Portable[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

Portable.rar
Size

3.9MB
MD5

6319f9e7818f4bfe839c253aef9ae9b6
SHA1

fb711dd750e0c24b33740acf0e4b44d0cf5696ad
SHA256

fee06b119eeba86864bf01459d9f7ae9746db9eba4b87010fccb520df40cb193
SHA512

1b6b609e79020f48731b23d7ba6011e2876cf1fbf2df0d7bc1919700e289e1f0589a8c8fdca519232126c9727b66fede12cd9f791f13e73116909fbfb35aeb5b
SSDEEP

49152:poV8i89AqmidoxL5K+ovOfmnr23jU91FbaTdgNwIMtRpQk2JZt6r7JlIQcqBVKla:pouNmikLEBOfmUor10Q/7KbIQJko97b

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Portable/x64/CisUtMonitor.sys
unpack001/Portable/x86/CisUtMonitor.sys

Files

Portable.rar
.rar
Portable/RemoveService.cmd
Portable/UninstallToolHelper.exe
.exe windows:5 windows x86 arch:x86

f0e8305f3a2a23ba622fa7f18bf7cd51

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1b
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

30/12/2025, 23:59

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/06/2018, 13:44

Not After

23/01/2020, 20:43

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

10/06/2027, 10:46

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/06/2018, 13:44

Not After

23/01/2020, 20:43

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8b:ec:d9:b0:10:5b:8d:11:83:8f:db:89:1c:33:09:2b:13:25:95:5d:de:cc:aa:1e:bf:56:59:dd:aa:45:f4:db
Signer

Actual PE Digest

8b:ec:d9:b0:10:5b:8d:11:83:8f:db:89:1c:33:09:2b:13:25:95:5d:de:cc:aa:1e:bf:56:59:dd:aa:45:f4:db

Digest Algorithm

sha256

PE Digest Matches

false

af:1e:c2:ab:ce:3e:50:30:38:7a:9b:39:1d:c8:e7:1f:f6:0f:56:32
Signer

Actual PE Digest

af:1e:c2:ab:ce:3e:50:30:38:7a:9b:39:1d:c8:e7:1f:f6:0f:56:32

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

OpenEventW
CreateFileMappingW
OpenMutexW
CreateFileW
WriteConsoleW
UnmapViewOfFile
MapViewOfFile
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
CloseHandle
WaitForSingleObject
SetEvent
HeapSize
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
LCMapStringW
GetStringTypeW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetACP
HeapFree
HeapAlloc
GetFileType
SetFilePointerEx
GetConsoleMode
GetConsoleCP
HeapReAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetProcessHeap
FlushFileBuffers

user32

MessageBoxA

advapi32

RegSetValueExW
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegOpenKeyExW
RegOpenKeyExA
RegCreateKeyExW
RegCreateKeyExA
RegCloseKey

Sections

.text
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

z0tyg8go
Size: 58KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

oc7esfle
Size: 287KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

0.jibmbs
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
Portable/UninstallToolPortable.exe
.exe windows:5 windows x86 arch:x86

c42b0c1f41e0605c4616086c8aef5ed6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1b
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

30/12/2025, 23:59

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/06/2018, 13:44

Not After

23/01/2020, 20:43

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

Issuer

CN=Certum CA,O=Unizeto Sp. z o.o.,C=PL

Not Before

22/10/2008, 12:07

Not After

10/06/2027, 10:46

Subject

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/06/2018, 13:44

Not After

23/01/2020, 20:43

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,C=BE,1.2.840.113549.1.9.1=#0c17737570706f7274406372797374616c696465612e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftKernelCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:66:0e:95:ab:71:4d:1c:71:cf:9c:87:64:c4:9e:d8:46:e5:05:eb:75:3d:65:a3:e4:a4:1d:3c:17:b0:fe:9d
Signer

Actual PE Digest

06:66:0e:95:ab:71:4d:1c:71:cf:9c:87:64:c4:9e:d8:46:e5:05:eb:75:3d:65:a3:e4:a4:1d:3c:17:b0:fe:9d

Digest Algorithm

sha256

PE Digest Matches

true

db:13:f0:2b:09:a1:4c:f9:c2:09:ab:4b:95:e8:fc:12:61:0d:ea:96
Signer

Actual PE Digest

db:13:f0:2b:09:a1:4c:f9:c2:09:ab:4b:95:e8:fc:12:61:0d:ea:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\Projects\uninstall-tool\Ready\UninstallToolPortable.pdb

Imports

kernel32

CreateFileW
FindClose
FindNextFileW
GetFileAttributesW
CloseHandle
WaitForSingleObject
GetProcAddress
LocalFree
HeapAlloc
HeapFree
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
TerminateProcess
CreateProcessW
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
DeleteCriticalSection
EncodePointer
DecodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetACP
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapReAlloc
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
WriteConsoleW
HeapSize
WideCharToMultiByte
GetLastError
GetCurrentProcess
GetModuleHandleW
GetCommandLineW

user32

GetMessageW
CharLowerBuffW
PostMessageW
MessageBoxW

shell32

CommandLineToArgvW

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Portable/UninstallToolWebsite.url
Portable/UninstallTool_x64.dat
.exe windows:5 windows x64 arch:x64

641ac8b1fe7f930a5173d1fe28befc35

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:7e:6d:68:06:2e:de:29:22:3f:b2:91:32:2c:a7:20:2c:f7:a1:26:7c:bf:88:ce:e2:2d:db:cc:48:fb:99:06
Signer

Actual PE Digest

d4:7e:6d:68:06:2e:de:29:22:3f:b2:91:32:2c:a7:20:2c:f7:a1:26:7c:bf:88:ce:e2:2d:db:cc:48:fb:99:06

Digest Algorithm

sha256

PE Digest Matches

true

2b:62:9d:98:46:73:14:03:8e:e5:e3:ff:e1:cc:11:ea:00:9f:76:59
Signer

Actual PE Digest

2b:62:9d:98:46:73:14:03:8e:e5:e3:ff:e1:cc:11:ea:00:9f:76:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

G:\Projects\uninstall-tool\Ready\UninstallTool.pdb

Imports

kernel32

GlobalFlags
GetSystemDefaultUILanguage
SetErrorMode
FindResourceExW
GetUserDefaultLCID
WaitForSingleObjectEx
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
GetStdHandle
HeapQueryInformation
VirtualQuery
GetSystemInfo
GetFileType
SetStdHandle
GetCommandLineA
FreeLibraryAndExitThread
ExitThread
RtlUnwindEx
RtlPcToFileHeader
GetCPInfo
LCMapStringW
SwitchToThread
GetStringTypeW
GetFileSizeEx
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
FlushFileBuffers
GetThreadLocale
GetPrivateProfileIntW
SuspendThread
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
EncodePointer
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
OutputDebugStringA
GetACP
GlobalFree
CompareStringW
EnumResourceLanguagesW
EnumResourceNamesW
EnumResourceTypesW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpA
SetThreadPriority
CreateDirectoryW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetModuleHandleA
FreeResource
OutputDebugStringW
LocalUnlock
LocalLock
GetVersionExW
VirtualFree
VirtualAlloc
GetWindowsDirectoryW
ExpandEnvironmentStringsW
lstrcatW
VirtualProtect
GetNativeSystemInfo
GetVersion
SetUnhandledExceptionFilter
RtlCaptureContext
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentThread
GetProcessTimes
FileTimeToLocalFileTime
CompareFileTime
GetTempPathW
QueryDosDeviceW
GetTempFileNameW
GetLogicalDriveStringsW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
SetFilePointer
lstrlenA
ExitProcess
lstrcpyW
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
OpenEventW
OpenMutexW
CreateMutexW
FormatMessageW
LocalFree
LocalAlloc
SetFileAttributesW
RemoveDirectoryW
IsBadWritePtr
IsBadReadPtr
MoveFileExW
SystemTimeToFileTime
GetFileAttributesExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
lstrcmpiW
LoadLibraryW
ResumeThread
GetLongPathNameW
GetExitCodeThread
WriteFile
GetTickCount
WinExec
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
lstrcmpW
SearchPathW
GetComputerNameW
DeleteFileW
GetCommandLineW
CreateThread
GetLocalTime
GetCurrentDirectoryW
Sleep
lstrcpynW
LoadLibraryA
GetProcAddress
FreeLibrary
CreateProcessW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetExitCodeProcess
ReadFile
GetFileSize
GetCurrentProcess
lstrlenW
GetLastError
TerminateProcess
OpenProcess
MulDiv
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetUserDefaultUILanguage
VerifyVersionInfoW
GetCurrentProcessId
VerSetConditionMask
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
GetModuleHandleW
GetSystemTime
TerminateThread
SizeofResource
LoadResource
LockResource
CreateFileW
CreateEventW
CloseHandle
DeviceIoControl
WaitForMultipleObjects
WaitForSingleObject
ResetEvent
SetEvent
SetLastError
GetDriveTypeW
RtlUnwind

user32

UpdateWindow
LoadMenuW
MapVirtualKeyW
wsprintfW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
IntersectRect
InvertRect
LockWindowUpdate
GetDCEx
GetSubMenu
GetCapture
GetNextDlgTabItem
GetSysColorBrush
AdjustWindowRectEx
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
CreateIconFromResourceEx
LoadBitmapW
RegisterClipboardFormatW
ReleaseCapture
SetCapture
WindowFromPoint
ShowScrollBar
GetUpdateRect
WinHelpW
IsDialogMessageW
GetLastActivePopup
SetWindowLongPtrW
GetWindowLongPtrW
MessageBeep
EndPaint
BeginPaint
DrawIcon
EnableMenuItem
GetSystemMenu
GetAsyncKeyState
GetDialogBaseUnits
CheckDlgButton
CreateDialogIndirectParamW
DestroyWindow
PostQuitMessage
WaitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
LoadStringW
EnumDisplaySettingsW
FindWindowExW
FindWindowW
WaitForInputIdle
SetLayeredWindowAttributes
ShowWindow
CreateWindowExW
RegisterClassExW
ExitWindowsEx
GetMessageW
SetWindowLongW
GetWindowLongW
SetFocus
EmptyClipboard
SetParent
SetWindowRgn
GetMenuItemID
MonitorFromWindow
GetMonitorInfoW
SendMessageW
SetClipboardData
CloseClipboard
OpenClipboard
AttachThreadInput
CreateIconIndirect
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
DrawStateW
GetWindow
RedrawWindow
SetWindowPlacement
GetWindowPlacement
MoveWindow
CharLowerBuffW
CharLowerBuffA
FillRect
MapWindowPoints
SetWindowTextW
GetDlgItem
CharLowerW
LoadIconW
GetShellWindow
DeleteMenu
GetMenuItemCount
SetWindowPos
CopyIcon
GetClassNameW
KillTimer
SetTimer
GetMenuDefaultItem
TrackPopupMenu
UnregisterClassW
ClientToScreen
InsertMenuW
SetForegroundWindow
SendInput
TabbedTextOutW
GrayStringW
GetMenuItemInfoW
ToUnicodeEx
GetKeyboardLayoutList
GetKeyboardLayout
IsIconic
CharUpperW
IsCharLowerW
GetKeyboardState
GetKeyNameTextW
MapVirtualKeyExW
IsWindowEnabled
CopyAcceleratorTableW
IsZoomed
IsClipboardFormatAvailable
GetCursor
IsMenu
IsChild
GetDlgCtrlID
GetWindowRgn
HideCaret
ShowCaret
DrawTextExW
GetClassInfoW
DefWindowProcW
EqualRect
IsRectEmpty
SetRectEmpty
GetForegroundWindow
SetMenuDefaultItem
SystemParametersInfoW
SetClassLongPtrW
InflateRect
CopyRect
DrawFocusRect
AppendMenuW
SetActiveWindow
UnionRect
GetMenuStringW
LookupIconIdFromDirectoryEx
DrawEdge
GetDoubleClickTime
GetMenu
SetMenu
GetMenuState
GetClassLongPtrW
SetCursorPos
GetClassLongW
CallWindowProcW
IsWindowUnicode
GetWindowLongPtrA
SetWindowLongPtrA
GetScrollInfo
GetTabbedTextExtentA
GetTopWindow
EnableWindow
DestroyIcon
IsWindowVisible
GetActiveWindow
GetWindowTextW
MessageBoxW
GetDesktopWindow
EnumWindows
GetDC
ReleaseDC
RegisterWindowMessageW
PostMessageW
IsWindow
GetFocus
GetKeyState
DrawTextW
InvalidateRect
GetClientRect
SetCursor
GetCursorPos
ScreenToClient
GetSysColor
SetRect
OffsetRect
PtInRect
GetParent
LoadCursorW
LoadImageW
DrawIconEx
GetIconInfo
GetSystemMetrics
GetWindowRect
SendMessageTimeoutW
GetWindowThreadProcessId
DrawFrameControl
GetMessagePos
CreatePopupMenu
SetDlgItemTextW
SetScrollInfo
EndDialog
ShowOwnedPopups
GetWindowDC
CharNextW
DestroyMenu
SetWindowContextHelpId
DrawMenuBar
DefFrameProcW
TranslateMDISysAccel
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
RealChildWindowFromPoint
InvalidateRgn
GetNextDlgGroupItem
PostThreadMessageW
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
GetScrollRange
SetScrollRange
GetScrollPos
ValidateRect
GetClassInfoExW
RegisterClassW
GetMessageTime
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
SendDlgItemMessageA
MapDialogRect

gdi32

GetViewportOrgEx
CreateFontW
Polyline
CreatePatternBrush
Ellipse
GetCharWidthW
GetClipRgn
GetCurrentPositionEx
GetTextAlign
GetTextExtentPoint32A
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
BeginPath
CloseFigure
EndPath
FillPath
StrokeAndFillPath
StrokePath
MoveToEx
PolyBezierTo
OffsetViewportOrgEx
GetRgnBox
CreatePolygonRgn
SetPixelV
FillRgn
FrameRgn
ExcludeClipRect
SelectClipRgn
PtInRegion
SetMapMode
SetTextAlign
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
SetRectRgn
DPtoLP
GetBitmapBits
ExtCreateRegion
GetCurrentObject
Polygon
EnumFontFamiliesExW
SetPixel
GetTextMetricsW
GetPixel
CreateRoundRectRgn
CreateDCW
CreateRectRgn
CombineRgn
CreateDIBSection
SetTextColor
SetStretchBltMode
StretchDIBits
StretchBlt
SetDIBitsToDevice
SetBkMode
SetBkColor
ExtSelectClipRgn
SaveDC
RealizePalette
RestoreDC
PatBlt
GetDIBits
GetClipBox
DeleteDC
CreateRectRgnIndirect
CreateBitmap
GetTextColor
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetBkColor
Escape
RoundRect
Rectangle
GetTextExtentPoint32W
GetStockObject
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SelectObject
DeleteObject
CreateSolidBrush
BitBlt
GetDeviceCaps

msimg32

GradientFill
AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

RegOpenKeyExW
RegCreateKeyW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
DuplicateTokenEx
CloseServiceHandle
ControlService
RegQueryValueW
RegEnumKeyW
GetUserNameW
RegEnumValueW
ConvertSidToStringSidW
IsValidSid
GetTokenInformation
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
EnumServicesStatusExW

shell32

ShellExecuteW
ord680
DragQueryFileW
DragAcceptFiles
ExtractIconExW
SHGetFileInfoW
CommandLineToArgvW
SHFileOperationW
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteExW
SHChangeNotify
SHGetMalloc
SHGetSpecialFolderLocation
SHAppBarMessage
Shell_NotifyIconW
DragFinish

comctl32

ImageList_Draw
ImageList_AddMasked
_TrackMouseEvent
ImageList_Destroy
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetImageCount
ImageList_Add
ImageList_DrawEx
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageInfo

shlwapi

SHDeleteKeyW
PathFileExistsW
PathIsDirectoryW
PathIsRelativeW
PathRemoveArgsW
PathUnquoteSpacesW
PathGetArgsW
PathParseIconLocationW
PathCompactPathW
StrFormatByteSizeW
PathAddBackslashW
PathRemoveFileSpecW
SHStrDupW
PathStripPathW
PathMatchSpecW
ord487
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
UrlUnescapeW

uxtheme

IsAppThemed
DrawThemeParentBackground
OpenThemeData
DrawThemeBackground
GetThemePartSize
CloseThemeData
IsThemeBackgroundPartiallyTransparent

ole32

CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoInitialize
CoCreateGuid
CoTaskMemAlloc
CoInitializeSecurity
CoTaskMemFree
PropVariantClear
CoCreateInstance
CoInitializeEx
CoUninitialize
CreateILockBytesOnHGlobal

oleaut32

SysAllocString
SysAllocStringLen
LoadTypeLi
SafeArrayGetElemsize
SafeArrayGetDim
OleCreateFontIndirect
VariantChangeType
VarUdateFromDate
VarBstrFromDate
VarDateFromStr
VariantChangeTypeEx
VariantTimeToSystemTime
SystemTimeToVariantTime
OleLoadPicturePath
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantCopy
VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayDestroy
SysFreeString
SafeArrayGetLBound

oledlg

OleUIBusyW
OleUIAddVerbMenuW

gdiplus

GdipGetImageWidth
GdipGetImageHeight
GdipImageRotateFlip
GdipCreateBitmapFromHICON
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipFree
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipAlloc

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

winmm

PlaySoundW

oleacc

CreateStdAccessibleObject
LresultFromObject

wininet

InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCrackUrlW
InternetCanonicalizeUrlW

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 991KB - Virtual size: 990KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 54KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Portable/UninstallTool_x86.dat
.exe windows:5 windows x86 arch:x86

1b7063d8e156ba4aada830808ca8a217

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07/06/2005, 08:09

Not After

30/05/2020, 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27/04/2011, 00:00

Not After

30/05/2020, 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

30/05/2020, 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

07/02/2020, 00:00

Not After

06/05/2023, 23:59

Subject

CN=CrystalBit Solutions,O=CrystalBit Solutions,POSTALCODE=8620,STREET=Schoolstraat 24,L=Nieuwpoort,ST=West Vlaanderen,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:75:1d:56:5f:21:20:d9:e3:01:2c:68:17:0b:56:42:29:97:b0:d0:c2:5d:1e:98:87:92:12:32:59:b4:23:62
Signer

Actual PE Digest

83:75:1d:56:5f:21:20:d9:e3:01:2c:68:17:0b:56:42:29:97:b0:d0:c2:5d:1e:98:87:92:12:32:59:b4:23:62

Digest Algorithm

sha256

PE Digest Matches

true

b2:9e:86:20:82:9e:31:c2:5c:6d:3b:e3:c7:b2:14:45:4c:89:5d:c1
Signer

Actual PE Digest

b2:9e:86:20:82:9e:31:c2:5c:6d:3b:e3:c7:b2:14:45:4c:89:5d:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

G:\Projects\uninstall-tool\Ready\UninstallTool-x86.pdb

Imports

kernel32

SetErrorMode
FindResourceExW
GetUserDefaultLCID
WaitForSingleObjectEx
IsProcessorFeaturePresent
UnhandledExceptionFilter
QueryPerformanceCounter
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
FindFirstFileExW
GetDriveTypeW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GlobalFlags
GetTimeZoneInformation
GetOEMCP
IsValidCodePage
EnumSystemLocalesW
IsValidLocale
GetStdHandle
HeapQueryInformation
VirtualQuery
GetSystemInfo
GetFileType
SetStdHandle
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
RtlUnwind
GetCPInfo
LCMapStringW
SwitchToThread
GetStringTypeW
GetFileSizeEx
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
DuplicateHandle
UnlockFile
SetEndOfFile
LockFile
GetVolumeInformationW
FlushFileBuffers
GetThreadLocale
GetPrivateProfileIntW
SuspendThread
GlobalFindAtomW
GlobalAddAtomW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
GetACP
GlobalFree
CompareStringW
EnumResourceLanguagesW
EnumResourceNamesW
EnumResourceTypesW
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrcmpA
SetThreadPriority
CreateDirectoryW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetModuleHandleA
FreeResource
InterlockedIncrement
OutputDebugStringW
LocalUnlock
GetSystemDefaultUILanguage
LocalLock
GetVersionExW
VirtualFree
VirtualAlloc
GetWindowsDirectoryW
ExpandEnvironmentStringsW
lstrcatW
VirtualProtect
GetNativeSystemInfo
GetVersion
SetUnhandledExceptionFilter
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetCurrentThread
GetProcessTimes
CompareFileTime
GetTempPathW
QueryDosDeviceW
GetTempFileNameW
GetLogicalDriveStringsW
GetFullPathNameW
GetFileAttributesW
FindNextFileW
FindFirstFileW
FindClose
SetFilePointer
lstrlenA
ExitProcess
lstrcpyW
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
OpenEventW
OpenMutexW
CreateMutexW
FormatMessageW
LocalFree
LocalAlloc
SetFileAttributesW
RemoveDirectoryW
IsBadWritePtr
IsBadReadPtr
MoveFileExW
SystemTimeToFileTime
GetFileAttributesExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileTime
lstrcmpiW
LoadLibraryW
ResumeThread
GetLongPathNameW
GetExitCodeThread
WriteFile
InterlockedDecrement
GetTickCount
WinExec
InitializeCriticalSectionAndSpinCount
RaiseException
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
DecodePointer
lstrcmpW
SearchPathW
GetComputerNameW
DeleteFileW
GetCommandLineW
CreateThread
GetLocalTime
GetCurrentDirectoryW
Sleep
lstrcpynW
LoadLibraryA
FreeLibrary
CreateProcessW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
GetExitCodeProcess
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
ReadFile
GetFileSize
GetProcAddress
InterlockedExchangeAdd
InterlockedExchange
lstrlenW
GetLastError
TerminateProcess
OpenProcess
MulDiv
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetUserDefaultUILanguage
VerifyVersionInfoW
GetCurrentProcessId
GetCurrentProcess
VerSetConditionMask
TerminateThread
WideCharToMultiByte
MultiByteToWideChar
FindResourceW
GetModuleHandleW
GetSystemTime
SizeofResource
LoadResource
LockResource
CreateFileW
CreateEventW
CloseHandle
DeviceIoControl
WaitForMultipleObjects
WaitForSingleObject
ResetEvent
SetEvent
SetLastError
GetConsoleCP

user32

LoadMenuW
MapVirtualKeyW
wsprintfW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
IntersectRect
InvertRect
LockWindowUpdate
GetDCEx
GetSubMenu
GetCapture
GetNextDlgTabItem
GetSysColorBrush
AdjustWindowRectEx
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
CreateIconFromResourceEx
LoadBitmapW
RegisterClipboardFormatW
ReleaseCapture
SetCapture
WindowFromPoint
ShowScrollBar
GetUpdateRect
WinHelpW
IsDialogMessageW
GetLastActivePopup
MessageBeep
EndPaint
BeginPaint
DrawIcon
EnableMenuItem
GetSystemMenu
GetAsyncKeyState
GetDialogBaseUnits
CheckDlgButton
CreateDialogIndirectParamW
DestroyWindow
PostQuitMessage
WaitMessage
PeekMessageW
DispatchMessageW
TranslateMessage
LoadStringW
EnumDisplaySettingsW
FindWindowExW
FindWindowW
WaitForInputIdle
SetLayeredWindowAttributes
ShowWindow
CreateWindowExW
RegisterClassExW
ExitWindowsEx
GetMessageW
SetWindowLongW
GetTopWindow
SetParent
SetWindowRgn
SendMessageW
EnableWindow
GetWindowLongW
SetFocus
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
AttachThreadInput
CreateIconIndirect
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
DrawStateW
GetWindow
RedrawWindow
SetWindowPlacement
GetWindowPlacement
MoveWindow
CharLowerBuffW
CharLowerBuffA
FillRect
MapWindowPoints
SetWindowTextW
GetDlgItem
CharLowerW
LoadIconW
GetShellWindow
DeleteMenu
GetMenuItemCount
SetWindowPos
CopyIcon
GetClassNameW
KillTimer
SetTimer
GetMenuDefaultItem
TrackPopupMenu
UnregisterClassW
ClientToScreen
InsertMenuW
SetForegroundWindow
SendInput
TabbedTextOutW
GrayStringW
DrawTextExW
GetMenuItemID
GetMenuItemInfoW
ToUnicodeEx
GetKeyboardLayoutList
GetKeyboardLayout
IsIconic
CharUpperW
IsCharLowerW
GetKeyboardState
GetKeyNameTextW
MapVirtualKeyExW
IsWindowEnabled
CopyAcceleratorTableW
IsZoomed
IsClipboardFormatAvailable
GetCursor
IsMenu
IsChild
GetDlgCtrlID
GetWindowRgn
HideCaret
ShowCaret
GetClassInfoW
DefWindowProcW
EqualRect
IsRectEmpty
SetRectEmpty
GetForegroundWindow
SetMenuDefaultItem
SystemParametersInfoW
SetClassLongW
InflateRect
CopyRect
DrawFocusRect
AppendMenuW
CreatePopupMenu
SetActiveWindow
UnionRect
GetMenuStringW
LookupIconIdFromDirectoryEx
DrawEdge
GetDoubleClickTime
GetMenu
SetMenu
GetMenuState
GetClassLongW
SetCursorPos
CallWindowProcW
IsWindowUnicode
GetWindowLongA
SetWindowLongA
GetScrollInfo
GetTabbedTextExtentA
UpdateWindow
DestroyIcon
IsWindowVisible
GetActiveWindow
GetWindowTextW
MessageBoxW
GetDesktopWindow
EnumWindows
GetDC
ReleaseDC
RegisterWindowMessageW
PostMessageW
IsWindow
GetFocus
GetKeyState
DrawTextW
InvalidateRect
GetClientRect
SetCursor
GetCursorPos
ScreenToClient
GetSysColor
SetRect
OffsetRect
PtInRect
GetParent
LoadCursorW
LoadImageW
DrawIconEx
GetIconInfo
GetSystemMetrics
GetWindowRect
SendMessageTimeoutW
GetWindowThreadProcessId
MessageBoxA
DrawFrameControl
GetMessagePos
EndDialog
ShowOwnedPopups
GetWindowDC
CharNextW
DestroyMenu
SetWindowContextHelpId
DrawMenuBar
DefFrameProcW
TranslateMDISysAccel
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
RealChildWindowFromPoint
InvalidateRgn
GetNextDlgGroupItem
PostThreadMessageW
SetDlgItemTextW
GetMonitorInfoW
MonitorFromWindow
SetScrollInfo
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
GetScrollRange
SetScrollRange
GetScrollPos
ValidateRect
GetClassInfoExW
RegisterClassW
GetMessageTime
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
SendDlgItemMessageA
MapDialogRect

gdi32

Ellipse
GetCharWidthW
GetClipRgn
GetCurrentPositionEx
GetTextAlign
GetTextExtentPoint32A
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
BeginPath
CloseFigure
EndPath
FillPath
StrokeAndFillPath
StrokePath
MoveToEx
PolyBezierTo
OffsetViewportOrgEx
GetRgnBox
CreatePolygonRgn
SetPixelV
FillRgn
FrameRgn
ExcludeClipRect
SelectClipRgn
SetMapMode
CreatePatternBrush
SetTextAlign
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
SetRectRgn
DPtoLP
Polyline
CreateFontW
GetViewportOrgEx
PtInRegion
GetBitmapBits
ExtCreateRegion
GetTextColor
GetCurrentObject
Polygon
EnumFontFamiliesExW
SetPixel
GetTextMetricsW
GetPixel
CreateRoundRectRgn
CreateDCW
CreateRectRgn
CombineRgn
CreateDIBSection
SetTextColor
SetStretchBltMode
StretchDIBits
StretchBlt
SetDIBitsToDevice
SetBkMode
SetBkColor
ExtSelectClipRgn
SaveDC
RealizePalette
RestoreDC
PatBlt
GetDIBits
GetClipBox
DeleteDC
CreateRectRgnIndirect
CreateBitmap
ExtTextOutW
RectVisible
PtVisible
GetBkColor
Escape
BitBlt
RoundRect
Rectangle
GetTextExtentPoint32W
GetStockObject
CreatePen
CreateFontIndirectW
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectW
SelectObject
DeleteObject
CreateSolidBrush
TextOutW
GetDeviceCaps

msimg32

AlphaBlend
GradientFill

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

advapi32

RegOpenKeyExW
RegCreateKeyW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueExW
RegSetValueExA
RegQueryInfoKeyW
OpenProcessToken
AdjustTokenPrivileges
RegQueryValueW
RegEnumKeyW
GetUserNameW
RegEnumValueW
ConvertSidToStringSidW
IsValidSid
GetTokenInformation
RegCloseKey
RegEnumKeyExW
RegDeleteKeyW
StartServiceW
QueryServiceStatus
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
EnumServicesStatusExW
ControlService
CloseServiceHandle
DuplicateTokenEx
LookupPrivilegeValueW

shell32

ShellExecuteW
ord680
DragQueryFileW
DragAcceptFiles
ExtractIconExW
SHGetFileInfoW
CommandLineToArgvW
SHFileOperationW
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ShellExecuteExW
SHChangeNotify
SHGetMalloc
SHGetSpecialFolderLocation
SHAppBarMessage
Shell_NotifyIconW
DragFinish

comctl32

ImageList_Draw
ImageList_AddMasked
_TrackMouseEvent
ImageList_Destroy
ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_GetImageCount
ImageList_Add
ImageList_DrawEx
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageInfo

shlwapi

SHDeleteKeyW
PathFileExistsW
PathIsDirectoryW
PathIsRelativeW
PathRemoveArgsW
PathUnquoteSpacesW
PathGetArgsW
PathParseIconLocationW
PathCompactPathW
StrFormatByteSizeW
PathAddBackslashW
PathRemoveFileSpecW
SHStrDupW
PathStripPathW
PathMatchSpecW
ord487
PathFindExtensionW
PathFindFileNameW
PathIsUNCW
PathStripToRootW
UrlUnescapeW

uxtheme

DrawThemeParentBackground
CloseThemeData
DrawThemeBackground
GetThemePartSize
IsAppThemed
IsThemeBackgroundPartiallyTransparent
OpenThemeData

ole32

CreateILockBytesOnHGlobal
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromProgID
CLSIDFromString
CoDisconnectObject
CoInitialize
CoCreateGuid
CoTaskMemAlloc
CoInitializeSecurity
CoTaskMemFree
PropVariantClear
CoCreateInstance
CoInitializeEx
CoUninitialize

oleaut32

SysAllocString
SysAllocStringLen
LoadTypeLi
SafeArrayGetElemsize
SafeArrayGetDim
OleCreateFontIndirect
VariantChangeType
VarUdateFromDate
VarBstrFromDate
VarDateFromStr
VariantChangeTypeEx
VariantTimeToSystemTime
SystemTimeToVariantTime
OleLoadPicturePath
SysAllocStringByteLen
SysStringByteLen
SysStringLen
VariantCopy
VariantClear
VariantInit
SafeArrayCreateVector
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayDestroy
SysFreeString

oledlg

OleUIBusyW
OleUIAddVerbMenuW

gdiplus

GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipImageRotateFlip
GdipCreateBitmapFromHICON
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipFree
GdipCloneImage
GdiplusShutdown
GdipAlloc
GdiplusStartup

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW

winmm

PlaySoundW

oleacc

CreateStdAccessibleObject
LresultFromObject

wininet

InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetSetOptionW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetOpenW
InternetCanonicalizeUrlW
InternetCrackUrlW

Exports

Exports

_EXECryptor_AntiDebug@0
_EXECryptor_DecodeSerialNumber@16
_EXECryptor_DecodeSerialNumberW@16
_EXECryptor_DecryptStr@8
_EXECryptor_DecryptStrW@8
_EXECryptor_EncryptStr@8
_EXECryptor_EncryptStrW@8
_EXECryptor_GetDate@0
_EXECryptor_GetEXECryptorVersion@0
_EXECryptor_GetHardwareID@0
_EXECryptor_GetProcAddr@8
_EXECryptor_GetReleaseDate@0
_EXECryptor_GetTrialDaysLeft@4
_EXECryptor_GetTrialRunsLeft@4
_EXECryptor_IsAppProtected@0
_EXECryptor_IsRegistered@0
_EXECryptor_MessageBoxA@16
_EXECryptor_ProtectImport@0
_EXECryptor_RegConst_0@0
_EXECryptor_RegConst_1@0
_EXECryptor_RegConst_2@0
_EXECryptor_RegConst_3@0
_EXECryptor_RegConst_4@0
_EXECryptor_RegConst_5@0
_EXECryptor_RegConst_6@0
_EXECryptor_RegConst_7@0
_EXECryptor_SecureRead@8
_EXECryptor_SecureReadW@8
_EXECryptor_SecureWrite@8
_EXECryptor_SecureWriteW@8
_EXECryptor_VerifySerialNumber@16
_EXECryptor_VerifySerialNumberW@16

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 536KB - Virtual size: 536KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 42KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Portable/languages/Arabic.xml
Portable/languages/Armenian.xml
Portable/languages/Azerbaijani.xml
Portable/languages/Belarusian.xml
Portable/languages/Bulgarian.xml
Portable/languages/Chinese_Simplified.xml
Portable/languages/Chinese_Traditional.xml
Portable/languages/Croatian.xml
Portable/languages/Czech.xml
Portable/languages/Danish.xml
Portable/languages/Dutch.xml
Portable/languages/English.xml
Portable/languages/Estonian.xml
Portable/languages/French.xml
Portable/languages/Georgian.xml
Portable/languages/German.xml
Portable/languages/Greek.xml
Portable/languages/Hebrew.xml
Portable/languages/Hindi.xml
Portable/languages/Hungarian.xml
Portable/languages/Indonesian.xml
Portable/languages/Italian.xml
Portable/languages/Japanese.xml
Portable/languages/Korean.xml
Portable/languages/Latvian.xml
Portable/languages/Lithuanian.xml
Portable/languages/Norwegian.xml
Portable/languages/Persian.xml
Portable/languages/Polish.xml
Portable/languages/Portuguese.xml
Portable/languages/Portuguese_Brazilian.xml
Portable/languages/Romanian.xml
Portable/languages/Russian.xml
Portable/languages/Serbian_Cyrillic.xml
Portable/languages/Serbian_Latin.xml
Portable/languages/Slovak.xml
Portable/languages/Spanish.xml
Portable/languages/Swedish.xml
Portable/languages/Turkish.xml
Portable/languages/Ukrainian.xml
Portable/languages/Vietnamese.xml
Portable/x64/CisUtMonitor.inf
Portable/x64/CisUtMonitor.sys
.sys windows:6 windows x64 arch:x64

f43b6ef93625d306e6fdaf0ae00f11b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\_prog\kleuter\driver\cisutmonitor\obj_release\amd64\CisUtMonitor.pdb

Imports

ntoskrnl.exe

ExDeletePagedLookasideList
IoUnregisterShutdownNotification
ExEventObjectType
IofCompleteRequest
ExQueryDepthSList
ObReferenceObjectByHandle
KeWaitForSingleObject
PsGetVersion
ExInterlockedRemoveHeadList
CmRegisterCallback
IoCreateSymbolicLink
ExInitializePagedLookasideList
ObfDereferenceObject
IoCreateDevice
CmUnRegisterCallback
DbgPrint
ExDeleteNPagedLookasideList
IoThreadToProcess
KeSetEvent
ExpInterlockedPopEntrySList
ExInterlockedInsertTailList
PsGetProcessId
KeReleaseMutex
ExAllocatePoolWithTag
_wcsnicmp
RtlCheckRegistryKey
ZwQueryValueKey
RtlCompareUnicodeString
RtlConvertSidToUnicodeString
ZwOpenThreadTokenEx
RtlTimeToSecondsSince1970
MmGetSystemRoutineAddress
ZwOpenProcessTokenEx
ObQueryNameString
ExSystemTimeToLocalTime
ZwClose
ZwOpenProcess
RtlCopyUnicodeString
MmIsAddressValid
ZwQueryInformationToken
ZwOpenKey
KeBugCheckEx
PsSetCreateProcessNotifyRoutine
ExpInterlockedPushEntrySList
IoDeleteDevice
RtlInitUnicodeString
ExInitializeNPagedLookasideList
KeInitializeMutex
IoRegisterShutdownNotification
ExFreePoolWithTag
_wcsicmp
IoDeleteSymbolicLink
__C_specific_handler

fltmgr.sys

FltReleaseFileNameInformation
FltCloseCommunicationPort
FltGetFileNameInformation
FltGetDestinationFileNameInformation
FltStartFiltering
FltRegisterFilter
FltUnregisterFilter
FltParseFileNameInformation

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 130B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Portable/x86/CisUtMonitor.inf
Portable/x86/CisUtMonitor.sys
.sys windows:6 windows x86 arch:x86

76aba047f0b037cb0deb0211092d4824

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\_prog\kleuter\driver\cisutmonitor\obj_release\i386\CisUtMonitor.pdb

Imports

ntoskrnl.exe

ExEventObjectType
DbgPrint
ObfDereferenceObject
ExFreePoolWithTag
ExfInterlockedRemoveHeadList
memcpy
IofCompleteRequest
KeWaitForSingleObject
KeReleaseMutex
IoRegisterShutdownNotification
IoCreateSymbolicLink
CmRegisterCallback
KeInitializeMutex
ExInitializePagedLookasideList
ExInitializeNPagedLookasideList
IoCreateDevice
memset
PsGetVersion
InterlockedPopEntrySList
KeSetEvent
ExfInterlockedInsertTailList
PsGetProcessId
IoThreadToProcess
KeGetCurrentThread
ExAllocatePoolWithTag
_wcsicmp
_wcsnicmp
RtlCheckRegistryKey
ObReferenceObjectByHandle
ZwQueryValueKey
ZwDeleteKey
ZwSetValueKey
ZwCreateKey
RtlCompareUnicodeString
RtlCopyUnicodeString
MmGetSystemRoutineAddress
ZwClose
ZwOpenProcess
RtlTimeToSecondsSince1970
ExSystemTimeToLocalTime
KeQuerySystemTime
ObQueryNameString
MmIsAddressValid
ZwOpenKey
RtlConvertSidToUnicodeString
ZwQueryInformationToken
ZwOpenProcessTokenEx
ZwOpenThreadTokenEx
MmUnmapLockedPages
MmMapLockedPages
MmBuildMdlForNonPagedPool
MmCreateMdl
ExAllocatePool
KeServiceDescriptorTable
KeTickCount
KeBugCheckEx
PsSetCreateProcessNotifyRoutine
CmUnRegisterCallback
RtlInitUnicodeString
IoDeleteSymbolicLink
IoUnregisterShutdownNotification
ExDeleteNPagedLookasideList
ExDeletePagedLookasideList
IoDeleteDevice
ZwQueryObject
InterlockedPushEntrySList
RtlUnwind

fltmgr.sys

FltGetFileNameInformation
FltParseFileNameInformation
FltReleaseFileNameInformation
FltCloseCommunicationPort
FltRegisterFilter
FltStartFiltering
FltUnregisterFilter
FltGetDestinationFileNameInformation

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 424B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 930B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f0e8305f3a2a23ba622fa7f18bf7cd51

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1bCertificate

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4Certificate

Extended Key Usages

Key Usages

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28Certificate

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

8b:ec:d9:b0:10:5b:8d:11:83:8f:db:89:1c:33:09:2b:13:25:95:5d:de:cc:aa:1e:bf:56:59:dd:aa:45:f4:dbSigner

af:1e:c2:ab:ce:3e:50:30:38:7a:9b:39:1d:c8:e7:1f:f6:0f:56:32Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 96KB - Virtual size: 96KB

z0tyg8go Size: 58KB - Virtual size: 60KB

.data Size: 3KB - Virtual size: 8KB

.rsrc Size: 2KB - Virtual size: 4KB

oc7esfle Size: 287KB - Virtual size: 288KB

0.jibmbs Size: 512B - Virtual size: 4KB

c42b0c1f41e0605c4616086c8aef5ed6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1bCertificate

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4Certificate

Extended Key Usages

Key Usages

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28Certificate

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1b
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

8b:ec:d9:b0:10:5b:8d:11:83:8f:db:89:1c:33:09:2b:13:25:95:5d:de:cc:aa:1e:bf:56:59:dd:aa:45:f4:db
Signer

af:1e:c2:ab:ce:3e:50:30:38:7a:9b:39:1d:c8:e7:1f:f6:0f:56:32
Signer

.text
Size: 96KB - Virtual size: 96KB

z0tyg8go
Size: 58KB - Virtual size: 60KB

.data
Size: 3KB - Virtual size: 8KB

.rsrc
Size: 2KB - Virtual size: 4KB

oc7esfle
Size: 287KB - Virtual size: 288KB

0.jibmbs
Size: 512B - Virtual size: 4KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

23:e8:29:0d:71:95:04:18:c0:08:59:7e:42:f7:48:1b
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

93:92:85:40:01:65:71:5f:94:7f:28:8f:ef:c9:9b:28
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

44:18:e4:04:4b:5a:b7:74:fc:aa:9d:61:bd:8e:83:b4
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

06:66:0e:95:ab:71:4d:1c:71:cf:9c:87:64:c4:9e:d8:46:e5:05:eb:75:3d:65:a3:e4:a4:1d:3c:17:b0:fe:9d
Signer

db:13:f0:2b:09:a1:4c:f9:c2:09:ab:4b:95:e8:fc:12:61:0d:ea:96
Signer

.text
Size: 149KB - Virtual size: 149KB

.rdata
Size: 63KB - Virtual size: 62KB

.data
Size: 3KB - Virtual size: 6KB

.rsrc
Size: 87KB - Virtual size: 86KB

.reloc
Size: 8KB - Virtual size: 8KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

c8:2f:ac:5d:4f:72:88:47:14:64:a3:99:82:a0:d3:7f
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

d4:7e:6d:68:06:2e:de:29:22:3f:b2:91:32:2c:a7:20:2c:f7:a1:26:7c:bf:88:ce:e2:2d:db:cc:48:fb:99:06
Signer

2b:62:9d:98:46:73:14:03:8e:e5:e3:ff:e1:cc:11:ea:00:9f:76:59
Signer