zgrat | executor x64-x23[.]zip

Sharing

Copy URL Twitter E-mail

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-fil>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

General

Target

executor x64-x23.zip
Size

21.1MB
MD5

f9f78c2be45228af8f238a02a23060cc
SHA1

b245acceefd1abc0cb920bfb77b6a4deebbfaecc
SHA256

c21f14a55785ea00f68c753ed97f00880a331f7f3055bab7257568dbbe9baf91
SHA512

7acdf5deacd3a36947765f9f01769942163f5688df1e9c573630c4bc3e4d9d6dc26cd2dc784e1b7b7fecbca04403ede76f36d5fd8cb5a5cbd78ffe9ef84ec9e9
SSDEEP

393216:csC03oJ7QER+u7gUttG3w5hey2yVHrx/O5S3x9VTyd6f77/jhCke7We:2+U+u7httG3kSgJO5WtyQfHlCkeye

Score

10^/10

zgrat

Malware Config

Signatures

Detect ZGRat V1 1 IoCs

resource	yara_rule
static1/unpack001/executor x64-x23/executor/louder.exe	family_zgrat_v1

Zgrat family
zgrat

Files

executor x64-x23.zip
.zip

Password: 1313
executor x64-x23/executor/louder.exe
.exe windows:4 windows x86 arch:x86

Password: 1313

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:01:94:cd:1e:31:42:20:51:35:d1:c6:36:e4:e9:ba
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/10/2022, 00:00

Not After

15/10/2025, 23:59

Subject

CN=NVIDIA Corporation,OU=1-F,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14/09/2023, 19:14

Not After

04/09/2024, 19:14

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0b:aa:c1:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

18/04/2012, 23:48

Not After

18/04/2027, 23:58

Subject

CN=Microsoft Windows Third Party Component CA 2012,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:8b:3c:e5:1a:65:cc:1a:2c:22:60:48:49:78:68:4f:1a:56:34:55:e0:a3:a2:5a:ea:b1:61:cd:39:34:a3:d8
Signer

Actual PE Digest

c6:8b:3c:e5:1a:65:cc:1a:2c:22:60:48:49:78:68:4f:1a:56:34:55:e0:a3:a2:5a:ea:b1:61:cd:39:34:a3:d8

Digest Algorithm

sha256

PE Digest Matches

false

c6:8b:3c:e5:1a:65:cc:1a:2c:22:60:48:49:78:68:4f:1a:56:34:55:e0:a3:a2:5a:ea:b1:61:cd:39:34:a3:d8
Signer

Actual PE Digest

c6:8b:3c:e5:1a:65:cc:1a:2c:22:60:48:49:78:68:4f:1a:56:34:55:e0:a3:a2:5a:ea:b1:61:cd:39:34:a3:d8

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Performance.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 674KB - Virtual size: 673KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
executor x64-x23/executor/menu.lua
executor x64-x23/executor/scriрts/amd64/cmm/CIEXYZ.pf
executor x64-x23/executor/scriрts/amd64/cmm/GRAY.pf
executor x64-x23/executor/scriрts/amd64/cmm/LINEAR_RGB.pf
executor x64-x23/executor/scriрts/amd64/cmm/PYCC.pf
executor x64-x23/executor/scriрts/amd64/cmm/accessibility.properties
executor x64-x23/executor/scriрts/amd64/cmm/calendars.properties
executor x64-x23/executor/scriрts/amd64/cmm/charsets.jar
.jar
executor x64-x23/executor/scriрts/amd64/cmm/classlist
executor x64-x23/executor/scriрts/amd64/cmm/content-types.properties
executor x64-x23/executor/scriрts/amd64/cmm/currency.data
executor x64-x23/executor/scriрts/amd64/cmm/deploy.jar
.jar
executor x64-x23/executor/scriрts/amd64/cmm/flavormap.properties
executor x64-x23/executor/scriрts/amd64/cmm/javaws.jar
.jar
executor x64-x23/executor/scriрts/amd64/cmm/jsse.jar
.jar
executor x64-x23/executor/scriрts/amd64/cmm/plugin.jar
.jar
executor x64-x23/executor/scriрts/amd64/cmm/sRGB.pf
executor x64-x23/executor/scriрts/amd64/jvm.cfg
executor x64-x23/executor/scriрts/applet/ShadowPlay/NVSPCAPS/_nvspcaps64.dll
.dll windows:6 windows x64 arch:x64

Password: 1313

c27cb76bf211b8bcd4628bb3c785f146

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4b:7d:5d:f4:ad:da:af:83:e0:e5:42:60:86:e7:68:43:ca:5e:b6:75:6c:6b:ae:6f:3a:18:3b:cc:27:93:13:a2
Signer

Actual PE Digest

4b:7d:5d:f4:ad:da:af:83:e0:e5:42:60:86:e7:68:43:ca:5e:b6:75:6c:6b:ae:6f:3a:18:3b:cc:27:93:13:a2

Digest Algorithm

sha256

PE Digest Matches

true

2b:90:4c:82:c6:09:f4:e9:03:a9:fc:30:1b:26:cf:4c:74:db:c1:59
Signer

Actual PE Digest

2b:90:4c:82:c6:09:f4:e9:03:a9:fc:30:1b:26:cf:4c:74:db:c1:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\server\win7_amd64_release\_nvspcaps64.pdb

Imports

kernel32

DeleteCriticalSection
LoadLibraryW
WideCharToMultiByte
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
CreateThread
WaitForMultipleObjects
CreateSemaphoreA
ResetEvent
GetFileAttributesA
Sleep
TerminateProcess
GetExitCodeProcess
GetTickCount
OpenEventA
HeapFree
GetProcessHeap
CreateEventW
GetSystemTimeAsFileTime
OpenProcess
GetCurrentThreadId
GetThreadId
GetModuleHandleA
CreateDirectoryA
CreateFileA
OutputDebugStringA
GetLocalTime
GetModuleFileNameW
MoveFileExA
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryA
MultiByteToWideChar
CreateDirectoryW
RemoveDirectoryW
GetTempPathW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
K32GetModuleFileNameExW
InitializeCriticalSectionEx
Process32FirstW
Process32NextW
SetCurrentDirectoryA
GetCurrentProcess
ProcessIdToSessionId
GetSystemDirectoryA
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
WTSGetActiveConsoleSessionId
K32GetProcessMemoryInfo
GetSystemTime
SystemTimeToFileTime
DeleteFileA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
QueryFullProcessImageNameA
RaiseException
DecodePointer
WriteFile
ReadFile
GetFileSizeEx
VerifyVersionInfoW
SetEndOfFile
ReadConsoleW
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
CloseHandle
lstrcmpA
LocalFree
LocalAlloc
LoadLibraryExW
GetModuleHandleW
CreateProcessW
CreateProcessA
SetLastError
OutputDebugStringW
GetFullPathNameW
GetFileAttributesW
CreateFileW
VerSetConditionMask
GetProcAddress
FreeLibrary
GetSystemDirectoryW
CreateWaitableTimerA
CancelWaitableTimer
SetWaitableTimer
GetLastError
CreateToolhelp32Snapshot
FlushFileBuffers
GetStringTypeW
SetConsoleCtrlHandler
GetACP
GetCurrentThread
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ReleaseMutex
OpenFileMappingA
CreateMutexA
OpenMutexA
CreateMutexW
OpenMutexW
OpenEventW
CreateFileMappingW
OpenFileMappingW

user32

FindWindowA
UnregisterClassA
WaitForInputIdle
PostThreadMessageA
GetMessageA
TranslateMessage
DispatchMessageA
RegisterDeviceNotificationA
UnregisterDeviceNotification
DefWindowProcA
PostQuitMessage
RegisterClassExA
GetWindow
EnumChildWindows
GetDesktopWindow
CreateWindowExA
GetWindowRect
IsWindowVisible
IsWindow
EnumDisplaySettingsExA
GetWindowThreadProcessId
EnumWindows
GetShellWindow
FindWindowExW
FindWindowW
GetWindowLongA
GetForegroundWindow
PostMessageA
SendMessageA
RedrawWindow
EnumDisplayDevicesA
EnumDisplaySettingsA
DestroyWindow

advapi32

RegCloseKey
ConvertStringSidToSidW
OpenSCManagerA
CloseServiceHandle
GetUserNameW
GetUserNameA
SetTokenInformation
GetLengthSid
DuplicateTokenEx
OpenProcessToken
RegDeleteKeyValueA
RegSetValueExA
RegQueryValueExW
RegDeleteKeyExA
RegDeleteKeyA
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityInfo
RegQueryValueExA
RegOpenKeyExA
AllocateAndInitializeSid
CopySid
FreeSid
GetSecurityDescriptorDacl
GetTokenInformation
SetEntriesInAclA

shell32

SHGetPropertyStoreFromParsingName
SHGetKnownFolderPath
SHGetFolderPathW
SHGetFolderPathA

ole32

PropVariantClear
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree

oleaut32

SetErrorInfo
VariantChangeType
GetErrorInfo
SysAllocStringLen
CreateErrorInfo
SysFreeString
VariantInit
VariantCopy
SysAllocString
VariantClear

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

shlwapi

PathFileExistsA

Exports

Exports

NvPluginGetInfo

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
executor x64-x23/executor/scriрts/applet/ShadowPlay/NvRemux.dll
.dll windows:6 windows x86 arch:x86

Password: 1313

32239a8689b43baf17eaf1d56db9bedf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:bf:a3:7a:20:3e:4f:0d:f8:e7:47:c1:bf:54:ae:e0:2a:80:8c:57:98:1d:e5:66:bb:e7:04:8a:53:3d:40:f5
Signer

Actual PE Digest

a9:bf:a3:7a:20:3e:4f:0d:f8:e7:47:c1:bf:54:ae:e0:2a:80:8c:57:98:1d:e5:66:bb:e7:04:8a:53:3d:40:f5

Digest Algorithm

sha256

PE Digest Matches

true

9a:ae:69:9d:72:4a:08:91:a2:6b:32:ce:33:19:5f:4d:21:f1:46:b2
Signer

Actual PE Digest

9a:ae:69:9d:72:4a:08:91:a2:6b:32:ce:33:19:5f:4d:21:f1:46:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\mux\remux\win7_x86_release\NvRemux.pdb

Imports

shell32

SHGetKnownFolderPath
SHGetPropertyStoreFromParsingName
SHGetFolderPathW

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
PropVariantClear

oleaut32

VariantClear
SysFreeString
SetErrorInfo
GetErrorInfo
SysAllocString
VariantInit
VariantChangeType
CreateErrorInfo

mfplat

MFStartup
MFShutdown

mfreadwrite

MFCreateSourceReaderFromURL

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityInfo

user32

PostThreadMessageW

kernel32

SetEndOfFile
HeapReAlloc
HeapSize
SetFilePointerEx
SetStdHandle
ReadFile
SetConsoleCtrlHandler
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
ReadConsoleW
WriteConsoleW
DecodePointer
GetStringTypeW
SetUnhandledExceptionFilter
LCMapStringW
CompareStringW
VerSetConditionMask
ExpandEnvironmentStringsW
CreateFileW
GetFileAttributesW
GetFullPathNameW
OutputDebugStringW
CloseHandle
GetLastError
SetLastError
GetCurrentProcess
CreateProcessA
CreateProcessW
GetSystemDirectoryW
FreeLibrary
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LocalAlloc
LocalFree
lstrcmpA
lstrcmpW
VerifyVersionInfoW
GetVolumeInformationW
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
CreateDirectoryW
InitializeCriticalSection
DeleteCriticalSection
Sleep
GetFileSizeEx
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
GetModuleFileNameW
MoveFileExW
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
CreateThread
GetThreadId
UnhandledExceptionFilter
OutputDebugStringA
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
GetCurrentThread
GetACP
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA

Exports

Exports

_CreateInstance@0

Sections

.text
Size: 444KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
executor x64-x23/executor/scriрts/applet/ShadowPlay/Plugins/LocalSystem/_nvspserviceplugin64.dll
.dll .ps1 windows:6 windows x64 arch:x64 polyglot

Password: 1313

be4f48d4b1a7e383cbeb76503e3754ad

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:75:97:62:96:e8:42:53:f9:0c:db:79:a8:db:c4:48:a8:9b:97:c0:a6:31:2b:a0:66:e0:09:0d:da:79:b3:3b
Signer

Actual PE Digest

41:75:97:62:96:e8:42:53:f9:0c:db:79:a8:db:c4:48:a8:9b:97:c0:a6:31:2b:a0:66:e0:09:0d:da:79:b3:3b

Digest Algorithm

sha256

PE Digest Matches

true

c0:7b:96:9d:57:72:79:8b:4a:37:66:32:d7:ca:86:09:08:cd:37:3d
Signer

Actual PE Digest

c0:7b:96:9d:57:72:79:8b:4a:37:66:32:d7:ca:86:09:08:cd:37:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\ServicePlugin\win7_amd64_release\_nvspserviceplugin64.pdb

Imports

shell32

SHGetFolderPathW
SHGetKnownFolderPath

ole32

CoTaskMemFree

advapi32

RegQueryValueExA
ConvertStringSidToSidW
SetTokenInformation
GetLengthSid
DuplicateTokenEx
RegCloseKey
RegOpenKeyExA
SetSecurityInfo
OpenProcessToken

user32

WaitForInputIdle
UnregisterClassW

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

ReadFile
ReadConsoleW
WriteConsoleW
InitializeCriticalSectionEx
SetEndOfFile
SetFilePointerEx
SetStdHandle
GetStringTypeW
SetConsoleCtrlHandler
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
VerSetConditionMask
CreateFileW
GetFileAttributesW
GetFullPathNameW
OutputDebugStringW
CloseHandle
GetLastError
SetLastError
CreateProcessA
CreateProcessW
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LocalAlloc
LocalFree
lstrcmpA
VerifyVersionInfoW
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateThread
WaitForMultipleObjects
CreateSemaphoreW
CreateDirectoryW
GetFileSizeEx
GetCurrentThreadId
GetLocalTime
GetModuleFileNameW
MoveFileExW
WideCharToMultiByte
SetCurrentDirectoryW
GetCurrentProcess
TerminateProcess
ProcessIdToSessionId
OpenProcess
GetSystemInfo
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
RemoveDirectoryW
DecodePointer
RaiseException
OutputDebugStringA
CreateSymbolicLinkW
GetLocaleInfoW
LCMapStringW
CompareStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
HeapFree
HeapAlloc
GetCurrentThread
GetACP
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW

shlwapi

PathFileExistsW

Exports

Exports

NvPluginGetInfo

Sections

.text
Size: 505KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
executor x64-x23/executor/scriрts/applet/ShadowPlay/cudart64_55.dll
.dll windows:5 windows x64 arch:x64

Password: 1313

843c192c7d7896462173279e0cd57f3b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b0:b0:e0:3e:5d:b1:77:b7:a5:6b:4c:43:ef:21:11:36:b5:fc:77:1a:e8:ba:19:98:3c:4f:c5:e9:6c:5d:cc:be
Signer

Actual PE Digest

b0:b0:e0:3e:5d:b1:77:b7:a5:6b:4c:43:ef:21:11:36:b5:fc:77:1a:e8:ba:19:98:3c:4f:c5:e9:6c:5d:cc:be

Digest Algorithm

sha256

PE Digest Matches

true

ea:1d:f0:ca:ec:41:65:f4:b1:7f:12:3b:2a:06:3c:f8:21:b7:c8:04
Signer

Actual PE Digest

ea:1d:f0:ca:ec:41:65:f4:b1:7f:12:3b:2a:06:3c:f8:21:b7:c8:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FlushFileBuffers
GetProcAddress
FreeLibrary
LoadLibraryA
QueryPerformanceCounter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
CloseHandle
SwitchToThread
GetLastError
GetModuleFileNameA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapCreate
GetModuleHandleW
ExitProcess
DecodePointer
EncodePointer
FlsSetValue
GetCommandLineA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryW
FlsGetValue
FlsFree
SetLastError
FlsAlloc
RtlUnwindEx
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSize
SetHandleCount
GetStartupInfoW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringW
MultiByteToWideChar
GetStringTypeW
WriteConsoleW
CreateFileW

Exports

Exports

NvOptimusEnablementCuda
__cudaRegisterDeviceFunction
__cudaRegisterFatBinary
__cudaRegisterFunction
__cudaRegisterPrelinkedFatBinary
__cudaRegisterShared
__cudaRegisterSharedVar
__cudaRegisterSurface
__cudaRegisterTexture
__cudaRegisterVar
__cudaUnregisterFatBinary
cudaArrayGetInfo
cudaBindSurfaceToArray
cudaBindTexture
cudaBindTexture2D
cudaBindTextureToArray
cudaBindTextureToMipmappedArray
cudaChooseDevice
cudaConfigureCall
cudaCreateChannelDesc
cudaCreateSurfaceObject
cudaCreateTextureObject
cudaD3D10GetDevice
cudaD3D10GetDevices
cudaD3D10GetDirect3DDevice
cudaD3D10MapResources
cudaD3D10RegisterResource
cudaD3D10ResourceGetMappedArray
cudaD3D10ResourceGetMappedPitch
cudaD3D10ResourceGetMappedPointer
cudaD3D10ResourceGetMappedSize
cudaD3D10ResourceGetSurfaceDimensions
cudaD3D10ResourceSetMapFlags
cudaD3D10SetDirect3DDevice
cudaD3D10UnmapResources
cudaD3D10UnregisterResource
cudaD3D11GetDevice
cudaD3D11GetDevices
cudaD3D11GetDirect3DDevice
cudaD3D11SetDirect3DDevice
cudaD3D9Begin
cudaD3D9End
cudaD3D9GetDevice
cudaD3D9GetDevices
cudaD3D9GetDirect3DDevice
cudaD3D9MapResources
cudaD3D9MapVertexBuffer
cudaD3D9RegisterResource
cudaD3D9RegisterVertexBuffer
cudaD3D9ResourceGetMappedArray
cudaD3D9ResourceGetMappedPitch
cudaD3D9ResourceGetMappedPointer
cudaD3D9ResourceGetMappedSize
cudaD3D9ResourceGetSurfaceDimensions
cudaD3D9ResourceSetMapFlags
cudaD3D9SetDirect3DDevice
cudaD3D9UnmapResources
cudaD3D9UnmapVertexBuffer
cudaD3D9UnregisterResource
cudaD3D9UnregisterVertexBuffer
cudaDestroySurfaceObject
cudaDestroyTextureObject
cudaDeviceCanAccessPeer
cudaDeviceDisablePeerAccess
cudaDeviceEnablePeerAccess
cudaDeviceGetAttribute
cudaDeviceGetByPCIBusId
cudaDeviceGetCacheConfig
cudaDeviceGetLimit
cudaDeviceGetPCIBusId
cudaDeviceGetSharedMemConfig
cudaDeviceGetStreamPriorityRange
cudaDeviceReset
cudaDeviceSetCacheConfig
cudaDeviceSetLimit
cudaDeviceSetSharedMemConfig
cudaDeviceSynchronize
cudaDriverGetVersion
cudaEventCreate
cudaEventCreateWithFlags
cudaEventDestroy
cudaEventElapsedTime
cudaEventQuery
cudaEventRecord
cudaEventSynchronize
cudaFree
cudaFreeArray
cudaFreeHost
cudaFreeMipmappedArray
cudaFuncGetAttributes
cudaFuncSetCacheConfig
cudaFuncSetSharedMemConfig
cudaGLGetDevices
cudaGLMapBufferObject
cudaGLMapBufferObjectAsync
cudaGLRegisterBufferObject
cudaGLSetBufferObjectMapFlags
cudaGLSetGLDevice
cudaGLUnmapBufferObject
cudaGLUnmapBufferObjectAsync
cudaGLUnregisterBufferObject
cudaGetChannelDesc
cudaGetDevice
cudaGetDeviceCount
cudaGetDeviceProperties
cudaGetErrorString
cudaGetExportTable
cudaGetLastError
cudaGetMipmappedArrayLevel
cudaGetSurfaceObjectResourceDesc
cudaGetSurfaceReference
cudaGetSymbolAddress
cudaGetSymbolSize
cudaGetTextureAlignmentOffset
cudaGetTextureObjectResourceDesc
cudaGetTextureObjectResourceViewDesc
cudaGetTextureObjectTextureDesc
cudaGetTextureReference
cudaGraphicsD3D10RegisterResource
cudaGraphicsD3D11RegisterResource
cudaGraphicsD3D9RegisterResource
cudaGraphicsGLRegisterBuffer
cudaGraphicsGLRegisterImage
cudaGraphicsMapResources
cudaGraphicsResourceGetMappedMipmappedArray
cudaGraphicsResourceGetMappedPointer
cudaGraphicsResourceSetMapFlags
cudaGraphicsSubResourceGetMappedArray
cudaGraphicsUnmapResources
cudaGraphicsUnregisterResource
cudaHostAlloc
cudaHostGetDevicePointer
cudaHostGetFlags
cudaHostRegister
cudaHostUnregister
cudaIpcCloseMemHandle
cudaIpcGetEventHandle
cudaIpcGetMemHandle
cudaIpcOpenEventHandle
cudaIpcOpenMemHandle
cudaLaunch
cudaMalloc
cudaMalloc3D
cudaMalloc3DArray
cudaMallocArray
cudaMallocHost
cudaMallocMipmappedArray
cudaMallocPitch
cudaMemGetInfo
cudaMemcpy
cudaMemcpy2D
cudaMemcpy2DArrayToArray
cudaMemcpy2DAsync
cudaMemcpy2DFromArray
cudaMemcpy2DFromArrayAsync
cudaMemcpy2DToArray
cudaMemcpy2DToArrayAsync
cudaMemcpy3D
cudaMemcpy3DAsync
cudaMemcpy3DPeer
cudaMemcpy3DPeerAsync
cudaMemcpyArrayToArray
cudaMemcpyAsync
cudaMemcpyFromArray
cudaMemcpyFromArrayAsync
cudaMemcpyFromSymbol
cudaMemcpyFromSymbolAsync
cudaMemcpyPeer
cudaMemcpyPeerAsync
cudaMemcpyToArray
cudaMemcpyToArrayAsync
cudaMemcpyToSymbol
cudaMemcpyToSymbolAsync
cudaMemset
cudaMemset2D
cudaMemset2DAsync
cudaMemset3D
cudaMemset3DAsync
cudaMemsetAsync
cudaPeekAtLastError
cudaPointerGetAttributes
cudaProfilerInitialize
cudaProfilerStart
cudaProfilerStop
cudaRuntimeGetVersion
cudaSetDevice
cudaSetDeviceFlags
cudaSetDoubleForDevice
cudaSetDoubleForHost
cudaSetValidDevices
cudaSetupArgument
cudaStreamAddCallback
cudaStreamCreate
cudaStreamCreateWithFlags
cudaStreamCreateWithPriority
cudaStreamDestroy
cudaStreamGetFlags
cudaStreamGetPriority
cudaStreamQuery
cudaStreamSynchronize
cudaStreamWaitEvent
cudaThreadExit
cudaThreadGetCacheConfig
cudaThreadGetLimit
cudaThreadSetCacheConfig
cudaThreadSetLimit
cudaThreadSynchronize
cudaUnbindTexture
cudaWGLGetDevice

Sections

.text
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
executor x64-x23/executor/scriрts/applet/ShadowPlay/ipccommon64.dll
.dll windows:6 windows x64 arch:x64

Password: 1313

a31bc150fd5eb667acc500380648124a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0c:89:df:7d:85:34:aa:5e:aa:9a:ee:57:e2:2a:47:d4:37:09:6b:cf:c4:12:e0:3e:a3:4b:a2:37:be:1f:c5:a7
Signer

Actual PE Digest

0c:89:df:7d:85:34:aa:5e:aa:9a:ee:57:e2:2a:47:d4:37:09:6b:cf:c4:12:e0:3e:a3:4b:a2:37:be:1f:c5:a7

Digest Algorithm

sha256

PE Digest Matches

true

45:3e:8e:09:45:58:76:b0:f8:e1:08:38:66:10:bf:f2:fc:20:bd:3e
Signer

Actual PE Digest

45:3e:8e:09:45:58:76:b0:f8:e1:08:38:66:10:bf:f2:fc:20:bd:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\common\ipcwrapper\win7_amd64_release\ipccommon64.pdb

Imports

shell32

SHGetFolderPathA

advapi32

SetSecurityInfo
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

messagebus

getMessageBusInterface
releaseMessageBusInterface

libprotobuf

?ListFields@GeneratedMessageReflection@internal@protobuf@google@@UEBAXAEBVMessage@34@PEAV?$vector@PEBVFieldDescriptor@protobuf@google@@V?$allocator@PEBVFieldDescriptor@protobuf@google@@@std@@@std@@@Z
?MutableMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVMessage@34@PEAV534@PEBVFieldDescriptor@34@PEAVMessageFactory@34@@Z
?MutableRawRepeatedField@GeneratedMessageReflection@internal@protobuf@google@@MEBAPEAXPEAVMessage@34@PEBVFieldDescriptor@34@W4CppType@634@HPEBVDescriptor@34@@Z
?MutableRepeatedMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVMessage@34@PEAV534@PEBVFieldDescriptor@34@H@Z
?MutableUnknownFields@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVUnknownFieldSet@34@PEAVMessage@34@@Z
?ReleaseLast@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVMessage@34@PEAV534@PEBVFieldDescriptor@34@@Z
?ReleaseMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVMessage@34@PEAV534@PEBVFieldDescriptor@34@PEAVMessageFactory@34@@Z
?RemoveLast@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@@Z
?SetAllocatedMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@0PEBVFieldDescriptor@34@@Z
?SetBool@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_N@Z
?SetDouble@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@N@Z
?SetEnum@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@PEBVEnumValueDescriptor@34@@Z
?InitializationErrorString@Message@protobuf@google@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?SetInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@H@Z
?SetInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_J@Z
?SetRepeatedBool@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@H_N@Z
?SetRepeatedDouble@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HN@Z
?SetRepeatedEnum@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HPEBVEnumValueDescriptor@34@@Z
?SetRepeatedFloat@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HM@Z
?SetRepeatedInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HH@Z
?SetRepeatedInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@H_J@Z
?SetRepeatedString@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetRepeatedUInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HI@Z
?SetRepeatedUInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@H_K@Z
?SetString@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@I@Z
?SetUInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_K@Z
?SpaceUsed@GeneratedMessageReflection@internal@protobuf@google@@UEBAHAEBVMessage@34@@Z
?SpaceUsed@Message@protobuf@google@@UEBAHXZ
?Swap@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@0@Z
?SwapElements@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HH@Z
?SwapFields@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@0AEBV?$vector@PEBVFieldDescriptor@protobuf@google@@V?$allocator@PEBVFieldDescriptor@protobuf@google@@@std@@@std@@@Z
??_7FunctionClosure0@internal@protobuf@google@@6B@
?HasOneof@GeneratedMessageReflection@internal@protobuf@google@@UEBA_NAEBVMessage@34@PEBVOneofDescriptor@34@@Z
?HasField@GeneratedMessageReflection@internal@protobuf@google@@UEBA_NAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetUnknownFields@GeneratedMessageReflection@internal@protobuf@google@@UEBAAEBVUnknownFieldSet@34@AEBVMessage@34@@Z
?GetUInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBA_KAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetUInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAIAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetTypeName@Message@protobuf@google@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetStringReference@GeneratedMessageReflection@internal@protobuf@google@@UEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVMessage@34@PEBVFieldDescriptor@34@PEAV56@@Z
?GetString@GeneratedMessageReflection@internal@protobuf@google@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetRepeatedUInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBA_KAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedUInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAIAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedStringReference@GeneratedMessageReflection@internal@protobuf@google@@UEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVMessage@34@PEBVFieldDescriptor@34@HPEAV56@@Z
?GetRepeatedString@GeneratedMessageReflection@internal@protobuf@google@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAAEBVMessage@34@AEBV534@PEBVFieldDescriptor@34@H@Z
?GetRepeatedInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBA_JAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAHAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedFloat@GeneratedMessageReflection@internal@protobuf@google@@UEBAMAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedEnum@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEBVEnumValueDescriptor@34@AEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedDouble@GeneratedMessageReflection@internal@protobuf@google@@UEBANAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedBool@GeneratedMessageReflection@internal@protobuf@google@@UEBA_NAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetReflection@Message@protobuf@google@@UEBAPEBVReflection@23@XZ
?GetOneofFieldDescriptor@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEBVFieldDescriptor@34@AEBVMessage@34@PEBVOneofDescriptor@34@@Z
?GetMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAAEBVMessage@34@AEBV534@PEBVFieldDescriptor@34@PEAVMessageFactory@34@@Z
?GetInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBA_JAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAHAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetFloat@GeneratedMessageReflection@internal@protobuf@google@@UEBAMAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetEnum@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEBVEnumValueDescriptor@34@AEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetDouble@GeneratedMessageReflection@internal@protobuf@google@@UEBANAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetBool@GeneratedMessageReflection@internal@protobuf@google@@UEBA_NAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?FindKnownExtensionByNumber@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEBVFieldDescriptor@34@H@Z
?FindKnownExtensionByName@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEBVFieldDescriptor@34@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FieldSize@GeneratedMessageReflection@internal@protobuf@google@@UEBAHAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?DiscardUnknownFields@Message@protobuf@google@@UEAAXXZ
?ClearOneof@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVOneofDescriptor@34@@Z
?ClearField@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@@Z
?CheckTypeAndMergeFrom@Message@protobuf@google@@UEAAXAEBVMessageLite@23@@Z
?AddUInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_K@Z
?AddUInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@I@Z
?AddString@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?AddMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVMessage@34@PEAV534@PEBVFieldDescriptor@34@PEAVMessageFactory@34@@Z
?AddInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_J@Z
?AddInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@H@Z
?AddFloat@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@M@Z
?AddEnum@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@PEBVEnumValueDescriptor@34@@Z
?AddDouble@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@N@Z
?AddBool@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_N@Z
?VerifyUTF8StringFallback@WireFormat@internal@protobuf@google@@CAXPEBDHW4Operation@1234@0@Z
?ComputeUnknownFieldsSize@WireFormat@internal@protobuf@google@@SAHAEBVUnknownFieldSet@34@@Z
?SerializeUnknownFieldsToArray@WireFormat@internal@protobuf@google@@SAPEAEAEBVUnknownFieldSet@34@PEAE@Z
?SerializeUnknownFields@WireFormat@internal@protobuf@google@@SAXAEBVUnknownFieldSet@34@PEAVCodedOutputStream@io@34@@Z
?SkipField@WireFormat@internal@protobuf@google@@SA_NPEAVCodedInputStream@io@34@IPEAVUnknownFieldSet@34@@Z
?Merge@ReflectionOps@internal@protobuf@google@@SAXAEBVMessage@34@PEAV534@@Z
??1GeneratedMessageReflection@internal@protobuf@google@@UEAA@XZ
??0GeneratedMessageReflection@internal@protobuf@google@@QEAA@PEBVDescriptor@23@PEBVMessage@23@QEBHHHHPEBVDescriptorPool@23@PEAVMessageFactory@23@H@Z
?BytesSize@WireFormatLite@internal@protobuf@google@@SAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?StringSize@WireFormatLite@internal@protobuf@google@@SAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?WriteEnumNoTagToArray@WireFormatLite@internal@protobuf@google@@SAPEAEHPEAE@Z
?WriteMessageMaybeToArray@WireFormatLite@internal@protobuf@google@@SAXHAEBVMessageLite@34@PEAVCodedOutputStream@io@34@@Z
?WriteBytesMaybeAliased@WireFormatLite@internal@protobuf@google@@SAXHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAVCodedOutputStream@io@34@@Z
?WriteStringMaybeAliased@WireFormatLite@internal@protobuf@google@@SAXHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAVCodedOutputStream@io@34@@Z
?WriteEnum@WireFormatLite@internal@protobuf@google@@SAXHHPEAVCodedOutputStream@io@34@@Z
?WriteBool@WireFormatLite@internal@protobuf@google@@SAXH_NPEAVCodedOutputStream@io@34@@Z
?WriteUInt32@WireFormatLite@internal@protobuf@google@@SAXHIPEAVCodedOutputStream@io@34@@Z
?ReadBytes@WireFormatLite@internal@protobuf@google@@SA_NPEAVCodedInputStream@io@34@PEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ReadString@WireFormatLite@internal@protobuf@google@@SA_NPEAVCodedInputStream@io@34@PEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?VarintSize32Fallback@CodedOutputStream@io@protobuf@google@@CAHI@Z
?WriteVarint32FallbackToArray@CodedOutputStream@io@protobuf@google@@CAPEAEIPEAE@Z
?WriteTagToArray@CodedOutputStream@io@protobuf@google@@SAPEAEIPEAE@Z
?WriteVarint32SignExtendedToArray@CodedOutputStream@io@protobuf@google@@SAPEAEHPEAE@Z
?WriteVarint32ToArray@CodedOutputStream@io@protobuf@google@@SAPEAEIPEAE@Z
?WriteStringWithSizeToArray@CodedOutputStream@io@protobuf@google@@SAPEAEAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAE@Z
?PopLimit@CodedInputStream@io@protobuf@google@@QEAAXH@Z
?PushLimit@CodedInputStream@io@protobuf@google@@QEAAHH@Z
?ExpectAtEnd@CodedInputStream@io@protobuf@google@@QEAA_NXZ
?ExpectTag@CodedInputStream@io@protobuf@google@@QEAA_NI@Z
?ReadTagWithCutoff@CodedInputStream@io@protobuf@google@@QEAA?AU?$pair@I_N@std@@I@Z
?ReadVarint64@CodedInputStream@io@protobuf@google@@QEAA_NPEA_K@Z
?ReadVarint32@CodedInputStream@io@protobuf@google@@QEAA_NPEAI@Z
?ClearFallback@UnknownFieldSet@protobuf@google@@AEAAXXZ
?AddVarint@UnknownFieldSet@protobuf@google@@QEAAXH_K@Z
?Swap@UnknownFieldSet@protobuf@google@@QEAAXPEAV123@@Z
?MergeFrom@UnknownFieldSet@protobuf@google@@QEAAXAEBV123@@Z
?empty@UnknownFieldSet@protobuf@google@@QEBA_NXZ
??1UnknownFieldSet@protobuf@google@@QEAA@XZ
??0UnknownFieldSet@protobuf@google@@QEAA@XZ
?Swap@RepeatedPtrFieldBase@internal@protobuf@google@@IEAAXPEAV1234@@Z
?Reserve@RepeatedPtrFieldBase@internal@protobuf@google@@IEAAXH@Z
?InternalRegisterGeneratedMessage@MessageFactory@protobuf@google@@SAXPEBVDescriptor@23@PEBVMessage@23@@Z
?InternalRegisterGeneratedFile@MessageFactory@protobuf@google@@SAXPEBDP6AXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@Z
?generated_factory@MessageFactory@protobuf@google@@SAPEAV123@XZ
??1Message@protobuf@google@@UEAA@XZ
?InternalAddGeneratedFile@DescriptorPool@protobuf@google@@SAXPEBXH@Z
?FindFileByName@DescriptorPool@protobuf@google@@QEBAPEBVFileDescriptor@23@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?generated_pool@DescriptorPool@protobuf@google@@SAPEBV123@XZ
?GetEmptyString@internal@protobuf@google@@YAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GoogleOnceInitImpl@protobuf@google@@YAXPEA_JPEAVClosure@12@@Z
?OnShutdown@internal@protobuf@google@@YAXP6AXXZ@Z
??1FunctionClosure0@internal@protobuf@google@@UEAA@XZ
??4LogFinisher@internal@protobuf@google@@QEAAXAEAVLogMessage@123@@Z
??6LogMessage@internal@protobuf@google@@QEAAAEAV0123@PEBD@Z
??1LogMessage@internal@protobuf@google@@QEAA@XZ
??0LogMessage@internal@protobuf@google@@QEAA@W4LogLevel@23@PEBDH@Z
?VerifyVersion@internal@protobuf@google@@YAXHHPEBD@Z
?SerializeToString@MessageLite@protobuf@google@@QEBA_NPEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ParseFromArray@MessageLite@protobuf@google@@QEAA_NPEBXH@Z
?GetEmptyStringAlreadyInited@internal@protobuf@google@@YAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?SetFloat@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@M@Z

kernel32

GetLastError
SetEvent
ResetEvent
CreateEventA
ReadConsoleW
ReadFile
SetEndOfFile
SetStdHandle
SetFilePointerEx
GetStringTypeW
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
CreateEventW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetModuleFileNameA
SetConsoleCtrlHandler
GetStartupInfoW
FatalAppExitA
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThread
IsDebuggerPresent
HeapSize
MultiByteToWideChar
AreFileApisANSI
ExitProcess
IsProcessorFeaturePresent
GetCommandLineA
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
DecodePointer
EncodePointer
VerifyVersionInfoW
lstrcmpA
LocalFree
LocalAlloc
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetSystemDirectoryW
CreateProcessW
CreateProcessA
SetLastError
OutputDebugStringW
GetFullPathNameW
GetFileAttributesW
CreateFileW
VerSetConditionMask
WideCharToMultiByte
MoveFileExA
GetModuleFileNameW
GetLocalTime
GetCurrentThreadId
OutputDebugStringA
GetFileSizeEx
CreateFileA
CreateDirectoryA
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
WaitForMultipleObjects
GetCurrentProcessId
CloseHandle

Exports

Exports

CreateIpcClient
CreateIpcProxyInterface

Sections

.text
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
executor x64-x23/executor/scriрts/applet/ShadowPlay/nvspscreenshot64.dll
.dll windows:6 windows x64 arch:x64

Password: 1313

08d773bb983bd578690d34f825b20422

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f5:c4:f7:fa:7a:65:6b:ff:eb:5b:68:da:a3:af:47:03:c3:12:6b:83:d5:83:f3:a9:91:5e:11:60:3a:cb:e2:96
Signer

Actual PE Digest

f5:c4:f7:fa:7a:65:6b:ff:eb:5b:68:da:a3:af:47:03:c3:12:6b:83:d5:83:f3:a9:91:5e:11:60:3a:cb:e2:96

Digest Algorithm

sha256

PE Digest Matches

true

4d:1b:3b:29:80:e2:4d:4f:1b:ff:50:96:c9:de:9b:2d:e6:26:26:c0
Signer

Actual PE Digest

4d:1b:3b:29:80:e2:4d:4f:1b:ff:50:96:c9:de:9b:2d:e6:26:26:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\screenshot\win7_amd64_release\nvspscreenshot64.pdb

Imports

shell32

SHGetFolderPathA

gdiplus

GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipSetPropertyItem
GdipGetImageEncoders
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipSaveImageToFile

advapi32

SetEntriesInAclA
InitializeSecurityDescriptor
GetTokenInformation
GetSecurityDescriptorDacl
GetLengthSid
FreeSid
CopySid
AllocateAndInitializeSid
OpenProcessToken
SetSecurityDescriptorDacl
SetSecurityInfo
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

kernel32

IsValidLocale
GetUserDefaultLCID
GetLocaleInfoW
LCMapStringW
CloseHandle
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcessId
OpenProcess
FreeLibrary
GetProcAddress
LoadLibraryA
CreateDirectoryA
CreateFileA
GetFileSizeEx
OutputDebugStringA
GetLastError
GetCurrentThreadId
GetLocalTime
EnumSystemLocalesW
MoveFileExA
WideCharToMultiByte
ReleaseMutex
UnmapViewOfFile
OpenFileMappingA
HeapAlloc
HeapFree
GetProcessHeap
CreateMutexA
OpenEventA
GetCurrentProcess
MapViewOfFile
LocalAlloc
LocalFree
OpenMutexA
CreateFileMappingA
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
FreeEnvironmentStringsW
GetStringTypeW
SetStdHandle
SetFilePointerEx
CreateFileW
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
GetModuleFileNameW
ReadConsoleW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
GetStdHandle
GetFileType
GetModuleFileNameA
GetModuleHandleExW
WriteConsoleW
ExitProcess
MultiByteToWideChar
WriteFile
OutputDebugStringW
SetConsoleCtrlHandler
GetCurrentThread
GetACP
FlushFileBuffers
GetConsoleCP
GetConsoleMode
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
SetEnvironmentVariableA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

NvCreateScreenshotInterface
NvReleaseScreenshotInterface

Sections

.text
Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
executor x64-x23/executor/scriрts/applet/fonts/LucidaBrightDemiBold.ttf
executor x64-x23/executor/scriрts/applet/fonts/LucidaBrightDemiItalic.ttf
executor x64-x23/executor/scriрts/applet/fonts/LucidaBrightItalic.ttf
executor x64-x23/executor/scriрts/applet/fonts/LucidaBrightRegular.ttf
executor x64-x23/executor/scriрts/applet/fonts/LucidaSansDemiBold.ttf
executor x64-x23/executor/scriрts/applet/fonts/LucidaSansRegular.ttf
executor x64-x23/executor/scriрts/applet/fonts/LucidaTypewriterBold.ttf
executor x64-x23/executor/scriрts/applet/fonts/LucidaTypewriterRegular.ttf
executor x64-x23/executor/scriрts/ext/access-bridge-64.jar
.jar
executor x64-x23/executor/scriрts/ext/cldrdata.jar
.jar
executor x64-x23/executor/scriрts/ext/deploy/ffjcext.zip
.zip .js polyglot

Password: 1313
{CAFEEFAC-0018-0000-0391-ABCDEFFEDCBA}/chrome.manifest
{CAFEEFAC-0018-0000-0391-ABCDEFFEDCBA}/chrome/content/ffjcext/ffjcext.js
.js
{CAFEEFAC-0018-0000-0391-ABCDEFFEDCBA}/chrome/content/ffjcext/ffjcext.xul
.xml
{CAFEEFAC-0018-0000-0391-ABCDEFFEDCBA}/chrome/locale/de-DE/ffjcext/ffjcext.dtd
{CAFEEFAC-0018-0000-0391-ABCDEFFEDCBA}/chrome/locale/en-US/ffjcext/ffjcext.dtd
{CAFEEFAC-0018-0000-0391-ABCDEFFEDCBA}/chrome/locale/es-ES/ffjcext/ffjcext.dtd
{CAFEEFAC-0018-0000-0391-ABCDEFFEDCBA}/chrome/locale/fr-FR/ffjcext/ffjcext.dtd
{CAFEEFAC-0018-0000-0391-ABCDEFFEDCBA}/chrome/locale/it-IT/ffjcext/ffjcext.dtd
{CAFEEFAC-0018-0000-0391-ABCDEFFEDCBA}/chrome/locale/ja-JP/ffjcext/ffjcext.dtd
{CAFEEFAC-0018-0000-0391-ABCDEFFEDCBA}/chrome/locale/ko-KR/ffjcext/ffjcext.dtd
{CAFEEFAC-0018-0000-0391-ABCDEFFEDCBA}/chrome/locale/sv-SE/ffjcext/ffjcext.dtd
{CAFEEFAC-0018-0000-0391-ABCDEFFEDCBA}/chrome/locale/zh-CN/ffjcext/ffjcext.dtd
{CAFEEFAC-0018-0000-0391-ABCDEFFEDCBA}/chrome/locale/zh-TW/ffjcext/ffjcext.dtd
{CAFEEFAC-0018-0000-0391-ABCDEFFEDCBA}/install.rdf
.xml
executor x64-x23/executor/scriрts/ext/deploy/fontconfig.bfc
executor x64-x23/executor/scriрts/ext/deploy/fontconfig.properties.src
executor x64-x23/executor/scriрts/ext/deploy/hijrah-config-umalqura.properties
executor x64-x23/executor/scriрts/ext/deploy/javafx.properties
executor x64-x23/executor/scriрts/ext/deploy/jce.jar
.jar
executor x64-x23/executor/scriрts/ext/deploy/jfr.jar
.jar
executor x64-x23/executor/scriрts/ext/deploy/jfxswt.jar
.jar
executor x64-x23/executor/scriрts/ext/deploy/jvm.hprof.txt
executor x64-x23/executor/scriрts/ext/deploy/logging.properties
executor x64-x23/executor/scriрts/ext/deploy/management-agent.jar
.jar
executor x64-x23/executor/scriрts/ext/deploy/messages.properties
.jnlp
executor x64-x23/executor/scriрts/ext/deploy/messages_de.properties
.jnlp
executor x64-x23/executor/scriрts/ext/deploy/messages_es.properties
executor x64-x23/executor/scriрts/ext/deploy/messages_fr.properties
.jnlp
executor x64-x23/executor/scriрts/ext/deploy/messages_it.properties
executor x64-x23/executor/scriрts/ext/deploy/messages_ja.properties
.jnlp
executor x64-x23/executor/scriрts/ext/deploy/messages_ko.properties
.jnlp
executor x64-x23/executor/scriрts/ext/deploy/messages_pt_BR.properties
.jnlp
executor x64-x23/executor/scriрts/ext/deploy/messages_sv.properties
.jnlp
executor x64-x23/executor/scriрts/ext/deploy/messages_zh_CN.properties
.jnlp
executor x64-x23/executor/scriрts/ext/deploy/messages_zh_HK.properties
.jnlp
executor x64-x23/executor/scriрts/ext/deploy/messages_zh_TW.properties
.jnlp
executor x64-x23/executor/scriрts/ext/deploy/meta-index
executor x64-x23/executor/scriрts/ext/deploy/net.properties
executor x64-x23/executor/scriрts/ext/deploy/psfont.properties.ja
executor x64-x23/executor/scriрts/ext/deploy/psfontj2d.properties
executor x64-x23/executor/scriрts/ext/deploy/splash.gif
.gif
executor x64-x23/executor/scriрts/ext/deploy/[email protected]
.gif
executor x64-x23/executor/scriрts/ext/deploy/splash_11-lic.gif
.gif
executor x64-x23/executor/scriрts/ext/deploy/[email protected]
.gif
executor x64-x23/executor/scriрts/ext/dnsns.jar
.jar
executor x64-x23/executor/scriрts/ext/images/cursors/cursors.properties
executor x64-x23/executor/scriрts/ext/images/cursors/invalid32x32.gif
.gif
executor x64-x23/executor/scriрts/ext/images/cursors/win32_CopyDrop32x32.gif
.gif
executor x64-x23/executor/scriрts/ext/images/cursors/win32_CopyNoDrop32x32.gif
.gif
executor x64-x23/executor/scriрts/ext/images/cursors/win32_LinkDrop32x32.gif
.gif
executor x64-x23/executor/scriрts/ext/images/cursors/win32_LinkNoDrop32x32.gif
.gif
executor x64-x23/executor/scriрts/ext/images/cursors/win32_MoveDrop32x32.gif
.gif
executor x64-x23/executor/scriрts/ext/images/cursors/win32_MoveNoDrop32x32.gif
.gif
executor x64-x23/executor/scriрts/ext/jaccess.jar
.jar
executor x64-x23/executor/scriрts/ext/jfr/default.jfc
.xml
executor x64-x23/executor/scriрts/ext/jfr/profile.jfc
.xml
executor x64-x23/executor/scriрts/ext/jfxrt.jar
.jar
executor x64-x23/executor/scriрts/ext/localedata.jar
.jar
executor x64-x23/executor/scriрts/ext/management/jmxremote.access
executor x64-x23/executor/scriрts/ext/management/jmxremote.password.template
executor x64-x23/executor/scriрts/ext/management/management.properties
executor x64-x23/executor/scriрts/ext/management/snmp.acl.template
executor x64-x23/executor/scriрts/ext/meta-index
executor x64-x23/executor/scriрts/ext/nashorn.jar
.jar
executor x64-x23/executor/scriрts/ext/security/blacklist
executor x64-x23/executor/scriрts/ext/security/blacklisted.certs
executor x64-x23/executor/scriрts/ext/security/cacerts
executor x64-x23/executor/scriрts/ext/security/java.policy
executor x64-x23/executor/scriрts/ext/security/java.security
executor x64-x23/executor/scriрts/ext/security/javaws.policy
executor x64-x23/executor/scriрts/ext/security/policy/limited/US_export_policy.jar
.jar
executor x64-x23/executor/scriрts/ext/security/policy/limited/local_policy.jar
.jar
executor x64-x23/executor/scriрts/ext/security/policy/unlimited/US_export_policy.jar
.jar
executor x64-x23/executor/scriрts/ext/security/policy/unlimited/local_policy.jar
.jar
executor x64-x23/executor/scriрts/ext/security/public_suffix_list.dat
.zip
executor x64-x23/executor/scriрts/ext/sunec.jar
.jar
executor x64-x23/executor/scriрts/ext/sunjce_provider.jar
.jar
executor x64-x23/executor/scriрts/ext/sunmscapi.jar
.jar
executor x64-x23/executor/scriрts/ext/sunpkcs11.jar
.jar
executor x64-x23/executor/scriрts/ext/zipfs.jar
.jar
executor x64-x23/executor/scriрts/nvspapi64.dll
.dll windows:6 windows x64 arch:x64

977f887ba1716db690f3f6cd927adbd9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5c:e6:b8:0f:b6:5e:84:3d:63:24:f8:08:f8:aa:96:62:96:8b:2a:37:3b:17:15:30:0f:58:da:b0:13:51:9b:57
Signer

Actual PE Digest

5c:e6:b8:0f:b6:5e:84:3d:63:24:f8:08:f8:aa:96:62:96:8b:2a:37:3b:17:15:30:0f:58:da:b0:13:51:9b:57

Digest Algorithm

sha256

PE Digest Matches

true

b0:12:be:31:da:b9:f9:e3:24:cd:c6:72:5c:a7:03:ce:e1:64:09:b6
Signer

Actual PE Digest

b0:12:be:31:da:b9:f9:e3:24:cd:c6:72:5c:a7:03:ce:e1:64:09:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\api\win7_amd64_release\nvspapi64.pdb

Imports

shell32

SHGetFolderPathA
SHGetKnownFolderPath

ole32

CoTaskMemFree

oleaut32

SetErrorInfo
CreateErrorInfo
GetErrorInfo
VariantCopy
SysAllocString
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType

advapi32

FreeSid
ConvertStringSidToSidW
OpenSCManagerA
CloseServiceHandle
GetUserNameW
GetUserNameA
SetTokenInformation
DuplicateTokenEx
RegDeleteKeyValueA
RegSetValueExA
RegQueryValueExW
RegDeleteKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
SetSecurityInfo
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
AllocateAndInitializeSid
CopySid
RegCreateKeyExA
GetLengthSid
GetSecurityDescriptorDacl
GetTokenInformation
SetEntriesInAclA
LookupAccountNameA
ConvertSidToStringSidA
RegDeleteKeyA

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

shlwapi

PathFindFileNameA
PathFileExistsA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
HeapSize
HeapReAlloc
SetStdHandle
SetFilePointerEx
ReadConsoleW
WriteConsoleW
CreateProcessW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
SetEvent
CreateEventA
WaitForMultipleObjects
GetLastError
ResetEvent
WaitForSingleObject
GetCurrentProcessId
CreateThread
GetCurrentThreadId
GetThreadId
FreeLibrary
GetProcAddress
WideCharToMultiByte
GetSystemDirectoryW
SetLastError
HeapFree
GetProcessHeap
OpenEventA
Sleep
SetDllDirectoryA
GetModuleHandleA
CreateDirectoryA
CreateFileA
GetFileSizeEx
OutputDebugStringA
GetLocalTime
GetModuleFileNameW
MoveFileExA
CreateFileW
ReadFile
WriteFile
WaitNamedPipeW
CreateEventW
QueryPerformanceCounter
QueryPerformanceFrequency
OpenProcess
LoadLibraryA
ReleaseMutex
UnmapViewOfFile
OpenFileMappingA
HeapAlloc
CreateMutexA
GetCurrentProcess
MapViewOfFile
LocalAlloc
LocalFree
OpenMutexA
CreateFileMappingA
GetModuleFileNameA
WTSGetActiveConsoleSessionId
VerSetConditionMask
GetFileAttributesW
GetFullPathNameW
OutputDebugStringW
CreateProcessA
SetEndOfFile
GetModuleHandleW
LoadLibraryExW
lstrcmpA
VerifyVersionInfoW
DecodePointer
RaiseException
InitializeCriticalSectionEx
SetCurrentDirectoryA
GetFileAttributesA
TerminateProcess
ProcessIdToSessionId
GetSystemDirectoryA
GetVersionExA
GetVolumeInformationA
MultiByteToWideChar
K32GetProcessMemoryInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeleteFileA
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
GetFileType
GetStdHandle
GetACP
GetCurrentThread
GetModuleHandleExW
ExitProcess
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
RtlUnwindEx

user32

EnumDisplaySettingsA
wsprintfW
ChangeWindowMessageFilterEx
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
SendMessageA
GetForegroundWindow
TranslateMessage
GetMessageA
PostThreadMessageA
RedrawWindow
PostMessageA
EnumDisplaySettingsExA
DispatchMessageA
GetWindowThreadProcessId
EnumDisplayDevicesA
DefWindowProcA
WaitForInputIdle
EnumWindows
GetShellWindow
FindWindowExW
FindWindowA
FindWindowW

Exports

Exports

CreateOverlayApiInterface
CreateShadowPlayApiInterface
ShadowPlayOnSystemStart

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
executor x64-x23/executor/weapon.lua

Sharing

Errors

General

Malware Config

Signatures

Files

Password: 1313

Password: 1313

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:01:94:cd:1e:31:42:20:51:35:d1:c6:36:e4:e9:baCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09Certificate

Extended Key Usages

61:0b:aa:c1:00:00:00:00:00:09Certificate

Key Usages

c6:8b:3c:e5:1a:65:cc:1a:2c:22:60:48:49:78:68:4f:1a:56:34:55:e0:a3:a2:5a:ea:b1:61:cd:39:34:a3:d8Signer

c6:8b:3c:e5:1a:65:cc:1a:2c:22:60:48:49:78:68:4f:1a:56:34:55:e0:a3:a2:5a:ea:b1:61:cd:39:34:a3:d8Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 674KB - Virtual size: 673KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

Password: 1313

c27cb76bf211b8bcd4628bb3c785f146

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:deCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

32:58:e8:ee:54:af:5c:27Certificate

Extended Key Usages

Key Usages

4b:7d:5d:f4:ad:da:af:83:e0:e5:42:60:86:e7:68:43:ca:5e:b6:75:6c:6b:ae:6f:3a:18:3b:cc:27:93:13:a2Signer

2b:90:4c:82:c6:09:f4:e9:03:a9:fc:30:1b:26:cf:4c:74:db:c1:59Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:01:94:cd:1e:31:42:20:51:35:d1:c6:36:e4:e9:ba
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

33:00:00:01:09:5e:de:a2:12:7e:92:81:cc:00:00:00:00:01:09
Certificate

61:0b:aa:c1:00:00:00:00:00:09
Certificate

c6:8b:3c:e5:1a:65:cc:1a:2c:22:60:48:49:78:68:4f:1a:56:34:55:e0:a3:a2:5a:ea:b1:61:cd:39:34:a3:d8
Signer

c6:8b:3c:e5:1a:65:cc:1a:2c:22:60:48:49:78:68:4f:1a:56:34:55:e0:a3:a2:5a:ea:b1:61:cd:39:34:a3:d8
Signer

.text
Size: 674KB - Virtual size: 673KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

32:58:e8:ee:54:af:5c:27
Certificate

4b:7d:5d:f4:ad:da:af:83:e0:e5:42:60:86:e7:68:43:ca:5e:b6:75:6c:6b:ae:6f:3a:18:3b:cc:27:93:13:a2
Signer

2b:90:4c:82:c6:09:f4:e9:03:a9:fc:30:1b:26:cf:4c:74:db:c1:59
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 455KB - Virtual size: 455KB

.data
Size: 78KB - Virtual size: 120KB

.pdata
Size: 87KB - Virtual size: 87KB

.idata
Size: 12KB - Virtual size: 11KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 319B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

32:58:e8:ee:54:af:5c:27
Certificate

a9:bf:a3:7a:20:3e:4f:0d:f8:e7:47:c1:bf:54:ae:e0:2a:80:8c:57:98:1d:e5:66:bb:e7:04:8a:53:3d:40:f5
Signer

9a:ae:69:9d:72:4a:08:91:a2:6b:32:ce:33:19:5f:4d:21:f1:46:b2
Signer

.text
Size: 444KB - Virtual size: 444KB

.rdata
Size: 174KB - Virtual size: 173KB

.data
Size: 6KB - Virtual size: 23KB

.idata
Size: 5KB - Virtual size: 5KB

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 16KB