Acx01000.pdb
Windows 7 deprecation
Windows 7 will be removed from tria.ge on 2025-03-31
Overview
overview
10Static
static
3Acx01000.sys
windows10-2004-x64
1AudioCapture.dll
windows7-x64
1AudioCapture.dll
windows10-2004-x64
1HTCTL32.dll
windows7-x64
3HTCTL32.dll
windows10-2004-x64
3PCICHEK.dll
windows7-x64
1PCICHEK.dll
windows10-2004-x64
1PCICL32.dll
windows7-x64
1PCICL32.dll
windows10-2004-x64
1TCCTL32.dll
windows7-x64
1TCCTL32.dll
windows10-2004-x64
1client32.exe
windows7-x64
10client32.exe
windows10-2004-x64
10msvcr100.dll
windows7-x64
3msvcr100.dll
windows10-2004-x64
3pcicapi.dll
windows7-x64
1pcicapi.dll
windows10-2004-x64
1remcmdstub.exe
windows7-x64
1remcmdstub.exe
windows10-2004-x64
1Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
Acx01000.sys
Resource
win10v2004-20231215-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral2
Sample
AudioCapture.dll
Resource
win7-20240215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral3
Sample
AudioCapture.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral4
Sample
HTCTL32.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
HTCTL32.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral6
Sample
PCICHEK.dll
Resource
win7-20240215-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral7
Sample
PCICHEK.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral8
Sample
PCICL32.dll
Resource
win7-20231129-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral9
Sample
PCICL32.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral10
Sample
TCCTL32.dll
Resource
win7-20240221-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral11
Sample
TCCTL32.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral12
Sample
client32.exe
Resource
win7-20240221-en
windows7-x64
3 signatures
150 seconds
Behavioral task
behavioral13
Sample
client32.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
3 signatures
150 seconds
Behavioral task
behavioral14
Sample
msvcr100.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral15
Sample
msvcr100.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral16
Sample
pcicapi.dll
Resource
win7-20240319-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral17
Sample
pcicapi.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral18
Sample
remcmdstub.exe
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral19
Sample
remcmdstub.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
0 signatures
150 seconds
General
-
Target
94499196a62341b4f1cd10f3e1ba6003d0c4db66c1eb0d1b7e66b7eb4f2b67b6.zip
-
Size
2.4MB
-
MD5
66a628a3e78042498fe224f763cc076a
-
SHA1
e50e22bb510917f5925860cbff3ea65369166a3a
-
SHA256
dc4be6108556c83d14c4502cba0da6a1a42a01dbf2e0edc8bfd3bd922b86d734
-
SHA512
6ddf53c9a1f2b97a0c0773b928adde9f88e36b29f27c6a96e4bf0c0ff9df3da00e1c272f05bff6df3ab4e8750d07caf914d4eb50e3e154a13a124cda41709d5e
-
SSDEEP
49152:ik8nwLiE9ewMp13YXXEs661PmkvGfrO43P30fmoNE4j7/KEfZcuTUElrPAFG:iNnOjet1IXUs66h8F3P3yE4/jfN
Score
3/10
Malware Config
Signatures
-
Unsigned PE 1 IoCs
Checks for missing Authenticode signature.
resource unpack002/Acx01000.sys
Files
-
94499196a62341b4f1cd10f3e1ba6003d0c4db66c1eb0d1b7e66b7eb4f2b67b6.zip.zip
Password: infected
-
94499196a62341b4f1cd10f3e1ba6003d0c4db66c1eb0d1b7e66b7eb4f2b67b6.zip
-
Acx01000.sys.sys windows:10 windows x64 arch:x64
6f60147e801f66fb8a369c2e7761dc84
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
Imports
ntoskrnl.exe
_vsnwprintf
DbgPrintEx
RtlCopyUnicodeString
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe
ExReleaseFastMutexUnsafe
KeLeaveCriticalRegion
KeInitializeEvent
ExAllocatePool2
ExAllocatePoolWithTag
IoRegisterPlugPlayNotification
IoUnregisterPlugPlayNotificationEx
wcsncmp
RtlEqualUnicodeString
EtwWriteTransfer
_purecall
IoGetDeviceInterfacePropertyData
IoSetDeviceInterfacePropertyData
KeWaitForSingleObject
EtwUnregister
KeInitializeMutex
ObfReferenceObject
KeInitializeSpinLock
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
_vsnprintf
RtlAssert
PoUnregisterPowerSettingCallback
PoRegisterPowerSettingCallback
IofCompleteRequest
_wcsnicmp
IoInvalidateDeviceRelations
ObfDereferenceObject
IoSetCompletionRoutineEx
KeSetEvent
RtlStringFromGUID
RtlFreeUnicodeString
ZwEnumerateKey
ZwQueryKey
RtlGUIDFromString
ExUuidCreate
KeDelayExecutionThread
RtlCompareMemory
__C_specific_handler
ProbeForRead
ProbeForWrite
ObReferenceObjectByHandle
ExEventObjectType
KeFlushQueuedDpcs
KeClearEvent
KeExpandKernelStackAndCallout
ObfReferenceObjectWithTag
IoReportTargetDeviceChangeAsynchronous
wcsstr
EtwRegister
EtwSetInformation
IoWMIRegistrationControl
MmGetSystemRoutineAddress
RtlInitUnicodeString
KeReleaseMutex
ZwCreateFile
IoFileObjectType
IoGetRelatedDeviceObject
ZwClose
IoGetCurrentProcess
KeStackAttachProcess
MmUnmapLockedPages
IoFreeMdl
KeUnstackDetachProcess
ObfDereferenceObjectWithTag
IoGetRequestorProcess
IoAllocateMdl
MmBuildMdlForNonPagedPool
MmMapLockedPagesSpecifyCache
IoBuildPartialMdl
ExFreePoolWithTag
wdfldr.sys
WdfRegisterClassLibrary
WdfVersionBindClass
WdfVersionUnbindClass
WdfVersionBind
WdfVersionUnbind
wpprecorder.sys
imp_WppRecorderLogCreate
imp_WppRecorderLogDelete
WppAutoLogStop
imp_WppRecorderConfigure
WppAutoLogTrace
imp_WppRecorderReplay
WppAutoLogStart
drmk.sys
DrmCreateContentMixed
DrmGetContentRights
DrmDestroyContent
DrmAddContentHandlers
DrmForwardContentToDeviceObject
hal
KeQueryPerformanceCounter
Sections
.text Size: 116KB - Virtual size: 115KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 28KB - Virtual size: 28KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.idata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
PAGE Size: 490KB - Virtual size: 489KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 750B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
GFIDS Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
AudioCapture.dll.dll windows:5 windows x86 arch:x86
ba7e9a7cd5ee54c14d0881068fc905c5
Code Sign
16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before12/01/2016, 00:00Not After21/09/2017, 23:59SubjectCN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before10/12/2013, 00:00Not After09/12/2023, 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before12/01/2016, 00:00Not After21/09/2017, 23:59SubjectCN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before10/12/2013, 00:00Not After09/12/2023, 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
d1:2d:41:17:6e:d5:b4:71:21:d4:06:ff:29:9c:d4:70:d0:30:40:5b:4b:5d:0a:87:88:dc:ae:2c:e2:43:bc:84Signer
Actual PE Digestd1:2d:41:17:6e:d5:b4:71:21:d4:06:ff:29:9c:d4:70:d0:30:40:5b:4b:5d:0a:87:88:dc:ae:2c:e2:43:bc:84Digest Algorithmsha256PE Digest Matchestrue1f:0d:05:c0:04:4b:27:1a:77:4b:30:77:a7:db:c5:9d:0b:77:8b:4aSigner
Actual PE Digest1f:0d:05:c0:04:4b:27:1a:77:4b:30:77:a7:db:c5:9d:0b:77:8b:4aDigest Algorithmsha1PE Digest MatchestrueHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
E:\nsmsrc\nsm\1210\1210\AudioCapture\Release\AudioCapture.pdb
Imports
kernel32
WaitForSingleObject
GetCurrentThread
TerminateThread
Sleep
SetThreadPriority
CloseHandle
LocalFree
CreateThread
GetTickCount
GetLastError
LCMapStringW
LCMapStringA
GetStringTypeW
MultiByteToWideChar
GetStringTypeA
GetLocaleInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapFree
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
WriteFile
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LoadLibraryA
InitializeCriticalSectionAndSpinCount
user32
DefWindowProcW
UnregisterDeviceNotification
CreateWindowExW
RegisterDeviceNotificationW
DestroyWindow
PostMessageW
RegisterClassExW
ole32
CoTaskMemFree
CoInitializeEx
CoCreateInstance
CoUninitialize
Exports
Exports
AddAudioCaptureEventListener
DeviceChange
Initialise
IsCapturing
RegisterWindow
RemoveAudioCaptureEventListener
StartCapturing
StopCapturing
UnInitialise
Sections
.text Size: 53KB - Virtual size: 53KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 6KB - Virtual size: 5KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
HTCTL32.DLL.dll windows:5 windows x86 arch:x86
6ba08298dd09ea8e41ab7285d3183bba
Code Sign
16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before12/01/2016, 00:00Not After21/09/2017, 23:59SubjectCN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before10/12/2013, 00:00Not After09/12/2023, 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before12/01/2016, 00:00Not After21/09/2017, 23:59SubjectCN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before10/12/2013, 00:00Not After09/12/2023, 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
49:9a:ad:c7:dc:6b:64:28:d9:9b:28:3b:14:85:83:63:08:60:5c:14:e0:60:b3:f1:ce:19:61:68:8b:29:63:f5Signer
Actual PE Digest49:9a:ad:c7:dc:6b:64:28:d9:9b:28:3b:14:85:83:63:08:60:5c:14:e0:60:b3:f1:ce:19:61:68:8b:29:63:f5Digest Algorithmsha256PE Digest Matchestrue55:a2:2c:85:ec:8b:5f:16:52:a8:7d:e3:fd:3a:49:f5:1f:08:59:26Signer
Actual PE Digest55:a2:2c:85:ec:8b:5f:16:52:a8:7d:e3:fd:3a:49:f5:1f:08:59:26Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
E:\nsmsrc\nsm\1210\1210f\ctl32\release\htctl32.pdb
Imports
wsock32
getpeername
ntohs
socket
setsockopt
bind
htons
WSASetBlockingHook
WSAUnhookBlockingHook
send
gethostname
getsockname
connect
__WSAFDIsSet
WSASetLastError
ioctlsocket
gethostbyname
shutdown
recv
closesocket
WSACancelBlockingCall
inet_ntoa
select
WSAGetLastError
WSAStartup
WSACleanup
inet_addr
winmm
timeBeginPeriod
timeEndPeriod
timeGetTime
kernel32
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetStringTypeW
GetLocaleInfoW
LoadLibraryW
SetConsoleCtrlHandler
FatalAppExitA
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
ReadFile
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDBCSLeadByte
CompareStringA
GetModuleFileNameA
GetProcAddress
GetModuleHandleA
OutputDebugStringA
LoadLibraryA
FreeLibrary
InitializeCriticalSection
DeleteCriticalSection
Sleep
LeaveCriticalSection
EnterCriticalSection
SetLastError
WritePrivateProfileStringA
CloseHandle
FlushFileBuffers
SetFilePointer
GetFileSize
GetPrivateProfileIntA
CreateFileA
SetStdHandle
WriteFile
GetLocalTime
GetDateFormatA
CopyFileA
InterlockedExchange
SetEvent
GetVersionExA
InterlockedDecrement
GetTickCount
SystemTimeToFileTime
GetSystemTime
OpenProcess
GetCurrentProcessId
GetCurrentThreadId
InterlockedIncrement
GetTempPathA
ReleaseMutex
WaitForSingleObject
TerminateThread
lstrlenA
CreateMutexA
SetThreadPriority
CreateThread
CreateEventA
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
CreateFileW
GetVersion
GlobalFree
LCMapStringW
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsProcessorFeaturePresent
HeapDestroy
HeapCreate
GetModuleFileNameW
GetConsoleCP
GetConsoleMode
WriteConsoleW
SetEndOfFile
GetProcessHeap
GetLastError
PulseEvent
HeapAlloc
HeapFree
RtlUnwind
RaiseException
HeapReAlloc
EncodePointer
DecodePointer
GetCommandLineA
GetModuleHandleW
GetStdHandle
user32
PostThreadMessageA
PostMessageA
GetMessageA
TranslateMessage
DispatchMessageA
SetTimer
KillTimer
PeekMessageA
PostQuitMessage
GetDesktopWindow
MessageBoxA
wvsprintfA
wsprintfA
advapi32
GetTokenInformation
LogonUserA
ImpersonateLoggedOnUser
RevertToSelf
GetUserNameA
OpenProcessToken
Exports
Exports
ctl_adddomain
ctl_addoperator
ctl_bridgename
ctl_broadcast
ctl_broadcastdata
ctl_call
ctl_callremote
ctl_clearpin
ctl_clientpinrequest
ctl_clientstatus
ctl_close
ctl_closeremote
ctl_connected
ctl_controlpinrequest
ctl_controlsendpin
ctl_escape
ctl_findslaves
ctl_findslaves2
ctl_findslavesex
ctl_getconnectivityinfo
ctl_getfailedreason
ctl_getfileinfo
ctl_getlocalipaddressinuse
ctl_getsession
ctl_hangup
ctl_helpreq
ctl_installed
ctl_licenseinfo
ctl_maxpacket
ctl_messageacknowledged
ctl_messagereceived
ctl_myaddr
ctl_netname
ctl_networks
ctl_nsessions
ctl_open
ctl_openremote
ctl_pause
ctl_pingnet
ctl_pittmanfunc
ctl_publishservice
ctl_publishserviceex
ctl_putfile
ctl_putfilelink
ctl_remotename
ctl_removedomain
ctl_removeoperator
ctl_send
ctl_sendif
ctl_sendto
ctl_subset
ctl_userstatus
ctl_version
Sections
.text Size: 249KB - Virtual size: 249KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 35KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 10KB - Virtual size: 25KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
NSM.LIC
-
PCICHEK.DLL.dll windows:5 windows x86 arch:x86
56e17186efeb24a70224bc24dced0a14
Code Sign
16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before12/01/2016, 00:00Not After21/09/2017, 23:59SubjectCN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before10/12/2013, 00:00Not After09/12/2023, 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before12/01/2016, 00:00Not After21/09/2017, 23:59SubjectCN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before10/12/2013, 00:00Not After09/12/2023, 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
1c:85:f0:b4:e9:5d:96:97:1a:93:1d:23:61:fb:ff:03:12:06:47:1d:f0:67:be:ea:70:1e:7b:4b:bd:e4:42:feSigner
Actual PE Digest1c:85:f0:b4:e9:5d:96:97:1a:93:1d:23:61:fb:ff:03:12:06:47:1d:f0:67:be:ea:70:1e:7b:4b:bd:e4:42:feDigest Algorithmsha256PE Digest Matchestrue73:b0:90:d4:ff:6d:5b:3c:de:16:aa:12:28:10:8e:c4:ba:c6:96:afSigner
Actual PE Digest73:b0:90:d4:ff:6d:5b:3c:de:16:aa:12:28:10:8e:c4:ba:c6:96:afDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
E:\nsmsrc\nsm\1210\1210\ctl32\Full\pcichek.pdb
Imports
kernel32
ExitProcess
GetVersionExA
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
user32
LoadStringA
wsprintfA
MessageBoxA
msvcr100
memset
_crt_debugger_hook
Exports
Exports
CheckLicenseString
IsILS
Sections
.text Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 795B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 268B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
PCICL32.DLL.dll windows:5 windows x86 arch:x86
285f1795dfcbaca038bd1222a3a96f0b
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
29:47:c5:9f:3a:9d:70:5c:58:91:06:b8:79:3f:deCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before23/06/2014, 00:00Not After21/09/2017, 23:59SubjectCN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
E:\nsmsrc\nsm\1201\1201F2\client32\Release\PCICL32.pdb
Imports
shfolder
SHGetFolderPathA
pcichek
IsILS
CheckLicenseString
pcicapi
CapiListen
CapiOpen
CapiClose
CapiHangup
mpr
WNetCancelConnection2A
WNetGetConnectionA
WNetAddConnection2A
comctl32
ImageList_Draw
ImageList_LoadImageA
ImageList_Destroy
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_GetImageCount
ord17
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetIcon
ImageList_Create
version
VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA
winmm
waveOutClose
waveOutReset
waveInClose
waveInUnprepareHeader
waveInReset
waveInStop
waveOutUnprepareHeader
waveInPrepareHeader
waveOutSetVolume
waveOutOpen
waveInStart
waveInOpen
waveOutWrite
waveOutPrepareHeader
timeGetTime
timeEndPeriod
timeBeginPeriod
PlaySoundA
waveInAddBuffer
wsock32
send
bind
listen
accept
htons
socket
connect
getpeername
gethostbyname
recv
shutdown
closesocket
WSACleanup
WSAStartup
WSAGetLastError
gethostname
htonl
ioctlsocket
inet_addr
setsockopt
kernel32
SizeofResource
CreateDirectoryA
RemoveDirectoryA
MoveFileA
MulDiv
GetDiskFreeSpaceA
GetCurrentDirectoryA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetVolumeInformationA
FileTimeToDosDateTime
FileTimeToLocalFileTime
OpenEventA
MultiByteToWideChar
OutputDebugStringA
SetCurrentDirectoryA
IsBadReadPtr
GetTimeFormatW
GetDateFormatW
RaiseException
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
lstrlenW
lstrlenA
lstrcmpiA
FlushInstructionCache
lstrcmpA
FindResourceExA
TerminateThread
ReleaseMutex
WaitForSingleObjectEx
GlobalReAlloc
CreateNamedPipeA
ConnectNamedPipe
SetProcessShutdownParameters
SetConsoleCtrlHandler
IsDBCSLeadByteEx
DisconnectNamedPipe
WriteProfileStringA
DefineDosDeviceA
QueryDosDeviceA
ResumeThread
VirtualQueryEx
GetThreadContext
ReadProcessMemory
PulseEvent
CreateRemoteThread
SetThreadContext
PostQueuedCompletionStatus
CreateIoCompletionPort
GetQueuedCompletionStatus
Beep
GetSystemDefaultLangID
GetSystemInfo
SuspendThread
OpenThread
GetProcessVersion
GlobalGetAtomNameA
VirtualQuery
GetModuleHandleW
VirtualAlloc
VirtualProtect
GetSystemTimeAsFileTime
HeapReAlloc
RtlUnwind
DecodePointer
EncodePointer
InterlockedCompareExchange
GetProcessHeap
HeapAlloc
HeapFree
FindResourceA
LoadResource
LockResource
VirtualProtectEx
WriteProcessMemory
GetExitCodeThread
CompareStringA
SetFilePointer
GetProfileStringA
GetOEMCP
GetShortPathNameA
TerminateProcess
SystemTimeToFileTime
CreateFileMappingA
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
CreatePipe
DuplicateHandle
SetHandleInformation
FormatMessageA
LocalFree
SetNamedPipeHandleState
GetPriorityClass
WinExec
ExpandEnvironmentStringsA
SearchPathA
IsValidCodePage
SetSystemTime
_lopen
_lclose
DeleteFileA
SetFileAttributesA
GetSystemDirectoryA
GetDateFormatA
GetTimeFormatA
GlobalSize
SetUnhandledExceptionFilter
OpenMutexA
CreateMutexA
SetErrorMode
GetACP
SetPriorityClass
GetFileAttributesA
GetTempFileNameA
CopyFileA
FileTimeToSystemTime
GetComputerNameA
ExitProcess
GetExitCodeProcess
GetCurrentProcess
LoadLibraryExA
ExitThread
GetDriveTypeA
GetWindowsDirectoryA
IsDBCSLeadByte
GetLocalTime
GetFileSize
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
GlobalFree
GetSystemPowerStatus
FindFirstFileA
FindNextFileA
FindClose
GetUserDefaultUILanguage
GetUserDefaultLangID
GetModuleHandleA
GetModuleFileNameA
GetCurrentProcessId
CreateProcessA
DeleteCriticalSection
InitializeCriticalSection
GetVersion
CreateThread
SetThreadPriority
InterlockedIncrement
WaitForMultipleObjects
GetOverlappedResult
ResetEvent
InterlockedDecrement
LeaveCriticalSection
EnterCriticalSection
GetLastError
DeviceIoControl
InterlockedExchange
SetLastError
GetProcAddress
FreeLibrary
LoadLibraryA
CreateFileA
GetTempPathA
WriteFile
GetCurrentThreadId
CreateEventA
WaitForSingleObject
SetEvent
GlobalDeleteAtom
Sleep
GlobalAddAtomA
OpenProcess
GetVersionExA
GetTickCount
CloseHandle
GetConsoleMode
GetCommandLineA
LCMapStringW
GetCPInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameW
HeapSize
GetLocaleInfoW
SetHandleCount
GetFileType
GetStartupInfoW
GetConsoleCP
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
GetTimeZoneInformation
CreateFileW
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
FlushFileBuffers
LoadLibraryW
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetEndOfFile
InterlockedPushEntrySList
VirtualFree
InterlockedPopEntrySList
LocalAlloc
user32
SetActiveWindow
AdjustWindowRectEx
GetCursorInfo
TrackPopupMenuEx
SetMenuDefaultItem
InsertMenuItemA
SetClassLongA
EndMenu
GetScrollInfo
SetScrollInfo
TileWindows
RemoveMenu
DrawIconEx
ClipCursor
SetScrollRange
SetScrollPos
ScrollWindow
OemToCharBuffA
HideCaret
CreateCursor
GetScrollRange
GetWindowRgn
GetAsyncKeyState
EnumThreadWindows
EnumDisplaySettingsA
CreateDesktopA
PostMessageW
OpenInputDesktop
GetMenuItemRect
mouse_event
MapVirtualKeyA
CharLowerBuffA
ShowCursor
SwitchDesktop
GetIconInfo
AttachThreadInput
GetCursor
CreateDialogIndirectParamA
DialogBoxIndirectParamA
DialogBoxParamA
CreateAcceleratorTableA
DestroyAcceleratorTable
RedrawWindow
InvalidateRgn
CharNextA
LoadAcceleratorsA
ScreenToClient
ModifyMenuA
CreateMenu
MoveWindow
SetCursorPos
DrawTextW
IsDialogMessageA
UnionRect
DrawFocusRect
wsprintfW
EndDialog
OpenWindowStationA
GetProcessWindowStation
SetProcessWindowStation
CloseWindowStation
MsgWaitForMultipleObjects
GetUserObjectSecurity
SetUserObjectSecurity
MessageBoxIndirectA
WinHelpA
UnhookWindowsHookEx
SetWindowsHookExA
CreateDialogParamA
GetLastActivePopup
CallNextHookEx
GetUpdateRect
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyCursor
SystemParametersInfoA
GetActiveWindow
IsZoomed
CreatePopupMenu
AppendMenuA
WindowFromPoint
EqualRect
LoadStringA
ClientToScreen
DeferWindowPos
IsChild
GetWindowPlacement
TranslateAcceleratorA
SetRectEmpty
SetMenu
SetWindowPlacement
GetForegroundWindow
CharUpperBuffA
WaitForInputIdle
OpenDesktopA
EnumDesktopWindows
GetUserObjectInformationA
GetCursorPos
IntersectRect
CheckDlgButton
SetForegroundWindow
EnumChildWindows
RegisterClipboardFormatA
CountClipboardFormats
EnumClipboardFormats
GetClipboardData
IsClipboardFormatAvailable
GetClipboardFormatNameA
UnregisterClassA
SetTimer
KillTimer
SetDlgItemTextA
SendMessageA
SendDlgItemMessageA
PostMessageA
ShowWindow
DefWindowProcA
CallWindowProcA
PostThreadMessageA
GetQueueStatus
GetDlgItem
GetDlgCtrlID
GetDC
ReleaseDC
InvalidateRect
RegisterWindowMessageA
DestroyIcon
CharUpperA
ExitWindowsEx
GetDesktopWindow
MessageBoxA
keybd_event
GetThreadDesktop
SetThreadDesktop
CloseDesktop
wvsprintfA
CreateCaret
ShowCaret
DestroyCaret
GetKeyState
PeekMessageA
SetCaretPos
DrawMenuBar
GetSystemMenu
OpenClipboard
EmptyClipboard
SetClipboardData
MessageBeep
CloseClipboard
FindWindowExA
DeleteMenu
GetWindowTextLengthA
GetFocus
GetClassInfoExA
DestroyWindow
DefDlgProcA
RegisterClassExA
IsDlgButtonChecked
GetDlgItemTextA
IsIconic
GetMenu
EnumWindows
IsWindowVisible
GetWindow
GetClassNameA
SendMessageTimeoutA
GetClassLongA
CopyIcon
CopyImage
LoadImageA
GetClassInfoA
LoadIconA
RegisterClassA
BringWindowToTop
GetMessageA
TranslateMessage
DispatchMessageA
SetPropA
GetPropA
RemovePropA
GetCapture
SetCapture
ReleaseCapture
CreateWindowExA
BeginPaint
EndPaint
wsprintfA
PostQuitMessage
GetMenuItemID
CheckMenuItem
EnableMenuItem
GetMenuItemInfoA
SetMenuItemInfoA
PtInRect
GetWindowDC
LoadMenuA
GetSubMenu
GetMenuItemCount
DestroyMenu
InflateRect
GetSystemMetrics
FindWindowA
GetWindowThreadProcessId
IsWindow
SetFocus
MapWindowPoints
GetClientRect
DrawTextA
OffsetRect
IsWindowEnabled
SetRect
GetWindowRect
FillRect
LoadBitmapA
GetSysColor
SetCursor
LoadCursorA
UpdateWindow
EnableWindow
SetWindowLongA
GetWindowLongA
SetWindowTextA
GetWindowTextA
GetParent
SetWindowPos
CopyRect
gdi32
RemoveFontResourceA
AddFontResourceA
SetTextCharacterExtra
EndPage
CombineRgn
StartPage
ExtEscape
GetBitmapBits
CreateDIBitmap
GetSystemPaletteEntries
SelectPalette
RealizePalette
CreateBrushIndirect
EqualRgn
GetDCOrgEx
SetBrushOrgEx
PatBlt
CreatePatternBrush
GetTextMetricsA
StretchBlt
GetDIBits
CreateDIBSection
GetNearestPaletteIndex
GetBkMode
CreateFontIndirectW
GetTextColor
GetBkColor
SetBitmapBits
UnrealizeObject
SetTextJustification
SetWindowOrgEx
SetRectRgn
CreatePenIndirect
GetClipRgn
GetWindowOrgEx
IntersectClipRect
Arc
Chord
Pie
Polyline
RoundRect
ExtTextOutA
SetPolyFillMode
GetStockObject
CreatePen
CreateSolidBrush
GetTextExtentPointA
SetBkMode
SetTextColor
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
GetObjectA
GdiFlush
BitBlt
DeleteDC
RectVisible
SetDIBits
DeleteObject
CreateRectRgn
CreateRectRgnIndirect
PtInRegion
RectInRegion
CreatePalette
GetPaletteEntries
GetTextExtentPoint32A
GetMapMode
SetMapMode
GetStretchBltMode
SetStretchBltMode
BeginPath
TextOutA
EndPath
PathToRegion
GetRgnBox
OffsetRgn
FillRgn
FrameRgn
CreateBitmap
CreateDCA
SelectClipRgn
LineDDA
Polygon
CreateFontIndirectA
CreateHatchBrush
GetDeviceCaps
SetBkColor
ExtFloodFill
GetPixel
SetPixel
SetPixelV
Ellipse
Rectangle
SetROP2
MoveToEx
LineTo
GetRegionData
winspool.drv
DeletePrinter
AddPrinterA
EnumPrintersA
ord201
EnumPrinterDriversA
ClosePrinter
EnumJobsA
SetJobA
AbortPrinter
StartPagePrinter
WritePrinter
StartDocPrinterA
EndPagePrinter
EndDocPrinter
OpenPrinterA
GetPrinterA
ord202
comdlg32
ChooseFontA
PageSetupDlgA
GetOpenFileNameA
GetSaveFileNameA
advapi32
EnumServicesStatusA
RegisterServiceCtrlHandlerA
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegCreateKeyA
SetTokenInformation
SetServiceStatus
StartServiceCtrlDispatcherA
LogonUserA
ControlService
StartServiceA
RegQueryInfoKeyW
CryptGetProvParam
CryptReleaseContext
AllocateLocallyUniqueId
FreeSid
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
LookupPrivilegeValueA
AdjustTokenPrivileges
QueryServiceConfigA
RegQueryValueExA
LookupAccountSidA
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
AllocateAndInitializeSid
CreateProcessAsUserA
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetAclInformation
InitializeAcl
GetAce
EqualSid
AddAce
AddAccessAllowedAce
IsValidSid
GetLengthSid
CopySid
RegQueryInfoKeyA
RegDeleteKeyA
RegEnumKeyExA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegEnumKeyA
RegFlushKey
RegOpenKeyExA
RegCloseKey
OpenSCManagerA
OpenServiceA
QueryServiceStatus
CloseServiceHandle
GetUserNameA
GetTokenInformation
LookupPrivilegeNameA
RevertToSelf
OpenProcessToken
ImpersonateLoggedOnUser
GetUserNameW
shell32
SHGetPathFromIDListA
SHGetDesktopFolder
ExtractIconA
SHGetMalloc
SHGetFileInfoA
SHGetSpecialFolderPathA
ExtractIconExA
FindExecutableA
Shell_NotifyIconA
ShellExecuteA
ole32
CreateStreamOnHGlobal
StringFromGUID2
CoUninitialize
CoCreateInstance
CoInitialize
ReleaseStgMedium
OleDuplicateData
CreateDataAdviseHolder
CoTaskMemFree
CLSIDFromProgID
OleInitialize
OleUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
OleLockRunning
CoGetClassObject
CLSIDFromString
OleSetContainedObject
CoInitializeSecurity
OleCreateStaticFromData
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
oleaut32
SafeArrayUnaccessData
VariantCopy
OleLoadPicture
SysFreeString
SysAllocString
VariantClear
VariantInit
VariantChangeType
SysStringLen
SysAllocStringLen
VarUI4FromStr
OleCreateFontIndirect
LoadRegTypeLi
LoadTypeLi
OleCreatePictureIndirect
SysStringByteLen
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetDim
SafeArrayCreate
netapi32
NetApiBufferFree
NetUserEnum
wininet
InternetCrackUrlA
Exports
Exports
_GetWMIStringW@16
_IsAcerA@8
_NSMClient32@8
_NSMFindClass@12
br_close
br_open
br_poll
br_status
Sections
.text Size: 1.5MB - Virtual size: 1.5MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 307KB - Virtual size: 306KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 46KB - Virtual size: 72KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.tls Size: 512B - Virtual size: 21B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.hhshare Size: 512B - Virtual size: 28B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1.3MB - Virtual size: 1.3MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 137KB - Virtual size: 136KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
TCCTL32.DLL.dll windows:5 windows x86 arch:x86
badb6226fa7082d0185337e46a735c2e
Code Sign
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25/05/2021, 00:00Not After31/12/2028, 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22/03/2021, 00:00Not After21/03/2036, 23:59SubjectCN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
2e:d9:8a:cb:d5:87:ca:8b:87:d8:3e:d0:b4:68:46:afCertificate
IssuerCN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GBNot Before09/09/2021, 00:00Not After08/09/2024, 23:59SubjectCN=NetSupport Ltd,O=NetSupport Ltd,ST=Cambridgeshire,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before23/10/2020, 00:00Not After22/01/2032, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate
IssuerCN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GBNot Before25/05/2021, 00:00Not After31/12/2028, 23:59SubjectCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate
IssuerCN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GBNot Before22/03/2021, 00:00Not After21/03/2036, 23:59SubjectCN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
2e:d9:8a:cb:d5:87:ca:8b:87:d8:3e:d0:b4:68:46:afCertificate
IssuerCN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GBNot Before09/09/2021, 00:00Not After08/09/2024, 23:59SubjectCN=NetSupport Ltd,O=NetSupport Ltd,ST=Cambridgeshire,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate
IssuerCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBNot Before23/10/2020, 00:00Not After22/01/2032, 23:59SubjectCN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate
IssuerCN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=USNot Before02/05/2019, 00:00Not After18/01/2038, 23:59SubjectCN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
24:79:f5:0b:d2:0f:c2:9c:20:e4:44:b1:90:20:6a:30:2b:e8:a9:60:92:ff:e6:cc:f3:5e:ec:33:6e:e0:2c:67Signer
Actual PE Digest24:79:f5:0b:d2:0f:c2:9c:20:e4:44:b1:90:20:6a:30:2b:e8:a9:60:92:ff:e6:cc:f3:5e:ec:33:6e:e0:2c:67Digest Algorithmsha256PE Digest Matchestrue00:aa:f7:9c:10:98:c5:30:f8:55:6d:d7:a4:d5:4d:41:de:44:3e:bcSigner
Actual PE Digest00:aa:f7:9c:10:98:c5:30:f8:55:6d:d7:a4:d5:4d:41:de:44:3e:bcDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
E:\nsmsrc\nsm\1280\1280f\ctl32\release_unicode\tcctl32.pdb
Imports
ws2_32
inet_ntoa
WSARecv
WSARecvDisconnect
winmm
timeBeginPeriod
timeEndPeriod
timeGetTime
kernel32
lstrlenA
GetProcessHeap
WaitForSingleObject
GetOverlappedResult
GetLastError
WriteFile
ReadFile
Sleep
ClearCommError
InterlockedIncrement
EnterCriticalSection
LeaveCriticalSection
InterlockedDecrement
GetModuleFileNameW
DeleteCriticalSection
CloseHandle
TerminateThread
SetEvent
CreateEventW
GetTickCount
SetThreadPriority
CreateThread
SetCommTimeouts
InitializeCriticalSection
GetCommState
WideCharToMultiByte
MultiByteToWideChar
CompareStringW
GetProcAddress
LoadLibraryW
FreeLibrary
GetModuleHandleW
OutputDebugStringW
OpenProcess
GetCurrentProcessId
GetVersionExW
GetLocalTime
lstrlenW
GetSystemTimeAsFileTime
GetProcessTimes
GetCurrentProcess
GetCurrentThreadId
ExitProcess
GetVersion
LocalAlloc
LocalFree
PulseEvent
InterlockedExchange
GetExitCodeThread
SetLastError
CreateIoCompletionPort
ResetEvent
GetQueuedCompletionStatus
PostQueuedCompletionStatus
EscapeCommFunction
GetCommModemStatus
CreateDirectoryW
GetDateFormatW
GetTimeFormatW
WriteConsoleW
CreateFileA
CreateFileW
FlushFileBuffers
SetStdHandle
SetConsoleCtrlHandler
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetFilePointer
FatalAppExitA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetLocaleInfoW
GetConsoleCP
GetConsoleMode
GetTempPathW
SetEndOfFile
GetStartupInfoW
GetFileType
SetHandleCount
GetStringTypeW
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapCreate
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
RaiseException
EncodePointer
DecodePointer
GetCommandLineA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetCurrentThread
LCMapStringW
GetModuleFileNameA
user32
CharLowerW
PostThreadMessageW
PostMessageW
TranslateMessage
DispatchMessageW
GetGuiResources
SetTimer
MessageBoxW
KillTimer
PeekMessageW
PostQuitMessage
wsprintfW
wvsprintfW
GetMessageW
advapi32
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
GetUserNameW
oleaut32
SysAllocStringLen
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
VariantChangeType
VariantClear
SysStringByteLen
VariantInit
CreateErrorInfo
GetErrorInfo
SysAllocString
SetErrorInfo
SysFreeString
Exports
Exports
RemoteNotify
ctl_bridgename
ctl_broadcastdata
ctl_call
ctl_callremote
ctl_close
ctl_closeremote
ctl_connected
ctl_escape
ctl_findslaves
ctl_findslavesex
ctl_getcodepage
ctl_getconnectivityinfo
ctl_getlocalipaddressinuse
ctl_getsession
ctl_hangup
ctl_helpreq
ctl_installed
ctl_maxpacket
ctl_myaddr
ctl_netname
ctl_networks
ctl_nsessions
ctl_open
ctl_openremote
ctl_pause
ctl_pingnet
ctl_remotename
ctl_send
ctl_sendex
ctl_sendif
ctl_sendname
ctl_sendto
ctl_subset
ctl_version
Sections
.text Size: 335KB - Virtual size: 335KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 65KB - Virtual size: 65KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 6KB - Virtual size: 34KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 18KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
client32.exe.exe windows:5 windows x86 arch:x86
a9d50692e95b79723f3e76fcf70d023e
Code Sign
78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before28/07/2020, 00:00Not After18/03/2029, 00:00SubjectCN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate
IssuerCN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BENot Before28/07/2020, 00:00Not After28/07/2030, 00:00SubjectCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:adCertificate
IssuerCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BENot Before17/06/2022, 13:01Not After17/06/2025, 13:01SubjectSERIALNUMBER=02386638,CN=NETSUPPORT LTD.,O=NETSUPPORT LTD.,STREET=Netsupport House Towngate East\, Market Deeping,L=Peterborough,ST=Cambridgeshire,C=GB,1.2.840.113549.1.9.1=#0c196973406e6574737570706f7274736f6674776172652e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate
IssuerCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BENot Before06/04/2022, 07:45Not After08/05/2033, 07:45SubjectCN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignNot Before20/06/2018, 00:00Not After10/12/2034, 00:00SubjectCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignNot Before10/12/2014, 00:00Not After10/12/2034, 00:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSignNot Before28/07/2020, 00:00Not After18/03/2029, 00:00SubjectCN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate
IssuerCN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BENot Before28/07/2020, 00:00Not After28/07/2030, 00:00SubjectCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
1f:6c:98:ca:ad:2a:e7:c1:8a:bb:ca:adCertificate
IssuerCN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BENot Before17/06/2022, 13:01Not After17/06/2025, 13:01SubjectSERIALNUMBER=02386638,CN=NETSUPPORT LTD.,O=NETSUPPORT LTD.,STREET=Netsupport House Towngate East\, Market Deeping,L=Peterborough,ST=Cambridgeshire,C=GB,1.2.840.113549.1.9.1=#0c196973406e6574737570706f7274736f6674776172652e636f6d,1.3.6.1.4.1.311.60.2.1.3=#13024742,2.5.4.15=#131450726976617465204f7267616e697a6174696f6eExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6aCertificate
IssuerCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BENot Before06/04/2022, 07:45Not After08/05/2033, 07:45SubjectCN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BEExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignNot Before20/06/2018, 00:00Not After10/12/2034, 00:00SubjectCN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BEKey Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51Certificate
IssuerCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignNot Before10/12/2014, 00:00Not After10/12/2034, 00:00SubjectCN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSignKey Usages
KeyUsageCertSign
KeyUsageCRLSign
68:5f:a6:4c:ba:c7:9f:92:79:c4:cd:f1:ca:be:38:c8:fe:c3:b3:a6:61:78:bc:6d:92:0c:cf:c3:a7:94:0c:62Signer
Actual PE Digest68:5f:a6:4c:ba:c7:9f:92:79:c4:cd:f1:ca:be:38:c8:fe:c3:b3:a6:61:78:bc:6d:92:0c:cf:c3:a7:94:0c:62Digest Algorithmsha256PE Digest Matchestrue37:ca:32:9e:95:72:2a:b1:e5:89:44:38:18:ce:47:79:e7:19:c2:a7Signer
Actual PE Digest37:ca:32:9e:95:72:2a:b1:e5:89:44:38:18:ce:47:79:e7:19:c2:a7Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
E:\nsmsrc\nsm\1270\1270_DNA_475\client32\release_unicode_2015\dnarc.pdb
Imports
pcicl32
_NSMClient32@8
kernel32
GetCommandLineW
ExitProcess
GetModuleHandleW
GetStartupInfoW
Sections
.text Size: 512B - Virtual size: 196B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 638B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 91KB - Virtual size: 91KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 20B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
client32.ini
-
msvcr100.dll.dll windows:5 windows x86 arch:x86
5271d5ce8b44dd47bc92563e27585466
Code Sign
2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before22/08/2007, 22:31Not After25/08/2012, 07:00SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:01:b2:9b:00:00:00:00:00:15Certificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before21/02/2011, 20:53Not After21/05/2012, 20:53SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before16/09/2006, 01:04Not After15/09/2019, 07:00SubjectCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:06:94:2d:00:00:00:00:00:09Certificate
IssuerCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before25/07/2008, 19:02Not After25/07/2013, 19:12SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
8d:91:f0:a3:ff:41:70:8c:67:d0:ba:79:6d:52:da:88:0c:59:23:ccSigner
Actual PE Digest8d:91:f0:a3:ff:41:70:8c:67:d0:ba:79:6d:52:da:88:0c:59:23:ccDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
msvcr100.i386.pdb
Imports
kernel32
EncodePointer
DecodePointer
RaiseException
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetCurrentThreadId
TlsGetValue
GetCommandLineW
GetCommandLineA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileExA
FindClose
FindNextFileW
FindFirstFileExW
GetLogicalDrives
GetDiskFreeSpaceA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
Sleep
Beep
GetFileAttributesA
SetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameA
GetDriveTypeW
GetCurrentProcessId
CreateDirectoryA
MoveFileA
RemoveDirectoryA
GetDriveTypeA
DeleteFileA
GetFileAttributesW
SetEnvironmentVariableW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryA
FreeLibrary
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
InterlockedPopEntrySList
InterlockedFlushSList
QueryDepthSList
InterlockedPushEntrySList
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
SetEvent
CreateEventW
SwitchToThread
SignalObjectAndWait
TryEnterCriticalSection
GetTickCount
VirtualFree
GetVersionExW
SetThreadPriority
VirtualAlloc
GetSystemInfo
GetProcessAffinityMask
VirtualProtect
SetThreadAffinityMask
InitializeSListHead
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
GetThreadPriority
LoadLibraryW
SleepEx
OutputDebugStringW
FreeLibraryAndExitThread
GetModuleHandleA
GetThreadTimes
DebugBreak
MultiByteToWideChar
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetTimeFormatW
GetDateFormatW
RtlUnwind
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
HeapQueryInformation
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
HeapWalk
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoW
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
CreateFileW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreatePipe
SetStdHandle
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleW
ReadConsoleW
SetEndOfFile
GetProcessHeap
InterlockedExchange
LockFile
UnlockFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetConsoleCtrlHandler
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringW
CompareStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsProcessorFeaturePresent
Exports
Exports
$I10_OUTPUT
??0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QAA@IZZ
??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z
??0SchedulerPolicy@Concurrency@@QAE@XZ
??0_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_ReaderWriterLock@details@Concurrency@@QAE@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_ReentrantLock@details@Concurrency@@QAE@XZ
??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_SpinLock@details@Concurrency@@QAE@ACJ@Z
??0_TaskCollection@details@Concurrency@@QAE@XZ
??0_Timer@details@Concurrency@@IAE@I_N@Z
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0__non_rtti_object@std@@QAE@PBD@Z
??0bad_cast@std@@AAE@PBQBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@XZ
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@XZ
??0context_unblock_unbalanced@Concurrency@@QAE@PBD@Z
??0context_unblock_unbalanced@Concurrency@@QAE@XZ
??0critical_section@Concurrency@@QAE@XZ
??0default_scheduler_exists@Concurrency@@QAE@PBD@Z
??0default_scheduler_exists@Concurrency@@QAE@XZ
??0event@Concurrency@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??0improper_lock@Concurrency@@QAE@PBD@Z
??0improper_lock@Concurrency@@QAE@XZ
??0improper_scheduler_attach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_attach@Concurrency@@QAE@XZ
??0improper_scheduler_detach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_detach@Concurrency@@QAE@XZ
??0improper_scheduler_reference@Concurrency@@QAE@PBD@Z
??0improper_scheduler_reference@Concurrency@@QAE@XZ
??0invalid_link_target@Concurrency@@QAE@PBD@Z
??0invalid_link_target@Concurrency@@QAE@XZ
??0invalid_multiple_scheduling@Concurrency@@QAE@PBD@Z
??0invalid_multiple_scheduling@Concurrency@@QAE@XZ
??0invalid_operation@Concurrency@@QAE@PBD@Z
??0invalid_operation@Concurrency@@QAE@XZ
??0invalid_oversubscribe_operation@Concurrency@@QAE@PBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_key@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_value@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QAE@XZ
??0message_not_found@Concurrency@@QAE@PBD@Z
??0message_not_found@Concurrency@@QAE@XZ
??0missing_wait@Concurrency@@QAE@PBD@Z
??0missing_wait@Concurrency@@QAE@XZ
??0nested_scheduler_missing_detach@Concurrency@@QAE@PBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QAE@XZ
??0operation_timed_out@Concurrency@@QAE@PBD@Z
??0operation_timed_out@Concurrency@@QAE@XZ
??0reader_writer_lock@Concurrency@@QAE@XZ
??0scheduler_not_attached@Concurrency@@QAE@PBD@Z
??0scheduler_not_attached@Concurrency@@QAE@XZ
??0scheduler_resource_allocation_error@Concurrency@@QAE@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QAE@PBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0task_canceled@details@Concurrency@@QAE@PBD@Z
??0task_canceled@details@Concurrency@@QAE@XZ
??0unsupported_os@Concurrency@@QAE@PBD@Z
??0unsupported_os@Concurrency@@QAE@XZ
??1SchedulerPolicy@Concurrency@@QAE@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_SpinLock@details@Concurrency@@QAE@XZ
??1_TaskCollection@details@Concurrency@@QAE@XZ
??1_Timer@details@Concurrency@@IAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1critical_section@Concurrency@@QAE@XZ
??1event@Concurrency@@QAE@XZ
??1exception@std@@UAE@XZ
??1reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock@critical_section@Concurrency@@QAE@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4?$_SpinWait@$00@details@Concurrency@@QAEAAV012@ABV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QAEAAV012@ABV012@@Z
??4SchedulerPolicy@Concurrency@@QAEAAV01@ABV01@@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_F?$_SpinWait@$00@details@Concurrency@@QAEXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QAEXXZ
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?Alloc@Concurrency@@YAPAXI@Z
?Block@Context@Concurrency@@SAXXZ
?Create@CurrentScheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPAV12@ABVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPAX@Z
?Get@CurrentScheduler@Concurrency@@SAPAVScheduler@2@XZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?Log2@details@Concurrency@@YAKI@Z
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QAEXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QAEIW4PolicyElementKey@2@I@Z
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QAEXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?_ConcRT_Assert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_CoreAssert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_DumpMessage@details@Concurrency@@YAXPB_WZZ
?_ConcRT_Trace@details@Concurrency@@YAXHPB_WZZ
?_Copy_str@exception@std@@AAEXPBD@Z
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QAE_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QAE_NXZ
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IAEKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IAEKXZ
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QAEXXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QAEXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QAEXI@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IAE_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IAE_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IAEXXZ
?_Stop@_Timer@details@Concurrency@@IAEXXZ
?_Tidy@exception@std@@AAEXXZ
?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QAE_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCompare@@YA_NPBX0@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QBEJXZ
?lock@critical_section@Concurrency@@QAEXXZ
?lock@reader_writer_lock@Concurrency@@QAEXXZ
?lock_read@reader_writer_lock@Concurrency@@QAEXXZ
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?native_handle@critical_section@Concurrency@@QAEAAV12@XZ
?raw_name@type_info@@QBEPBDXZ
?reset@event@Concurrency@@QAEXXZ
?set@event@Concurrency@@QAEXXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?try_lock@critical_section@Concurrency@@QAE_NXZ
?try_lock@reader_writer_lock@Concurrency@@QAE_NXZ
?try_lock_read@reader_writer_lock@Concurrency@@QAE_NXZ
?unexpected@@YAXXZ
?unlock@critical_section@Concurrency@@QAEXXZ
?unlock@reader_writer_lock@Concurrency@@QAEXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?wait@Concurrency@@YAXI@Z
?wait@event@Concurrency@@QAEII@Z
?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z
?what@exception@std@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p
Sections
.text Size: 709KB - Virtual size: 708KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 19KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1016B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
nskbfltr.inf
-
nsm_vpro.ini
-
pcicapi.dll.dll windows:5 windows x86 arch:x86
d78463f91aa83e9c39d2e594035ae4bb
Code Sign
16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0bCertificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before12/01/2016, 00:00Not After21/09/2017, 23:59SubjectCN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before10/12/2013, 00:00Not After09/12/2023, 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
2a:7c:96:b4:a7:61:a9:74:76:06:bd:10:56:00:3d:49Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before12/01/2016, 00:00Not After21/09/2017, 23:59SubjectCN=NetSupport Ltd,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before10/12/2013, 00:00Not After09/12/2023, 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate
IssuerCN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=USNot Before31/12/2015, 00:00Not After09/07/2019, 18:40SubjectCN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GBExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
3d:b6:09:02:28:e8:91:ba:e3:c0:b6:7b:de:e7:37:ed:39:79:47:84:74:cf:7c:5d:2d:36:3d:d8:2c:05:0b:fbSigner
Actual PE Digest3d:b6:09:02:28:e8:91:ba:e3:c0:b6:7b:de:e7:37:ed:39:79:47:84:74:cf:7c:5d:2d:36:3d:d8:2c:05:0b:fbDigest Algorithmsha256PE Digest Matchestrue9c:33:79:f7:f1:bd:90:f4:a1:94:37:e4:f2:5a:58:25:b4:bb:94:ccSigner
Actual PE Digest9c:33:79:f7:f1:bd:90:f4:a1:94:37:e4:f2:5a:58:25:b4:bb:94:ccDigest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
E:\nsmsrc\nsm\1210\1210\ctl32\Release\pcicapi.pdb
Imports
kernel32
GetProcAddress
GetModuleHandleA
OutputDebugStringA
LoadLibraryA
FreeLibrary
CloseHandle
OpenProcess
GetCurrentProcessId
CreateEventA
InterlockedIncrement
GetVersionExA
GetLocalTime
GetTempPathA
GetCurrentThreadId
GetTickCount
GetLastError
ExitProcess
SetLastError
DisableThreadLibraryCalls
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
SetEvent
InterlockedDecrement
WaitForSingleObject
DeleteCriticalSection
CreateThread
InitializeCriticalSection
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
Sleep
IsDBCSLeadByte
user32
GetMessageA
TranslateMessage
DispatchMessageA
SetTimer
MessageBoxA
KillTimer
PeekMessageA
PostQuitMessage
wvsprintfA
wsprintfA
advapi32
GetTokenInformation
OpenProcessToken
msvcr100
strncpy
_except_handler4_common
strrchr
isdigit
fclose
fopen
strncat
fputs
memset
memcpy
_malloc_crt
free
_encoded_null
_initterm
_initterm_e
_amsg_exit
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
Exports
Exports
CapiClose
CapiConnected
CapiDial
CapiHangup
CapiListen
CapiNotify
CapiOpen
CapiOpen2
CapiRead
CapiSend
Sections
.text Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 52KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
remcmdstub.exe.exe windows:5 windows x86 arch:x86
99c0cd957fc7334714fefa3daa61a6ea
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
7d:2d:0c:a0:6f:4d:88:04:2d:cb:64:48:2b:c9:c0:64Certificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before22/07/2011, 00:00Not After20/08/2014, 23:59SubjectCN=NetSupport Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=NetSupport,O=NetSupport Ltd,L=Peterborough,ST=Cambridgeshire,C=GBExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
LoadLibraryA
FreeLibrary
GetProcAddress
SetLastError
GetVersionExA
GetLastError
GetModuleFileNameA
WaitForSingleObject
Sleep
WriteFile
GetExitCodeProcess
GenerateConsoleCtrlEvent
WaitForMultipleObjects
CloseHandle
CreateProcessA
SetConsoleCtrlHandler
SetConsoleMode
GetConsoleMode
GetStdHandle
ExpandEnvironmentStringsA
SetStdHandle
WriteConsoleW
HeapSize
SetFilePointer
FlushFileBuffers
GetCommandLineA
HeapSetInformation
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
DecodePointer
TlsFree
GetModuleHandleW
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
WideCharToMultiByte
LCMapStringW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
IsProcessorFeaturePresent
ExitProcess
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
HeapFree
HeapAlloc
RtlUnwind
LoadLibraryW
HeapReAlloc
GetConsoleCP
CreateFileW
user32
EnumWindows
GetClassNameA
SendMessageA
EnumThreadWindows
Sections
.text Size: 32KB - Virtual size: 32KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 11KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
synthesis-core.xsd.xml