mcafee_trial_setup_433[.]0207[.]3919_key (1)[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

mcafee_trial_setup_433.0207.3919_key (1).exe
Size

5.6MB
MD5

93decf88347d78daa8a24f888d7140ce
SHA1

fc464aeebe4a97a54af28a9c5b3ff64dc1125236
SHA256

4c105c2ec4ea7b126fa0c092044fc67d13fc4ba3032d65ed120ffe5ffa0790c5
SHA512

f7871056499c3f5561e8de7e481b08f8c91ded565ca5b20a249a9dab1d2df4f399da637830ca3499737a0088f1befb3e0f81aa5c11ca005e87c52bf6729e8cff
SSDEEP

98304:hk+RvJS8fO8Z3Y3YU1+/NACNOxsK6rlq//XNdu0ey0pRzsaAWACyh8sBhvG2K+mI:hkYvz5Ya/yCsxsKow/60eHzlyh8sbGxU

Score

1^/10

Malware Config

Signatures

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

mcafee_trial_setup_433.0207.3919_key (1).exe
.exe windows:4 windows x86 arch:x86

3abe302b6d9a1256e6a915429af4ffd2

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

12/03/2021, 00:00

Not After

11/03/2024, 23:59

Subject

CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b6:85:e0:cf:01:60:14:a3:f9:40:78:9c:c0:e3:94:8d:5c:29:be:8f:67:03:1f:28:2b:bd:a2:c9:b4:1e:2b:98
Signer

Actual PE Digest

b6:85:e0:cf:01:60:14:a3:f9:40:78:9c:c0:e3:94:8d:5c:29:be:8f:67:03:1f:28:2b:bd:a2:c9:b4:1e:2b:98

Digest Algorithm

sha256

PE Digest Matches

true

b6:85:e0:cf:01:60:14:a3:f9:40:78:9c:c0:e3:94:8d:5c:29:be:8f:67:03:1f:28:2b:bd:a2:c9:b4:1e:2b:98
Signer

Actual PE Digest

b6:85:e0:cf:01:60:14:a3:f9:40:78:9c:c0:e3:94:8d:5c:29:be:8f:67:03:1f:28:2b:bd:a2:c9:b4:1e:2b:98

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTempPathA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
Sleep
GetTickCount
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GetWindowsDirectoryA
SetCurrentDirectoryA
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
CreateThread
GlobalLock
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Code Sign

e7:47:5c:65:2d:7b:37:b4:3a:ad:f6:c8:f0:3a:b2:78
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

04/02/2019, 00:00

Not After

03/02/2022, 23:59

Subject

CN=McAfee\, LLC.,OU=Enterprise,O=McAfee\, LLC.,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/08/2013, 20:26

Not After

15/08/2023, 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

27:63:d5:c3:19:21:61:5b:1f:01:d3:3e:e8:ea:9b:3a:4c:77:f4:29:07:43:5c:5b:63:89:d2:e7:fb:15:a3:62
Signer

Actual PE Digest

27:63:d5:c3:19:21:61:5b:1f:01:d3:3e:e8:ea:9b:3a:4c:77:f4:29:07:43:5c:5b:63:89:d2:e7:fb:15:a3:62

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/CSPInterface.ini
$_0_/DynamicAffid/1244/AWDET.ini
$_0_/DynamicAffid/1263/AWDET.ini
$_0_/DynamicAffid/1297/AWDET.ini
$_0_/DynamicAffid/1309/AWDET.ini
$_0_/DynamicAffid/1312/AWDET.ini
$_0_/DynamicAffid/1316/AWDET.ini
$_0_/DynamicAffid/1318/AWDET.ini
$_0_/DynamicAffid/1320/AWDET.ini
$_0_/DynamicAffid/1324/AWDET.ini
$_0_/DynamicAffid/1327/AWDET.ini
$_0_/DynamicAffid/1333/AWDET.ini
$_0_/IHInterface/IH.dat
$_0_/MAV/Vi2LangPrtnr.dll
.dll windows:6 windows x86 arch:x86

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

12/03/2021, 00:00

Not After

11/03/2024, 23:59

Subject

CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

23:25:42:c5:5e:25:a4:3b:7e:bd:9e:39:d8:f7:fe:93:f8:c5:06:70:0c:8e:8d:74:51:21:f5:d0:ba:9b:55:e0
Signer

Actual PE Digest

23:25:42:c5:5e:25:a4:3b:7e:bd:9e:39:d8:f7:fe:93:f8:c5:06:70:0c:8e:8d:74:51:21:f5:d0:ba:9b:55:e0

Digest Algorithm

sha256

PE Digest Matches

true

23:25:42:c5:5e:25:a4:3b:7e:bd:9e:39:d8:f7:fe:93:f8:c5:06:70:0c:8e:8d:74:51:21:f5:d0:ba:9b:55:e0
Signer

Actual PE Digest

23:25:42:c5:5e:25:a4:3b:7e:bd:9e:39:d8:f7:fe:93:f8:c5:06:70:0c:8e:8d:74:51:21:f5:d0:ba:9b:55:e0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_0_/MIS/Vi2LangPrtnr.dll
.dll windows:6 windows x86 arch:x86

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

12/03/2021, 00:00

Not After

11/03/2024, 23:59

Subject

CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f0:1b:da:8c:92:5f:db:8c:79:1a:97:08:2b:66:6c:c5:b7:7e:52:c4:90:28:4a:6e:b4:45:c9:21:43:4d:39:f1
Signer

Actual PE Digest

f0:1b:da:8c:92:5f:db:8c:79:1a:97:08:2b:66:6c:c5:b7:7e:52:c4:90:28:4a:6e:b4:45:c9:21:43:4d:39:f1

Digest Algorithm

sha256

PE Digest Matches

true

f0:1b:da:8c:92:5f:db:8c:79:1a:97:08:2b:66:6c:c5:b7:7e:52:c4:90:28:4a:6e:b4:45:c9:21:43:4d:39:f1
Signer

Actual PE Digest

f0:1b:da:8c:92:5f:db:8c:79:1a:97:08:2b:66:6c:c5:b7:7e:52:c4:90:28:4a:6e:b4:45:c9:21:43:4d:39:f1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_0_/MLS/Vi2LangPrtnr.dll
.dll windows:6 windows x86 arch:x86

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

12/03/2021, 00:00

Not After

11/03/2024, 23:59

Subject

CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d4:13:f9:9e:e8:c0:83:18:6f:db:bf:d4:56:5c:3c:e6:fa:19:1b:61:bc:29:05:1a:4e:ea:c5:e1:b5:1c:0b:3b
Signer

Actual PE Digest

d4:13:f9:9e:e8:c0:83:18:6f:db:bf:d4:56:5c:3c:e6:fa:19:1b:61:bc:29:05:1a:4e:ea:c5:e1:b5:1c:0b:3b

Digest Algorithm

sha256

PE Digest Matches

true

d4:13:f9:9e:e8:c0:83:18:6f:db:bf:d4:56:5c:3c:e6:fa:19:1b:61:bc:29:05:1a:4e:ea:c5:e1:b5:1c:0b:3b
Signer

Actual PE Digest

d4:13:f9:9e:e8:c0:83:18:6f:db:bf:d4:56:5c:3c:e6:fa:19:1b:61:bc:29:05:1a:4e:ea:c5:e1:b5:1c:0b:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_0_/MMIPDURes.dll
.dll windows:6 windows x86 arch:x86

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

12/03/2021, 00:00

Not After

11/03/2024, 23:59

Subject

CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:89:55:44:01:9c:27:f7:7e:2a:e4:2b:29:6c:86:22:e4:53:d3:d4:c5:a8:57:f0:06:65:c0:a5:b5:55:ae:3e
Signer

Actual PE Digest

19:89:55:44:01:9c:27:f7:7e:2a:e4:2b:29:6c:86:22:e4:53:d3:d4:c5:a8:57:f0:06:65:c0:a5:b5:55:ae:3e

Digest Algorithm

sha256

PE Digest Matches

true

19:89:55:44:01:9c:27:f7:7e:2a:e4:2b:29:6c:86:22:e4:53:d3:d4:c5:a8:57:f0:06:65:c0:a5:b5:55:ae:3e
Signer

Actual PE Digest

19:89:55:44:01:9c:27:f7:7e:2a:e4:2b:29:6c:86:22:e4:53:d3:d4:c5:a8:57:f0:06:65:c0:a5:b5:55:ae:3e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 292B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 451KB - Virtual size: 450KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_0_/MTP/Vi2LangPrtnr.dll
.dll windows:6 windows x86 arch:x86

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

12/03/2021, 00:00

Not After

11/03/2024, 23:59

Subject

CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

26:c1:06:39:80:b0:e1:08:f9:f6:45:96:71:69:31:61:d3:24:c8:c6:be:df:7f:d4:f3:72:09:86:67:8a:b0:2f
Signer

Actual PE Digest

26:c1:06:39:80:b0:e1:08:f9:f6:45:96:71:69:31:61:d3:24:c8:c6:be:df:7f:d4:f3:72:09:86:67:8a:b0:2f

Digest Algorithm

sha256

PE Digest Matches

true

26:c1:06:39:80:b0:e1:08:f9:f6:45:96:71:69:31:61:d3:24:c8:c6:be:df:7f:d4:f3:72:09:86:67:8a:b0:2f
Signer

Actual PE Digest

26:c1:06:39:80:b0:e1:08:f9:f6:45:96:71:69:31:61:d3:24:c8:c6:be:df:7f:d4:f3:72:09:86:67:8a:b0:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 344B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_0_/McApp.exe
.exe windows:6 windows x86 arch:x86

0142eee11e82dc99b5ce17d30144ea00

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

12/03/2021, 00:00

Not After

11/03/2024, 23:59

Subject

CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:c6:99:dd:a4:d4:b6:3e:6b:a4:ca:c5:b2:77:b3:22:55:98:3b:43:d6:f9:d5:14:6e:fd:e2:f8:c8:ee:48:30
Signer

Actual PE Digest

48:c6:99:dd:a4:d4:b6:3e:6b:a4:ca:c5:b2:77:b3:22:55:98:3b:43:d6:f9:d5:14:6e:fd:e2:f8:c8:ee:48:30

Digest Algorithm

sha256

PE Digest Matches

true

48:c6:99:dd:a4:d4:b6:3e:6b:a4:ca:c5:b2:77:b3:22:55:98:3b:43:d6:f9:d5:14:6e:fd:e2:f8:c8:ee:48:30
Signer

Actual PE Digest

48:c6:99:dd:a4:d4:b6:3e:6b:a4:ca:c5:b2:77:b3:22:55:98:3b:43:d6:f9:d5:14:6e:fd:e2:f8:c8:ee:48:30

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

wintrust

WinVerifyTrust

kernel32

CloseHandle
CreateDirectoryW
FindClose
FindNextFileW
WriteFile
SetFilePointer
ReadFile
GetFileSize
CreateFileA
GetWindowsDirectoryA
GetShortPathNameW
MoveFileExW
CopyFileW
SetFileAttributesW
FindFirstFileW
GetVersionExW
DeleteFileW
RemoveDirectoryW
GetCurrentDirectoryW
ReleaseMutex
OutputDebugStringW
GetLocalTime
GetCurrentThreadId
CreateFileW
WaitForSingleObject
VirtualQuery
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
VerSetConditionMask
VerifyVersionInfoW
SetCurrentDirectoryW
InitializeCriticalSectionEx
RaiseException
DecodePointer
SetLastError
LoadLibraryExW
QueryFullProcessImageNameW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
CreateMutexW
CreateThread
OpenProcess
GetWindowsDirectoryW
GlobalFindAtomW
SystemTimeToFileTime
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFullPathNameW
GetProcAddress
LoadLibraryW
FreeLibrary
LockFileEx
UnlockFileEx
GlobalAddAtomW
MoveFileW
ReplaceFileW
DeleteFileA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
GetModuleHandleW
IsValidCodePage
GetModuleFileNameW
GetFileAttributesW
GetPrivateProfileStringA
MultiByteToWideChar
GetPrivateProfileStructA
FindFirstFileExW
GetTimeZoneInformation
SetEndOfFile
WriteConsoleW
SetStdHandle
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetStdHandle
GetModuleHandleExW
ExitProcess
GetFileType
WideCharToMultiByte
WritePrivateProfileStructA
GetCurrentProcessId
Sleep
EnterCriticalSection
GetLastError
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
AcquireSRWLockShared
FormatMessageW
GetStringTypeW
EncodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
GetSystemInfo
VirtualAlloc
VirtualProtect
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetFolderPathW
ShellExecuteExW
SHCreateDirectoryExW

shlwapi

PathRemoveFileSpecA
PathRemoveExtensionA
PathFindFileNameA
PathFileExistsW
PathRemoveFileSpecW
PathAppendW
PathFindExtensionW
PathStripToRootW
PathFileExistsA
PathAddExtensionA

crypt32

CertGetCertificateContextProperty
CertFreeCertificateContext
CertGetSubjectCertificateFromStore
CertCloseStore
CertGetNameStringW
CryptMsgUpdate
CryptMsgClose
CryptMsgOpenToDecode
CryptDecodeObject
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptMsgGetParam

Sections

.text
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/McDiReg.exe
.exe windows:6 windows x86 arch:x86

13e886cb54cb01caf46a0a97f4abf638

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

12/03/2021, 00:00

Not After

11/03/2024, 23:59

Subject

CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:21:ed:3b:64:75:2f:58:22:2f:f1:c6:3f:62:cb:79:3c:0d:f8:8f:0e:dc:15:ca:79:6b:5d:5c:8d:60:34:86
Signer

Actual PE Digest

52:21:ed:3b:64:75:2f:58:22:2f:f1:c6:3f:62:cb:79:3c:0d:f8:8f:0e:dc:15:ca:79:6b:5d:5c:8d:60:34:86

Digest Algorithm

sha256

PE Digest Matches

true

52:21:ed:3b:64:75:2f:58:22:2f:f1:c6:3f:62:cb:79:3c:0d:f8:8f:0e:dc:15:ca:79:6b:5d:5c:8d:60:34:86
Signer

Actual PE Digest

52:21:ed:3b:64:75:2f:58:22:2f:f1:c6:3f:62:cb:79:3c:0d:f8:8f:0e:dc:15:ca:79:6b:5d:5c:8d:60:34:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathStripToRootW
PathFileExistsW
PathIsDirectoryEmptyW
PathRemoveFileSpecA
PathIsDirectoryW
StrTrimW
PathRemoveFileSpecW
wnsprintfW
PathAppendW
PathFindExtensionW
PathAddExtensionA
PathFileExistsA
PathFindFileNameA
PathRemoveExtensionA
SHDeleteKeyW
PathFindFileNameW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoList

rpcrt4

UuidCreate

psapi

GetModuleFileNameExW

wintrust

WinVerifyTrust

crypt32

CryptDecodeObject
CryptMsgClose
CryptMsgUpdate
CryptMsgGetParam
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptMsgOpenToDecode

kernel32

FreeLibrary
CopyFileW
WideCharToMultiByte
GetPrivateProfileStringA
SetLastError
FormatMessageA
Sleep
VirtualQuery
WritePrivateProfileStringW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetCurrentDirectoryW
GetCurrentProcessId
GetModuleHandleW
WaitForMultipleObjects
CreateThread
SizeofResource
LockResource
FindResourceExW
LoadResource
FindResourceW
GetSystemDefaultLCID
FormatMessageW
GetUserDefaultLCID
WaitForSingleObject
CreateEventW
GetTickCount64
ClosePrivateNamespace
DeleteBoundaryDescriptor
CreateProcessW
CreateMutexW
ReleaseMutex
OpenEventW
SetEvent
ResetEvent
CreatePrivateNamespaceW
TerminateProcess
RemoveDirectoryW
OpenPrivateNamespaceW
HeapSize
GetTempPathW
DeleteFileW
AddSIDToBoundaryDescriptor
MoveFileExW
VerSetConditionMask
VerifyVersionInfoW
GetTempFileNameW
GetSystemTime
GetProcessHeap
IsWow64Process
GetExitCodeProcess
DeviceIoControl
CreateFileW
ReadFile
GetCommandLineW
WriteFile
GetProcessId
DeleteCriticalSection
SetFileAttributesW
CreateFileA
GetWindowsDirectoryA
SetCurrentDirectoryW
GetFileSize
OpenMutexW
GetExitCodeThread
GlobalMemoryStatusEx
LoadLibraryExW
GetCurrentThreadId
QueryFullProcessImageNameW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetWindowsDirectoryW
GlobalFindAtomW
SystemTimeToFileTime
GetFullPathNameW
OutputDebugStringW
GetModuleHandleA
LockFileEx
UnlockFileEx
GlobalAddAtomW
ReplaceFileW
DeleteFileA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
InitializeCriticalSectionAndSpinCount
GetLocalTime
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
MoveFileW
GetPrivateProfileStructA
GetSystemDirectoryW
GetVersionExW
GetFileAttributesW
LocalAlloc
FindClose
InitializeCriticalSectionEx
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetShortPathNameW
GetModuleHandleExW
GetCurrentProcess
FindNextFileW
EnterCriticalSection
HeapFree
FindFirstFileW
WritePrivateProfileStructA
LocalFree
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
LoadLibraryW
RaiseException
CloseHandle
HeapReAlloc
GlobalFree
GlobalAlloc
GetLastError
SetFilePointer
MultiByteToWideChar
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
CreateDirectoryW
WritePrivateProfileStructW
lstrlenW
CreateBoundaryDescriptorW
SignalObjectAndWait
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetCurrentThread
EnumSystemLocalesW
IsValidLocale
GetACP
GetStdHandle
GetFileType
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
ExitProcess
GetConsoleCP
ReadConsoleW
GetConsoleMode
VirtualAlloc
RtlUnwind
InterlockedFlushSList
GetSystemInfo
VirtualProtect
LoadLibraryExA
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
TryEnterCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
InterlockedPushEntrySList

user32

MsgWaitForMultipleObjects
GetDesktopWindow
GetSystemMetrics
GetDC
TranslateMessage
PeekMessageW
DispatchMessageW

gdi32

GetDeviceCaps

advapi32

AllocateAndInitializeSid
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceEvent
UnregisterTraceGuids
RegSetKeySecurity
RegGetKeySecurity
RegFlushKey
CryptDeriveKey
QueryServiceStatus
StartServiceW
CloseServiceHandle
OpenSCManagerW
QueryServiceConfigW
OpenServiceW
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptSetKeyParam
CryptImportKey
LookupPrivilegeValueW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
SetEntriesInAclW
CreateWellKnownSid
SetNamedSecurityInfoW
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueA
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegNotifyChangeKeyValue
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
EqualSid
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
FreeSid
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation

shell32

SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
SHCreateDirectoryExW
SHGetKnownFolderPath

ole32

CoGetClassObject
CoInitialize
CoTaskMemAlloc
CoCreateGuid
CLSIDFromString
StringFromGUID2
CoUninitialize
CoTaskMemFree
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance

oleaut32

SysAllocStringByteLen
SysAllocString
SysFreeString
VariantInit
VariantChangeType
VariantCopy
SysStringLen
VariantClear

Sections

.text
Size: 926KB - Virtual size: 925KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/McInstru.dll
.dll windows:6 windows x86 arch:x86

967eb0400f731cf691df76279adfcbdb

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:a3:c3:d3:ab:0c:3e:95:36:c5:06:ae
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

26/02/2019, 19:10

Not After

26/02/2022, 19:10

Subject

CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:c5:f6:ea:d2:31:1b:2c:2b:8c:80:7f:a0:fb:ba:1c:af:cc:3d:b4:7e:db:89:6e:4b:a8:9e:5f:d9:c8:f6:b2
Signer

Actual PE Digest

11:c5:f6:ea:d2:31:1b:2c:2b:8c:80:7f:a0:fb:ba:1c:af:cc:3d:b4:7e:db:89:6e:4b:a8:9e:5f:d9:c8:f6:b2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateDirectoryW
ReadFile
WritePrivateProfileStructA
FindFirstFileW
HeapFree
FindNextFileW
WriteFile
GetShortPathNameW
RemoveDirectoryW
GetModuleFileNameW
InitializeCriticalSection
SetFilePointer
CreateMutexW
InitializeCriticalSectionEx
FindClose
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
GetVersionExW
ReleaseMutex
HeapSize
SetFileAttributesW
MultiByteToWideChar
Sleep
GetLastError
OutputDebugStringW
CreateFileA
DeleteFileW
HeapReAlloc
CloseHandle
RaiseException
GetWindowsDirectoryA
HeapAlloc
GetLocalTime
GetCurrentDirectoryW
DecodePointer
HeapDestroy
MoveFileExW
GetFileSize
DeleteCriticalSection
GetPrivateProfileStructA
GetCurrentProcessId
GetProcessHeap
WideCharToMultiByte
GetPrivateProfileStringA
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetFileType
GetStdHandle
IsDebuggerPresent
GetStringTypeW
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetACP

shell32

SHGetFolderPathW

ole32

CoCreateInstance

oleaut32

SysFreeString
SysAllocStringLen
VariantInit
VariantClear
SysAllocString

wininet

InternetOpenW
InternetReadFile
InternetConnectW
HttpOpenRequestW
HttpQueryInfoW
InternetSetOptionW
InternetCloseHandle
HttpSendRequestW

Exports

Exports

SendInstrumentData

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/McInstruTrack.exe
.exe windows:6 windows x86 arch:x86

293f7172395b98cc8062e74cec076a6d

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

12/03/2021, 00:00

Not After

11/03/2024, 23:59

Subject

CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:e9:31:63:2d:71:1a:6d:9d:0d:79:a4:50:4d:0d:69:8e:77:b6:5c:f7:f4:17:90:8a:e9:e0:44:15:bc:4f:e7
Signer

Actual PE Digest

6d:e9:31:63:2d:71:1a:6d:9d:0d:79:a4:50:4d:0d:69:8e:77:b6:5c:f7:f4:17:90:8a:e9:e0:44:15:bc:4f:e7

Digest Algorithm

sha256

PE Digest Matches

true

6d:e9:31:63:2d:71:1a:6d:9d:0d:79:a4:50:4d:0d:69:8e:77:b6:5c:f7:f4:17:90:8a:e9:e0:44:15:bc:4f:e7
Signer

Actual PE Digest

6d:e9:31:63:2d:71:1a:6d:9d:0d:79:a4:50:4d:0d:69:8e:77:b6:5c:f7:f4:17:90:8a:e9:e0:44:15:bc:4f:e7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateProcessW
CreatePrivateNamespaceW
TerminateProcess
OpenPrivateNamespaceW
K32GetModuleFileNameExW
CreateBoundaryDescriptorW
GetTempPathW
GetVersionExW
OpenProcess
CreateToolhelp32Snapshot
CreateEventW
Process32NextW
SetEvent
Process32FirstW
CreateThread
AddSIDToBoundaryDescriptor
VerSetConditionMask
VerifyVersionInfoW
GetSystemTime
MoveFileW
IsWow64Process
GetExitCodeProcess
SetLastError
DeviceIoControl
FormatMessageW
GetCommandLineW
FreeConsole
SetCurrentDirectoryW
GetSystemDefaultLCID
GetUserDefaultLCID
LoadLibraryExW
DeleteBoundaryDescriptor
ClosePrivateNamespace
GetModuleHandleW
VirtualQuery
GetTempFileNameW
GetCurrentProcessId
MoveFileExW
GetCurrentDirectoryW
DeleteFileW
OutputDebugStringW
Sleep
SetFileAttributesW
ReleaseMutex
GetCurrentThreadId
CreateFileW
WaitForSingleObject
CreateMutexW
SetFilePointer
RemoveDirectoryW
WriteFile
CreateDirectoryW
GetPrivateProfileStringA
WideCharToMultiByte
CopyFileW
FreeLibrary
GetProcessHeap
GetPrivateProfileStructA
LocalFree
GetProcAddress
HeapDestroy
HeapAlloc
LoadLibraryW
CloseHandle
HeapReAlloc
GlobalFree
GlobalAlloc
MultiByteToWideChar
HeapSize
GetSystemDirectoryW
GetFileAttributesW
LocalAlloc
FindClose
GetModuleFileNameW
GetModuleHandleExW
GetCurrentProcess
FindNextFileW
HeapFree
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
VirtualFree
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
WriteConsoleW
SetStdHandle
GetTimeZoneInformation
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetCurrentThread
GetACP
GetStdHandle
FindFirstFileW
WritePrivateProfileStructA
GetSystemTimeAsFileTime
SystemTimeToFileTime
DeleteCriticalSection
DecodePointer
GetLocalTime
RaiseException
GetLastError
InitializeCriticalSectionEx
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
QueryFullProcessImageNameW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetWindowsDirectoryW
GlobalFindAtomW
GetFullPathNameW
GetModuleHandleA
LockFileEx
UnlockFileEx
GlobalAddAtomW
ReplaceFileW
DeleteFileA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
ReadFile
GetExitCodeThread
GetFileSize
GlobalMemoryStatusEx
GetSystemInfo
VirtualProtect
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
ResetEvent
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
GetStringTypeW
TryEnterCriticalSection
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
VirtualAlloc
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetFileType
ExitThread
FreeLibraryAndExitThread
ExitProcess

user32

wsprintfW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW

advapi32

RegOpenKeyExA
QueryServiceStatus
StartServiceW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
GetTokenInformation
RegEnumKeyExA
FreeSid
OpenProcessToken
RegSetValueExA
RegCreateKeyExA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
CloseServiceHandle
OpenSCManagerW
CryptCreateHash
CryptHashData
CryptDestroyHash
QueryServiceConfigW
OpenServiceW
CryptGetHashParam
CryptDestroyKey
CryptAcquireContextW
CryptEncrypt
CryptDecrypt
CryptSetKeyParam
CryptImportKey
CryptReleaseContext
LookupPrivilegeValueW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
SetEntriesInAclW
CreateWellKnownSid
SetNamedSecurityInfoW
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueA
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
CryptDeriveKey

shell32

SHGetKnownFolderPath
SHGetFolderPathW
SHCreateDirectoryExW
CommandLineToArgvW
ShellExecuteW

ole32

CoTaskMemAlloc
CoInitialize
CoCreateGuid
CoSetProxyBlanket
CoInitializeEx
StringFromGUID2
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoGetClassObject

oleaut32

SysAllocString
SysAllocStringByteLen
VariantClear
SysFreeString
VariantInit
SysStringLen

wintrust

WinVerifyTrust

shlwapi

StrTrimW
PathFindFileNameA
PathRemoveExtensionA
PathRemoveFileSpecA
PathAddExtensionA
PathFindExtensionW
PathAppendW
PathRemoveFileSpecW
PathFileExistsW
PathStripToRootW
PathFileExistsA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInterfaceW
SetupDiCreateDeviceInfoList
SetupDiGetDeviceRegistryPropertyW

crypt32

CryptMsgOpenToDecode
CryptMsgClose
CryptMsgUpdate
CryptMsgGetParam
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptDecodeObject

Sections

.text
Size: 508KB - Virtual size: 507KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/McInstruTrack.ini
$_0_/McRtMui.dll
.dll windows:6 windows x86 arch:x86

439258af42325e323ae52d344e766353

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:a3:c3:d3:ab:0c:3e:95:36:c5:06:ae
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

26/02/2019, 19:10

Not After

26/02/2022, 19:10

Subject

CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-01,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:bf:01:d6:d8:66:87:0c:0b:26:16:f8:e0:af:21:80:41:14:c5:91:8f:ef:3f:95:96:43:48:e5:7b:a7:0a:81
Signer

Actual PE Digest

7c:bf:01:d6:d8:66:87:0c:0b:26:16:f8:e0:af:21:80:41:14:c5:91:8f:ef:3f:95:96:43:48:e5:7b:a7:0a:81

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wtsapi32

WTSQueryUserToken
WTSRegisterSessionNotification
WTSUnRegisterSessionNotification

shlwapi

SHDeleteKeyW
ord280
PathFileExistsW

kernel32

GetModuleFileNameW
WideCharToMultiByte
GetCurrentProcessId
SetLastError
FindClose
ReleaseMutex
WriteFile
CreateFileW
SetFilePointer
FindFirstFileW
OutputDebugStringW
GetFileAttributesW
CreateMutexW
GetLocalTime
FormatMessageW
MultiByteToWideChar
GetCurrentDirectoryW
CreateDirectoryW
VirtualQuery
FindResourceExW
WritePrivateProfileStringW
LocalAlloc
LocalFree
lstrlenW
VerSetConditionMask
VerifyVersionInfoW
GetConsoleCP
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
QueueUserAPC
GetSystemDefaultLCID
GetUserDefaultUILanguage
IsValidLocale
WTSGetActiveConsoleSessionId
FindResourceW
WaitForMultipleObjects
SizeofResource
LoadResource
GetModuleHandleExW
GetModuleHandleW
GetThreadId
GetExitCodeThread
GetCurrentThreadId
GetCurrentThread
GetCurrentProcess
Sleep
OpenEventW
CreateEventW
SetEndOfFile
WaitForSingleObject
SetEvent
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
CloseHandle
LoadLibraryExW
GetProcAddress
FreeLibrary
GetEnvironmentVariableW
LockResource
DeleteCriticalSection
InitializeCriticalSectionEx
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
GetConsoleMode
SetFilePointerEx
WriteConsoleW
ReadFile
ReadConsoleW
WritePrivateProfileStructW
SetStdHandle
GetACP
GetStdHandle
GetModuleFileNameA
ExitProcess
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetStringTypeW
LCMapStringW
GetCPInfo
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
InterlockedFlushSList
GetSystemInfo
VirtualAlloc
VirtualProtect
CreateThread
ExitThread
FreeLibraryAndExitThread
GetFileType

user32

LookupIconIdFromDirectoryEx
PeekMessageW
DefWindowProcW
RegisterClassExW
DispatchMessageW
CreateIconFromResourceEx
UnregisterClassW
LoadImageW
SetWindowLongW
GetWindowLongW
SetWindowRgn
MsgWaitForMultipleObjectsEx
DestroyWindow
CreateWindowExW

gdi32

GetObjectW
SetStretchBltMode
StretchBlt
SelectObject
DeleteObject
DeleteDC
CreateDIBitmap
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
SetBitmapDimensionEx

advapi32

CopySid
RegSetKeySecurity
RegQueryValueExW
RegNotifyChangeKeyValue
RegGetKeySecurity
RegFlushKey
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
FreeSid
RegSetValueExA
RegQueryValueExA
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceEvent
UnregisterTraceGuids
RegDisablePredefinedCache
RevertToSelf
IsValidSid
InitializeSid
ImpersonateLoggedOnUser
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidLengthRequired
GetLengthSid
EqualSid
OpenThreadToken
OpenProcessToken
SetThreadToken
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyExW
RegCreateKeyExW
RegCloseKey

shell32

SHGetKnownFolderPath

ole32

StringFromGUID2
CLSIDFromString
CoTaskMemFree

userenv

UnloadUserProfile

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DllAddRef
DllRelease
RtMUIFindResource
RtMUIFindResourceEx
RtMUIGetMappedLocale
RtMUILoadBitmap
RtMUILoadBitmapEx
RtMUILoadIcon
RtMUILoadIconEx
RtMUILoadImage
RtMUILoadImageEx
RtMUILoadLibrary
RtMUILoadLibraryEx
RtMUILoadLibraryImpl
RtMUILoadString
RtMUILoadStringEx

Sections

.text
Size: 212KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 568B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/McUpdater.dll
.dll regsvr32 windows:6 windows x86 arch:x86

57af443cb440f59f724549c58b79e678

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

12/03/2021, 00:00

Not After

11/03/2024, 23:59

Subject

CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:ac:f9:be:03:6d:43:51:92:57:74:85:3d:51:9f:47:ed:1c:87:97:7b:c9:1c:c8:2a:1c:dd:25:f2:d5:22:3c
Signer

Actual PE Digest

22:ac:f9:be:03:6d:43:51:92:57:74:85:3d:51:9f:47:ed:1c:87:97:7b:c9:1c:c8:2a:1c:dd:25:f2:d5:22:3c

Digest Algorithm

sha256

PE Digest Matches

true

22:ac:f9:be:03:6d:43:51:92:57:74:85:3d:51:9f:47:ed:1c:87:97:7b:c9:1c:c8:2a:1c:dd:25:f2:d5:22:3c
Signer

Actual PE Digest

22:ac:f9:be:03:6d:43:51:92:57:74:85:3d:51:9f:47:ed:1c:87:97:7b:c9:1c:c8:2a:1c:dd:25:f2:d5:22:3c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

PathFileExistsA
PathRemoveFileSpecA
PathAddExtensionA
PathFindExtensionW
PathRemoveExtensionA
PathFindFileNameA
PathAppendW
PathRemoveFileSpecW
StrTrimW
PathStripToRootW
PathFileExistsW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiCreateDeviceInfoList
SetupDiEnumDeviceInterfaces

psapi

GetModuleFileNameExW
GetModuleInformation
EnumProcessModules

wintrust

WinVerifyTrust

kernel32

RemoveDirectoryW
SetFileAttributesW
SetFilePointer
WriteFile
OutputDebugStringW
ReleaseMutex
WaitForSingleObject
CreateMutexW
Sleep
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
VirtualQuery
MoveFileExW
GetModuleHandleW
ClosePrivateNamespace
DeleteBoundaryDescriptor
VerSetConditionMask
GetTempPathW
SetEvent
CreateEventW
TerminateProcess
GetExitCodeProcess
CreateThread
OpenProcess
GetSystemTime
GetVersionExW
IsWow64Process
CreatePrivateNamespaceW
OpenPrivateNamespaceW
CreateBoundaryDescriptorW
AddSIDToBoundaryDescriptor
MoveFileW
VerifyVersionInfoW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
SetLastError
DeviceIoControl
FormatMessageW
GetDiskFreeSpaceExW
ResetEvent
GetPrivateProfileSectionNamesA
WaitForMultipleObjects
TerminateThread
GetModuleFileNameA
GetModuleHandleA
OpenThread
SystemTimeToFileTime
OpenEventW
GetUserDefaultLCID
LoadLibraryExW
LoadResource
SizeofResource
FindResourceW
lstrcmpiW
GetSystemDefaultLCID
EncodePointer
GetThreadLocale
SetThreadLocale
InitializeCriticalSectionAndSpinCount
lstrcpynW
lstrcpyW
lstrlenW
GetTimeFormatW
FlushFileBuffers
SetCurrentDirectoryW
GetTempFileNameW
GetExitCodeThread
GetFileSize
GlobalMemoryStatusEx
QueryFullProcessImageNameW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetWindowsDirectoryW
GlobalFindAtomW
GetFullPathNameW
LockFileEx
UnlockFileEx
GlobalAddAtomW
ReplaceFileW
DeleteFileA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
SetFilePointerEx
GetConsoleCP
ReadConsoleW
GetConsoleMode
GetFileType
GetSystemInfo
RtlUnwind
CreateTimerQueue
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
DuplicateHandle
DeleteFileW
CreateFileW
CreateDirectoryW
GetCurrentDirectoryW
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
WritePrivateProfileStructA
GetPrivateProfileStructA
WritePrivateProfileStringA
GetPrivateProfileStringA
LocalFree
LocalAlloc
GlobalFree
GlobalAlloc
LoadLibraryW
GetProcAddress
GetModuleHandleExW
GetModuleFileNameW
FreeLibrary
GetSystemDirectoryW
GetCurrentProcess
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
CloseHandle
DecodePointer
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
GetTimeZoneInformation
ExitThread
ExitProcess
GetACP
GetStdHandle
IsValidLocale
EnumSystemLocalesW
VirtualProtect
VirtualFree
VirtualAlloc
FreeLibraryAndExitThread
GetThreadTimes
GetCurrentThread
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTickCount
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
QueryPerformanceCounter
TryEnterCriticalSection
GetStringTypeW
SetStdHandle
SetEndOfFile
WriteConsoleW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
ReadFile

user32

PostThreadMessageW
PeekMessageW
DispatchMessageW
wsprintfW
GetMessageW
TranslateMessage
CharNextW
GetSystemMetrics
GetDC
GetDesktopWindow
MsgWaitForMultipleObjects

gdi32

GetDeviceCaps

advapi32

RegSetValueExA
OpenProcessToken
AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
RegCloseKey
RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
CryptDeriveKey
QueryServiceStatus
StartServiceW
RegOpenKeyW
RegQueryInfoKeyW
RegEnumKeyExW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
CloseServiceHandle
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptSetKeyParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetNamedSecurityInfoW
SetEntriesInAclW
LookupPrivilegeValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
CreateWellKnownSid
AdjustTokenPrivileges
RegSetValueExW

shell32

SHGetKnownFolderPath
SHGetFolderPathW
SHCreateDirectoryExW

ole32

CoUninitialize
StringFromGUID2
CoCreateGuid
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoInitializeEx
CoTaskMemRealloc
CoSetProxyBlanket
CoCreateInstance

oleaut32

UnRegisterTypeLi
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
VariantCopy
VariantClear
VariantInit
SysAllocString
SysFreeString
SysAllocStringByteLen

wininet

InternetCrackUrlW
InternetOpenW
InternetCloseHandle
InternetConnectW
InternetReadFile
InternetSetOptionW
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
HttpQueryInfoW

iphlpapi

GetAdaptersAddresses

crypt32

CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CryptQueryObject
CertGetNameStringW
CertGetCertificateContextProperty
CertFreeCertificateContext
CertGetSubjectCertificateFromStore
CertCloseStore
CryptMsgGetParam
CryptMsgUpdate
CryptMsgClose
CryptMsgOpenToDecode
CryptDecodeObject

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 643KB - Virtual size: 643KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/McUtil.dll
.dll regsvr32 windows:6 windows x86 arch:x86

6e493aa813216708a7f7382160e9356d

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:a3:c3:d3:ab:0c:3e:95:36:c5:06:ae
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

26/02/2019, 19:10

Not After

26/02/2022, 19:10

Subject

CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:3b:6a:c0:1e:2b:21:e6:15:dc:00:00:00:00:00:3b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:47

Not After

04/06/2025, 17:47

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bf:77:34:18:15:8e:41:57:b6:d8:75:d9:4d:bd:34:af:fb:8d:ba:98:e6:f8:68:a8:68:85:82:c6:c9:96:d7:c0
Signer

Actual PE Digest

bf:77:34:18:15:8e:41:57:b6:d8:75:d9:4d:bd:34:af:fb:8d:ba:98:e6:f8:68:a8:68:85:82:c6:c9:96:d7:c0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInterfaceW

shlwapi

SHDeleteKeyW
StrTrimW
AssocQueryStringW

kernel32

DeleteFileW
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileW
RemoveDirectoryW
SetFileAttributesW
OutputDebugStringW
CloseHandle
SetEvent
WaitForSingleObject
OpenMutexW
CreateEventW
OpenEventW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
CreateProcessA
CreateProcessW
ProcessIdToSessionId
GetModuleFileNameW
GetModuleHandleW
GlobalAlloc
GlobalFree
lstrlenW
LoadLibraryA
MoveFileExW
VerSetConditionMask
VerifyVersionInfoW
SetLastError
InitializeCriticalSectionAndSpinCount
VirtualQuery
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
ReleaseMutex
WriteFile
CreateFileW
SetFilePointer
GetFileSize
CreateMutexW
GetLocalTime
GetModuleHandleExW
ReadFile
DeviceIoControl
GetExitCodeThread
Sleep
FormatMessageW
GlobalMemoryStatusEx
WritePrivateProfileStringW
WritePrivateProfileStructW
ReadConsoleW
WriteConsoleW
SetFilePointerEx
SetStdHandle
CreateDirectoryW
SearchPathA
SearchPathW
GetCurrentDirectoryW
GetCurrentDirectoryA
SetCurrentDirectoryW
SetCurrentDirectoryA
WideCharToMultiByte
MultiByteToWideChar
CopyFileW
WritePrivateProfileStructA
GetPrivateProfileStructA
WritePrivateProfileStringA
GetPrivateProfileStringA
LoadLibraryW
LocalFree
LocalAlloc
GetProcAddress
FreeLibrary
GetSystemDirectoryW
DeleteCriticalSection
InitializeCriticalSectionEx
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
GetLastError
RaiseException
DecodePointer
GetFileAttributesW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetEndOfFile
GetTimeZoneInformation
GetFileType
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetACP
GetModuleFileNameA
ExitProcess
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualProtect
VirtualAlloc
GetSystemInfo
InterlockedFlushSList
LoadLibraryExW
RtlUnwind
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
ResetEvent
GetCPInfo
GetLocaleInfoW
IsDebuggerPresent
GetStringTypeW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW

user32

TranslateMessage
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects

advapi32

RegSetValueExW
RegCreateKeyExA
RegEnumKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
AllocateAndInitializeSid
RegSetKeySecurity
EqualSid
FreeSid
GetSecurityDescriptorControl
GetTokenInformation
RegCreateKeyExW
RegNotifyChangeKeyValue
RegGetKeySecurity
RegFlushKey
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptDeriveKey
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
StartServiceW
QueryServiceConfigW
OpenServiceW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceEvent
UnregisterTraceGuids
ConvertSidToStringSidW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
RegDeleteKeyW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
RegDeleteValueW
RegDeleteValueA
RegCloseKey

shell32

SHGetKnownFolderPath
ShellExecuteW
SHFileOperationW
SHGetMalloc
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetFolderPathW
SHCreateDirectoryExW

ole32

CoSetProxyBlanket
CoCreateInstance
StringFromCLSID
CoTaskMemFree
CLSIDFromString
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoCreateGuid
CoUninitialize
StringFromGUID2

oleaut32

SysFreeString
VariantClear
VariantInit
SysStringLen
SysAllocStringByteLen
SysAllocString

wininet

InternetCrackUrlW

powrprof

CallNtPowerInformation

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

DllRegisterServer
DllUnregisterServer
GetCPUVendorID
GetPlatformType
IsCSModeOn
IsCSModeOn2
IsPPInstalled
IsUIHostRunning
LaunchUIHost
McBeginBMMonitor
McBeginCSMonitor
McBeginFSMonitor
McBeginMetroMonitor
McCopyFilesA
McCopyFilesW
McCreateDirWithPermissions
McCreateProcess2A
McCreateProcess2W
McCreateProcessA
McCreateProcessW
McCreateTask
McDeleteDirectoryDeferedA
McDeleteDirectoryDeferedW
McDeleteFilesDeferedA
McDeleteFilesDeferedW
McDeleteTask
McDisableTask
McDoesFileExistA
McDoesFileExistW
McEnableTask
McEndBMMonitor
McEndCSMonitor
McEndFSMonitor
McEndIMMonitor
McEndMetroMonitor
McGetApplicationDataDirectory
McGetHardwareID
McGetMSCVersion
McGetMachineID
McGetOSVersion
McGetOSVersion2
McGetProgramFilesPathA
McGetProgramFilesPathW
McGetWindowsID
McIsFullScreen
McIsIdleMode
McIsIdleMode2
McIsMetroMode
McIsNTAdmin
McLoadLibraryA
McLoadLibraryW
McModulePathFromCLSIDA
McModulePathFromCLSIDW
McRegDeleteKeyA
McRegDeleteKeyW
McShellExecute

Sections

.text
Size: 363KB - Virtual size: 362KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/PDUEngine.dll
.dll windows:6 windows x86 arch:x86

747261219b195d833ef32c39e9ba8584

Code Sign

e7:47:5c:65:2d:7b:37:b4:3a:ad:f6:c8:f0:3a:b2:78
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

04/02/2019, 00:00

Not After

03/02/2022, 23:59

Subject

CN=McAfee\, LLC.,OU=Enterprise,O=McAfee\, LLC.,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/08/2013, 20:26

Not After

15/08/2023, 20:36

Subject

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

30/05/2000, 10:48

Not After

30/05/2020, 10:48

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

68:42:6e:a6:41:33:3a:cc:b3:18:df:0e:e4:b4:48:5c:71:90:98:31:fe:4c:5c:78:76:b7:10:09:89:2d:e6:cf
Signer

Actual PE Digest

68:42:6e:a6:41:33:3a:cc:b3:18:df:0e:e4:b4:48:5c:71:90:98:31:fe:4c:5c:78:76:b7:10:09:89:2d:e6:cf

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringW
GetLocalTime
GetCurrentThreadId
CreateFileW
WaitForSingleObject
VirtualQuery
InitializeCriticalSection
DeleteCriticalSection
LeaveCriticalSection
GetTickCount
GetProcAddress
GetModuleHandleW
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
GetCurrentProcess
ExpandEnvironmentStringsW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
CreateProcessW
OpenProcess
TerminateProcess
LoadLibraryW
FormatMessageW
EnumResourceNamesW
RaiseException
OpenThread
QueueUserAPC
InitializeCriticalSectionEx
DecodePointer
ReleaseMutex
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
GetCurrentDirectoryW
RemoveDirectoryW
DeleteFileW
GetVersionExW
FindFirstFileW
SetFileAttributesW
CopyFileW
MoveFileExW
GetShortPathNameW
GetWindowsDirectoryA
CreateFileA
GetFileSize
ReadFile
SetFilePointer
WriteFile
FindNextFileW
FindClose
CreateDirectoryW
FindNextFileA
FindFirstFileExA
GetTimeZoneInformation
SetEndOfFile
WriteConsoleW
FlushFileBuffers
SetStdHandle
GetFullPathNameW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
PeekNamedPipe
GetFileType
GetDriveTypeW
VirtualProtect
VirtualAlloc
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetStdHandle
GetACP
GetModuleFileNameA
ExitProcess
GetConsoleCP
ReadConsoleW
GetConsoleMode
SetFilePointerEx
CloseHandle
CreateMutexW
GetModuleFileNameW
GetFileAttributesW
GetPrivateProfileStringA
MultiByteToWideChar
GetPrivateProfileStructA
WideCharToMultiByte
WritePrivateProfileStructA
GetLastError
GetCurrentProcessId
Sleep
EnterCriticalSection
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
SetLastError
LoadLibraryExW
ReleaseSRWLockShared
AcquireSRWLockShared
GlobalFindAtomW
SystemTimeToFileTime
LockFileEx
UnlockFileEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetWindowsDirectoryW
GlobalAddAtomW
MoveFileW
ReplaceFileW
DeleteFileA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
VerifyVersionInfoW
VerSetConditionMask
GetSystemInfo
SwitchToThread
GetStringTypeW
EncodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
LocalFree
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
CreateThread

wintrust

WinVerifyTrust

advapi32

RegSetValueExW
QueryServiceStatus
OpenSCManagerW
OpenServiceW
StartServiceW
ControlService
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
RegDeleteKeyW
RegDeleteValueW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CloseServiceHandle
RegCreateKeyW
InitiateSystemShutdownExW

shell32

SHGetKnownFolderPath
SHGetFolderPathW
SHCreateDirectoryExW

ole32

CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
CLSIDFromString
CoInitialize
CoInitializeEx
CoTaskMemFree
CoSetProxyBlanket

oleaut32

SysStringLen
VariantChangeType
SysAllocString
VariantClear
VariantInit
SysFreeString

shlwapi

PathRemoveFileSpecW
PathAppendW
PathFindExtensionW
PathStripToRootW
PathAddExtensionA
PathFileExistsA
PathFindFileNameA
PathRemoveExtensionA
PathRemoveFileSpecA
PathFileExistsW

crypt32

CryptDecodeObject
CryptMsgOpenToDecode
CryptMsgClose
CryptMsgUpdate
CryptMsgGetParam
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DLL_HandleIncompatProducts
DLL_HandleSingleIncompatProduct
DLL_getIncompatProducts
DLL_setPaths
DLL_setPointProducts

Sections

.text
Size: 308KB - Virtual size: 308KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/SysConfig.ini
$_0_/V12LangCore.dll
.dll windows:6 windows x86 arch:x86

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

12/03/2021, 00:00

Not After

11/03/2024, 23:59

Subject

CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d5:61:ff:7e:34:a9:4a:45:24:97:80:e3:53:dd:1c:b5:13:7c:67:c3:eb:36:35:79:fa:86:06:78:24:7c:c9:51
Signer

Actual PE Digest

d5:61:ff:7e:34:a9:4a:45:24:97:80:e3:53:dd:1c:b5:13:7c:67:c3:eb:36:35:79:fa:86:06:78:24:7c:c9:51

Digest Algorithm

sha256

PE Digest Matches

true

d5:61:ff:7e:34:a9:4a:45:24:97:80:e3:53:dd:1c:b5:13:7c:67:c3:eb:36:35:79:fa:86:06:78:24:7c:c9:51
Signer

Actual PE Digest

d5:61:ff:7e:34:a9:4a:45:24:97:80:e3:53:dd:1c:b5:13:7c:67:c3:eb:36:35:79:fa:86:06:78:24:7c:c9:51

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 477KB - Virtual size: 477KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_0_/Vi2Res.dll
.dll .js windows:6 windows x86 arch:x86 polyglot

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

12/03/2021, 00:00

Not After

11/03/2024, 23:59

Subject

CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:9a:48:db:db:49:b8:b0:2f:2b:f2:57:14:90:f3:2f:74:cf:23:a6:ea:a8:62:e1:ea:e8:8e:8b:0b:1d:88:a5
Signer

Actual PE Digest

aa:9a:48:db:db:49:b8:b0:2f:2b:f2:57:14:90:f3:2f:74:cf:23:a6:ea:a8:62:e1:ea:e8:8e:8b:0b:1d:88:a5

Digest Algorithm

sha256

PE Digest Matches

true

aa:9a:48:db:db:49:b8:b0:2f:2b:f2:57:14:90:f3:2f:74:cf:23:a6:ea:a8:62:e1:ea:e8:8e:8b:0b:1d:88:a5
Signer

Actual PE Digest

aa:9a:48:db:db:49:b8:b0:2f:2b:f2:57:14:90:f3:2f:74:cf:23:a6:ea:a8:62:e1:ea:e8:8e:8b:0b:1d:88:a5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$_0_/Vi2_Fresh.json
$_0_/langmap.dat
$_0_/langsel.dll
.dll windows:6 windows x86 arch:x86

f3971e2424918611ef1805a3c497ffe2

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:a3:c3:d3:ab:0c:3e:95:36:c5:06:ae
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

26/02/2019, 19:10

Not After

26/02/2022, 19:10

Subject

CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:3b:6a:c0:1e:2b:21:e6:15:dc:00:00:00:00:00:3b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:47

Not After

04/06/2025, 17:47

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

58:f2:68:74:33:e7:1e:ed:c7:0e:4f:5c:e8:fe:2c:90:6e:bf:c4:01:f3:f9:be:be:2e:82:cd:c8:65:35:df:9b
Signer

Actual PE Digest

58:f2:68:74:33:e7:1e:ed:c7:0e:4f:5c:e8:fe:2c:90:6e:bf:c4:01:f3:f9:be:be:2e:82:cd:c8:65:35:df:9b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

EnterCriticalSection
LeaveCriticalSection
CreateFileW
GetFileSize
ReadFile
CloseHandle
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetUserDefaultUILanguage
GetSystemDefaultLCID
GetUserDefaultLocaleName
LocaleNameToLCID
GetModuleFileNameW
GetModuleHandleExW
InitializeCriticalSectionAndSpinCount
VirtualQuery
GetCurrentThreadId
GetCurrentProcessId
SetLastError
FreeLibrary
WaitForSingleObject
ReleaseMutex
WriteFile
SetFilePointer
FindFirstFileW
OutputDebugStringW
GetFileAttributesW
CreateMutexW
GetLocalTime
GetCurrentDirectoryW
CreateDirectoryW
WritePrivateProfileStructW
WritePrivateProfileStringW
lstrlenW
VerSetConditionMask
GetCurrentProcess
VerifyVersionInfoW
LoadLibraryExW
SetEndOfFile
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetModuleHandleW
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
LocalFree
LocalAlloc
GetProcAddress
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
HeapFree
InitializeCriticalSectionEx
FindClose
ReadConsoleW
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
IsDebuggerPresent
EncodePointer
CreateEventW
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetStringTypeW
LCMapStringW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
InterlockedFlushSList
GetSystemInfo
VirtualAlloc
VirtualProtect
GetFileType
ExitProcess
GetModuleFileNameA
GetACP
GetStdHandle

advapi32

RegSetKeySecurity
RegSetValueExW
RegNotifyChangeKeyValue
RegGetKeySecurity
RegFlushKey
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
FreeSid
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceEvent
UnregisterTraceGuids
RegSetValueExA
RegQueryValueExW
RegOpenKeyExW
RegQueryValueExA
RegCloseKey
RegOpenKeyExA

shell32

SHGetFolderPathW
SHGetKnownFolderPath

ole32

CLSIDFromString
CoCreateInstance
CoUninitialize
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemFree
CoInitialize

oleaut32

SysAllocString
VariantClear
SysStringLen
VariantInit
SysFreeString

shlwapi

SHDeleteKeyW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

??0CLangSel@@QAE@$$QAV0@@Z
??0CLangSel@@QAE@ABV0@@Z
??0CLangSel@@QAE@PB_W@Z
??1CLangSel@@QAE@XZ
??4CLangSel@@QAEAAV0@$$QAV0@@Z
??4CLangSel@@QAEAAV0@ABV0@@Z
??_FCLangSel@@QAEXXZ
?GetRegistryString@CLangSel@@AAEHABV?$CStringT@_WV?$StrTraitATL@_WV?$ChTraitsCRT@_W@ATL@@@ATL@@@ATL@@AAV23@@Z
?Initialize@CLangSel@@AAEHXZ
?LoadLanguageMap@CLangSel@@AAEHPB_W@Z
?LoadMISPLanguage@CLangSel@@AAEHXZ
?LoadMISPLanguageFromRegistry@CLangSel@@AAEHXZ
?_GetLCID@CLangSel@@QAEKPAK@Z
?_GetLCIDForMMI@CLangSel@@QAEKPAKAAH@Z
?_GetLCIDFromMcAfeeLangMap@CLangSel@@QAEKKPAK@Z
GetLCID
GetLCIDForMMI
GetLCIDFromMap
GetLCIDFromMcAfeeLangMap

Sections

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 576B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/mcbrwsr2.dll
.dll windows:6 windows x86 arch:x86

53fc4b8b51ffe10e5aaf27a4d97dd047

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:a3:c3:d3:ab:0c:3e:95:36:c5:06:ae
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

26/02/2019, 19:10

Not After

26/02/2022, 19:10

Subject

CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:3b:6a:c0:1e:2b:21:e6:15:dc:00:00:00:00:00:3b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:47

Not After

04/06/2025, 17:47

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:90:20:77:61:c4:26:dd:94:50:03:0d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-01,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e7:6f:83:3c:59:a8:1d:ed:80:0a:fe:aa:d1:63:00:7a:64:4a:82:4e:cb:9f:0a:fc:4d:79:49:fc:7a:dd:eb:a9
Signer

Actual PE Digest

e7:6f:83:3c:59:a8:1d:ed:80:0a:fe:aa:d1:63:00:7a:64:4a:82:4e:cb:9f:0a:fc:4d:79:49:fc:7a:dd:eb:a9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
WideCharToMultiByte
GetThreadLocale
CreateFileW
WriteFile
CloseHandle
InitializeCriticalSection
DeleteCriticalSection
GetSystemDirectoryW
FreeLibrary
GetProcAddress
SetCurrentDirectoryW
GetCurrentDirectoryW
RaiseException
InitializeCriticalSectionEx
Sleep
VirtualQuery
LoadLibraryExW
FindResourceExA
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetCurrentProcessId
GetVersionExW
GetModuleFileNameW
GlobalAlloc
GlobalFree
FindClose
FindFirstFileW
FindNextFileW
GetFileAttributesW
DecodePointer
GetModuleHandleW
GetModuleHandleExW
LocalAlloc
LocalFree
LoadLibraryW
GetLongPathNameW
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
GetCurrentThreadId
SetLastError
WaitForSingleObject
ReleaseMutex
SetFilePointer
OutputDebugStringW
CreateMutexW
GetLocalTime
VerSetConditionMask
VerifyVersionInfoW
FormatMessageW
CreateDirectoryW
WritePrivateProfileStructW
WritePrivateProfileStringW
lstrlenW
QueryFullProcessImageNameW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
CreateThread
OpenProcess
GetWindowsDirectoryW
GlobalFindAtomW
SystemTimeToFileTime
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFullPathNameW
LockFileEx
UnlockFileEx
GlobalAddAtomW
CopyFileW
MoveFileW
MoveFileExW
ReplaceFileW
DeleteFileA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
GetSystemInfo
VirtualProtect
LoadLibraryExA
IsDebuggerPresent
EncodePointer
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
VirtualAlloc
VirtualFree
GetStringTypeW
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
QueryPerformanceCounter
RtlUnwind
InterlockedFlushSList
GetFileType
SetFilePointerEx
ReadFile
GetConsoleMode
ReadConsoleW
GetConsoleCP
ExitProcess
GetModuleFileNameA
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
SetStdHandle
FlushFileBuffers
WriteConsoleW
SetEndOfFile
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW

Exports

Exports

McBrwDeInit
McBrwInit
McBrwInit2
McGetBrwObject
McGetBrwObject2
McGetBrwObject2Ex
McGetBrwObjectEx

Sections

.text
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/mcuicnt.exe
.exe windows:6 windows x86 arch:x86

0c96da1cddbd4461bd9e3fb04fac1a21

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

12/03/2021, 00:00

Not After

11/03/2024, 23:59

Subject

CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6e:75:a5:f8:99:30:29:29:1f:77:82:e7:99:0f:43:cd:35:54:8b:14:4a:df:59:b8:4b:b9:a8:55:2e:d6:5d:e2
Signer

Actual PE Digest

6e:75:a5:f8:99:30:29:29:1f:77:82:e7:99:0f:43:cd:35:54:8b:14:4a:df:59:b8:4b:b9:a8:55:2e:d6:5d:e2

Digest Algorithm

sha256

PE Digest Matches

true

6e:75:a5:f8:99:30:29:29:1f:77:82:e7:99:0f:43:cd:35:54:8b:14:4a:df:59:b8:4b:b9:a8:55:2e:d6:5d:e2
Signer

Actual PE Digest

6e:75:a5:f8:99:30:29:29:1f:77:82:e7:99:0f:43:cd:35:54:8b:14:4a:df:59:b8:4b:b9:a8:55:2e:d6:5d:e2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

HeapFree
GetModuleFileNameW
InitializeCriticalSection
InitializeCriticalSectionEx
HeapSize
MultiByteToWideChar
Sleep
GetLastError
HeapReAlloc
RaiseException
LoadLibraryW
HeapAlloc
DecodePointer
HeapDestroy
GetProcAddress
DeleteCriticalSection
GetProcessHeap
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
VirtualQuery
CreateFileW
GetFileSize
CloseHandle
ReadFile
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetCommandLineW
CreateProcessW
WaitForSingleObject
SetEvent
GlobalDeleteAtom
LocalFree
CreateEventW
OpenEventW
SetLastError
CreateThread
LocalAlloc
GlobalAddAtomW
GlobalGetAtomNameW
GetCurrentThreadId
SizeofResource
LockResource
LoadResource
FindResourceExW
FindResourceW
FindClose
FindFirstFileW
GetFileAttributesW
RemoveDirectoryW
SetFilePointer
WriteFile
OutputDebugStringW
ReleaseMutex
CreateMutexW
GetLocalTime
InitializeCriticalSectionAndSpinCount
GetModuleHandleExW
VerSetConditionMask
GetCurrentProcess
VerifyVersionInfoW
LoadLibraryExW
FormatMessageW
WritePrivateProfileStringW
WritePrivateProfileStructW
GetCurrentDirectoryW
CreateDirectoryW
FindNextFileW
lstrlenW
GetEnvironmentVariableW
QueryFullProcessImageNameW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
OpenProcess
GetWindowsDirectoryW
GlobalFindAtomW
SystemTimeToFileTime
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetFullPathNameW
LockFileEx
UnlockFileEx
CopyFileW
MoveFileW
MoveFileExW
ReplaceFileW
DeleteFileA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
GetSystemInfo
VirtualProtect
LoadLibraryExA
IsDebuggerPresent
GetStringTypeW
InitOnceBeginInitialize
InitOnceComplete
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetCPInfo
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
VirtualAlloc
GetFileType
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleCP
ExitProcess
GetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetStdHandle
GetFileSizeEx
FlushFileBuffers
SetEndOfFile
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW

Sections

.text
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_0_/trusted.js
$_0_/vi2.dll
.dll windows:6 windows x86 arch:x86

16a41b5f7ff0e54bc81b070c9e843550

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

12/03/2021, 00:00

Not After

11/03/2024, 23:59

Subject

CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c1:de:df:c8:ec:82:37:71:ed:f6:b1:fc:71:38:3f:02:d9:f5:f3:99:5f:c8:1b:05:75:07:ed:dc:2b:dd:16:e4
Signer

Actual PE Digest

c1:de:df:c8:ec:82:37:71:ed:f6:b1:fc:71:38:3f:02:d9:f5:f3:99:5f:c8:1b:05:75:07:ed:dc:2b:dd:16:e4

Digest Algorithm

sha256

PE Digest Matches

true

c1:de:df:c8:ec:82:37:71:ed:f6:b1:fc:71:38:3f:02:d9:f5:f3:99:5f:c8:1b:05:75:07:ed:dc:2b:dd:16:e4
Signer

Actual PE Digest

c1:de:df:c8:ec:82:37:71:ed:f6:b1:fc:71:38:3f:02:d9:f5:f3:99:5f:c8:1b:05:75:07:ed:dc:2b:dd:16:e4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

psapi

GetModuleInformation
EnumProcessModules
EnumProcesses
GetModuleBaseNameW
GetModuleFileNameExW

wintrust

WinVerifyTrust

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

wnsprintfW
PathAppendW
SHDeleteKeyW
SHGetValueW
PathFindExtensionW
PathAddExtensionA
PathFileExistsA
PathFindFileNameA
PathRemoveExtensionA
PathRemoveFileSpecA
StrTrimW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
PathStripToRootW

setupapi

SetupDiGetClassDevsW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInterfaceW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces

rpcrt4

UuidCreate

crypt32

CertVerifyCertificateChainPolicy
CertFreeCertificateChain
CertGetCertificateChain
CryptQueryObject
CertGetNameStringW
CertGetCertificateContextProperty
CertFreeCertificateContext
CertGetSubjectCertificateFromStore
CertCloseStore
CryptMsgGetParam
CryptMsgUpdate
CryptMsgClose
CryptMsgOpenToDecode
CryptDecodeObject
CryptProtectData
CryptBinaryToStringW

kernel32

WritePrivateProfileStringA
LoadLibraryW
HeapAlloc
DecodePointer
HeapDestroy
GetProcAddress
LocalFree
DeleteCriticalSection
GetPrivateProfileStructA
GetProcessHeap
FreeLibrary
CopyFileW
WideCharToMultiByte
GetPrivateProfileStringA
SetLastError
FormatMessageA
Sleep
VirtualQuery
WaitForSingleObject
GetModuleHandleW
GetCurrentDirectoryW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
OpenProcess
GetCurrentProcessId
WritePrivateProfileStringW
WaitForMultipleObjects
CreateThread
CreateDirectoryW
ReadFile
WriteFile
RemoveDirectoryW
SetFilePointer
CreateMutexW
CreateFileW
GetCurrentThreadId
ReleaseMutex
OutputDebugStringW
DeleteFileW
GetLocalTime
MoveFileExW
GetFileSize
GetTempFileNameW
GetSystemDefaultLCID
GetUserDefaultLCID
FormatMessageW
CreateEventW
GetTickCount64
ClosePrivateNamespace
DeleteBoundaryDescriptor
CreateProcessW
TerminateProcess
VerSetConditionMask
VerifyVersionInfoW
GetTempPathW
MoveFileW
IsWow64Process
CreateBoundaryDescriptorW
AddSIDToBoundaryDescriptor
CreatePrivateNamespaceW
OpenPrivateNamespaceW
GetExitCodeProcess
SetEvent
GetSystemTime
DeviceIoControl
GetModuleHandleA
FindResourceExW
FindResourceW
SizeofResource
LoadResource
RaiseException
GetLongPathNameW
lstrlenW
GetTickCount
OpenEventW
GetProcessId
LCIDToLocaleName
SetCurrentDirectoryW
SetProcessShutdownParameters
ResetEvent
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
CreateWaitableTimerW
SleepEx
CancelWaitableTimer
SetWaitableTimer
SystemTimeToFileTime
GlobalMemoryStatusEx
GetDiskFreeSpaceExW
LoadLibraryA
QueryFullProcessImageNameW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetWindowsDirectoryW
GlobalFindAtomW
GetFullPathNameW
LockFileEx
UnlockFileEx
GlobalAddAtomW
ReplaceFileW
DeleteFileA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
WaitForSingleObjectEx
WaitForMultipleObjectsEx
GetExitCodeThread
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetEndOfFile
FlushFileBuffers
WriteConsoleW
GetTimeZoneInformation
SetStdHandle
GetStdHandle
GetACP
GetCurrentThread
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetModuleFileNameA
ExitProcess
GetFileType
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
GetConsoleCP
ReadConsoleW
GetConsoleMode
VirtualProtect
VirtualAlloc
CloseHandle
HeapReAlloc
GlobalFree
GlobalAlloc
GetLastError
MultiByteToWideChar
HeapSize
GetSystemDirectoryW
GetVersionExW
GetFileAttributesW
LocalAlloc
FindClose
InitializeCriticalSectionEx
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetShortPathNameW
GetModuleHandleExW
GetCurrentProcess
FindNextFileW
EnterCriticalSection
HeapFree
FindFirstFileW
WritePrivateProfileStructA
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SignalObjectAndWait
SwitchToThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
WritePrivateProfileStructW
GetSystemInfo
RtlUnwind
InterlockedFlushSList
InterlockedPushEntrySList
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
TryEnterCriticalSection
GetStringTypeW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LockResource

user32

GetWindowLongW
DefWindowProcW
CallWindowProcW
SetWindowLongW
CloseWindow
PostThreadMessageW
LoadIconW
RegisterClassW
CreateWindowExW
GetMessageW
TranslateMessage
GetDC
GetDesktopWindow
GetSystemMetrics
DispatchMessageW
PostQuitMessage
BringWindowToTop
wsprintfW
SetForegroundWindow
SystemParametersInfoW
SendMessageW
ShutdownBlockReasonCreate
ExitWindowsEx
PeekMessageW
MsgWaitForMultipleObjects
ShutdownBlockReasonDestroy

gdi32

GetDeviceCaps

advapi32

OpenProcessToken
GetTokenInformation
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceEvent
UnregisterTraceGuids
CryptDeriveKey
QueryServiceStatus
StartServiceW
RegSetKeySecurity
RegGetKeySecurity
RegFlushKey
RegQueryInfoKeyA
RegEnableReflectionKey
CloseServiceHandle
OpenSCManagerW
QueryServiceConfigW
OpenServiceW
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptSetKeyParam
CryptImportKey
SetNamedSecurityInfoW
AdjustTokenPrivileges
LookupPrivilegeValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
CreateWellKnownSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
RegDeleteValueA
RegEnumKeyExW
RegQueryInfoKeyW
RegEnumValueW
RegDeleteValueW
RegEnumKeyExA
RegOpenKeyExA
FreeSid
RegSetValueExA
RegCreateKeyExA
AllocateAndInitializeSid
RegQueryValueExA
EqualSid
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
CryptGetHashParam
CryptHashData
RegNotifyChangeKeyValue
RegCreateKeyExW
RegDeleteKeyW
RegSetValueExW

shell32

SHCreateDirectoryExW
SHGetKnownFolderPath
SHGetFolderPathW
ShellExecuteW

ole32

CLSIDFromString
CoInitializeEx
CoTaskMemFree
CoUninitialize
StringFromGUID2
CoCreateGuid
CoTaskMemAlloc
CoCreateInstance
CoSetProxyBlanket
CoGetClassObject
CoInitialize

oleaut32

SafeArrayPutElement
CreateDispTypeInfo
CreateStdDispatch
SysAllocStringByteLen
SysStringByteLen
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetElement
SysStringLen
VariantChangeType
SafeArrayCreateVector
VariantCopy
SysFreeString
SysAllocString
VariantClear
VariantInit

wininet

InternetGetCookieExW

wsock32

recvfrom
recv
getsockopt
htons
closesocket
gethostbyname
select
__WSAFDIsSet
accept
ioctlsocket
socket
send
sendto
inet_ntoa
connect
setsockopt
ntohl
shutdown
WSAStartup
WSAGetLastError

bcrypt

BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash

iphlpapi

GetAdaptersAddresses

winhttp

WinHttpConnect
WinHttpQueryDataAvailable
WinHttpOpen
WinHttpReceiveResponse
WinHttpCloseHandle
WinHttpSendRequest
WinHttpOpenRequest
WinHttpReadData

Exports

Exports

OnAppAbort
OnAppInit
OnAppShutdown
OnBrowserInit
RemoveIfSymbolicLinkExists
SetAdminPermission

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 719KB - Virtual size: 718KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C:/ProgramData/McAfee/Direct/DynamicAffid/1244/AWDET.ini
C:/ProgramData/McAfee/Direct/DynamicAffid/1263/AWDET.ini
C:/ProgramData/McAfee/Direct/DynamicAffid/1297/AWDET.ini
C:/ProgramData/McAfee/Direct/DynamicAffid/1309/AWDET.ini
C:/ProgramData/McAfee/Direct/DynamicAffid/1312/AWDET.ini
C:/ProgramData/McAfee/Direct/DynamicAffid/1316/AWDET.ini
C:/ProgramData/McAfee/Direct/DynamicAffid/1318/AWDET.ini
C:/ProgramData/McAfee/Direct/DynamicAffid/1320/AWDET.ini
C:/ProgramData/McAfee/Direct/DynamicAffid/1324/AWDET.ini
C:/ProgramData/McAfee/Direct/DynamicAffid/1327/AWDET.ini
C:/ProgramData/McAfee/Direct/DynamicAffid/1333/AWDET.ini
C:/ProgramData/McAfee/Direct/McDiReg.exe
.exe windows:6 windows x86 arch:x86

13e886cb54cb01caf46a0a97f4abf638

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

12/03/2021, 00:00

Not After

11/03/2024, 23:59

Subject

CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

52:21:ed:3b:64:75:2f:58:22:2f:f1:c6:3f:62:cb:79:3c:0d:f8:8f:0e:dc:15:ca:79:6b:5d:5c:8d:60:34:86
Signer

Actual PE Digest

52:21:ed:3b:64:75:2f:58:22:2f:f1:c6:3f:62:cb:79:3c:0d:f8:8f:0e:dc:15:ca:79:6b:5d:5c:8d:60:34:86

Digest Algorithm

sha256

PE Digest Matches

true

52:21:ed:3b:64:75:2f:58:22:2f:f1:c6:3f:62:cb:79:3c:0d:f8:8f:0e:dc:15:ca:79:6b:5d:5c:8d:60:34:86
Signer

Actual PE Digest

52:21:ed:3b:64:75:2f:58:22:2f:f1:c6:3f:62:cb:79:3c:0d:f8:8f:0e:dc:15:ca:79:6b:5d:5c:8d:60:34:86

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathStripToRootW
PathFileExistsW
PathIsDirectoryEmptyW
PathRemoveFileSpecA
PathIsDirectoryW
StrTrimW
PathRemoveFileSpecW
wnsprintfW
PathAppendW
PathFindExtensionW
PathAddExtensionA
PathFileExistsA
PathFindFileNameA
PathRemoveExtensionA
SHDeleteKeyW
PathFindFileNameW

setupapi

SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInterfaceW
SetupDiGetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoList

rpcrt4

UuidCreate

psapi

GetModuleFileNameExW

wintrust

WinVerifyTrust

crypt32

CryptDecodeObject
CryptMsgClose
CryptMsgUpdate
CryptMsgGetParam
CertCloseStore
CertGetSubjectCertificateFromStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertGetNameStringW
CryptQueryObject
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptMsgOpenToDecode

kernel32

FreeLibrary
CopyFileW
WideCharToMultiByte
GetPrivateProfileStringA
SetLastError
FormatMessageA
Sleep
VirtualQuery
WritePrivateProfileStringW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
GetCurrentDirectoryW
GetCurrentProcessId
GetModuleHandleW
WaitForMultipleObjects
CreateThread
SizeofResource
LockResource
FindResourceExW
LoadResource
FindResourceW
GetSystemDefaultLCID
FormatMessageW
GetUserDefaultLCID
WaitForSingleObject
CreateEventW
GetTickCount64
ClosePrivateNamespace
DeleteBoundaryDescriptor
CreateProcessW
CreateMutexW
ReleaseMutex
OpenEventW
SetEvent
ResetEvent
CreatePrivateNamespaceW
TerminateProcess
RemoveDirectoryW
OpenPrivateNamespaceW
HeapSize
GetTempPathW
DeleteFileW
AddSIDToBoundaryDescriptor
MoveFileExW
VerSetConditionMask
VerifyVersionInfoW
GetTempFileNameW
GetSystemTime
GetProcessHeap
IsWow64Process
GetExitCodeProcess
DeviceIoControl
CreateFileW
ReadFile
GetCommandLineW
WriteFile
GetProcessId
DeleteCriticalSection
SetFileAttributesW
CreateFileA
GetWindowsDirectoryA
SetCurrentDirectoryW
GetFileSize
OpenMutexW
GetExitCodeThread
GlobalMemoryStatusEx
LoadLibraryExW
GetCurrentThreadId
QueryFullProcessImageNameW
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetWindowsDirectoryW
GlobalFindAtomW
SystemTimeToFileTime
GetFullPathNameW
OutputDebugStringW
GetModuleHandleA
LockFileEx
UnlockFileEx
GlobalAddAtomW
ReplaceFileW
DeleteFileA
SetFileAttributesA
GetTempPathA
GetTempFileNameA
InitializeCriticalSectionAndSpinCount
GetLocalTime
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
MoveFileW
GetPrivateProfileStructA
GetSystemDirectoryW
GetVersionExW
GetFileAttributesW
LocalAlloc
FindClose
InitializeCriticalSectionEx
InitializeCriticalSection
LeaveCriticalSection
GetModuleFileNameW
GetShortPathNameW
GetModuleHandleExW
GetCurrentProcess
FindNextFileW
EnterCriticalSection
HeapFree
FindFirstFileW
WritePrivateProfileStructA
LocalFree
GetProcAddress
HeapDestroy
DecodePointer
HeapAlloc
LoadLibraryW
RaiseException
CloseHandle
HeapReAlloc
GlobalFree
GlobalAlloc
GetLastError
SetFilePointer
MultiByteToWideChar
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
VirtualFree
DuplicateHandle
ReleaseSemaphore
InterlockedPopEntrySList
QueryDepthSList
UnregisterWaitEx
CreateTimerQueue
CreateDirectoryW
WritePrivateProfileStructW
lstrlenW
CreateBoundaryDescriptorW
SignalObjectAndWait
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindFirstFileExW
SetEndOfFile
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetCurrentThread
EnumSystemLocalesW
IsValidLocale
GetACP
GetStdHandle
GetFileType
SetFilePointerEx
FreeLibraryAndExitThread
ExitThread
ExitProcess
GetConsoleCP
ReadConsoleW
GetConsoleMode
VirtualAlloc
RtlUnwind
InterlockedFlushSList
GetSystemInfo
VirtualProtect
LoadLibraryExA
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetStringTypeW
TryEnterCriticalSection
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetTickCount
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
InterlockedPushEntrySList

user32

MsgWaitForMultipleObjects
GetDesktopWindow
GetSystemMetrics
GetDC
TranslateMessage
PeekMessageW
DispatchMessageW

gdi32

GetDeviceCaps

advapi32

AllocateAndInitializeSid
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
RegisterTraceGuidsW
TraceEvent
UnregisterTraceGuids
RegSetKeySecurity
RegGetKeySecurity
RegFlushKey
CryptDeriveKey
QueryServiceStatus
StartServiceW
CloseServiceHandle
OpenSCManagerW
QueryServiceConfigW
OpenServiceW
CryptDestroyKey
CryptEncrypt
CryptDecrypt
CryptSetKeyParam
CryptImportKey
LookupPrivilegeValueW
SetSecurityDescriptorDacl
AdjustTokenPrivileges
SetEntriesInAclW
CreateWellKnownSid
SetNamedSecurityInfoW
InitializeSecurityDescriptor
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueA
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegEnumValueW
RegNotifyChangeKeyValue
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptGetHashParam
CryptReleaseContext
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
EqualSid
RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
OpenProcessToken
FreeSid
RegOpenKeyExA
RegEnumKeyExA
GetTokenInformation

shell32

SHGetFolderPathW
ShellExecuteW
CommandLineToArgvW
SHCreateDirectoryExW
SHGetKnownFolderPath

ole32

CoGetClassObject
CoInitialize
CoTaskMemAlloc
CoCreateGuid
CLSIDFromString
StringFromGUID2
CoUninitialize
CoTaskMemFree
CoInitializeSecurity
CoInitializeEx
CoSetProxyBlanket
CoCreateInstance

oleaut32

SysAllocStringByteLen
SysAllocString
SysFreeString
VariantInit
VariantChangeType
VariantCopy
SysStringLen
VariantClear

Sections

.text
Size: 926KB - Virtual size: 925KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C:/ProgramData/McAfee/Direct/McInstru.dll
.dll windows:6 windows x86 arch:x86

967eb0400f731cf691df76279adfcbdb

Code Sign

01:ee:5f:16:9d:ff:97:35:2b:64:65:d6:6a
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

19/09/2018, 00:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

76:a3:c3:d3:ab:0c:3e:95:36:c5:06:ae
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

26/02/2019, 19:10

Not After

26/02/2022, 19:10

Subject

CN=McAfee\, LLC,O=McAfee\, LLC,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:29:15:27:00:00:00:00:00:2a
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:55

Not After

15/04/2021, 20:05

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:67:fa:46:ce:6c:fe:95:15:a6:9e:b2
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2018, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign TSA for Advanced - G3 - 003-02,O=GMO GlobalSign K.K.,C=JP

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:31:89:c6:50:04
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

02/08/2011, 10:00

Not After

29/03/2029, 10:00

Subject

CN=GlobalSign Timestamping CA - SHA256 - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:c5:f6:ea:d2:31:1b:2c:2b:8c:80:7f:a0:fb:ba:1c:af:cc:3d:b4:7e:db:89:6e:4b:a8:9e:5f:d9:c8:f6:b2
Signer

Actual PE Digest

11:c5:f6:ea:d2:31:1b:2c:2b:8c:80:7f:a0:fb:ba:1c:af:cc:3d:b4:7e:db:89:6e:4b:a8:9e:5f:d9:c8:f6:b2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateDirectoryW
ReadFile
WritePrivateProfileStructA
FindFirstFileW
HeapFree
FindNextFileW
WriteFile
GetShortPathNameW
RemoveDirectoryW
GetModuleFileNameW
InitializeCriticalSection
SetFilePointer
CreateMutexW
InitializeCriticalSectionEx
FindClose
WaitForSingleObject
CreateFileW
GetFileAttributesW
GetCurrentThreadId
GetVersionExW
ReleaseMutex
HeapSize
SetFileAttributesW
MultiByteToWideChar
Sleep
GetLastError
OutputDebugStringW
CreateFileA
DeleteFileW
HeapReAlloc
CloseHandle
RaiseException
GetWindowsDirectoryA
HeapAlloc
GetLocalTime
GetCurrentDirectoryW
DecodePointer
HeapDestroy
MoveFileExW
GetFileSize
DeleteCriticalSection
GetPrivateProfileStructA
GetCurrentProcessId
GetProcessHeap
WideCharToMultiByte
GetPrivateProfileStringA
VirtualQuery
EnterCriticalSection
LeaveCriticalSection
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetFileType
GetStdHandle
IsDebuggerPresent
GetStringTypeW
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RtlUnwind
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetACP

shell32

SHGetFolderPathW

ole32

CoCreateInstance

oleaut32

SysFreeString
SysAllocStringLen
VariantInit
VariantClear
SysAllocString

wininet

InternetOpenW
InternetReadFile
InternetConnectW
HttpOpenRequestW
HttpQueryInfoW
InternetSetOptionW
InternetCloseHandle
HttpSendRequestW

Exports

Exports

SendInstrumentData

Sections

.text
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
C:/ProgramData/McAfee/Direct/Vi2Res.dll
.dll .js windows:6 windows x86 arch:x86 polyglot

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

04/10/2021, 17:33

Not After

04/10/2024, 17:33

Subject

SERIALNUMBER=2306741,CN=McAfee\, LLC,O=McAfee\, LLC,STREET=6220 America Ctr Dr,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

Issuer

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Not Before

12/03/2021, 00:00

Not After

11/03/2024, 23:59

Subject

CN=McAfee\, LLC,OU=Engineering,O=McAfee\, LLC,POSTALCODE=95054,STREET=2821 Mission College Blvd,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

27/10/2014, 00:00

Not After

26/10/2024, 23:59

Subject

CN=McAfee Code Signing CA 2,O=McAfee\, Inc.,L=Santa Clara,ST=CA,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/07/2015, 21:03

Not After

22/07/2025, 21:03

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

aa:9a:48:db:db:49:b8:b0:2f:2b:f2:57:14:90:f3:2f:74:cf:23:a6:ea:a8:62:e1:ea:e8:8e:8b:0b:1d:88:a5
Signer

Actual PE Digest

aa:9a:48:db:db:49:b8:b0:2f:2b:f2:57:14:90:f3:2f:74:cf:23:a6:ea:a8:62:e1:ea:e8:8e:8b:0b:1d:88:a5

Digest Algorithm

sha256

PE Digest Matches

true

aa:9a:48:db:db:49:b8:b0:2f:2b:f2:57:14:90:f3:2f:74:cf:23:a6:ea:a8:62:e1:ea:e8:8e:8b:0b:1d:88:a5
Signer

Actual PE Digest

aa:9a:48:db:db:49:b8:b0:2f:2b:f2:57:14:90:f3:2f:74:cf:23:a6:ea:a8:62:e1:ea:e8:8e:8b:0b:1d:88:a5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 332B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
C:/ProgramData/McAfee/Direct/Vi2_Fresh.json

Sharing

General

Malware Config

Signatures

Files

3abe302b6d9a1256e6a915429af4ffd2

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5eCertificate

Extended Key Usages

Key Usages

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9fCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4Certificate

Extended Key Usages

Key Usages

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5Certificate

Extended Key Usages

Key Usages

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44Certificate

Extended Key Usages

Key Usages

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9fCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

b6:85:e0:cf:01:60:14:a3:f9:40:78:9c:c0:e3:94:8d:5c:29:be:8f:67:03:1f:28:2b:bd:a2:c9:b4:1e:2b:98Signer

b6:85:e0:cf:01:60:14:a3:f9:40:78:9c:c0:e3:94:8d:5c:29:be:8f:67:03:1f:28:2b:bd:a2:c9:b4:1e:2b:98Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 23KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 25KB - Virtual size: 24KB

8c8a576201f68de1a3f26fc723b9f30f

Code Sign

e7:47:5c:65:2d:7b:37:b4:3a:ad:f6:c8:f0:3a:b2:78Certificate

Extended Key Usages

Key Usages

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35Certificate

Extended Key Usages

Key Usages

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36Certificate

Key Usages

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

27:63:d5:c3:19:21:61:5b:1f:01:d3:3e:e8:ea:9b:3a:4c:77:f4:29:07:43:5c:5b:63:89:d2:e7:fb:15:a3:62Signer

Headers

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

b6:85:e0:cf:01:60:14:a3:f9:40:78:9c:c0:e3:94:8d:5c:29:be:8f:67:03:1f:28:2b:bd:a2:c9:b4:1e:2b:98
Signer

b6:85:e0:cf:01:60:14:a3:f9:40:78:9c:c0:e3:94:8d:5c:29:be:8f:67:03:1f:28:2b:bd:a2:c9:b4:1e:2b:98
Signer

.text
Size: 24KB - Virtual size: 23KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 25KB - Virtual size: 24KB

e7:47:5c:65:2d:7b:37:b4:3a:ad:f6:c8:f0:3a:b2:78
Certificate

33:00:00:00:35:d8:d5:59:5b:06:71:41:2b:00:00:00:00:00:35
Certificate

13:ea:28:70:5b:f4:ec:ed:0c:36:63:09:80:61:43:36
Certificate

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

27:63:d5:c3:19:21:61:5b:1f:01:d3:3e:e8:ea:9b:3a:4c:77:f4:29:07:43:5c:5b:63:89:d2:e7:fb:15:a3:62
Signer

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

13:a1:91:c0:eb:27:ae:85:ea:99:d7:29:14:b6:91:e4
Certificate

ca:c1:f1:dd:01:7e:80:f1:2b:4d:17:c1:69:6d:9b:a5
Certificate

33:00:00:00:44:b7:3f:fc:ef:5a:cf:a2:7a:00:00:00:00:00:44
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

23:25:42:c5:5e:25:a4:3b:7e:bd:9e:39:d8:f7:fe:93:f8:c5:06:70:0c:8e:8d:74:51:21:f5:d0:ba:9b:55:e0
Signer

23:25:42:c5:5e:25:a4:3b:7e:bd:9e:39:d8:f7:fe:93:f8:c5:06:70:0c:8e:8d:74:51:21:f5:d0:ba:9b:55:e0
Signer

.rdata
Size: 512B - Virtual size: 344B

.rsrc
Size: 1KB - Virtual size: 1KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

7d:9e:98:88:d0:f9:7a:54:32:82:7a:5e
Certificate

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate