PSTools[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

PSTools.zip
Size

5.0MB
MD5

41ebdadc06b18164dc571f9db251c01b
SHA1

ddfb009f8b92226aa45c467f8d0eebb29a8e2ff5
SHA256

a9ca77dfe03ce15004157727bb43ba66f00ceb215362c9b3d199f000edaa8d61
SHA512

263fb743b410f4fe5ff163e6435606b98087bd42e79ab82d1705cac32d93c31df6ecef9bcf6d9e0a344387184e3910f34f26ff7848e575b5b97019d12f7e0316
SSDEEP

98304:w8SK6YhPu87Ci2jqrAAQiu9fffhwqZ4qxIL48xtg6TK/nUjqbprp7sg:wU/h3h0qrAL9fCqZO1Kycbprp7P

Score

1^/10

Malware Config

Signatures

Files

PSTools.zip
.zip

Password: E
Eula.txt
PsExec.exe
.exe windows:6 windows x86 arch:x86

Password: E

1193bc223dad681f22f8248608cbb592

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

35:f4:a0:22:99:74:5d:2a:dd:26:8b:e6:eb:e6:8a:9d:bd:73:6f:54:ad:34:c8:ef:67:d3:83:f8:30:d2:f1:6f
Signer

Actual PE Digest

35:f4:a0:22:99:74:5d:2a:dd:26:8b:e6:eb:e6:8a:9d:bd:73:6f:54:ad:34:c8:ef:67:d3:83:f8:30:d2:f1:6f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\psexec\exe\Win32\Release\psexec.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

netapi32

NetServerEnum
NetApiBufferFree

ws2_32

gethostname
WSAStartup
inet_ntoa
gethostbyname

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

SetFileAttributesW
DuplicateHandle
DisconnectNamedPipe
SetNamedPipeHandleState
TransactNamedPipe
WaitNamedPipeW
CreateEventW
WaitForMultipleObjects
GetCurrentProcessId
GetFileTime
GetExitCodeProcess
ResumeThread
GetVersion
SetProcessAffinityMask
CopyFileW
ReadConsoleW
SetConsoleCtrlHandler
SetConsoleTitleW
HeapReAlloc
GetEnvironmentVariableW
GetFileAttributesW
ReadFile
GetConsoleScreenBufferInfo
MultiByteToWideChar
VerifyVersionInfoW
FormatMessageA
FindResourceW
SizeofResource
LockResource
LoadResource
FreeLibrary
GetSystemDirectoryW
GetTickCount
GetCurrentProcess
Sleep
WaitForSingleObject
SetEvent
CloseHandle
WriteFile
DeleteFileW
CreateFileW
VerSetConditionMask
SetThreadGroupAffinity
SetPriorityClass
GetModuleFileNameW
LocalFree
SetEndOfFile
LocalAlloc
GetProcAddress
GetModuleHandleW
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExW
GetVersionExW
SetLastError
GetComputerNameW
GetLastError
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
HeapSize
TerminateProcess
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetConsoleCP
SetStdHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
GetFileSizeEx
SetFilePointerEx

comdlg32

PrintDlgW

advapi32

CreateProcessAsUserW
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptExportKey
CryptDestroyKey
CryptDeriveKey
CryptGenKey
CryptReleaseContext
CryptAcquireContextW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
OpenProcessToken
LsaEnumerateAccountRights
LsaOpenPolicy
LsaClose
LsaFreeMemory
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
LookupPrivilegeValueW
SetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
GetAce
FreeSid
AllocateAndInitializeSid
AddAce
AddAccessAllowedAce
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 254KB - Virtual size: 254KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PsExec64.exe
.exe windows:6 windows x64 arch:x64

Password: E

8a589b59271d320348f6cdec90a97e6c

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:bd:9a:d6:5e:f4:5f:6d:d8:d9:2e:1d:c5:0d:9d:4a:17:f1:95:88:8d:ff:c3:a0:55:ed:1d:19:9f:b6:fc:13
Signer

Actual PE Digest

ed:bd:9a:d6:5e:f4:5f:6d:d8:d9:2e:1d:c5:0d:9d:4a:17:f1:95:88:8d:ff:c3:a0:55:ed:1d:19:9f:b6:fc:13

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\psexec\exe\x64\Release\psexec64.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetServerEnum
NetApiBufferFree

ws2_32

gethostbyname
WSAStartup
gethostname
inet_ntoa

mpr

WNetAddConnection2W
WNetCancelConnection2W

kernel32

WaitForMultipleObjects
GetCurrentProcessId
TerminateProcess
GetExitCodeProcess
ResumeThread
GetVersion
SetProcessAffinityMask
CopyFileW
ReadConsoleW
SetConsoleCtrlHandler
SetConsoleTitleW
CreateEventW
SetFilePointerEx
GetFileSizeEx
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
WaitNamedPipeW
TransactNamedPipe
SetNamedPipeHandleState
DisconnectNamedPipe
DuplicateHandle
GetFileTime
SetFileAttributesW
GetEnvironmentVariableW
GetFileAttributesW
ReadFile
GetConsoleScreenBufferInfo
MultiByteToWideChar
VerifyVersionInfoW
FormatMessageA
FindResourceW
SizeofResource
LockResource
LoadResource
FreeLibrary
GetSystemDirectoryW
GetTickCount
GetCurrentProcess
Sleep
WaitForSingleObject
SetEvent
CloseHandle
WriteFile
DeleteFileW
SetEndOfFile
CreateFileW
VerSetConditionMask
SetThreadGroupAffinity
SetPriorityClass
GetModuleFileNameW
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExW
GetVersionExW
SetLastError
GetComputerNameW
GetLastError
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
HeapSize
HeapReAlloc
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
ExitProcess
GetModuleHandleExW
GetConsoleCP
SetStdHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale

user32

GetDlgItem
EndDialog
SetWindowTextW
SendMessageW
SetCursor
GetSysColorBrush
LoadStringW
InflateRect
LoadCursorW
DialogBoxIndirectParamW

gdi32

StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
EndPage

comdlg32

PrintDlgW

advapi32

LsaFreeMemory
CreateProcessAsUserW
CryptHashData
CryptCreateHash
CryptDecrypt
CryptEncrypt
CryptImportKey
CryptExportKey
CryptDestroyKey
CryptDeriveKey
CryptGenKey
CryptReleaseContext
CryptAcquireContextW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
OpenProcessToken
LsaEnumerateAccountRights
LsaOpenPolicy
LsaClose
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
LookupPrivilegeValueW
SetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl
GetTokenInformation
GetLengthSid
GetAce
FreeSid
AllocateAndInitializeSid
AddAce
AddAccessAllowedAce
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 292KB - Virtual size: 291KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 248KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PsGetsid.exe
.exe windows:6 windows x86 arch:x86

Password: E

9dce7b925f437cdffe96b118cf300138

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:21:a0:fb:fd:8c:9a:36:83:08:72:c4:c7:60:bd:a3:8e:9d:4d:7a:68:93:9d:d1:2d:01:dd:39:60:38:6a:71
Signer

Actual PE Digest

ac:21:a0:fb:fd:8c:9a:36:83:08:72:c4:c7:60:bd:a3:8e:9d:4d:7a:68:93:9d:d1:2d:01:dd:39:60:38:6a:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\psgetsid\exe\Win32\Release\PsGetsid.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA

netapi32

NetApiBufferFree
NetServerEnum

ws2_32

WSAStartup
gethostname
inet_ntoa
gethostbyname

mpr

WNetCancelConnection2A
WNetAddConnection2A

kernel32

WaitForSingleObject
Sleep
GetCurrentProcess
GetTickCount
GetSystemDirectoryA
FreeLibrary
LoadResource
CloseHandle
DeleteFileA
FormatMessageA
FindResourceA
VerifyVersionInfoA
WideCharToMultiByte
GetConsoleScreenBufferInfo
lstrcpyA
lstrlenA
ReadFile
GetFileSizeEx
LockResource
WriteFile
CreateFileA
VerSetConditionMask
GetModuleFileNameW
GetModuleFileNameA
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleA
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExA
GetVersionExA
SetLastError
GetComputerNameA
GetLastError
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetEndOfFile
HeapSize
WriteConsoleW
SizeofResource
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetConsoleCP
ExitProcess
GetModuleHandleExW
SetStdHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CreateFileW
SetConsoleMode
ReadConsoleInputW
ReadConsoleW

comdlg32

PrintDlgA

advapi32

LsaNtStatusToWinError
LookupAccountNameA
LookupAccountSidA
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
IsValidSid
InitializeSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidLengthRequired
GetSidIdentifierAuthority
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey

Sections

.text
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 154KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PsGetsid64.exe
.exe windows:6 windows x64 arch:x64

Password: E

32d54060b1dbf768ddfe2c3038a10d20

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:5e:cc:90:bf:ad:77:2d:09:19:01:2f:1f:2c:07:3b:76:f6:3a:1e:8e:22:b0:b3:39:40:d6:c4:02:d3:3a:76
Signer

Actual PE Digest

e2:5e:cc:90:bf:ad:77:2d:09:19:01:2f:1f:2c:07:3b:76:f6:3a:1e:8e:22:b0:b3:39:40:d6:c4:02:d3:3a:76

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\psgetsid\exe\x64\Release\PsGetsid64.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA

netapi32

NetApiBufferFree
NetServerEnum

ws2_32

WSAStartup
gethostname
inet_ntoa
gethostbyname

mpr

WNetCancelConnection2A
WNetAddConnection2A

kernel32

WaitForSingleObject
Sleep
GetCurrentProcess
GetTickCount
GetSystemDirectoryA
FreeLibrary
LoadResource
CloseHandle
SizeofResource
FormatMessageA
FindResourceA
VerifyVersionInfoA
WideCharToMultiByte
GetConsoleScreenBufferInfo
lstrcpyA
lstrlenA
ReadFile
GetFileSizeEx
DeleteFileA
WriteFile
CreateFileA
VerSetConditionMask
GetModuleFileNameW
GetModuleFileNameA
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleA
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExA
GetVersionExA
SetLastError
GetComputerNameA
GetLastError
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
LockResource
RaiseException
SetEndOfFile
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
GetConsoleCP
ExitProcess
GetModuleHandleExW
SetStdHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CreateFileW
SetConsoleMode
ReadConsoleInputW
ReadConsoleW

comdlg32

PrintDlgA

advapi32

LookupAccountNameA
LookupAccountSidA
LsaNtStatusToWinError
LsaQueryInformationPolicy
LsaOpenPolicy
LsaClose
IsValidSid
InitializeSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidLengthRequired
GetSidIdentifierAuthority
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PsInfo.exe
.exe windows:6 windows x86 arch:x86

Password: E

ad3d06f92d53781231ed31d7b11968c0

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:f7:d7:e1:b2:e5:5e:32:93:76:c0:76:f9:0a:3d:59:dc:58:97:b7:11:e9:d4:ec:67:08:f6:e8:49:69:7f:67
Signer

Actual PE Digest

7f:f7:d7:e1:b2:e5:5e:32:93:76:c0:76:f9:0a:3d:59:dc:58:97:b7:11:e9:d4:ec:67:08:f6:e8:49:69:7f:67

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\psinfo\exe\Win32\Release\Psinfo.pdb

Imports

pdh

PdhOpenQueryW
PdhGetFormattedCounterValue
PdhCloseQuery
PdhCollectQueryData
PdhAddCounterW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetApiBufferFree
NetServerEnum

ws2_32

inet_ntoa
gethostname
WSAStartup
gethostbyname

mpr

WNetAddConnection2W
WNetCancelConnection2W

kernel32

GetFileType
GetModuleHandleW
GetProcAddress
LocalAlloc
LocalFree
GetModuleFileNameW
VerSetConditionMask
CreateFileW
DeleteFileW
WriteFile
CloseHandle
WaitForSingleObject
Sleep
GetCurrentProcess
GetTickCount
GetSystemDirectoryW
GetCommandLineW
LoadResource
LockResource
SizeofResource
FindResourceW
FormatMessageA
VerifyVersionInfoW
MultiByteToWideChar
GetConsoleScreenBufferInfo
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDrives
GetVolumeInformationW
SetErrorMode
ReadFile
GlobalMemoryStatusEx
FileTimeToSystemTime
GetDateFormatW
ReadConsoleInputW
LoadLibraryExW
GetStdHandle
GetVersionExW
SetLastError
GetComputerNameW
GetLastError
ReadConsoleW
GetFileSizeEx
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
HeapSize
SetEndOfFile
FreeLibrary
SetConsoleMode
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetConsoleCP
SetStdHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapAlloc
HeapFree
CompareStringW
LCMapStringW

comdlg32

PrintDlgW

advapi32

RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegEnumKeyW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
RegConnectRegistryW
LogonUserW
RevertToSelf
ImpersonateLoggedOnUser
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

ole32

CoInitializeSecurity
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 156KB - Virtual size: 155KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PsInfo64.exe
.exe windows:6 windows x64 arch:x64

Password: E

d32907b6625b89bd2d503e3d54f41ab9

Code Sign

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:45

Not After

11-05-2023 20:45

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e1:45:d2:c6:2e:81:1e:7e:d1:96:7c:74:35:8a:c7:0b:1d:c6:56:f2:ae:9a:b4:76:0d:75:ab:d4:b8:6e:bf:f5
Signer

Actual PE Digest

e1:45:d2:c6:2e:81:1e:7e:d1:96:7c:74:35:8a:c7:0b:1d:c6:56:f2:ae:9a:b4:76:0d:75:ab:d4:b8:6e:bf:f5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\psinfo\exe\x64\Release\Psinfo64.pdb

Imports

pdh

PdhGetFormattedCounterValue
PdhCloseQuery
PdhCollectQueryData
PdhAddCounterW
PdhOpenQueryW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

netapi32

NetServerEnum
NetApiBufferFree

ws2_32

WSAStartup
inet_ntoa
gethostname
gethostbyname

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetFileType
GetModuleHandleW
GetProcAddress
LocalAlloc
LocalFree
GetModuleFileNameW
VerSetConditionMask
CreateFileW
DeleteFileW
WriteFile
CloseHandle
WaitForSingleObject
Sleep
GetCurrentProcess
GetTickCount
GetSystemDirectoryW
GetCommandLineW
LoadResource
LockResource
SizeofResource
FindResourceW
FormatMessageA
VerifyVersionInfoW
MultiByteToWideChar
GetConsoleScreenBufferInfo
GetDiskFreeSpaceExW
GetDriveTypeW
GetLogicalDrives
GetVolumeInformationW
SetErrorMode
ReadFile
GlobalMemoryStatusEx
FileTimeToSystemTime
GetDateFormatW
LoadLibraryExW
GetStdHandle
GetVersionExW
SetLastError
GetComputerNameW
GetLastError
ReadConsoleInputW
ReadConsoleW
GetFileSizeEx
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
HeapSize
FreeLibrary
SetEndOfFile
FreeEnvironmentStringsW
SetConsoleMode
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
ExitProcess
GetModuleHandleExW
GetConsoleCP
SetStdHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

comdlg32

PrintDlgW

advapi32

RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegEnumKeyW
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
RegConnectRegistryW
LogonUserW
RevertToSelf
ImpersonateLoggedOnUser
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

ole32

CoCreateInstance
CoInitializeEx
CoInitializeSecurity

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 193KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PsLoggedon.exe
.exe windows:5 windows x86 arch:x86

Password: E

2d2cee6d005eec5676742ba250d53d92

Code Sign

33:00:00:00:98:04:58:cb:7f:23:09:b0:9e:00:00:00:00:00:98
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30-03-2016 19:21

Not After

30-06-2017 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7AFA-E41C-E142,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28-10-2015 20:31

Not After

28-01-2017 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bc:74:e7:fc:fd:ee:15:23:68:d7:01:80:cd:16:80:02:f2:ee:e1:5e:5e:b7:87:76:25:61:a5:76:cc:b3:9b:cf
Signer

Actual PE Digest

bc:74:e7:fc:fd:ee:15:23:68:d7:01:80:cd:16:80:02:f2:ee:e1:5e:5e:b7:87:76:25:61:a5:76:cc:b3:9b:cf

Digest Algorithm

sha256

PE Digest Matches

true

4f:65:39:93:65:7a:1b:fd:3e:63:59:0c:74:62:bd:b3:62:cc:d3:1c
Signer

Actual PE Digest

4f:65:39:93:65:7a:1b:fd:3e:63:59:0c:74:62:bd:b3:62:cc:d3:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetServerEnum
NetApiBufferFree
NetSessionEnum

kernel32

Sleep
WriteFile
CloseHandle
LoadLibraryExW
SetLastError
GetCurrentProcess
MultiByteToWideChar
GetLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageW
GetTimeFormatW
GetDateFormatW
GetLastError
FreeLibrary
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
LoadLibraryW
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
LCMapStringW
OutputDebugStringW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
ReadConsoleW
CreateFileW
RaiseException
LoadLibraryExA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetProcessHeap
FlushFileBuffers
GetConsoleCP
ReadFile
RtlUnwind
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

comdlg32

PrintDlgW

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
LookupAccountNameW
LookupAccountSidW
FreeSid
AllocateAndInitializeSid
RegConnectRegistryW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 76KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PsLoggedon64.exe
.exe windows:5 windows x64 arch:x64

Password: E

e4941a2a5bd3b0e41593ae57bdcef195

Code Sign

33:00:00:00:9c:ee:fe:14:55:a9:5d:35:50:00:00:00:00:00:9c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30-03-2016 19:21

Not After

30-06-2017 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04-06-2015 17:42

Not After

04-09-2016 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31-08-2010 22:19

Not After

31-08-2020 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03-04-2007 12:53

Not After

03-04-2021 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28-10-2015 20:31

Not After

28-01-2017 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:1e:cc:50:78:0b:05:8c:ba:3b:a4:57:4c:07:cc:cb:ae:d0:6d:a0:af:46:d1:da:c6:fb:3a:aa:36:f4:05:ad
Signer

Actual PE Digest

1f:1e:cc:50:78:0b:05:8c:ba:3b:a4:57:4c:07:cc:cb:ae:d0:6d:a0:af:46:d1:da:c6:fb:3a:aa:36:f4:05:ad

Digest Algorithm

sha256

PE Digest Matches

true

8b:e8:35:55:d2:51:0b:cf:a4:9a:f8:8d:b4:6a:40:4c:8c:34:8f:5b
Signer

Actual PE Digest

8b:e8:35:55:d2:51:0b:cf:a4:9a:f8:8d:b4:6a:40:4c:8c:34:8f:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetServerEnum
NetApiBufferFree
NetSessionEnum

kernel32

Sleep
WriteFile
CloseHandle
LoadLibraryExW
SetLastError
GetCurrentProcess
MultiByteToWideChar
GetLocalTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FormatMessageW
GetTimeFormatW
GetDateFormatW
GetLastError
FreeLibrary
GetModuleFileNameW
GetCommandLineW
GetModuleHandleW
LoadLibraryW
GetStdHandle
GetFileType
LocalFree
LocalAlloc
GetProcAddress
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
LCMapStringW
OutputDebugStringW
HeapSize
HeapReAlloc
SetFilePointerEx
WriteConsoleW
ReadConsoleW
CreateFileW
RaiseException
LoadLibraryExA
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
WideCharToMultiByte
HeapFree
HeapAlloc
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
EnterCriticalSection
LeaveCriticalSection
SetStdHandle
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
DeleteCriticalSection
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
RtlUnwindEx
GetProcessHeap
FlushFileBuffers
GetConsoleCP
ReadFile
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime

comdlg32

PrintDlgW

advapi32

RegQueryInfoKeyW
RegEnumKeyExW
LookupAccountNameW
LookupAccountSidW
FreeSid
AllocateAndInitializeSid
RegConnectRegistryW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 79KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PsService.exe
.exe windows:6 windows x86 arch:x86

aaa7d15d37857e2f934da45595b8b029

Code Sign

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:45

Not After

11-05-2023 20:45

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:9a:7a:d6:4b:17:21:bc:f1:b6:c7:64:21:f6:24:da:72:ea:d8:06:91:c8:a3:c5:9d:17:14:e1:3e:9d:59:56
Signer

Actual PE Digest

8c:9a:7a:d6:4b:17:21:bc:f1:b6:c7:64:21:f6:24:da:72:ea:d8:06:91:c8:a3:c5:9d:17:14:e1:3e:9d:59:56

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\psservice\Win32\Release\PsService.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetApiBufferFree
NetServerEnum

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetCurrentProcess
FreeLibrary
Sleep
FormatMessageA
VerifyVersionInfoW
MultiByteToWideChar
GetConsoleScreenBufferInfo
lstrlenW
CloseHandle
WriteFile
CreateFileW
VerSetConditionMask
GetModuleFileNameW
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExW
GetVersionExW
SetLastError
GetComputerNameW
GetLastError
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
HeapSize
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetConsoleCP
SetStdHandle
GetCommandLineA
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
ReadFile
GetFileSizeEx
SetFilePointerEx
HeapReAlloc

comdlg32

PrintDlgW

advapi32

QueryServiceObjectSecurity
QueryServiceConfigW
EnumServicesStatusExW
EnumDependentServicesW
ChangeServiceConfigW
LookupAccountSidW
MapGenericMask
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetSecurityDescriptorDacl
GetAce
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PsService64.exe
.exe windows:6 windows x64 arch:x64

0f2fa98ceda2f32075297bf5a98d45b8

Code Sign

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:45

Not After

11-05-2023 20:45

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

73:23:e8:d8:c2:54:aa:69:f8:dd:e6:ef:a1:93:58:7b:fa:f3:77:75:cc:73:dc:b4:a5:01:9e:15:a6:36:1e:19
Signer

Actual PE Digest

73:23:e8:d8:c2:54:aa:69:f8:dd:e6:ef:a1:93:58:7b:fa:f3:77:75:cc:73:dc:b4:a5:01:9e:15:a6:36:1e:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\psservice\x64\Release\PsService64.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

netapi32

NetApiBufferFree
NetServerEnum

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetCurrentProcess
FreeLibrary
Sleep
FormatMessageA
VerifyVersionInfoW
MultiByteToWideChar
GetConsoleScreenBufferInfo
lstrlenW
CloseHandle
WriteFile
CreateFileW
VerSetConditionMask
GetModuleFileNameW
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExW
GetVersionExW
SetLastError
GetComputerNameW
GetLastError
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
HeapSize
VirtualQuery
RaiseException
GetSystemInfo
VirtualProtect
LoadLibraryExA
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
ExitProcess
GetModuleHandleExW
GetConsoleCP
SetStdHandle
GetCommandLineA
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
ReadFile
GetFileSizeEx
SetFilePointerEx
HeapReAlloc

comdlg32

PrintDlgW

advapi32

QueryServiceObjectSecurity
QueryServiceConfigW
EnumServicesStatusExW
EnumDependentServicesW
ChangeServiceConfigW
LookupAccountSidW
MapGenericMask
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetSecurityDescriptorDacl
GetAce
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
ControlService
CloseServiceHandle
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 173KB - Virtual size: 172KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Pstools.chm
.chm
psfile.exe
.exe windows:6 windows x86 arch:x86

1ed2f5f2b02cacc8f3a38267975b6895

Code Sign

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:45

Not After

11-05-2023 20:45

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a0:d2:53:e5:36:0e:bc:51:6e:4a:ba:30:e6:9d:59:d5:ac:95:e4:3b:fd:e9:20:2a:fc:c3:f2:6c:15:7d:b0:b2
Signer

Actual PE Digest

a0:d2:53:e5:36:0e:bc:51:6e:4a:ba:30:e6:9d:59:d5:ac:95:e4:3b:fd:e9:20:2a:fc:c3:f2:6c:15:7d:b0:b2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\psfile\Win32\Release\psfile.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetFileGetInfo
NetFileEnum
NetFileClose

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetCommandLineW
GetFileType
GetModuleHandleW
GetProcAddress
LocalAlloc
LocalFree
GetModuleFileNameW
VerSetConditionMask
CreateFileW
WriteFile
CloseHandle
GetStdHandle
GetCurrentProcess
FreeLibrary
FormatMessageA
VerifyVersionInfoW
MultiByteToWideChar
GetFileSizeEx
GetVersionExW
LoadLibraryExW
SetLastError
GetComputerNameW
GetLastError
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
HeapSize
LoadLibraryExA
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetConsoleCP
SetStdHandle
GetCommandLineA
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
ReadFile

comdlg32

PrintDlgW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 129KB - Virtual size: 129KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
psfile64.exe
.exe windows:6 windows x64 arch:x64

e5f76fa90a1ac194d63d82b31d8420fb

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2e:90:83:4e:a1:22:f2:9e:c5:65:78:02:e8:c5:7b:95:3a:5f:ef:62:e5:6b:4b:1b:5a:0c:49:fd:f7:cf:e7:29
Signer

Actual PE Digest

2e:90:83:4e:a1:22:f2:9e:c5:65:78:02:e8:c5:7b:95:3a:5f:ef:62:e5:6b:4b:1b:5a:0c:49:fd:f7:cf:e7:29

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\psfile\x64\Release\psfile64.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetFileGetInfo
NetFileEnum
NetFileClose

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetCommandLineW
GetFileType
GetModuleHandleW
GetProcAddress
LocalAlloc
LocalFree
GetModuleFileNameW
VerSetConditionMask
CreateFileW
WriteFile
CloseHandle
GetStdHandle
GetCurrentProcess
FreeLibrary
FormatMessageA
VerifyVersionInfoW
MultiByteToWideChar
GetFileSizeEx
GetVersionExW
LoadLibraryExW
SetLastError
GetComputerNameW
GetLastError
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
HeapSize
LeaveCriticalSection
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
ExitProcess
GetModuleHandleExW
GetConsoleCP
SetStdHandle
GetCommandLineA
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
ReadFile

comdlg32

PrintDlgW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pskill.exe
.exe windows:6 windows x86 arch:x86

8a30be24460f0838196a2b088c183f27

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:9e:69:fb:f0:45:f0:3a:56:ec:d3:40:b6:09:c0:72:9e:4c:48:42:fd:e3:09:f1:e5:ee:93:1f:07:12:8f:83
Signer

Actual PE Digest

b1:9e:69:fb:f0:45:f0:3a:56:ec:d3:40:b6:09:c0:72:9e:4c:48:42:fd:e3:09:f1:e5:ee:93:1f:07:12:8f:83

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\pskill\exe\Win32\Release\pskill.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA

ws2_32

WSAStartup
gethostname
inet_ntoa
gethostbyname

mpr

WNetCancelConnection2A
WNetAddConnection2A

kernel32

GetFileType
GetModuleHandleA
GetProcAddress
LocalAlloc
LocalFree
GetModuleFileNameA
GetModuleFileNameW
VerSetConditionMask
CreateFileA
DeleteFileA
WriteFile
CloseHandle
WaitForSingleObject
GetCommandLineW
GetCurrentProcess
GetTickCount
GetSystemDirectoryA
FreeLibrary
LoadResource
LockResource
SizeofResource
FormatMessageA
FindResourceA
VerifyVersionInfoA
WideCharToMultiByte
GetConsoleScreenBufferInfo
TerminateProcess
OpenProcess
ReadFile
GetFileSizeEx
LoadLibraryExA
GetStdHandle
GetVersionExA
SetLastError
GetComputerNameA
GetLastError
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
Sleep
GetSystemInfo
RaiseException
SetEndOfFile
VirtualProtect
VirtualQuery
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetConsoleCP
ExitProcess
GetModuleHandleExW
SetStdHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CreateFileW
SetConsoleMode
ReadConsoleInputW
ReadConsoleW

comdlg32

PrintDlgA

advapi32

StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pskill64.exe
.exe windows:6 windows x64 arch:x64

e54de68b3c8f563f7052d60b420d7670

Code Sign

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:45

Not After

11-05-2023 20:45

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:4c:d6:4a:80:46:20:42:bf:4c:4d:19:a9:3d:cd:6f:b2:44:09:6b:92:65:95:6d:6e:15:ec:c4:77:1e:74:03
Signer

Actual PE Digest

91:4c:d6:4a:80:46:20:42:bf:4c:4d:19:a9:3d:cd:6f:b2:44:09:6b:92:65:95:6d:6e:15:ec:c4:77:1e:74:03

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\pskill\exe\x64\Release\pskill64.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA

ws2_32

WSAStartup
gethostname
inet_ntoa
gethostbyname

mpr

WNetCancelConnection2A
WNetAddConnection2A

kernel32

GetFileType
GetModuleHandleA
GetProcAddress
LocalAlloc
LocalFree
GetModuleFileNameA
GetModuleFileNameW
VerSetConditionMask
CreateFileA
DeleteFileA
WriteFile
CloseHandle
WaitForSingleObject
GetCommandLineW
GetCurrentProcess
GetTickCount
GetSystemDirectoryA
FreeLibrary
LoadResource
LockResource
SizeofResource
FormatMessageA
FindResourceA
VerifyVersionInfoA
WideCharToMultiByte
GetConsoleScreenBufferInfo
TerminateProcess
OpenProcess
ReadFile
GetFileSizeEx
LoadLibraryExA
GetStdHandle
GetVersionExA
SetLastError
GetComputerNameA
GetLastError
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
Sleep
LeaveCriticalSection
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
EnterCriticalSection
SetEndOfFile
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
GetConsoleCP
ExitProcess
GetModuleHandleExW
SetStdHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CreateFileW
SetConsoleMode
ReadConsoleInputW
ReadConsoleW

comdlg32

PrintDlgA

advapi32

StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey

Sections

.text
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pslist.exe
.exe windows:6 windows x86 arch:x86

5c2ab5c01a2c8ee5199f1a7f701340ee

Code Sign

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:45

Not After

11-05-2023 20:45

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:17:59:39:55:01:5d:33:7f:5a:24:df:cd:a7:cb:de:be:75:60:ed:21:c6:46:34:88:56:dd:28:b3:ce:bc:7e
Signer

Actual PE Digest

d9:17:59:39:55:01:5d:33:7f:5a:24:df:cd:a7:cb:de:be:75:60:ed:21:c6:46:34:88:56:dd:28:b3:ce:bc:7e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\pslist\Win32\Release\pslist.pdb

Imports

mpr

WNetCancelConnection2A
WNetAddConnection2A

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoA

kernel32

GetProcAddress
LocalAlloc
LocalFree
GetModuleFileNameA
GetModuleFileNameW
WriteFile
CloseHandle
GetLastError
Sleep
GetCurrentProcess
FreeLibrary
GetModuleHandleA
GetCommandLineW
FormatMessageA
WideCharToMultiByte
GetConsoleScreenBufferInfo
lstrlenA
IsBadStringPtrA
FileTimeToLocalFileTime
SetPriorityClass
GetSystemTimeAsFileTime
GetComputerNameExA
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
SetConsoleCtrlHandler
FillConsoleOutputCharacterA
SetConsoleCursorPosition
GetStringTypeW
GetFileType
GetStdHandle
LoadLibraryExA
GetVersionExA
SetLastError
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
DecodePointer
HeapSize
HeapReAlloc
WriteConsoleW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetConsoleCP
SetStdHandle
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetCommandLineA
HeapFree
HeapAlloc
CompareStringW
LCMapStringW
CreateFileW
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
FlushFileBuffers
GetConsoleOutputCP
ReadFile
GetFileSizeEx
SetFilePointerEx

comdlg32

PrintDlgA

advapi32

RegConnectRegistryA
LogonUserA
RevertToSelf
ImpersonateLoggedOnUser
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pslist64.exe
.exe windows:6 windows x64 arch:x64

b90273415271d9e95441b930bd78c618

Code Sign

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:45

Not After

11-05-2023 20:45

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:28:41:b9:cb:8e:6e:0c:12:56:de:b2:ab:0e:2b:3e:c1:c3:e8:4d:d0:37:34:a3:4f:51:a0:9b:a4:a0:d9:7b
Signer

Actual PE Digest

b9:28:41:b9:cb:8e:6e:0c:12:56:de:b2:ab:0e:2b:3e:c1:c3:e8:4d:d0:37:34:a3:4f:51:a0:9b:a4:a0:d9:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\pslist\x64\Release\pslist64.pdb

Imports

mpr

WNetCancelConnection2A
WNetAddConnection2A

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoA

kernel32

GetProcAddress
LocalAlloc
LocalFree
GetModuleFileNameA
GetModuleFileNameW
WriteFile
CloseHandle
GetLastError
Sleep
GetCurrentProcess
FreeLibrary
GetModuleHandleA
GetCommandLineW
FormatMessageA
WideCharToMultiByte
GetConsoleScreenBufferInfo
lstrlenA
IsBadStringPtrA
FileTimeToLocalFileTime
SetPriorityClass
GetSystemTimeAsFileTime
GetComputerNameExA
FileTimeToSystemTime
GetDateFormatA
GetTimeFormatA
SetConsoleCtrlHandler
FillConsoleOutputCharacterA
SetConsoleCursorPosition
SetFilePointerEx
GetFileType
GetStdHandle
LoadLibraryExA
GetVersionExA
SetLastError
GetStringTypeW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
HeapReAlloc
WriteConsoleW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetConsoleCP
SetStdHandle
CreateThread
ExitThread
ResumeThread
FreeLibraryAndExitThread
GetCommandLineA
HeapFree
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
CreateFileW
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
FlushFileBuffers
GetConsoleOutputCP
ReadFile
GetFileSizeEx

comdlg32

PrintDlgA

advapi32

RegConnectRegistryA
LogonUserA
RevertToSelf
ImpersonateLoggedOnUser
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey

Sections

.text
Size: 150KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
psloglist.exe
.exe windows:6 windows x86 arch:x86

bc7573d2c2e264bbdeb092984c5474f4

Code Sign

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:45

Not After

11-05-2023 20:45

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d9:46:89:4f:67:7c:55:ed:20:b5:64:aa:47:87:10:52:e0:ec:54:ad:52:4d:c6:87:da:e4:1a:bd:c5:36:bc:aa
Signer

Actual PE Digest

d9:46:89:4f:67:7c:55:ed:20:b5:64:aa:47:87:10:52:e0:ec:54:ad:52:4d:c6:87:da:e4:1a:bd:c5:36:bc:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\psloglist\Win32\Release\psloglist.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA

netapi32

NetApiBufferFree
NetServerEnum

mpr

WNetAddConnection2A

kernel32

WriteFile
CloseHandle
WaitForSingleObject
GetCurrentProcess
GetSystemDirectoryA
FreeLibrary
FormatMessageA
WideCharToMultiByte
ExpandEnvironmentStringsA
CompareFileTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
DuplicateHandle
CreateEventA
GetSystemTimeAsFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetDateFormatA
GetTimeFormatA
ReadFile
VerSetConditionMask
GetModuleFileNameW
GetModuleFileNameA
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleA
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExA
GetVersionExA
SetLastError
GetComputerNameA
GetLastError
GetFileSizeEx
SetFilePointerEx
HeapReAlloc
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
SetEndOfFile
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
VerifyVersionInfoA
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetConsoleCP
ExitProcess
GetModuleHandleExW
SetStdHandle
GetCommandLineA
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CreateFileW
SetConsoleMode
ReadConsoleInputW
ReadConsoleW

comdlg32

PrintDlgA

advapi32

CloseEventLog
RegEnumKeyA
LookupAccountSidA
ReadEventLogA
OpenBackupEventLogA
OpenEventLogW
NotifyChangeEventLog
BackupEventLogA
ClearEventLogA
RegConnectRegistryA
LogonUserA
RevertToSelf
ImpersonateLoggedOnUser
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
psloglist64.exe
.exe windows:6 windows x64 arch:x64

e66acce85b8f413b2d80e902cfba5219

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

17:bc:69:ed:b5:1b:56:49:ea:4d:8b:12:7b:b4:c7:45:bd:26:e7:19:1e:99:04:02:76:09:30:4b:05:ec:f1:a3
Signer

Actual PE Digest

17:bc:69:ed:b5:1b:56:49:ea:4d:8b:12:7b:b4:c7:45:bd:26:e7:19:1e:99:04:02:76:09:30:4b:05:ec:f1:a3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\psloglist\x64\Release\psloglist64.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA

netapi32

NetApiBufferFree
NetServerEnum

mpr

WNetAddConnection2A

kernel32

WriteFile
CloseHandle
WaitForSingleObject
GetCurrentProcess
GetSystemDirectoryA
FreeLibrary
FormatMessageA
WideCharToMultiByte
ExpandEnvironmentStringsA
CompareFileTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
DuplicateHandle
CreateEventA
GetSystemTimeAsFileTime
FileTimeToSystemTime
SystemTimeToFileTime
GetDateFormatA
GetTimeFormatA
ReadFile
VerSetConditionMask
GetModuleFileNameW
GetModuleFileNameA
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleA
GetFileType
GetCommandLineW
GetStdHandle
LoadLibraryExA
GetVersionExA
SetLastError
GetComputerNameA
GetLastError
GetFileSizeEx
SetFilePointerEx
HeapReAlloc
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
SetEndOfFile
WriteConsoleW
VerifyVersionInfoA
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
LCMapStringEx
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
GetConsoleCP
ExitProcess
GetModuleHandleExW
SetStdHandle
GetCommandLineA
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CreateFileW
SetConsoleMode
ReadConsoleInputW
ReadConsoleW

comdlg32

PrintDlgA

advapi32

LookupAccountSidA
RegEnumKeyA
ReadEventLogA
OpenBackupEventLogA
OpenEventLogW
NotifyChangeEventLog
CloseEventLog
BackupEventLogA
ClearEventLogA
RegConnectRegistryA
LogonUserA
RevertToSelf
ImpersonateLoggedOnUser
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pspasswd.exe
.exe windows:6 windows x86 arch:x86

beb825a4ba2898da0e0eb4699252687f

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:ae:98:54:d4:d7:e6:ab:c8:18:3c:d1:ed:04:aa:48:d9:48:8f:a5:75:f4:75:b8:66:05:00:a5:3d:59:54:07
Signer

Actual PE Digest

20:ae:98:54:d4:d7:e6:ab:c8:18:3c:d1:ed:04:aa:48:d9:48:8f:a5:75:f4:75:b8:66:05:00:a5:3d:59:54:07

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\pspasswd\Win32\Release\pspasswd.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

netapi32

NetServerEnum
NetApiBufferFree
NetUserGetInfo
NetUserSetInfo
NetGetAnyDCName

mpr

WNetCancelConnection2W
WNetAddConnection2W

kernel32

GetCommandLineW
GetFileType
GetModuleHandleW
GetProcAddress
LocalAlloc
LocalFree
GetModuleFileNameW
VerSetConditionMask
CreateFileW
WriteFile
CloseHandle
GetStdHandle
GetCurrentProcess
FreeLibrary
FormatMessageA
VerifyVersionInfoW
MultiByteToWideChar
GetConsoleScreenBufferInfo
GetFileSizeEx
GetVersionExW
LoadLibraryExW
SetLastError
GetComputerNameW
GetLastError
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
HeapSize
LoadLibraryExA
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
SetEndOfFile
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetConsoleCP
SetStdHandle
GetCommandLineA
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
ReadConsoleW
ReadFile

comdlg32

PrintDlgW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 116KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pspasswd64.exe
.exe windows:6 windows x64 arch:x64

368e6f75b2cd054e7534d8ac445f391a

Code Sign

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:45

Not After

11-05-2023 20:45

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:d9:a8:47:da:49:20:da:0d:e8:27:96:15:b1:0f:df:8f:a1:25:e0:4b:04:30:4e:ba:7a:36:ce:64:89:29:74
Signer

Actual PE Digest

70:d9:a8:47:da:49:20:da:0d:e8:27:96:15:b1:0f:df:8f:a1:25:e0:4b:04:30:4e:ba:7a:36:ce:64:89:29:74

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\pspasswd\x64\Release\pspasswd64.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

netapi32

NetGetAnyDCName
NetUserSetInfo
NetUserGetInfo
NetServerEnum
NetApiBufferFree

mpr

WNetAddConnection2W
WNetCancelConnection2W

kernel32

VerSetConditionMask
CreateFileW
WriteFile
CloseHandle
GetCurrentProcess
FreeLibrary
GetModuleFileNameW
GetVersionExW
FormatMessageA
VerifyVersionInfoW
MultiByteToWideChar
GetConsoleScreenBufferInfo
GetFileSizeEx
ReadFile
ReadConsoleW
ReadConsoleInputW
SetConsoleMode
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleW
GetFileType
GetStdHandle
GetCommandLineW
LoadLibraryExW
SetLastError
GetComputerNameW
GetLastError
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
WriteConsoleW
HeapSize
SetEndOfFile
WideCharToMultiByte
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
RtlUnwind
ExitProcess
GetModuleHandleExW
GetConsoleCP
SetStdHandle
GetCommandLineA
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

user32

DialogBoxIndirectParamW
EndDialog
GetDlgItem
SetWindowTextW
LoadCursorW
InflateRect
GetSysColorBrush
SetCursor
SendMessageW

gdi32

StartPage
EndDoc
StartDocW
SetMapMode
GetDeviceCaps
EndPage

comdlg32

PrintDlgW

advapi32

RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegOpenKeyW
RegCreateKeyW
RegCloseKey

Sections

.text
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
psping.exe
.exe windows:6 windows x86 arch:x86

6a7f82c6f198bdb6dd72bfd1ed836c7b

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

eb:9f:aa:05:38:b2:19:e4:72:cd:34:fc:02:cd:5f:77:b6:8d:4e:09:88:76:85:f4:0a:46:25:40:2a:55:da:77
Signer

Actual PE Digest

eb:9f:aa:05:38:b2:19:e4:72:cd:34:fc:02:cd:5f:77:b6:8d:4e:09:88:76:85:f4:0a:46:25:40:2a:55:da:77

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\psping\Win32\Release\psping.pdb

Imports

winmm

timeEndPeriod
timeBeginPeriod
timeGetDevCaps

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

WSAWaitForMultipleEvents
GetAddrInfoW
WSARecv
WSARecvFrom
htons
WSAGetOverlappedResult
WSACreateEvent
WSAStartup
shutdown
listen
setsockopt
bind
closesocket
getsockname
socket
ntohs
ioctlsocket
WSAGetLastError
WSACloseEvent
WSASend
WSAIoctl
WSASendTo

iphlpapi

Icmp6SendEcho2
IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho
Icmp6CreateFile

bcrypt

BCryptGenRandom

kernel32

WideCharToMultiByte
CompareStringW
HeapAlloc
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
LCMapStringW
HeapFree
GetCommandLineA
SetLastError
GetVersionExW
LoadLibraryExW
GetCommandLineW
GetStdHandle
LocalAlloc
GetProcAddress
LocalFree
GetModuleHandleW
GetFileType
GetModuleFileNameW
SetConsoleCtrlHandler
SetWaitableTimer
CreateWaitableTimerW
WaitForMultipleObjects
GetLastError
SetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetCurrentProcess
WriteFile
CreateFileW
MultiByteToWideChar
Sleep
CloseHandle
FreeLibrary
FormatMessageA
CancelIo
CreateEventW
GetOverlappedResult
EnterCriticalSection
SetThreadPriority
LeaveCriticalSection
InitializeCriticalSection
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
SetPriorityClass
GetCurrentThread
FreeLibraryAndExitThread
FlushFileBuffers
DecodePointer
GetConsoleOutputCP
ReadFile
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStringTypeW
HeapSize
HeapReAlloc
WriteConsoleW
WaitForSingleObject
ExitThread
CreateThread
SetStdHandle
GetConsoleCP
GetModuleHandleExW
RaiseException
VirtualProtect
VirtualQuery
LoadLibraryExA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess

comdlg32

PrintDlgW

advapi32

RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegCreateKeyW
RegOpenKeyW

ole32

CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
psping64.exe
.exe windows:6 windows x64 arch:x64

24ccd13a810c618c22de1eaf21d1fbbb

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:53:59:38:ea:b6:0b:9d:24:9d:aa:42:74:71:9e:37:59:ae:fd:16:b4:6c:9c:16:b8:98:30:37:13:f2:d4:05
Signer

Actual PE Digest

ab:53:59:38:ea:b6:0b:9d:24:9d:aa:42:74:71:9e:37:59:ae:fd:16:b4:6c:9c:16:b8:98:30:37:13:f2:d4:05

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\psping\x64\Release\psping64.pdb

Imports

winmm

timeEndPeriod
timeBeginPeriod
timeGetDevCaps

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

ws2_32

WSAWaitForMultipleEvents
WSACreateEvent
WSARecv
WSARecvFrom
htons
WSAGetOverlappedResult
WSAStartup
shutdown
listen
setsockopt
bind
closesocket
getsockname
socket
ntohs
ioctlsocket
WSAGetLastError
WSACloseEvent
WSASend
WSAIoctl
WSASendTo
GetAddrInfoW

iphlpapi

Icmp6SendEcho2
IcmpCreateFile
IcmpCloseHandle
IcmpSendEcho
Icmp6CreateFile

bcrypt

BCryptGenRandom

kernel32

FlsSetValue
CompareStringW
LCMapStringW
FlsFree
FlsGetValue
FlsAlloc
SetLastError
GetVersionExW
LoadLibraryExW
GetCommandLineW
GetStdHandle
LocalAlloc
GetProcAddress
LocalFree
GetModuleHandleW
GetFileType
GetModuleFileNameW
SetConsoleCtrlHandler
SetWaitableTimer
CreateWaitableTimerW
WaitForMultipleObjects
WaitForSingleObject
GetLastError
SetEvent
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
GetSystemInfo
WideCharToMultiByte
GetCurrentProcess
WriteFile
CreateFileW
MultiByteToWideChar
Sleep
CloseHandle
FreeLibrary
FormatMessageA
CancelIo
CreateEventW
GetOverlappedResult
EnterCriticalSection
SetThreadPriority
LeaveCriticalSection
InitializeCriticalSection
GetQueuedCompletionStatus
PostQueuedCompletionStatus
CreateIoCompletionPort
SetPriorityClass
GetCurrentThread
HeapAlloc
HeapFree
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
CreateThread
SetStdHandle
GetConsoleCP
GetModuleHandleExW
GetConsoleMode
SetConsoleMode
VirtualQuery
ReadConsoleInputW
FlushFileBuffers
GetConsoleOutputCP
ReadFile
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetStringTypeW
HeapSize
HeapReAlloc
WriteConsoleW
ExitProcess
RtlUnwind
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
EncodePointer
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

user32

SetWindowTextW
DialogBoxIndirectParamW
LoadCursorW
EndDialog
GetDlgItem
GetSysColorBrush
SendMessageW
InflateRect
SetCursor

gdi32

StartPage
EndDoc
GetDeviceCaps
StartDocW
EndPage
SetMapMode

comdlg32

PrintDlgW

advapi32

RegOpenKeyW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegCreateKeyW
RegQueryValueExW

ole32

CoInitializeEx
CoCreateInstance

oleaut32

SysFreeString
SysAllocString

Sections

.text
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
psshutdown.exe
.exe windows:6 windows x86 arch:x86

6f3defa520c038b2ac3d0d132cd7f0cc

Code Sign

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:45

Not After

11-05-2023 20:45

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:be:4e:fe:74:a0:1f:88:47:cf:f0:c9:6e:2c:52:93:bb:3e:4e:d4:a7:81:46:0e:0d:2c:c9:8a:23:a6:bb:27
Signer

Actual PE Digest

4c:be:4e:fe:74:a0:1f:88:47:cf:f0:c9:6e:2c:52:93:bb:3e:4e:d4:a7:81:46:0e:0d:2c:c9:8a:23:a6:bb:27

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\psshutdown\exe\Win32\Release\psshutdown.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA

netapi32

NetServerEnum
NetApiBufferFree

ws2_32

WSAStartup
gethostname
inet_ntoa
gethostbyname

mpr

WNetCancelConnection2A
WNetAddConnection2A

kernel32

DeleteFileA
WriteFile
CloseHandle
WaitForSingleObject
Sleep
GetCurrentProcess
GetTickCount
GetSystemDirectoryA
FreeLibrary
LoadResource
LockResource
SizeofResource
FormatMessageA
FindResourceA
CreateFileA
GetCommandLineW
LoadLibraryA
ReadFile
GetLocalTime
VerifyVersionInfoW
GetFileSizeEx
ReadConsoleW
ReadConsoleInputW
SetConsoleMode
CreateFileW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
VerSetConditionMask
GetModuleFileNameW
GetModuleFileNameA
LocalFree
LocalAlloc
GetModuleHandleA
GetProcAddress
WideCharToMultiByte
GetFileType
GetStdHandle
LoadLibraryExA
GetVersionExA
SetLastError
GetComputerNameA
GetLastError
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
SetEndOfFile
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
GetConsoleScreenBufferInfo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RaiseException
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetConsoleCP
ExitProcess
GetModuleHandleExW
SetStdHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapAlloc
HeapFree
CompareStringW
LCMapStringW

user32

SetWindowTextA
GetDlgItem
SetCursor
DialogBoxIndirectParamA
SendMessageA
GetSysColorBrush
InflateRect
LoadCursorA
PostMessageA
ExitWindowsEx
EndDialog

gdi32

StartPage
EndDoc
StartDocA
SetMapMode
GetDeviceCaps
EndPage

comdlg32

PrintDlgA

advapi32

CloseServiceHandle
LookupAccountSidA
GetTokenInformation
StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 423KB - Virtual size: 422KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
psshutdown64.exe
.exe windows:6 windows x64 arch:x64

ea7cc7105d5ebdac4be9a38503f7dd74

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:b5:5c:a1:cc:e0:28:e2:f2:a9:e4:7e:10:e7:58:b1:2a:83:11:c6:24:d3:3f:a0:f9:6c:c5:f2:d6:5e:41:48
Signer

Actual PE Digest

3d:b5:5c:a1:cc:e0:28:e2:f2:a9:e4:7e:10:e7:58:b1:2a:83:11:c6:24:d3:3f:a0:f9:6c:c5:f2:d6:5e:41:48

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\psshutdown\exe\x64\Release\psshutdown64.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoA
GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeA

netapi32

NetServerEnum
NetApiBufferFree

ws2_32

WSAStartup
gethostname
inet_ntoa
gethostbyname

mpr

WNetCancelConnection2A
WNetAddConnection2A

kernel32

DeleteFileA
WriteFile
CloseHandle
WaitForSingleObject
Sleep
GetCurrentProcess
GetTickCount
GetSystemDirectoryA
FreeLibrary
LoadResource
LockResource
SizeofResource
FormatMessageA
FindResourceA
CreateFileA
GetCommandLineW
LoadLibraryA
ReadFile
GetLocalTime
VerifyVersionInfoW
GetFileSizeEx
ReadConsoleW
ReadConsoleInputW
SetConsoleMode
CreateFileW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
VerSetConditionMask
GetModuleFileNameW
GetModuleFileNameA
LocalFree
LocalAlloc
GetModuleHandleA
GetProcAddress
WideCharToMultiByte
GetFileType
GetStdHandle
LoadLibraryExA
GetVersionExA
SetLastError
GetComputerNameA
GetLastError
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetEndOfFile
GetProcessHeap
HeapSize
WriteConsoleW
GetConsoleScreenBufferInfo
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
GetConsoleCP
ExitProcess
GetModuleHandleExW
SetStdHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW

user32

SetWindowTextA
GetDlgItem
SetCursor
DialogBoxIndirectParamA
SendMessageA
GetSysColorBrush
InflateRect
LoadCursorA
PostMessageA
ExitWindowsEx
EndDialog

gdi32

StartPage
EndDoc
StartDocA
SetMapMode
GetDeviceCaps
EndPage

comdlg32

PrintDlgA

advapi32

OpenServiceA
LookupAccountSidA
GetTokenInformation
StartServiceA
QueryServiceStatus
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 479KB - Virtual size: 479KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pssuspend.exe
.exe windows:6 windows x86 arch:x86

32f7a5e0ecd105d509a9d9677d178190

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:46

Not After

11-05-2023 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

94:b1:87:4b:67:89:c9:82:50:bf:08:9b:47:dc:4c:8d:ad:32:3d:6a:8a:78:50:b1:e5:a8:53:e5:2b:07:6b:61
Signer

Actual PE Digest

94:b1:87:4b:67:89:c9:82:50:bf:08:9b:47:dc:4c:8d:ad:32:3d:6a:8a:78:50:b1:e5:a8:53:e5:2b:07:6b:61

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\1\s\pssuspend\exe\Win32\Release\pssuspend.pdb

Imports

ws2_32

WSAStartup
gethostname
gethostbyname
inet_ntoa

mpr

WNetCancelConnection2A
WNetAddConnection2A

version

GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoW
VerQueryValueW
VerQueryValueA

kernel32

GetFileType
GetModuleHandleA
GetProcAddress
LocalAlloc
LocalFree
GetModuleFileNameA
GetModuleFileNameW
VerSetConditionMask
CreateFileA
DeleteFileA
WriteFile
CloseHandle
WaitForSingleObject
GetCommandLineW
GetCurrentProcess
GetTickCount
GetSystemDirectoryA
FreeLibrary
LoadResource
LockResource
SizeofResource
FormatMessageA
FindResourceA
VerifyVersionInfoA
WideCharToMultiByte
GetConsoleScreenBufferInfo
OpenProcess
ReadFile
GetFileSizeEx
LoadLibraryExA
GetStdHandle
GetVersionExA
SetLastError
GetComputerNameA
GetLastError
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
Sleep
VirtualProtect
RaiseException
GetSystemInfo
SetEndOfFile
VirtualQuery
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
GetCPInfo
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwind
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetConsoleCP
ExitProcess
GetModuleHandleExW
SetStdHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapAlloc
HeapFree
CompareStringW
LCMapStringW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CreateFileW
SetConsoleMode
ReadConsoleInputW
ReadConsoleW

comdlg32

PrintDlgA

advapi32

StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 155KB - Virtual size: 155KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pssuspend64.exe
.exe windows:6 windows x64 arch:x64

50bbe0b584a6c8bbc1f492ac8caa2e72

Code Sign

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12-05-2022 20:45

Not After

11-05-2023 20:45

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:fb:af:f6:e5:51:9a:63:09:40:12:83:73:ea:c6:5a:78:79:9a:d1:1b:35:fd:66:c2:78:e4:28:76:8f:96:a5
Signer

Actual PE Digest

74:fb:af:f6:e5:51:9a:63:09:40:12:83:73:ea:c6:5a:78:79:9a:d1:1b:35:fd:66:c2:78:e4:28:76:8f:96:a5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\pssuspend\exe\x64\Release\pssuspend64.pdb

Imports

ws2_32

WSAStartup
gethostname
gethostbyname
inet_ntoa

mpr

WNetCancelConnection2A
WNetAddConnection2A

version

GetFileVersionInfoA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoW
VerQueryValueW
VerQueryValueA

kernel32

GetFileType
GetModuleHandleA
GetProcAddress
LocalAlloc
LocalFree
GetModuleFileNameA
GetModuleFileNameW
VerSetConditionMask
CreateFileA
DeleteFileA
WriteFile
CloseHandle
WaitForSingleObject
GetCommandLineW
GetCurrentProcess
GetTickCount
GetSystemDirectoryA
FreeLibrary
LoadResource
LockResource
SizeofResource
FormatMessageA
FindResourceA
VerifyVersionInfoA
WideCharToMultiByte
GetConsoleScreenBufferInfo
OpenProcess
ReadFile
GetFileSizeEx
LoadLibraryExA
GetStdHandle
GetVersionExA
SetLastError
GetComputerNameA
GetLastError
SetFilePointerEx
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
HeapSize
WriteConsoleW
Sleep
InitializeCriticalSectionEx
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
SetEndOfFile
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
GetStringTypeW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
GetConsoleCP
ExitProcess
GetModuleHandleExW
SetStdHandle
CreateThread
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapAlloc
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CreateFileW
SetConsoleMode
ReadConsoleInputW
ReadConsoleW

comdlg32

PrintDlgA

advapi32

StartServiceA
QueryServiceStatus
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExA
RegOpenKeyA
RegCreateKeyA
RegCloseKey

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 184KB - Virtual size: 184KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
psversion.txt

Sharing

General

Malware Config

Signatures

Files

Password: E

Password: E

1193bc223dad681f22f8248608cbb592

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cdCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

35:f4:a0:22:99:74:5d:2a:dd:26:8b:e6:eb:e6:8a:9d:bd:73:6f:54:ad:34:c8:ef:67:d3:83:f8:30:d2:f1:6fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

netapi32

ws2_32

mpr

kernel32

comdlg32

advapi32

Sections

.text Size: 254KB - Virtual size: 254KB

.rdata Size: 224KB - Virtual size: 223KB

.data Size: 7KB - Virtual size: 155KB

.rsrc Size: 191KB - Virtual size: 191KB

.reloc Size: 11KB - Virtual size: 10KB

Password: E

8a589b59271d320348f6cdec90a97e6c

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cdCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

ed:bd:9a:d6:5e:f4:5f:6d:d8:d9:2e:1d:c5:0d:9d:4a:17:f1:95:88:8d:ff:c3:a0:55:ed:1d:19:9f:b6:fc:13Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

netapi32

ws2_32

mpr

kernel32

user32

gdi32

comdlg32

advapi32

Sections

.text Size: 292KB - Virtual size: 291KB

.rdata Size: 248KB - Virtual size: 248KB

.data Size: 8KB - Virtual size: 158KB

.pdata Size: 12KB - Virtual size: 12KB

_RDATA Size: 512B - Virtual size: 348B

.rsrc Size: 238KB - Virtual size: 238KB

.reloc Size: 2KB - Virtual size: 2KB

Password: E

9dce7b925f437cdffe96b118cf300138

Code Sign

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cdCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

ac:21:a0:fb:fd:8c:9a:36:83:08:72:c4:c7:60:bd:a3:8e:9d:4d:7a:68:93:9d:d1:2d:01:dd:39:60:38:6a:71Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

version

netapi32

ws2_32

mpr

kernel32

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

35:f4:a0:22:99:74:5d:2a:dd:26:8b:e6:eb:e6:8a:9d:bd:73:6f:54:ad:34:c8:ef:67:d3:83:f8:30:d2:f1:6f
Signer

.text
Size: 254KB - Virtual size: 254KB

.rdata
Size: 224KB - Virtual size: 223KB

.data
Size: 7KB - Virtual size: 155KB

.rsrc
Size: 191KB - Virtual size: 191KB

.reloc
Size: 11KB - Virtual size: 10KB

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

ed:bd:9a:d6:5e:f4:5f:6d:d8:d9:2e:1d:c5:0d:9d:4a:17:f1:95:88:8d:ff:c3:a0:55:ed:1d:19:9f:b6:fc:13
Signer

.text
Size: 292KB - Virtual size: 291KB

.rdata
Size: 248KB - Virtual size: 248KB

.data
Size: 8KB - Virtual size: 158KB

.pdata
Size: 12KB - Virtual size: 12KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 238KB - Virtual size: 238KB

.reloc
Size: 2KB - Virtual size: 2KB

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

ac:21:a0:fb:fd:8c:9a:36:83:08:72:c4:c7:60:bd:a3:8e:9d:4d:7a:68:93:9d:d1:2d:01:dd:39:60:38:6a:71
Signer

.text
Size: 149KB - Virtual size: 148KB

.rdata
Size: 79KB - Virtual size: 79KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 154KB - Virtual size: 153KB

.reloc
Size: 7KB - Virtual size: 6KB

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

e2:5e:cc:90:bf:ad:77:2d:09:19:01:2f:1f:2c:07:3b:76:f6:3a:1e:8e:22:b0:b3:39:40:d6:c4:02:d3:3a:76
Signer

.text
Size: 185KB - Virtual size: 185KB

.rdata
Size: 99KB - Virtual size: 98KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 9KB - Virtual size: 8KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 183KB - Virtual size: 183KB

.reloc
Size: 2KB - Virtual size: 1KB

33:00:00:02:cd:f3:64:bf:f8:d4:4c:5d:51:00:00:00:00:02:cd
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

7f:f7:d7:e1:b2:e5:5e:32:93:76:c0:76:f9:0a:3d:59:dc:58:97:b7:11:e9:d4:ec:67:08:f6:e8:49:69:7f:67
Signer

.text
Size: 156KB - Virtual size: 155KB

.rdata
Size: 92KB - Virtual size: 91KB

.data
Size: 3KB - Virtual size: 31KB

.rsrc
Size: 162KB - Virtual size: 162KB

.reloc
Size: 8KB - Virtual size: 7KB

33:00:00:02:cb:b7:75:39:fb:02:71:42:36:00:00:00:00:02:cb
Certificate