualQuery
GetSystemTimeAsFileTime
QueryPerformanceFrequency
GetTimeZoneInformation
QueryPerformanceCounter
OutputDebugStringA
ResetEvent
CreateEventA
ReleaseSemaphore
CreateSemaphoreW
RaiseException
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetModuleHandleA
ExitProcess
MultiByteToWideChar
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
FreeLibrary
GetVersion
GetVersionExW
FormatMessageW
LocalFree
GetTickCount
FreeResource
MulDiv
SetLastError
GetProcAddress
GetModuleHandleW
LoadLibraryW
FindFirstVolumeW
GetDriveTypeW
FindVolumeClose
FindNextVolumeW
lstrcpyW
FindFirstChangeNotificationA
GetNativeSystemInfo
GetEnvironmentVariableA
OutputDebugStringW
SetNamedPipeHandleState
CreateFileA
WaitForSingleObjectEx
ConnectNamedPipe
MoveFileExA
ProcessIdToSessionId
Process32NextW
Process32FirstW
FindNextChangeNotification
CreateToolhelp32Snapshot
ReadFile
DeviceIoControl
CreateFileW
FindCloseChangeNotification
GetFileSize
GetExitCodeProcess
ReadFileEx
WTSGetActiveConsoleSessionId
GetOverlappedResult
WriteFile
SetEvent
SleepEx
CancelIo
GetCurrentThread
DisconnectNamedPipe
SetThreadPriority
GetCurrentThreadId
FlushFileBuffers
GetCurrentProcess
CreateNamedPipeA
SetPriorityClass
CreateEventW
FindResourceW
LoadResource
LockResource
WriteConsoleW
SizeofResource
GetCommandLineA
CreateMutexA
GetCurrentProcessId
OpenProcess
GetLastError
Sleep
CloseHandle
EnumResourceLanguagesW
WaitForSingleObject

user32

SetMenuItemBitmaps
GetMenuCheckMarkDimensions
EnableMenuItem
CheckMenuItem
ValidateRect
SetCursor
IsWindowEnabled
DialogBoxIndirectParamW
EndDialog
GetDlgItem
BringWindowToTop
GetMessageW
GetActiveWindow
IsWindowVisible
EqualRect
GetWindowThreadProcessId
WindowFromPoint
ReleaseCapture
SetCapture
GetCapture
PostMessageW
PtInRect
SetWindowsHookExW
CallNextHookEx
GetClassNameW
SetPropW
GetPropW
RemovePropW
UnhookWindowsHookEx
GetMessagePos
SetWindowLongW
GetIconInfo
GetWindowDC
GetMenuInfo
ClientToScreen
RedrawWindow
LoadMenuW
WindowFromDC
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
GetDesktopWindow
ModifyMenuW
InsertMenuW
GetSubMenu
GetMenuItemInfoW
GetMenuState
GetMenuItemID
GetMenuItemCount
GetMenuDefaultItem
DrawFocusRect
DrawEdge
FillRect
CallWindowProcW
IntersectRect
OffsetRect
InflateRect
SetRect
GetSysColor
IsMenu
DrawStateW
SystemParametersInfoW
IsWindow
DestroyIcon
MonitorFromPoint
GetParent
GetNextDlgTabItem
InvalidateRect
ReleaseDC
GetDC
LoadBitmapW
GetMenu
DestroyMenu
GetFocus
KillTimer
GetWindowRect
GetLastActivePopup
GetForegroundWindow
GetKeyState
SetWindowTextW
DestroyWindow
UnregisterClassA
PostThreadMessageW
PostQuitMessage
MessageBoxA
DefWindowProcW
GetWindowLongW
GetWindowTextW
SetWindowPos
ShowWindow
GetWindowPlacement
GetMonitorInfoW
EnumDisplayMonitors
MonitorFromWindow
OpenWindowStationW
OpenInputDesktop
DefRawInputProc
GetRawInputData
CreateWindowExA
RegisterRawInputDevices
GetRawInputDeviceInfoA
GetRawInputDeviceList
MessageBoxW
CloseWindowStation
WaitMessage
DispatchMessageW
TranslateMessage
PeekMessageW
SetThreadDesktop
CloseDesktop
SetProcessWindowStation
GetUserObjectInformationW
DrawIcon
GetSystemMetrics
IsIconic
GetClientRect
LoadIconW
SetForegroundWindow
GetCursorPos
AppendMenuW
SetMenuDefaultItem
SendMessageW
CreatePopupMenu
ScreenToClient
GetSystemMenu
UnregisterClassW
GetSysColorBrush
LoadCursorW
EnableWindow
SetTimer
RegisterClassA
EndPaint
BeginPaint
GetMenuStringW
CreateDialogIndirectParamW
IsDialogMessageW
CopyRect
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
GetClassLongW
SetFocus
GetWindowTextLengthW
SetActiveWindow
GetTopWindow
GetMessageTime
MapWindowPoints
TrackPopupMenu
UpdateWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
GetDlgCtrlID
SystemParametersInfoA
IsRectEmpty
GetWindow

gdi32

SaveDC
RestoreDC
SetBkMode
SetMapMode
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
DPtoLP
GetCurrentObject
SelectObject
SelectClipRgn
DeleteObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
SetPixel
GetPixel
BitBlt
RoundRect
Rectangle
GetNearestColor
SetBrushOrgEx
GetDeviceCaps
CreateCompatibleDC
CombineRgn
CreateRectRgnIndirect
CreateRectRgn
CreateCompatibleBitmap
GetObjectW
CreateFontIndirectW
CreateSolidBrush
CreatePen
UnrealizeObject
GetTextExtentPoint32W
SetViewportOrgEx
GetStockObject
CreateFontW

msimg32

GradientFill

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

InitializeAcl
ChangeServiceConfigA
RegQueryValueW
RegCreateKeyExW
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyW
RegOpenKeyW
RegQueryInfoKeyW
RegCloseKey
SetSecurityDescriptorDacl
AddAccessAllowedAce
OpenServiceA
CreateWellKnownSid
InitializeSecurityDescriptor
CreateProcessAsUserW
DuplicateTokenEx
OpenProcessToken
ChangeServiceConfig2W
SetServiceStatus
CreateServiceA
ControlService
QueryServiceStatusEx
StartServiceCtrlDispatcherW
QueryServiceStatus
OpenSCManagerW
QueryServiceConfigW
RegisterServiceCtrlHandlerA
CloseServiceHandle
StartServiceW
DeleteService

shell32

ExtractIconExW
CommandLineToArgvW
Shell_NotifyIconW

comctl32

ord17
ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathFindExtensionW

oleaut32

VariantInit
VariantChangeType
VariantClear

psapi

GetModuleBaseNameW

setupapi

SetupDiSetClassInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsExW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailW
CM_Get_Device_ID_ExW
SetupDiCallClassInstaller

winmm

mciSendCommandW
timeEndPeriod
timeBeginPeriod

Sections

.code
Size: 1008KB - Virtual size: 1007KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.var
Size: 24KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.const
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 132KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
InputRemapperFilter.x64.sys
.sys windows:6 windows x64 arch:x64

72cf09fb5b283c4f9bb8892b0b97614c

Code Sign

01:00:00:00:00:01:0f:a5:04:46:6b
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

21/12/2006, 12:37

Not After

21/12/2007, 12:37

Subject

CN=Erik Olofsson,C=SE,1.2.840.113549.1.9.1=#0c126572696b406f6c6f6673736f6e2e696e666f

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:7f:db:08:95:be:c0:b0:42:0e:50:53:e3:54:38:d9:8e:71:6f:b2
Signer

Actual PE Digest

c6:7f:db:08:95:be:c0:b0:42:0e:50:53:e3:54:38:d9:8e:71:6f:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

IoDetachDevice
PsSetCreateProcessNotifyRoutine
MmUnmapIoSpace
MmMapIoSpace
PoStartNextPowerIrp
IofCompleteRequest
IoReleaseRemoveLockAndWaitEx
KeWaitForSingleObject
IoAcquireRemoveLockEx
IoAttachDeviceToDeviceStack
PoCallDriver
IoDeleteSymbolicLink
IoCreateSymbolicLink
ExReleaseFastMutex
ExAcquireFastMutex
IoInitializeRemoveLockEx
KeAcquireInStackQueuedSpinLockAtDpcLevel
IoCreateDevice
KeReleaseInStackQueuedSpinLock
IoReleaseCancelSpinLock
IoGetDeviceProperty
IofCallDriver
RtlInitUnicodeString
KeReleaseInStackQueuedSpinLockFromDpcLevel
IoDeleteDevice
KeSetEvent
KeInitializeEvent
IoReleaseRemoveLockEx
KeAcquireInStackQueuedSpinLock
KeBugCheckEx

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 801B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InputRemapperFilter.x86.sys
.sys windows:6 windows x86 arch:x86

db8e0699b6b07b9fbc6855328da00749

Code Sign

01:00:00:00:00:01:0f:a5:04:46:6b
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

21/12/2006, 12:37

Not After

21/12/2007, 12:37

Subject

CN=Erik Olofsson,C=SE,1.2.840.113549.1.9.1=#0c126572696b406f6c6f6673736f6e2e696e666f

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageKeyEncipherment
KeyUsageDataEncipherment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

04:00:00:00:00:01:08:d9:61:24:48
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:38:87:c4:f6:07:6c:42:37:a6:f9:0e:38:ec:35:71:70:0b:e6:c8
Signer

Actual PE Digest

f0:38:87:c4:f6:07:6c:42:37:a6:f9:0e:38:ec:35:71:70:0b:e6:c8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memset
KeSetEvent
IofCallDriver
IoGetDeviceProperty
MmUnmapIoSpace
MmMapIoSpace
KeWaitForSingleObject
IoAttachDeviceToDeviceStack
PoCallDriver
PoStartNextPowerIrp
KeReleaseInStackQueuedSpinLockFromDpcLevel
KeAcquireInStackQueuedSpinLockAtDpcLevel
PsSetCreateProcessNotifyRoutine
KeTickCount
IoAcquireRemoveLockEx
IoReleaseRemoveLockAndWaitEx
IoDeleteSymbolicLink
IoDeleteDevice
IoReleaseCancelSpinLock
IofCompleteRequest
IoReleaseRemoveLockEx
RtlInitUnicodeString
IoCreateDevice
IoInitializeRemoveLockEx
IoCreateSymbolicLink
IoDetachDevice
KeInitializeEvent

hal

KfLowerIrql
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
WRITE_PORT_UCHAR
WRITE_PORT_ULONG
WRITE_PORT_USHORT
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
ExAcquireFastMutex
ExReleaseFastMutex
KeRaiseIrqlToDpcLevel

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 384B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 640B - Virtual size: 633B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 768B - Virtual size: 706B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
License.txt
MacBookPro.dat
Uninstall.exe.nsis
dbghelp.dll
.dll windows:4 windows x86 arch:x86

23dbfe3112241abaff4c3d3dfa2c4867

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

??3@YAXPAX@Z
_XcptFilter
_adjust_fdiv
_amsg_exit
_initterm
_fileno
_iob
_isatty
_write
__pioinfo
__badioinfo
_lseek
wctomb
_snprintf
__mb_cur_max
mbtowc
isleadbyte
_ismbblead
_errno
iswprint
_vsnwprintf
memmove
__CxxFrameHandler
iswspace
calloc
_itoa
towlower
tolower
_wcslwr
time
_wctime
atol
wcsncpy
sprintf
fclose
_winminor
_winmajor
_osver
_wsplitpath
__unDName
isdigit
strncpy
_CxxThrowException
bsearch
_snwprintf
__dllonexit
fseek
_wfopen
fopen
wcstol
strchr
wcsrchr
_wmakepath
_fullpath
_wfullpath
_mbsicmp
_access
_splitpath
_wcsdup
_fsopen
_wfsopen
_get_osfhandle
_read
_lseeki64
_chsize
_close
_open_osfhandle
_wsopen
_sopen
wprintf
ftell
_wgetenv
_memicmp
_mbscmp
?terminate@@YAXXZ
??1type_info@@UAE@XZ
strncmp
_ltoa
_wcsnicmp
_stricmp
_purecall
isspace
ctime
malloc
_strlwr
free
strstr
_except_handler3
memcpy
_wcsicmp
qsort
wcschr
wcsstr
wcsncmp
_onexit
fread
iswxdigit
memset
??2@YAPAXI@Z

kernel32

LocalFree
InterlockedIncrement
InterlockedDecrement
LCMapStringA
SetFileAttributesA
CopyFileA
InitializeCriticalSectionAndSpinCount
DeleteFileA
DeviceIoControl
GetFileType
ExpandEnvironmentStringsA
MapViewOfFileEx
FlushViewOfFile
InterlockedExchange
GetSystemDirectoryA
GetWindowsDirectoryA
CompareStringA
GetModuleFileNameA
GetThreadSelectorEntry
CreateThread
TerminateThread
VirtualQueryEx
GetPriorityClass
GetThreadPriority
GetThreadTimes
GetThreadContext
ResumeThread
SuspendThread
GetSystemInfo
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindClose
SetLastError
LocalAlloc
LeaveCriticalSection
EnterCriticalSection
CloseHandle
ReadFile
GetFileSize
CreateFileA
GetLastError
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
HeapDestroy
FreeLibrary
DeleteCriticalSection
HeapCreate
InitializeCriticalSection
GetVersionExA
HeapReAlloc
HeapAlloc
HeapFree
IsDBCSLeadByte
SetFilePointer
GetCurrentProcess
UnmapViewOfFile
CreateDirectoryA
VirtualProtect
VirtualAlloc
DuplicateHandle
MapViewOfFile
CreateFileMappingA
GetModuleHandleA
OpenProcess
GetCurrentProcessId
VirtualFree
OutputDebugStringA
WriteFile
ReadProcessMemory
SetErrorMode
GetFileAttributesA
GetProcessHeap
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
LoadLibraryA

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

rpcrt4

UuidCreate

Exports

Exports

DbgHelpCreateUserDump
DbgHelpCreateUserDumpW
EnumDirTree
EnumDirTreeW
EnumerateLoadedModules
EnumerateLoadedModules64
EnumerateLoadedModulesW64
ExtensionApiVersion
FindDebugInfoFile
FindDebugInfoFileEx
FindExecutableImage
FindExecutableImageEx
FindExecutableImageExW
FindFileInPath
FindFileInSearchPath
GetTimestampForLoadedLibrary
ImageDirectoryEntryToData
ImageDirectoryEntryToDataEx
ImageNtHeader
ImageRvaToSection
ImageRvaToVa
ImagehlpApiVersion
ImagehlpApiVersionEx
MakeSureDirectoryPathExists
MapDebugInformation
MiniDumpReadDumpStream
MiniDumpWriteDump
SearchTreeForFile
SearchTreeForFileW
StackWalk
StackWalk64
SymAddSymbol
SymAddSymbolW
SymCleanup
SymDeleteSymbol
SymDeleteSymbolW
SymEnumLines
SymEnumLinesW
SymEnumProcesses
SymEnumSourceFiles
SymEnumSourceFilesW
SymEnumSourceLines
SymEnumSourceLinesW
SymEnumSym
SymEnumSymbols
SymEnumSymbolsForAddr
SymEnumSymbolsForAddrW
SymEnumSymbolsW
SymEnumTypes
SymEnumTypesW
SymEnumerateModules
SymEnumerateModules64
SymEnumerateModulesW64
SymEnumerateSymbols
SymEnumerateSymbols64
SymEnumerateSymbolsW
SymEnumerateSymbolsW64
SymFindFileInPath
SymFindFileInPathW
SymFromAddr
SymFromAddrW
SymFromIndex
SymFromIndexW
SymFromName
SymFromNameW
SymFromToken
SymFromTokenW
SymFunctionTableAccess
SymFunctionTableAccess64
SymGetFileLineOffsets64
SymGetHomeDirectory
SymGetHomeDirectoryW
SymGetLineFromAddr
SymGetLineFromAddr64
SymGetLineFromAddrW64
SymGetLineFromName
SymGetLineFromName64
SymGetLineFromNameW64
SymGetLineNext
SymGetLineNext64
SymGetLineNextW64
SymGetLinePrev
SymGetLinePrev64
SymGetLinePrevW64
SymGetModuleBase
SymGetModuleBase64
SymGetModuleInfo
SymGetModuleInfo64
SymGetModuleInfoW
SymGetModuleInfoW64
SymGetOmapBlockBase
SymGetOptions
SymGetScope
SymGetScopeW
SymGetSearchPath
SymGetSearchPathW
SymGetSourceFile
SymGetSourceFileFromToken
SymGetSourceFileFromTokenW
SymGetSourceFileToken
SymGetSourceFileTokenW
SymGetSourceFileW
SymGetSourceVarFromToken
SymGetSourceVarFromTokenW
SymGetSymFromAddr
SymGetSymFromAddr64
SymGetSymFromName
SymGetSymFromName64
SymGetSymNext
SymGetSymNext64
SymGetSymPrev
SymGetSymPrev64
SymGetSymbolFile
SymGetSymbolFileW
SymGetTypeFromName
SymGetTypeFromNameW
SymGetTypeInfo
SymGetTypeInfoEx
SymInitialize
SymInitializeW
SymLoadModule
SymLoadModule64
SymLoadModuleEx
SymLoadModuleExW
SymMatchFileName
SymMatchFileNameW
SymMatchString
SymMatchStringA
SymMatchStringW
SymNext
SymNextW
SymPrev
SymPrevW
SymRefreshModuleList
SymRegisterCallback
SymRegisterCallback64
SymRegisterCallbackW64
SymRegisterFunctionEntryCallback
SymRegisterFunctionEntryCallback64
SymSearch
SymSearchW
SymSetContext
SymSetHomeDirectory
SymSetHomeDirectoryW
SymSetOptions
SymSetParentWindow
SymSetSearchPath
SymSetSearchPathW
SymSrvDeltaName
SymSrvDeltaNameW
SymSrvGetFileIndexString
SymSrvGetFileIndexStringW
SymSrvGetFileIndexes
SymSrvGetFileIndexesW
SymSrvGetSupplement
SymSrvGetSupplementW
SymSrvIsStore
SymSrvIsStoreW
SymSrvStoreFile
SymSrvStoreFileW
SymSrvStoreSupplement
SymSrvStoreSupplementW
SymUnDName
SymUnDName64
SymUnloadModule
SymUnloadModule64
UnDecorateSymbolName
UnDecorateSymbolNameW
UnmapDebugInformation
WinDbgExtensionDllInit
block
dbghelp
dh
fptr
homedir
lmi
lminfo
omap
srcfiles
stack_force_ebp
stackdbg
sym
symsrv
vc7fpo

Sections

.text
Size: 938KB - Virtual size: 937KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
symsrv.dll
.dll windows:5 windows x86 arch:x86

751097660d852dc21eccc7858e103d35

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_XcptFilter
_adjust_fdiv
_amsg_exit
_initterm
_fileno
_iob
_isatty
_write
__pioinfo
__badioinfo
_lseek
wctomb
_itoa
_snprintf
__mb_cur_max
mbtowc
isleadbyte
malloc
free
_errno
_wtoi64
_wcslwr
memcpy
strrchr
wcsstr
??3@YAXPAX@Z
??2@YAPAXI@Z
_stricmp
getenv
isspace
_wcsicmp
_wcsnicmp
wcschr
_except_handler3
towlower
memset

kernel32

GetSystemTime
InterlockedExchange
GetSystemDirectoryA
GetWindowsDirectoryA
GetModuleFileNameA
GetModuleHandleA
CompareStringA
FreeLibrary
OutputDebugStringA
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GlobalFree
ReleaseMutex
GetFileInformationByHandle
FileTimeToLocalFileTime
FileTimeToDosDateTime
DeleteFileA
SetFilePointer
CreateFileA
DosDateTimeToFileTime
LocalFileTimeToFileTime
SetFileTime
DeleteCriticalSection
InitializeCriticalSection
EnterCriticalSection
SetLastError
GetLastError
LocalAlloc
LocalReAlloc
LocalFree
CloseHandle
WriteFile
GetCurrentProcess
GetSystemTimeAsFileTime
DebugBreak
LoadLibraryA
WaitForSingleObject
SetWaitableTimer
RaiseException
CreateThread
ReadFile
GetFileTime
GetFileSize
LeaveCriticalSection

advapi32

RegCloseKey
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid

Exports

Exports

EulaDlgProc
RunDllEntry
SymbolServer
SymbolServerByIndex
SymbolServerByIndexW
SymbolServerClose
SymbolServerDeltaName
SymbolServerDeltaNameW
SymbolServerGetIndexString
SymbolServerGetIndexStringW
SymbolServerGetOptions
SymbolServerGetSupplement
SymbolServerGetSupplementW
SymbolServerGetVersion
SymbolServerIsStore
SymbolServerIsStoreW
SymbolServerPing
SymbolServerPingW
SymbolServerSetOptions
SymbolServerSetOptionsW
SymbolServerStoreFile
SymbolServerStoreFileW
SymbolServerStoreSupplement
SymbolServerStoreSupplementW
SymbolServerW
httpCloseHandle
httpOpenFileHandle
httpOpenFileHandleW
httpQueryDataAvailable
httpReadFile

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9c523d8653da5455667e3f82274f2f88

Code Sign

01:00:00:00:00:01:0f:a5:04:46:6bCertificate

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

Key Usages

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:24:48Certificate

Key Usages

61:0b:7f:6b:00:00:00:00:00:19Certificate

Key Usages

c4:35:34:48:8c:21:c9:21:f2:5b:fb:ee:01:b9:df:dc:a1:93:b2:92Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 110KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 19KB - Virtual size: 18KB

57354bdeea3dfae6e948101add87501a

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

Exports

Exports

Sections

.text Size: 6KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 9KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1024B - Virtual size: 954B

28d94e5199b88ad374b3cb2118e31a66

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 5KB

.rsrc Size: 512B - Virtual size: 296B

.reloc Size: 512B - Virtual size: 460B

ce6c0c451d9f9faf3e409f7ef7fd4a9f

Code Sign

01:00:00:00:00:01:0f:a5:04:46:6bCertificate

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

04:00:00:00:00:01:08:d9:61:1c:d6Certificate

01:00:00:00:00:01:0f:a5:04:46:6b
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

c4:35:34:48:8c:21:c9:21:f2:5b:fb:ee:01:b9:df:dc:a1:93:b2:92
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 110KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 19KB - Virtual size: 18KB

.text
Size: 6KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 9KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 954B

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 5KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 460B

01:00:00:00:00:01:0f:a5:04:46:6b
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

bc:c7:39:d0:78:28:10:98:64:ea:21:c9:21:09:a4:85:ea:2c:ad:88
Signer

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 428B

.data
Size: 512B - Virtual size: 272B

.pdata
Size: 512B - Virtual size: 108B

INIT
Size: 1024B - Virtual size: 854B

.rsrc
Size: 1KB - Virtual size: 1KB

01:00:00:00:00:01:0f:a5:04:46:6b
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

5b:2d:ca:2e:d2:16:22:df:f1:b1:9e:c5:ee:7a:32:05:4b:d3:93:90
Signer

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 256B - Virtual size: 240B

.data
Size: 128B - Virtual size: 8B

INIT
Size: 768B - Virtual size: 708B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 256B - Virtual size: 158B

01:00:00:00:00:01:0f:a5:04:46:6b
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

04:00:00:00:00:01:08:d9:61:24:48
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

9a:44:18:a6:07:3e:79:d8:42:d6:d6:ca:c8:86:8a:87:80:b6:76:1f
Signer