ddee814ade9f4c11311a40e3d59bfc35

Sharing

Copy URL Twitter E-mail

General

Target

ddee814ade9f4c11311a40e3d59bfc35
Size

1.9MB
MD5

ddee814ade9f4c11311a40e3d59bfc35
SHA1

02cf8844d0be278528b977fd323bab9e62cfa76e
SHA256

fba2e4e5c31269b71f293f35bd44ff9150210379686b3363851f074dff1e6c2d
SHA512

944d7a8b226700e6c1f5b25ce3e9867eb231247e3769558eb7696f2ed9b20e04140eb823894e2deacfecaf94aebd39c7bf2850414d68c6592bfa8604807cf6b0
SSDEEP

49152:FYApqrA2thoQZTVlpggHhMPu7M/M5JvbdFd683ZIw:CJl9HaBW1

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MediaExchangeProxy.dll
unpack001/mgxasio4.dll

Files

ddee814ade9f4c11311a40e3d59bfc35
.cab
MediaExchangeProxy.dll
.dll regsvr32 windows:5 windows x86 arch:x86

b771313801f7326b1295de8729469959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\msvc\mumaeasy_Hauptstand_git\_Build\MxFramework\MediaExchangeProxy\_Release_Win32\MediaExchangeProxy.pdb

Imports

kernel32

DisableThreadLibraryCalls
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
GetSystemTimeAsFileTime

msvcr90

__dllonexit
_lock
_onexit
_except_handler4_common
_malloc_crt
free
_encoded_null
_decode_pointer
_initterm
_initterm_e
_unlock
_amsg_exit
_adjust_fdiv
__CppXcptFilter
_crt_debugger_hook
__clean_type_info_names_internal
_encode_pointer

rpcrt4

CStdStubBuffer_QueryInterface
CStdStubBuffer_DebugServerRelease
CStdStubBuffer_Disconnect
CStdStubBuffer_IsIIDSupported
CStdStubBuffer_Invoke
CStdStubBuffer_Connect
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
CStdStubBuffer_CountRefs
NdrOleAllocate
NdrOleFree
CStdStubBuffer_AddRef
NdrDllUnregisterProxy
NdrDllGetClassObject
NdrDllCanUnloadNow
NdrDllRegisterProxy
NdrCStdStubBuffer_Release
IUnknown_AddRef_Proxy
IUnknown_QueryInterface_Proxy

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 932B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Point_DLLAV32.dll
.dll windows:4 windows x86 arch:x86

b748179d80732b2db378137035d3316f

Code Sign

09:51:f0:d5:97:8d:dd:c7:26:f0:c9:4e:7d:4c:45:62
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/03/2016, 00:00

Not After

15/03/2019, 12:00

Subject

SERIALNUMBER=HRB 4308,CN=PoINT Software & Systems GmbH,O=PoINT Software & Systems GmbH,POSTALCODE=57080,STREET=Eiserfelder Str. 316,L=Siegen,C=DE,1.3.6.1.4.1.311.60.2.1.2=#13164e6f727468205268696e652d576573747068616c6961,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:31:57:25:90:3f:90:e2:80:34:df:34:18:1e:fe:2e:da:da:5a:e8:37:70:2d:5c:65:e1:a8:05:8e:b5:b2:f0
Signer

Actual PE Digest

75:31:57:25:90:3f:90:e2:80:34:df:34:18:1e:fe:2e:da:da:5a:e8:37:70:2d:5c:65:e1:a8:05:8e:b5:b2:f0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
VirtualAlloc
CompareStringW
GetProcAddress
GetModuleHandleA
VirtualFree
FreeLibrary
LoadLibraryA
GetSystemTime
DisableThreadLibraryCalls
SetErrorMode
GetPrivateProfileIntA
GetLocalTime
GetModuleFileNameA
GetLastError
GetCurrentProcessId
IsValidCodePage
GetTimeZoneInformation
GetComputerNameA
Sleep
DeviceIoControl
FlushFileBuffers
ReadFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
HeapSize
QueryPerformanceCounter
LocalFree
LocalAlloc
CreateMutexA
ReleaseMutex
WaitForSingleObject
CloseHandle
CreateSemaphoreA
ReleaseSemaphore
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetExitCodeThread
TerminateThread
GetCurrentThreadId
SetThreadPriority
GetCurrentThread
GetPriorityClass
GetCurrentProcess
ExitThread
FileTimeToSystemTime
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempFileNameA
CreateFileA
GetVersionExA
HeapAlloc
HeapFree
GetCommandLineA
GetProcessHeap
CreateThread
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCPInfo
GetACP
GetOEMCP
TerminateProcess
IsDebuggerPresent
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlUnwind
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
GetTickCount

user32

CharUpperA
TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
CharUpperW
GetWindowThreadProcessId
wsprintfA
DispatchMessageA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegCreateKeyExA
RegDeleteValueA
IsValidSecurityDescriptor

dllcpy32

CopyGetPacketInfo
CopyGetCdText
CopyGetDiscInfo
CopyChangeOptions
CopyCloseDev
CopyOpenDevExt
CopyGetUpcIsrcInfo
CopyTracks
CopyTracksW
VerifyTracks
CopyPlayTracks
CopyGetDevInfoEx
CopyUpdateDevDrvInfo
CopyGetTrackInfo

dllio32

DosDirGetFileInformationW
DosDirFirst
DosDirFirstW
DosDirNext
DosDirNextW
DosSeekEnd
DosCreateFile
DosOpenFile
DosDirClose
DosReadFileBuf
DosSeekSetFileBuf
DosCloseFileBuf
DosDirGetFileInformation
DosSeekSetFileBufEx
DosSetEndOfFileBuf
DosCommitFileBuf
DosReadFile
DosWriteFile
DosSeekSetEx
DosSetEndOfFile
DosCommitFile
DosGetFileInformation
DosCloseFile
DosGetDriveTypeOfVolumeW
DosCreateFileBuf
DosGetDriveTypeOfVolume
DosGetVolumeInfoExW
DosGetVolumeInfoEx
DosDeleteFileW
DosDeleteFile
DosCreateFileBufW
DosWriteFileBuf
DosSeekEndEx
DosGetFileSysHandle
DosSeekSet
DosOpenFileEx
DosOpenFileExW
DosCreateFileEx
DosCreateFileExW
DosOpenFileBuf
DosOpenFileBufW
DosGetProcessInfo

string32

ConvertUtf8ToUtf16
IsUtf8BOM
ConvertMbToUtf16
ConvertUtf16ToMb
IsUtf16HighSurrogate
ConvertUtf16ToUtf8

dlldrv32

DrvSetIOParmsEx
DrvSetSecurityDesc
DrvGetSecurityDesc
DrvReScan
DrvGetDevDescList
DrvSetDefaultTimeout
DrvGetErrorText
DrvSetAccessToken
DrvGetIOParmsEx

dllpnt32

PntGetMachineId
PntGetAltMachineId
PntRegisterModule
PntGetSNOfModule
PntGetAUOfModule
PntDeRegisterModule
PntGetSSOfModule
PntGetIniOfTask

dlldev32

DevIncReadDefects
DevSelftest
DevGetDevIoParms
DevSetSpeed
DevSetSpeedEx
DevPrintErrorMessage
DevRead
DevSelectVolume
DevGetDmdi
DevSetDmdi
DevReOpen
DevIncGetParamOfTrack
DevIncOpenTrack
DevIncGetParam
DevIncFormat
DevIncRegisterCbFunc
DevIncLSeekEx
DevIncWrite
DevIncFlush
DevSetParam
DevErase
DevFinaliseSession
DevGetSessionEx
DevGetSerNo
DevGetCapabilities
DevControl
DevSetDevIoParms
DevMapScsiAddr
DevOpen
DevGetConf
DevGetConfCache
DevGetToc
DevGetSpeedEx
DevIncCloseTrack
DevClose
DevWrite
DevLSeekEx
DevCloseTrack
DevSetBurFree
DevSetSessionLiaRw
DevSetSession
DevGetStatusEx
DevSetIOParmsEx
DevGetIOParmsEx

dllres32

MsgBarPeekAndDispatch
MsgBarGetHandle
MsgLiLoad
MsgRegisterThreadCbFunc
MsgTruncate
MsgBarSetText2
MsgBarHasBeenCancelled
MsgLiLoadW
MsgRegisterThreadStatFunc
MsgRegisterMsgCbFunc
MsgRegisterMsgCbFuncW
MsgPrintW
MsgBarCreateEx
MsgBarSetText1
MsgBarEnableCancelling
MsgBarSetRange
MsgBarAddPos
MsgBarSetPos
MsgBarDestroy
MsgLoad
MsgPrint
ResIsBadWritePtr
ResIsBadReadPtr
ResIsBadStringPtrOrLenW
ResIsBadStringPtrOrLen
ResIsBadStructLenWritePtr
ResClearStructLen
ResIsBadStructLenReadPtr
ResIsBadCodePtr

Exports

Exports

_AvAuthorize@4
_AvCdTextGetFromGroup@16
_AvCdTextGetFromPacks@16
_AvCdTextGetLanguageName@16
_AvDevBeginReadTracks@16
_AvDevCheckCompatibility@16
_AvDevClose@12
_AvDevControl@20
_AvDevCreateImage@16
_AvDevCreateImageW@16
_AvDevEndReadTracks@12
_AvDevErase@20
_AvDevFinalise@16
_AvDevGetCacheInfo@16
_AvDevGetDefectsInfo@16
_AvDevGetDevCapa@16
_AvDevGetDevInfo@16
_AvDevGetDevInfoW@16
_AvDevGetDevList@20
_AvDevGetDevListW@20
_AvDevGetDevSerialNo@16
_AvDevGetDiscInfo@16
_AvDevGetSecurityInfo@16
_AvDevGetSpecialInfo@16
_AvDevGetSpeeds@16
_AvDevGetTrackInfo@20
_AvDevGetVolumeInfo@16
_AvDevGetVolumeInfoW@16
_AvDevOpen@12
_AvDevOpenImage@12
_AvDevOpenImageW@12
_AvDevReadCatalogIsrcInfo@20
_AvDevReadCheckQuality@20
_AvDevReadDetermineErrorRate@20
_AvDevReadPlayTracks@20
_AvDevReadTracks@28
_AvDevReadTracksW@28
_AvDevSetAccessToken@12
_AvDevSetCacheOptions@16
_AvDevSetExclusiveMode@12
_AvDevSetSecurityInfo@16
_AvDevSetSpeedAndMode@16
_AvDevUpdateDevList@8
_AvGetLicenseInfo@12
_AvGetLicenseInfoDirect@12
_AvGetModuleInfo@12
_AvGetModuleInfoW@12
_AvHdGetDiskInfo@16
_AvHdGetDriveInfo@16
_AvHdGetNoOfDrives@12
_AvRegisterMsgCbFunc@12
_AvRegisterMsgCbFuncW@12
_AvRegisterStatCbFunc@12
_AvSetLicenseInfo@12
_AvSetLicenseInfoDirect@12
_AvSetUidPath@12
_AvSetUidPathW@12
_AvVolAddBootDefaultImage@20
_AvVolAddBootDefaultImageW@20
_AvVolAddCdTextFromPacks@16
_AvVolAddCdiApplication@20
_AvVolAddCdiApplicationW@20
_AvVolAddCompoundFile@16
_AvVolAddCompoundFileW@16
_AvVolAddDirContentsSub@16
_AvVolAddDirContentsSubW@16
_AvVolAddDirSub@16
_AvVolAddDirSubW@16
_AvVolAddDirectRecFileSub@20
_AvVolAddDirectRecFileSubW@20
_AvVolAddFileSub@16
_AvVolAddFileSubW@16
_AvVolAddSessionSub@20
_AvVolAddSessionSubW@20
_AvVolAddTrack@24
_AvVolAddTrackW@24
_AvVolAppendCompoundFile@20
_AvVolAppendCompoundFileW@20
_AvVolBeginDirectAccess@12
_AvVolCreate@12
_AvVolCreateDirSub@16
_AvVolCreateDirSubW@16
_AvVolCreateFromFile@24
_AvVolCreateFromFileW@24
_AvVolCreateFromOptions@20
_AvVolCreateFromOptionsW@20
_AvVolCreateW@12
_AvVolDeleteDir@16
_AvVolDeleteDirW@16
_AvVolDeleteFile@16
_AvVolDeleteFileW@16
_AvVolDestroy@12
_AvVolDetermineTrackParam@16
_AvVolDetermineTrackParamW@16
_AvVolDirectAccessFlush@12
_AvVolDirectAccessRead@24
_AvVolDirectAccessWrite@24
_AvVolDirectRecBegin@16
_AvVolDirectRecCheck@20
_AvVolDirectRecDeleteFile@12
_AvVolDirectRecEnd@12
_AvVolDirectRecInfo@16
_AvVolDirectRecRecoverFile@16
_AvVolDirectRecRetrieveFile@16
_AvVolDirectRecWrite@20
_AvVolEndDirectAccess@12
_AvVolFindClose@12
_AvVolFindFirst@28
_AvVolFindFirstW@28
_AvVolFindNext@20
_AvVolFindNextW@20
_AvVolGetCdTextToc1@16
_AvVolGetDirectAccessInfo@16
_AvVolGetFileComment@16
_AvVolGetObjectInfo@20
_AvVolGetObjectInfoW@20
_AvVolGetSpaceAndTimeInfo@16
_AvVolGetUsedImageSpace@16
_AvVolGetUsedSpace@12
_AvVolGetVolumeInfo@16
_AvVolGetVolumeInfoW@16
_AvVolMenuAddFile@20
_AvVolMenuAddFileW@20
_AvVolMenuCreateNavigationObject@20
_AvVolMenuCreatePlayList@20
_AvVolMountDev@16
_AvVolRenameDir@20
_AvVolRenameDirW@20
_AvVolRenameFile@20
_AvVolRenameFileW@20
_AvVolSaveToFile@16
_AvVolSaveToFileW@16
_AvVolSetFileComment@16
_AvVolSetRecOptions@16
_AvVolSetTitleAttribute@20
_AvVolSetTitleAttributeW@20
_AvVolSetTmpPath@16
_AvVolSetVolAttribute@16
_AvVolSetVolAttributeW@16
_AvVolTitleAddFile@20
_AvVolTitleAddFileByHandle@20
_AvVolTitleAddFileSet@24
_AvVolTitleAddFileSetW@24
_AvVolTitleAddFileW@20
_AvVolTitleDefineEntries@24
_AvVolTitleDeleteFileSet@16
_AvVolTitleDirectRecBegin@20
_AvVolTitleDirectRecCheck@24
_AvVolTitleDirectRecDeleteFile@12
_AvVolTitleDirectRecEnd@12
_AvVolTitleDirectRecInfo@16
_AvVolTitleDirectRecRecoverFile@16
_AvVolTitleDirectRecRetrieveFile@16
_AvVolTitleDirectRecRetrieveFileSection@20
_AvVolTitleDirectRecWrite@20
_AvVolTitleReplaceFileSet@24
_AvVolTitleReplaceFileSetW@24
_AvVolUnmountDev@12
_AvVolWriteDiscToDisc@20
_AvVolWriteToDisc@16
_AvVolWriteToImage@20
_AvVolWriteToImageW@20
_AvVolWriteTracksToDisc@16
_AvVolWriteTracksToDiscW@16

Sections

.text
Size: 580KB - Virtual size: 579KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Point_DLLCPY32.dll
.dll windows:4 windows x86 arch:x86

00386327ac2d9dd62cfa0d7b3d1d73d0

Code Sign

09:51:f0:d5:97:8d:dd:c7:26:f0:c9:4e:7d:4c:45:62
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/03/2016, 00:00

Not After

15/03/2019, 12:00

Subject

SERIALNUMBER=HRB 4308,CN=PoINT Software & Systems GmbH,O=PoINT Software & Systems GmbH,POSTALCODE=57080,STREET=Eiserfelder Str. 316,L=Siegen,C=DE,1.3.6.1.4.1.311.60.2.1.2=#13164e6f727468205268696e652d576573747068616c6961,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:0a:b8:e1:54:bd:12:c0:32:db:ca:a9:15:dc:21:56:86:f2:de:c9:da:68:10:cc:a6:61:86:2c:2b:06:27:36
Signer

Actual PE Digest

24:0a:b8:e1:54:bd:12:c0:32:db:ca:a9:15:dc:21:56:86:f2:de:c9:da:68:10:cc:a6:61:86:2c:2b:06:27:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualFree
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleA
GetLastError
CreateMutexA
ReleaseMutex
WaitForSingleObject
CloseHandle
VirtualAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetCurrentProcess
GetModuleFileNameA
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
HeapAlloc
HeapFree
GetCommandLineA
GetProcessHeap
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
LCMapStringA
LCMapStringW
RtlUnwind
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
DisableThreadLibraryCalls
Sleep

user32

PeekMessageA
MsgWaitForMultipleObjects
TranslateMessage
DispatchMessageA
wsprintfW
wsprintfA
IsDialogMessageA

dllres32

ResIsBadStringPtrW
MsgBox
MsgBarSetText2
MsgBarAddPos
MsgBarGetBarFromHandle
MsgBarCreateWait
MsgBarGetHandle
MsgBarCreateEx
MsgBarSetRange
MsgLoad
MsgBarSetText1
MsgBarSetPos
MsgBarDestroy
ResIsBadReadPtr
ResIsBadWritePtr
ResIsBadCodePtr
ResIsBadStringPtr
MsgBarPeekAndDispatch
MsgBarHasBeenCancelled
MsgRegisterThreadCbFunc
MsgPrintW
MsgPrint

dlldrv32

DrvAllocIoBlock
DrvOpen
DrvGetDevNum
DrvGetDevDescList
DrvGetDevCapa
DrvFreeIoBlock
DrvClose
DrvGetErrorText
DrvRequest
DrvExec

dllio32

DosGetVolumeInfoEx
DosCommitFileBuf
DosCreateFileW
DosCreateFile
DosOpenFileBufW
DosOpenFileBuf
DosGetVolumeInfoExW
DosSetFileSizeEx
DosOpenFileW
DosOpenFile
DosGetFileSizeEx
DosCloseFile
DosCloseFileBuf
DosCreateFileBufW
DosGetDriveTypeOfVolume
DosGetDriveTypeOfVolumeW
DosFreePathBuf
DosGetDeviceData
DosAllocPathBuf
DosGetMaxPathLen
DosFreePathBufW
DosAllocPathBufW
DosGetMaxPathLenW
DosWriteFile
DosSeekSetEx
DosSeekEndEx
DosSeekSetFileBufEx
DosSeekEndFileBufEx
DosDeleteFile
DosDeleteFileW
DosWriteFileBuf
DosReadFile
DosCreateFileBuf

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Exports

Exports

CopyChangeOptions
CopyCloseDev
CopyGetCdText
CopyGetDevInfo
CopyGetDevInfoEx
CopyGetDiscInfo
CopyGetDrvCapaEx
CopyGetDrvInfoEx
CopyGetLayerInfo
CopyGetPacketInfo
CopyGetTrackInfo
CopyGetUpcIsrcInfo
CopyLoadDev
CopyLoadFileHeaderFromBuffer
CopyOpenDev
CopyOpenDevExt
CopyPlayTracks
CopyReadPVD
CopyRegisterMsgCbFunc
CopyTracks
CopyTracksExt
CopyTracksExtW
CopyTracksW
CopyUpdateDevDrvInfo
CopyVerify
CopyVerifyTracksExt
VerifyTracks

Sections

.text
Size: 112KB - Virtual size: 108KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Point_DLLDEV32.dll
.dll windows:4 windows x86 arch:x86

807c4556b48810731a75ffd3f87d6a9f

Code Sign

09:51:f0:d5:97:8d:dd:c7:26:f0:c9:4e:7d:4c:45:62
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/03/2016, 00:00

Not After

15/03/2019, 12:00

Subject

SERIALNUMBER=HRB 4308,CN=PoINT Software & Systems GmbH,O=PoINT Software & Systems GmbH,POSTALCODE=57080,STREET=Eiserfelder Str. 316,L=Siegen,C=DE,1.3.6.1.4.1.311.60.2.1.2=#13164e6f727468205268696e652d576573747068616c6961,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ac:8b:d0:96:76:18:07:3c:46:a9:2f:68:6b:59:7c:52:af:a4:b7:40:17:09:5e:15:ff:fb:2c:2a:75:9a:e9:40
Signer

Actual PE Digest

ac:8b:d0:96:76:18:07:3c:46:a9:2f:68:6b:59:7c:52:af:a4:b7:40:17:09:5e:15:ff:fb:2c:2a:75:9a:e9:40

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
DisableThreadLibraryCalls
LocalFree
LocalAlloc
GetProcAddress
GetModuleHandleA
CreateMutexA
ReleaseMutex
WaitForSingleObject
CloseHandle
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetLastError
GetModuleFileNameA
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
HeapAlloc
HeapFree
GetCommandLineA
GetProcessHeap
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
LCMapStringA
LCMapStringW
RtlUnwind
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
VirtualAlloc
VirtualLock
GetCurrentProcess
VirtualFree

user32

MsgWaitForMultipleObjects
IsDialogMessageA
TranslateMessage
DispatchMessageA
wsprintfA
PeekMessageA

dllres32

MsgBarCreateEx
MsgBarSetText1
MsgBarSetRange
MsgBarEnableCancelling
MsgBarSetPos
MsgBarDestroy
MsgBox
MsgLiLoad
MsgPrint

dlldrv32

DrvGetErrorText
DrvRead
DrvGetDevDesc
DrvVerify
DrvSetDefaultTimeout
DrvLock
DrvFreeIoBlock
DrvExec
DrvGetDevCapa
DrvGetDevList
DrvGetDevDescList
DrvMapScsiAddr
DrvMapLetter
DrvClose
DrvSetIOParms
DrvOpen
DrvRequest
DrvAllocIoBlock
DrvSetAccessToken
DrvReScan

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

Exports

Exports

DevCheckCommunication
DevClose
DevCloseTrack
DevControl
DevErase
DevFinalise
DevFinaliseEx
DevFinaliseSession
DevGetBurFree
DevGetCapabilities
DevGetConf
DevGetConfCache
DevGetConfCacheEx
DevGetCopyOfConf
DevGetCopyOfExtSession
DevGetCopyOfExtToc
DevGetDevCapaEx
DevGetDevDescList
DevGetDevIoParms
DevGetDevList
DevGetDevListEx
DevGetDmdi
DevGetExtParam
DevGetExtSession
DevGetExtToc
DevGetIOParmsEx
DevGetParam
DevGetSerNo
DevGetSession
DevGetSessionEx
DevGetSessionLiaRw
DevGetSessionLiaRwEx
DevGetSpeedEx
DevGetStatus
DevGetStatusEx
DevGetStatusMessage
DevGetStatusMessageEx
DevGetToc
DevGetTocEx
DevGetWErr
DevGetWErrEx
DevIncCloseTrack
DevIncFlush
DevIncFormat
DevIncGetParam
DevIncGetParamOfTrack
DevIncGetSparingMap
DevIncLSeek
DevIncLSeekEx
DevIncOpenTrack
DevIncReadDefects
DevIncRegisterCbFunc
DevIncSetSparingMap
DevIncWrite
DevLSeek
DevLSeekEx
DevLock
DevMapLetter
DevMapLetterRec
DevMapScsiAddr
DevMapScsiAddrRec
DevOpen
DevPrintErrorMessage
DevReOpen
DevReScan
DevRead
DevReadSectorCooked
DevReserveTrack
DevSelectVolume
DevSelftest
DevSetAccessToken
DevSetBurFree
DevSetDefaultTimeout
DevSetDevIoParms
DevSetDmdi
DevSetExtParam
DevSetExtSession
DevSetFillByte
DevSetIOParms
DevSetIOParmsEx
DevSetInterfaceVersion
DevSetParam
DevSetSession
DevSetSessionLiaRw
DevSetSpeed
DevSetSpeedEx
DevVerify
DevWrite

Sections

.text
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Point_DLLDRV32.dll
.dll windows:4 windows x86 arch:x86

5aff45d72042840f94a3a849c883bd7e

Code Sign

09:51:f0:d5:97:8d:dd:c7:26:f0:c9:4e:7d:4c:45:62
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/03/2016, 00:00

Not After

15/03/2019, 12:00

Subject

SERIALNUMBER=HRB 4308,CN=PoINT Software & Systems GmbH,O=PoINT Software & Systems GmbH,POSTALCODE=57080,STREET=Eiserfelder Str. 316,L=Siegen,C=DE,1.3.6.1.4.1.311.60.2.1.2=#13164e6f727468205268696e652d576573747068616c6961,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

21:ed:04:08:cd:97:d5:12:b6:92:94:06:a8:8a:5e:de:c6:73:4d:9a:3e:ab:ff:b2:94:c5:5e:2d:97:6e:ef:d4
Signer

Actual PE Digest

21:ed:04:08:cd:97:d5:12:b6:92:94:06:a8:8a:5e:de:c6:73:4d:9a:3e:ab:ff:b2:94:c5:5e:2d:97:6e:ef:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetLastError
GetTickCount
GetSystemTime
QueryDosDeviceA
SetErrorMode
GetLogicalDrives
SetFilePointer
GetModuleFileNameA
DisableThreadLibraryCalls
CreateFileA
GetCurrentProcessId
LoadLibraryA
GetProcAddress
WriteFile
Sleep
DeviceIoControl
DefineDosDeviceA
FreeLibrary
CloseHandle
GetLastError
VirtualFree
VirtualUnlock
VirtualAlloc
GetDriveTypeA
LocalFree
LocalAlloc
GetModuleHandleA
CreateMutexA
ReleaseMutex
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
GetExitCodeThread
TerminateThread
GetCurrentThreadId
SetThreadPriority
GetCurrentThread
GetPriorityClass
GetCurrentProcess
ExitThread
GetSystemTimeAsFileTime
GetVersionExA
HeapFree
HeapAlloc
GetCommandLineA
GetProcessHeap
CreateThread
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapDestroy
HeapCreate
HeapReAlloc
ExitProcess
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
RtlUnwind
HeapSize
VirtualLock

user32

TranslateMessage
IsDialogMessageA
PeekMessageA
MsgWaitForMultipleObjects
wsprintfA
DispatchMessageA

advapi32

InitializeSecurityDescriptor
RegOpenKeyA
RevertToSelf
ImpersonateLoggedOnUser
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
RegCloseKey
SetSecurityDescriptorDacl

dllres32

MsgBarPeekAndDispatch
MsgBarGetBarFromHandle
ResGetSecurityAttributes
MsgLiLoad
MsgPrint

Exports

Exports

DrvAllocIoBlock
DrvClose
DrvExec
DrvFreeIoBlock
DrvGetDevCapa
DrvGetDevCapaEntry
DrvGetDevDesc
DrvGetDevDescList
DrvGetDevList
DrvGetDevListEntry
DrvGetDevNum
DrvGetErrorText
DrvGetIOParmsEx
DrvGetSecurityDesc
DrvGetSysDevPath
DrvGetUniqueDevID
DrvLock
DrvLogToPhys
DrvMapLetter
DrvMapScsiAddr
DrvMapUniqueDevID
DrvOpen
DrvReScan
DrvRead
DrvReadSectorCooked
DrvReleaseAllIoBlocks
DrvRequest
DrvSetAccessToken
DrvSetBufSize
DrvSetDefaultTimeout
DrvSetIOParms
DrvSetIOParmsEx
DrvSetSecurityDesc
DrvTryRequest
DrvVerify

Sections

.text
Size: 168KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Point_DLLIO32.dll
.dll windows:4 windows x86 arch:x86

2afeb8c14458577585d4a142e2182036

Code Sign

09:51:f0:d5:97:8d:dd:c7:26:f0:c9:4e:7d:4c:45:62
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/03/2016, 00:00

Not After

15/03/2019, 12:00

Subject

SERIALNUMBER=HRB 4308,CN=PoINT Software & Systems GmbH,O=PoINT Software & Systems GmbH,POSTALCODE=57080,STREET=Eiserfelder Str. 316,L=Siegen,C=DE,1.3.6.1.4.1.311.60.2.1.2=#13164e6f727468205268696e652d576573747068616c6961,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:b0:68:63:ec:de:1e:99:35:97:5e:9b:90:37:2e:88:f6:d6:83:3d:88:6c:d0:03:39:fb:a0:92:40:ee:c0:9c
Signer

Actual PE Digest

f1:b0:68:63:ec:de:1e:99:35:97:5e:9b:90:37:2e:88:f6:d6:83:3d:88:6c:d0:03:39:fb:a0:92:40:ee:c0:9c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mpr

WNetCloseEnum
WNetOpenEnumA
WNetEnumResourceW
WNetOpenEnumW
WNetGetUniversalNameA
WNetGetUniversalNameW
WNetEnumResourceA

kernel32

AreFileApisANSI
GetProcessVersion
GetBinaryTypeA
GetModuleFileNameA
IsBadWritePtr
FileTimeToDosDateTime
FileTimeToLocalFileTime
Sleep
GetLastError
LockFile
GetFileType
GetFileInformationByHandle
SetFileTime
ReadFile
WriteFile
SetEndOfFile
FlushFileBuffers
DeleteFileA
DeleteFileW
MoveFileA
MoveFileW
SetFileAttributesA
SetFileAttributesW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
GetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryA
SetCurrentDirectoryW
GetShortPathNameA
GetShortPathNameW
FindClose
GetFileAttributesA
FindFirstFileA
GetFileAttributesW
FindFirstFileW
FindNextFileA
FindNextFileW
CloseHandle
WideCharToMultiByte
DeviceIoControl
CreateFileA
MultiByteToWideChar
CompareStringA
FreeLibrary
GetProcAddress
LoadLibraryA
CompareStringW
SetFilePointer
GetFileSize
CreateFileW
VirtualFree
VirtualAlloc
UnlockFile
GetVolumeInformationA
GetDiskFreeSpaceA
GetVolumeInformationW
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
GetFullPathNameA
GetFullPathNameW
GetComputerNameW
GetComputerNameA
GetModuleHandleA
DisableThreadLibraryCalls
SetErrorMode
HeapSize
LocalFree
LocalAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetCurrentProcess
GetSystemTimeAsFileTime
GetTickCount
GetVersionExA
HeapAlloc
HeapFree
GetCommandLineA
GetProcessHeap
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
RtlUnwind
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

user32

CharToOemA
CharUpperA
OemToCharA
CharLowerA
CharLowerW

advapi32

RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyA
RegCloseKey

Exports

Exports

DosAllocPathBuf
DosAllocPathBufW
DosCloseFile
DosCloseFileBuf
DosCommitFile
DosCommitFileBuf
DosCreateDirectory
DosCreateDirectoryW
DosCreateFile
DosCreateFileBuf
DosCreateFileBufW
DosCreateFileEx
DosCreateFileExW
DosCreateFileW
DosCryptFileBuf
DosDeleteFile
DosDeleteFileW
DosDeviceControl
DosDirClose
DosDirFirst
DosDirFirstW
DosDirGetFileInformation
DosDirGetFileInformationW
DosDirNext
DosDirNextW
DosFindCloseStream
DosFindFirstStream
DosFindFirstStreamW
DosFindNextStream
DosFindNextStreamW
DosFreePathBuf
DosFreePathBufW
DosGetCurrentDirectory
DosGetCurrentDirectoryW
DosGetCurrentDrive
DosGetDTA
DosGetDateAndTime
DosGetDeviceData
DosGetDriveTypeOfVolume
DosGetDriveTypeOfVolumeW
DosGetFileInformation
DosGetFileSizeEx
DosGetFileSysHandle
DosGetLocalPath
DosGetLocalPathW
DosGetLongPathName
DosGetLongPathNameW
DosGetMaxPathLen
DosGetMaxPathLenW
DosGetNetworkPath
DosGetNetworkPathW
DosGetProcessInfo
DosGetRootOfVolume
DosGetRootOfVolumeW
DosGetShortPathName
DosGetShortPathNameW
DosGetVolumeInfo
DosGetVolumeInfoEx
DosGetVolumeInfoExW
DosLinkFile
DosLinkFileW
DosLockFile
DosLockFileBuf
DosMoveFile
DosMoveFileW
DosOpenFile
DosOpenFileBuf
DosOpenFileBufW
DosOpenFileEx
DosOpenFileExW
DosOpenFileW
DosReadFile
DosReadFileAhead
DosReadFileBuf
DosRemoveDirectory
DosRemoveDirectoryW
DosResetDrive
DosSeekCur
DosSeekCurEx
DosSeekCurFileBuf
DosSeekCurFileBufEx
DosSeekEnd
DosSeekEndEx
DosSeekEndFileBuf
DosSeekEndFileBufEx
DosSeekSet
DosSeekSetEx
DosSeekSetFileBuf
DosSeekSetFileBufEx
DosSetCurrentDirectory
DosSetCurrentDirectoryW
DosSetCurrentDrive
DosSetDTA
DosSetDateAndTime
DosSetEndOfFile
DosSetEndOfFileBuf
DosSetFileAttributes
DosSetFileAttributesW
DosSetFileShortName
DosSetFileShortNameW
DosSetFileSizeEx
DosUnlockFile
DosUnlockFileBuf
DosWriteFile
DosWriteFileBuf
IoDirClose
IoDirFirst
IoDirFirstW
IoDirGetFileInformation
IoDirGetFileInformationW
IoDirNext
IoDirNextW
IoEnableLocking
IoVWin32Control

Sections

.text
Size: 56KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Point_DLLPNT32.dll
.dll windows:4 windows x86 arch:x86

fd94d3b28e5d3fbc3caba8d2207301d5

Code Sign

09:51:f0:d5:97:8d:dd:c7:26:f0:c9:4e:7d:4c:45:62
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/03/2016, 00:00

Not After

15/03/2019, 12:00

Subject

SERIALNUMBER=HRB 4308,CN=PoINT Software & Systems GmbH,O=PoINT Software & Systems GmbH,POSTALCODE=57080,STREET=Eiserfelder Str. 316,L=Siegen,C=DE,1.3.6.1.4.1.311.60.2.1.2=#13164e6f727468205268696e652d576573747068616c6961,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:1a:e9:57:ad:6e:2c:0b:a7:54:a2:52:80:8b:05:e1:66:9c:94:f4:20:12:c0:a0:e2:c2:30:df:1f:3e:55:8e
Signer

Actual PE Digest

0e:1a:e9:57:ad:6e:2c:0b:a7:54:a2:52:80:8b:05:e1:66:9c:94:f4:20:12:c0:a0:e2:c2:30:df:1f:3e:55:8e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetWindowsDirectoryA
DeviceIoControl
FileTimeToDosDateTime
FreeLibrary
CloseHandle
CreateFileA
GetVersionExA
DisableThreadLibraryCalls
GetModuleFileNameA
GetComputerNameA
LoadLibraryA
GetProcAddress
QueryDosDeviceA
GetLastError
GetTickCount
DefineDosDeviceA
LocalFree
LocalAlloc
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetCurrentProcess
GetSystemTimeAsFileTime
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
VirtualAlloc
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
LCMapStringA
LCMapStringW
WriteFile
RtlUnwind
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
GetTimeZoneInformation

user32

wsprintfA

advapi32

InitializeSecurityDescriptor
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegCloseKey
RegOpenKeyA
SetSecurityDescriptorDacl

dllio32

DosCreateFile
DosDeleteFile
DosDirGetFileInformation
DosDirFirst
DosDirClose
DosCloseFile
DosGetFileInformation
DosWriteFile
DosCommitFile
DosOpenFile
DosReadFile

dllres32

MsgPrint

Exports

Exports

PntCheckCK
PntDeRegisterModule
PntDeRegisterTask
PntGetAUOfModule
PntGetAUOfTask
PntGetAltMachineId
PntGetCapa
PntGetCapaOfModule
PntGetCapaOfTask
PntGetInfo
PntGetInfo16
PntGetIniOfModule
PntGetIniOfTask
PntGetMachineId
PntGetPNOfModule
PntGetPNOfTask
PntGetSNOfModule
PntGetSNOfTask
PntGetSSOfModule
PntGetSSOfTask
PntGetSerial
PntGetSerial16
PntGetStateOfCK
PntRegisterModule
PntRegisterTask
PntSetCK
PntSetInfo
PntSetInfo16

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Point_DLLRES32.dll
.dll windows:4 windows x86 arch:x86

99f3939c76ee852309a3adea579bb48b

Code Sign

09:51:f0:d5:97:8d:dd:c7:26:f0:c9:4e:7d:4c:45:62
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/03/2016, 00:00

Not After

15/03/2019, 12:00

Subject

SERIALNUMBER=HRB 4308,CN=PoINT Software & Systems GmbH,O=PoINT Software & Systems GmbH,POSTALCODE=57080,STREET=Eiserfelder Str. 316,L=Siegen,C=DE,1.3.6.1.4.1.311.60.2.1.2=#13164e6f727468205268696e652d576573747068616c6961,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:df:65:f5:ca:cf:70:95:41:c6:ca:ca:33:ec:8f:b0:da:dc:12:ec:33:08:ce:5d:28:7d:5e:15:de:40:88:46
Signer

Actual PE Digest

c0:df:65:f5:ca:cf:70:95:41:c6:ca:ca:33:ec:8f:b0:da:dc:12:ec:33:08:ce:5d:28:7d:5e:15:de:40:88:46

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetTickCount
DisableThreadLibraryCalls
GetModuleFileNameA
lstrcpynA
AreFileApisANSI
LoadLibraryA
GetProcAddress
IsBadCodePtr
IsBadWritePtr
IsBadReadPtr
GetStringTypeW
GetStringTypeA
RtlUnwind
HeapSize
GetLocaleInfoA
LCMapStringW
LCMapStringA
MultiByteToWideChar
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
IsDebuggerPresent
TerminateProcess
GetCurrentProcessId
QueryPerformanceCounter
IsBadStringPtrW
IsBadStringPtrA
GetEnvironmentStringsW
WideCharToMultiByte
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
LocalFree
LocalAlloc
GetModuleHandleA
GetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetCurrentProcess
GetSystemTimeAsFileTime
GetVersionExA
HeapFree
HeapAlloc
GetCommandLineA
GetProcessHeap
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetStdHandle
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
RaiseException
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
ExitProcess
Sleep
SetHandleCount
FreeLibrary

user32

MessageBoxA
CreateDialogParamA
GetWindowRect
SetWindowPos
ShowWindow
GetClientRect
LoadCursorA
SetCursor
MessageBoxW
wsprintfA
DestroyWindow
wsprintfW
IsWindowEnabled
BeginPaint
EndPaint
InvalidateRect
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SetDlgItemTextA
GetDC
FillRect
ReleaseDC
GetDlgItem
EnableWindow
IsWindow
LoadStringW
LoadStringA
OemToCharA
GetUpdateRect

gdi32

CreateSolidBrush
DeleteObject

string32

ConvertUtf8ToUtf16
ConvertUtf16ToUtf8
ConvertUtf16ToMb
ConvertMbToUtf16
??0StringW@@QAE@PBG@Z
??0String@@QAE@PBD@Z

advapi32

SetSecurityDescriptorDacl
RegOpenKeyA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor

Exports

Exports

?MsgGetModuleFileName@@YA?AVString@@XZ
?MsgGetModuleFileNameW@@YA?AVStringW@@XZ
?MsgLiLoad@@YA?AVString@@IHZZ
?MsgLiLoadW@@YA?AVStringW@@IHZZ
?MsgLiVLoad@@YA?AVString@@IHPAD@Z
?MsgLiVLoadW@@YA?AVStringW@@IHPAD@Z
?MsgLoad@@YA?AVString@@IHZZ
?MsgLoadW@@YA?AVStringW@@IHZZ
?MsgVLoad@@YA?AVString@@IHPAD@Z
?MsgVLoadW@@YA?AVStringW@@IHPAD@Z
MsgBarAddPos
MsgBarCreate
MsgBarCreateEx
MsgBarCreateWait
MsgBarCreateWaitEx
MsgBarDestroy
MsgBarEnableCancelling
MsgBarGetBarFromHandle
MsgBarGetHandle
MsgBarHasBeenCancelled
MsgBarPeekAndDispatch
MsgBarSetCaption
MsgBarSetPos
MsgBarSetRange
MsgBarSetText1
MsgBarSetText2
MsgBox
MsgBoxW
MsgEnableSpecialFunctions
MsgGetInstance
MsgLiGetInfo
MsgLiLoad
MsgLiLoadW
MsgLiPrint
MsgLiPrintW
MsgLiRegisterMsgCbFunc
MsgLiRegisterMsgCbFuncEx
MsgLiRegisterThreadCbFunc
MsgLiRegisterThreadCbFuncEx
MsgLiSetParam
MsgLiTranslate
MsgLiTranslateUtf8
MsgLiTranslateW
MsgLiVLoad
MsgLiVLoadW
MsgLiVPrint
MsgLiVPrintW
MsgLoad
MsgLoadLanguage
MsgLoadW
MsgPrint
MsgPrintW
MsgRegisterMsgCbFunc
MsgRegisterMsgCbFuncEx
MsgRegisterMsgCbFuncExW
MsgRegisterMsgCbFuncW
MsgRegisterMsgCbFuncWoW
MsgRegisterThreadCbFunc
MsgRegisterThreadCbFuncEx
MsgRegisterThreadCbFuncExW
MsgRegisterThreadCbFuncW
MsgRegisterThreadStatFunc
MsgTextBox
MsgTextBoxW
MsgTruncate
MsgTruncateW
MsgUnloadLanguage
MsgVLoad
MsgVLoadW
MsgVPrint
MsgVPrintW
ResClearStructLen
ResGetSecurityAttributes
ResIsBadCodePtr
ResIsBadReadPtr
ResIsBadStringPtr
ResIsBadStringPtrOrLen
ResIsBadStringPtrOrLenW
ResIsBadStringPtrW
ResIsBadStructLenReadPtr
ResIsBadStructLenWritePtr
ResIsBadWritePtr

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 208KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Point_STRING32.dll
.dll windows:4 windows x86 arch:x86

4ab282153b2f3c87d271dccba9d1a679

Code Sign

09:51:f0:d5:97:8d:dd:c7:26:f0:c9:4e:7d:4c:45:62
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

17/03/2016, 00:00

Not After

15/03/2019, 12:00

Subject

SERIALNUMBER=HRB 4308,CN=PoINT Software & Systems GmbH,O=PoINT Software & Systems GmbH,POSTALCODE=57080,STREET=Eiserfelder Str. 316,L=Siegen,C=DE,1.3.6.1.4.1.311.60.2.1.2=#13164e6f727468205268696e652d576573747068616c6961,1.3.6.1.4.1.311.60.2.1.3=#13024445,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:f7:2d:33:c7:8a:01:fc:d6:08:ca:7c:1a:41:74:c0:c7:46:ab:87:0b:3f:11:49:70:2a:42:da:24:9b:8a:6a
Signer

Actual PE Digest

33:f7:2d:33:c7:8a:01:fc:d6:08:ca:7c:1a:41:74:c0:c7:46:ab:87:0b:3f:11:49:70:2a:42:da:24:9b:8a:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DisableThreadLibraryCalls
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
HeapAlloc
GetLastError
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA

user32

CharUpperBuffA
CharToOemBuffA
OemToCharBuffA

Exports

Exports

??0Path@@AAE@ABV0@ABVString@@@Z
??0Path@@AAE@ABV0@PBD@Z
??0Path@@QAE@ABV0@@Z
??0PathW@@AAE@ABV0@ABVStringW@@@Z
??0PathW@@AAE@ABV0@PBG@Z
??0PathW@@QAE@ABV0@@Z
??0String@@AAE@ABV0@PBD@Z
??0String@@QAE@PBD@Z
??0String@@QAE@XZ
??0StringW@@AAE@ABV0@PBG@Z
??0StringW@@QAE@PBG@Z
??0StringW@@QAE@XZ
??0WinCaption@@QAE@PBD0@Z
??0WinCaptionW@@QAE@PBG0@Z
??1Path@@QAE@XZ
??1PathW@@QAE@XZ
??1String@@QAE@XZ
??1StringW@@QAE@XZ
??4Path@@QAEAAV0@ABV0@@Z
??4Path@@QAEAAV0@ABVString@@@Z
??4Path@@QAEAAV0@PBD@Z
??4PathW@@QAEAAV0@ABV0@@Z
??4PathW@@QAEAAV0@ABVStringW@@@Z
??4PathW@@QAEAAV0@PBG@Z
??4String@@QAEAAV0@ABV0@@Z
??4StringW@@QAEAAV0@ABV0@@Z
?GetDrive@Path@@QBE?BDXZ
?GetDrive@PathW@@QBE?BGXZ
?GetPathEnd@Path@@QBEPBDXZ
?GetPathEnd@PathW@@QBEPBGXZ
?GetPathFirst@Path@@QBEPBDXZ
?GetPathFirst@PathW@@QBEPBGXZ
?GetPathFirstEle@Path@@QBEPBVString@@XZ
?GetPathFirstEle@PathW@@QBEPBVStringW@@XZ
?GetPathHead@Path@@QBEPBDXZ
?GetPathHead@PathW@@QBEPBGXZ
?GetPathPath@Path@@QBEPBV1@XZ
?GetPathPath@PathW@@QBEPBV1@XZ
?GetPathRest@Path@@QBEPBDXZ
?GetPathRest@PathW@@QBEPBGXZ
?GetPathUnc@Path@@QBEPBVString@@XZ
?GetPathUnc@PathW@@QBEPBVStringW@@XZ
?StringCompare@String@@ABEHPBD@Z
?StringCompare@StringW@@ABEHPBG@Z
?Truncate@Path@@QBE?AVString@@I@Z
?Truncate@PathW@@QBE?AVStringW@@I@Z
ANSICompare
ANSIUpper
ConvertMbToUtf16
ConvertUtf16ToMb
ConvertUtf16ToUtf8
ConvertUtf8ToUtf16
IsUtf16HighSurrogate
IsUtf16LowSurrogate
IsUtf8BOM
OemCompare
OemUpper
PhpStrCmpA
PhpStrCmpW

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mgxasio4.dll
.dll regsvr32 windows:4 windows x86 arch:x86

1910aa462df16700a00a0ff7b2051c13

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
GetCurrentProcess
GetModuleFileNameA
WideCharToMultiByte
TerminateThread
GetVersion
CreateFileA
DeviceIoControl
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetProcessHeap
HeapWalk
GetCurrentThreadId
LoadLibraryA
GetProcAddress
FreeLibrary
Sleep
GetModuleHandleA
VirtualAlloc
VirtualFree
VirtualLock
VirtualUnlock
CreateThread
SetThreadPriority
GetCurrentThread
WaitForSingleObject
WaitForMultipleObjects
CreateEventA
SetEvent
ResetEvent

ksuser

KsCreatePin

setupapi

SetupDiEnumDeviceInterfaces
SetupDiOpenDeviceInterfaceRegKey
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceAlias
SetupDiGetDeviceInterfaceDetailA
SetupDiGetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo

winmm

timeGetTime
timeBeginPeriod
timeEndPeriod
midiOutOpen
midiOutGetDevCapsA
midiOutClose
midiOutGetNumDevs
midiOutGetID

gdi32

DeleteObject
CreateSolidBrush
SetBkColor
SetTextColor

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx

user32

ShowWindow
LoadBitmapA
MessageBoxA
SetTimer
KillTimer
LoadStringA
SetFocus
CreateWindowExA
DestroyWindow
UnregisterClassA
DefWindowProcA
SendMessageA
PostMessageA
MoveWindow
GetWindowRect
ScreenToClient
GetCursorPos
SetWindowPos
MsgWaitForMultipleObjects
PeekMessageA
GetMessageA
TranslateMessage
DispatchMessageA
PostQuitMessage
PostThreadMessageA
DialogBoxParamA
GetFocus
LoadIconA
SendDlgItemMessageA
GetDlgItem
EndDialog
RegisterClassExA
SetForegroundWindow

comctl32

ImageList_AddIcon
ImageList_Create

shell32

DllGetVersion
Shell_NotifyIconA
ShellExecuteA

advapi32

RegCloseKey
RegQueryValueExW
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegOpenKeyExA
RegCreateKeyExA
RegFlushKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
RWDEFCloseDevice
RWDEFDriveAudio
RWDEFGetDeviceInfo
RWDEFGetDeviceNameAndVersion
RWDEFGetEventBusInfo
RWDEFGetEventChannelInfo
RWDEFGetEventControllerInfo
RWDEFGetEventInfo
RWDEFGetEventNoteInfo
RWDEFIdle
RWDEFIsCloseOK
RWDEFIsPanelAppLaunched
RWDEFLaunchPanelApp
RWDEFOpenDevice
RWDEFQuitPanelApp
RWDEFSetAudioInfo

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b771313801f7326b1295de8729469959

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

msvcr90

rpcrt4

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.orpc Size: 512B - Virtual size: 51B

.rdata Size: 3KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 932B

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 1024B - Virtual size: 514B

b748179d80732b2db378137035d3316f

Code Sign

09:51:f0:d5:97:8d:dd:c7:26:f0:c9:4e:7d:4c:45:62Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

75:31:57:25:90:3f:90:e2:80:34:df:34:18:1e:fe:2e:da:da:5a:e8:37:70:2d:5c:65:e1:a8:05:8e:b5:b2:f0Signer

Headers

File Characteristics

Imports

kernel32

user32

advapi32

dllcpy32

dllio32

string32

dlldrv32

dllpnt32

dlldev32

dllres32

Exports

Exports

Sections

.text Size: 580KB - Virtual size: 579KB

.rdata Size: 72KB - Virtual size: 69KB

.data Size: 8KB - Virtual size: 40KB

.rsrc Size: 4KB - Virtual size: 984B

.reloc Size: 24KB - Virtual size: 22KB

00386327ac2d9dd62cfa0d7b3d1d73d0

Code Sign

09:51:f0:d5:97:8d:dd:c7:26:f0:c9:4e:7d:4c:45:62Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

24:0a:b8:e1:54:bd:12:c0:32:db:ca:a9:15:dc:21:56:86:f2:de:c9:da:68:10:cc:a6:61:86:2c:2b:06:27:36Signer

Headers

File Characteristics

Imports

kernel32

user32

dllres32

.text
Size: 2KB - Virtual size: 2KB

.orpc
Size: 512B - Virtual size: 51B

.rdata
Size: 3KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 932B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1024B - Virtual size: 514B

09:51:f0:d5:97:8d:dd:c7:26:f0:c9:4e:7d:4c:45:62
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

75:31:57:25:90:3f:90:e2:80:34:df:34:18:1e:fe:2e:da:da:5a:e8:37:70:2d:5c:65:e1:a8:05:8e:b5:b2:f0
Signer

.text
Size: 580KB - Virtual size: 579KB

.rdata
Size: 72KB - Virtual size: 69KB

.data
Size: 8KB - Virtual size: 40KB

.rsrc
Size: 4KB - Virtual size: 984B

.reloc
Size: 24KB - Virtual size: 22KB

09:51:f0:d5:97:8d:dd:c7:26:f0:c9:4e:7d:4c:45:62
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

24:0a:b8:e1:54:bd:12:c0:32:db:ca:a9:15:dc:21:56:86:f2:de:c9:da:68:10:cc:a6:61:86:2c:2b:06:27:36
Signer

.text
Size: 112KB - Virtual size: 108KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 8KB - Virtual size: 12KB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 8KB - Virtual size: 6KB

09:51:f0:d5:97:8d:dd:c7:26:f0:c9:4e:7d:4c:45:62
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

ac:8b:d0:96:76:18:07:3c:46:a9:2f:68:6b:59:7c:52:af:a4:b7:40:17:09:5e:15:ff:fb:2c:2a:75:9a:e9:40
Signer

.text
Size: 172KB - Virtual size: 171KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 6.1MB

.rsrc
Size: 4KB - Virtual size: 888B

.reloc
Size: 24KB - Virtual size: 22KB

09:51:f0:d5:97:8d:dd:c7:26:f0:c9:4e:7d:4c:45:62
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

21:ed:04:08:cd:97:d5:12:b6:92:94:06:a8:8a:5e:de:c6:73:4d:9a:3e:ab:ff:b2:94:c5:5e:2d:97:6e:ef:d4
Signer

.text
Size: 168KB - Virtual size: 164KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 12KB - Virtual size: 1.3MB