HDClone[.]X[.]5[.]FE[.]es[.]Setup[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

HDClone.X.5.FE.es.Setup.exe
Size

100.7MB
MD5

8bb3b7de76ff1f5cd43904dd355ef1c1
SHA1

a2c979f7f8f8a7c56dc6594f518a4cc19b725c3c
SHA256

6f8b1c387a17aa35ae2eee2a6e8bb6fe1f36d0ddbed7b636b59111484ea03540
SHA512

073294a2fd8b314541d5603843fa313ac014d5e398d4e8e3db4d12a8bfeed58b20833b5561a48a905debca6cbc3d61b355d64c09093abab5e45667337afb92f3
SSDEEP

3145728:xeqNOI1CQMtrGiwjgO8WKR9ifQt2h9DM3ef2:fNOiCRtyiU8WKifQt2HDMOO

Score

3^/10

pdf link

Malware Config

Signatures

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/ShellLink.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/SysRestore.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsSCM.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/UserInfo.dll
unpack003/$PLUGINSDIR/nsSCM.dll

NSIS installer 1 IoCs

installer

resource	yara_rule
static1/unpack001/uninstall.exe	nsis_installer_2

Files

HDClone.X.5.FE.es.Setup.exe
.exe windows:4 windows x86 arch:x86

730491907e677638ab304e28646ba09c

Code Sign

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

05/04/2023, 00:00

Not After

04/07/2026, 23:59

Subject

CN=Miray Software AG,O=Miray Software AG,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

05/04/2023, 00:00

Not After

04/07/2026, 23:59

Subject

CN=Miray Software AG,O=Miray Software AG,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:3b:52:63:6e:0b:00:b8:a3:09:f9:d8:0c:89:0a:63:84:05:61:b1:cf:c3:15:24:87:ca:0b:ad:fc:3f:bc:9d
Signer

Actual PE Digest

aa:3b:52:63:6e:0b:00:b8:a3:09:f9:d8:0c:89:0a:63:84:05:61:b1:cf:c3:15:24:87:ca:0b:ad:fc:3f:bc:9d

Digest Algorithm

sha256

PE Digest Matches

true

0f:d0:35:3c:d4:f7:20:da:66:24:b4:d8:90:1c:f6:2f:31:bf:91:9a
Signer

Actual PE Digest

0f:d0:35:3c:d4:f7:20:da:66:24:b4:d8:90:1c:f6:2f:31:bf:91:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyW
RegEnumValueW
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
SetFileSecurityW

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectW
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileW
CreateDirectoryW
CreateFileW
CreateProcessW
CreateThread
DeleteFileW
ExitProcess
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
FreeLibrary
GetCommandLineW
GetCurrentProcess
GetDiskFreeSpaceW
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPrivateProfileStringW
GetProcAddress
GetShortPathNameW
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTickCount
GetVersion
GetWindowsDirectoryW
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryExW
MoveFileExW
MoveFileW
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryW
SearchPathW
SetCurrentDirectoryW
SetEnvironmentVariableW
SetErrorMode
SetFileAttributesW
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringW
lstrcatW
lstrcmpW
lstrcmpiA
lstrcmpiW
lstrcpyA
lstrcpynW
lstrlenA
lstrlenW

ole32

CoCreateInstance
CoTaskMemFree
IIDFromString
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderW
SHFileOperationW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
ShellExecuteExW

user32

AppendMenuW
BeginPaint
CallWindowProcW
CharNextA
CharNextW
CharPrevW
CheckDlgButton
CloseClipboard
CreateDialogParamW
CreatePopupMenu
CreateWindowExW
DefWindowProcW
DestroyWindow
DialogBoxParamW
DispatchMessageW
DrawTextW
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExW
GetClassInfoW
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextW
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongW
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadCursorW
LoadImageW
MessageBoxIndirectW
OpenClipboard
PeekMessageW
PostQuitMessage
RegisterClassW
ReleaseDC
ScreenToClient
SendMessageTimeoutW
SendMessageW
SetClassLongW
SetClipboardData
SetCursor
SetDlgItemTextW
SetForegroundWindow
SetTimer
SetWindowLongW
SetWindowPos
SetWindowTextW
ShowWindow
SystemParametersInfoW
TrackPopupMenu
wsprintfA
wsprintfW

Sections

.text
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 127KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 512B - Virtual size: 244KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/ShellLink.dll
.dll windows:5 windows x86 arch:x86

45fa690faed482cb9bfd08458ed442ae

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
LocalAlloc
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc

user32

wsprintfW

ole32

CoCreateInstance

Exports

Exports

GetShortCutArgs
GetShortCutDescription
GetShortCutHotkey
GetShortCutIconIndex
GetShortCutIconLocation
GetShortCutShowMode
GetShortCutTarget
GetShortCutWorkingDirectory
SetRunAsAdministrator
SetShortCutArgs
SetShortCutDescription
SetShortCutHotkey
SetShortCutIconIndex
SetShortCutIconLocation
SetShortCutShowMode
SetShortCutTarget
SetShortCutWorkingDirectory

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 998B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

c20327fced07b6e73d2262fc88b11552

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

gdi32

GetTextMetricsW
SelectObject

kernel32

FindClose
FindFirstFileW
FindNextFileW
GetModuleHandleW
GlobalAlloc
GlobalFree
MulDiv
MultiByteToWideChar
WideCharToMultiByte
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW

ole32

CoTaskMemFree

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation

user32

CallWindowProcW
CheckDlgButton
CreateDialogParamW
DestroyWindow
DispatchMessageW
EnableWindow
GetClientRect
GetDC
GetDlgItem
GetMessageW
GetWindowLongW
GetWindowRect
GetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
LoadIconW
MoveWindow
PostMessageW
ReleaseDC
ScreenToClient
SendMessageW
SetWindowLongW
SetWindowTextW
ShowWindow
TranslateMessage
wsprintfW

Exports

Exports

Init
Select
Show

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 548B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 101B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SysRestore.dll
.dll windows:5 windows x86 arch:x86

985dc42ba384582f88fa4ebd866cc9b9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
lstrcpyW
lstrcpynW
GetProcAddress
LoadLibraryW
SetLastError
FreeLibrary
GetLastError

user32

wsprintfW

Exports

Exports

FinishRestorePoint
RemoveRestorePoint
StartRestorePoint
StartUnRestorePoint

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 587B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 514B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

aff5d9d526a27f56d720fb3ae00a5bc5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleW
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
GlobalSize
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcpyW
lstrcpynW
lstrlenW

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfW

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1020B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 179B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

decb956787d27b8d68f6baf3fdca54ed

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
GetUserNameW
OpenProcessToken
OpenThreadToken

kernel32

CloseHandle
GetCurrentProcess
GetCurrentThread
GetLastError
GetModuleHandleA
GetProcAddress
GetVersion
GlobalAlloc
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
lstrcpyW
lstrcpynW

user32

wsprintfW

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 200B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 129B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/it_cst.bmp
$PLUGINSDIR/it_typ.bmp
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

c442f1649aa0670a32c622fadfcd00bd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

CommDlgExtendedError
GetOpenFileNameW
GetSaveFileNameW

gdi32

SetTextColor

kernel32

GetCurrentDirectoryW
GetFileAttributesW
GetProcessHeap
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
MulDiv
MultiByteToWideChar
SetCurrentDirectoryW
WideCharToMultiByte
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW

ole32

CoTaskMemFree

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

user32

CallWindowProcW
CharNextW
CharPrevW
CreateDialogParamW
CreateWindowExW
DestroyWindow
DispatchMessageW
DrawFocusRect
DrawTextW
GetClientRect
GetDlgItem
GetMessageW
GetPropW
GetSysColor
GetWindowLongW
GetWindowRect
GetWindowTextW
IsDialogMessageW
IsWindow
KillTimer
LoadCursorW
MapDialogRect
MapWindowPoints
RemovePropW
SendMessageW
SetCursor
SetPropW
SetTimer
SetWindowLongW
SetWindowPos
ShowWindow
TranslateMessage
wsprintfW

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 363B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 516B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsSCM.dll
.dll windows:6 windows x86 arch:x86

229b9a9bb8f995fd7c94b17188fa7b7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

T:\dll\_x86.win\nsscm.pdb

Imports

kernel32

GetCurrentProcess
TerminateProcess
lstrcpynW
lstrcpyW
GlobalFree
GlobalAlloc
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent

user32

wsprintfW

advapi32

DeleteService
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
ControlService
StartServiceW
OpenServiceW

Exports

Exports

Install
QueryStatus
Remove
Start
Stop

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HDClone.exe
.exe windows:5 windows x64 arch:x64

3e7850c300dbc339912f004a990e1645

Code Sign

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

05/04/2023, 00:00

Not After

04/07/2026, 23:59

Subject

CN=Miray Software AG,O=Miray Software AG,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

05/04/2023, 00:00

Not After

04/07/2026, 23:59

Subject

CN=Miray Software AG,O=Miray Software AG,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:38:bd:a5:bc:92:6a:7c:24:f7:29:84:d2:4c:93:b2:ae:5e:9a:ef:74:bd:62:30:3d:9e:ce:86:34:de:63:14
Signer

Actual PE Digest

ad:38:bd:a5:bc:92:6a:7c:24:f7:29:84:d2:4c:93:b2:ae:5e:9a:ef:74:bd:62:30:3d:9e:ce:86:34:de:63:14

Digest Algorithm

sha256

PE Digest Matches

true

a0:e2:47:15:d2:88:7c:2c:a9:d8:52:49:40:30:be:bf:8c:f9:fc:a7
Signer

Actual PE Digest

a0:e2:47:15:d2:88:7c:2c:a9:d8:52:49:40:30:be:bf:8c:f9:fc:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

P:\dbg\_x64\choice.pdb

Imports

psapi

GetProcessImageFileNameW
EnumProcesses

kernel32

SetErrorMode
QueryDosDeviceW
GetVolumeInformationW
FindFirstFileW
EnterCriticalSection
FindNextFileW
DeviceIoControl
SetThreadPriority
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
CreateMutexW
OpenFile
FindClose
GetFileAttributesW
GetVersion
SetFileAttributesW
GetCurrentThread
GetFileSize
SystemTimeToFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetTickCount
MoveFileW
GetDriveTypeW
FlushFileBuffers
SetFilePointerEx
GetTimeZoneInformation
GetDiskFreeSpaceW
SetEndOfFile
GetLogicalDrives
LocalLock
LocalAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
LocalUnlock
GetStdHandle
GetVersionExA
SetEvent
SetStdHandle
GetFileType
CreateEventA
GetModuleFileNameA
SetProcessAffinityMask
GetProcessAffinityMask
SuspendThread
GetModuleHandleA
GetLocaleInfoA
FileTimeToSystemTime
QueryPerformanceFrequency
GetLocalTime
GetCurrentDirectoryW
QueryPerformanceCounter
SetLastError
WaitForMultipleObjects
GetQueuedCompletionStatus
ResumeThread
TerminateThread
QueueUserAPC
GetThreadContext
SwitchToThread
EnumResourceNamesA
FindResourceA
FormatMessageA
CreateNamedPipeA
CreateThread
CreateProcessA
Module32Next
Module32First
GetCurrentThreadId
CreateToolhelp32Snapshot
GetCurrentProcessId
AddVectoredExceptionHandler
HeapCreate
GetSystemInfo
GlobalMemoryStatusEx
SleepEx
GetSystemTimeAsFileTime
GetProcessTimes
SetThreadExecutionState
SetThreadContext
WaitForSingleObjectEx
ResetEvent
VirtualFree
VirtualAlloc
FlushInstructionCache
VirtualQuery
HeapLock
HeapWalk
HeapUnlock
RtlAddFunctionTable
RtlDeleteFunctionTable
RtlLookupFunctionEntry
MultiByteToWideChar
EncodePointer
GetStringTypeW
GetCPInfo
CreateEventW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GlobalSize
GlobalFree
FormatMessageW
CopyFileW
OutputDebugStringA
GetModuleHandleExW
GlobalDeleteAtom
lstrcmpA
lstrcmpW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
CompareStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAddAtomW
GetSystemDirectoryW
GlobalFindAtomW
CompareStringW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetLocaleInfoW
GetSystemDefaultUILanguage
GlobalFlags
GetFullPathNameW
LockFile
UnlockFile
DuplicateHandle
lstrcmpiW
GlobalGetAtomNameW
VirtualProtect
lstrcpyW
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
FindResourceExW
GetWindowsDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetProfileIntW
SearchPathW
GetTempFileNameW
GetUserDefaultLCID
OutputDebugStringW
RaiseException
RtlUnwindEx
RtlPcToFileHeader
RtlUnwind
ExitThread
FreeLibraryAndExitThread
WriteConsoleW
GetFileInformationByHandle
PeekNamedPipe
GetCommandLineA
HeapQueryInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentVariableW
CallNamedPipeW
GetUserDefaultUILanguage
WideCharToMultiByte
CreateProcessW
GetProcessHeap
ExitProcess
DeleteCriticalSection
LocalFree
HeapDestroy
DecodePointer
HeapAlloc
HeapReAlloc
HeapSize
GetVersionExW
InitializeCriticalSectionAndSpinCount
GetCommandLineW
HeapFree
LoadLibraryExW
GetModuleHandleW
FindResourceW
LoadResource
GetNativeSystemInfo
DeleteFileW
LockResource
GetLastError
OpenProcess
GetTempPathW
SetEnvironmentVariableW
RemoveDirectoryW
TerminateProcess
GetCurrentProcess
SizeofResource
ReadFile
CreateDirectoryW
CreateSemaphoreW
FreeLibrary
GetProcAddress
LoadLibraryW
CloseHandle
LoadLibraryA
Sleep
CreateFileW
WaitForSingleObject
GetModuleFileNameW
WriteFile
ReleaseSemaphore
CreateFileA

user32

EqualRect
GetClassLongPtrW
GetTopWindow
SetScrollInfo
GetScrollInfo
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
GetNextDlgTabItem
LoadMenuW
WindowFromPoint
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetKeyNameTextW
MapVirtualKeyW
GetSysColorBrush
LoadCursorW
DeleteMenu
RealChildWindowFromPoint
CharUpperW
DestroyMenu
GetMenuItemInfoW
InflateRect
MapDialogRect
IntersectRect
LoadImageW
CreatePopupMenu
GetMenuDefaultItem
GetNextDlgGroupItem
DrawFocusRect
IsRectEmpty
DrawIconEx
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
DrawStateW
SetClassLongPtrW
SetWindowRgn
SetParent
DrawEdge
DrawFrameControl
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
UnionRect
UpdateLayeredWindow
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetFocus
UnhookWindowsHookEx
GetWindowThreadProcessId
IsWindowEnabled
ShowOwnedPopups
CallNextHookEx
SetWindowsHookExW
ValidateRect
GetKeyState
IsWindowVisible
GetMessageW
PostMessageW
AppendMenuW
InsertMenuW
MapWindowPoints
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
WaitForInputIdle
GetKeyboardState
ToUnicode
DefWindowProcW
GetMessageA
DispatchMessageA
LoadCursorA
PostMessageA
CreateWindowExW
RegisterClassExW
GetWindowPlacement
PostThreadMessageA
TrackMouseEvent
MessageBoxA
GetMonitorInfoA
SendMessageA
SetCapture
SetCursor
IsZoomed
PeekMessageA
GetWindowLongPtrA
GetDesktopWindow
RegisterWindowMessageW
SetWindowLongPtrA
ReleaseCapture
ShowCursor
InvalidateRect
GetLastActivePopup
GetSystemMenu
GetWindow
DestroyWindow
FillRect
GetSystemMetrics
MessageBeep
WaitMessage
GetWindowLongPtrW
DrawIcon
LoadStringW
GetActiveWindow
IsWindow
GetAsyncKeyState
OpenClipboard
RedrawWindow
IsDialogMessageW
CloseClipboard
EmptyClipboard
GetSysColor
MoveWindow
GetDialogBaseUnits
WinHelpW
SetFocus
LoadIconW
GetClassNameW
SetClipboardData
GetClientRect
DrawTextW
SetRect
CheckDlgButton
PostQuitMessage
CreateDialogIndirectParamW
EnableMenuItem
SystemParametersInfoW
GetParent
BeginPaint
EndPaint
GetWindowTextW
GetWindowRect
SetWindowLongPtrW
ScreenToClient
ClientToScreen
PtInRect
UpdateWindow
EnableWindow
ShowWindow
FindWindowW
IsIconic
CopyImage
CreateIconIndirect
GetWindowTextLengthW
RemovePropW
GetPropW
SetPropW
SetForegroundWindow
GetMonitorInfoW
MonitorFromWindow
AdjustWindowRectEx
wsprintfW
GetCursorPos
ReleaseDC
DialogBoxParamW
KillTimer
GetDlgItem
SetWindowLongW
AnimateWindow
TranslateMessage
LoadBitmapW
RegisterClassW
SetDlgItemTextW
PeekMessageW
DestroyIcon
SetTimer
DispatchMessageW
GetClassInfoW
SetWindowTextW
EndDialog
SendMessageW
GetIconInfo
MessageBoxW
SetWindowPos
GetDC
MonitorFromPoint
CreateDialogParamW
GetWindowLongW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
IsChild
IsMenu
GetClassInfoExW
CallWindowProcW
CopyRect
GetMessageTime
GetMessagePos
GetMenuItemCount
SetMenuItemInfoW
RemoveMenu

gdi32

OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
PatBlt
CombineRgn
SetRectRgn
DPtoLP
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
DeleteDC
GetStockObject
SetBkColor
SetTextColor
GetTextExtentPoint32W
CreateDCW
SelectObject
StretchBlt
CreateCompatibleDC
CreateDIBSection
BitBlt
CopyMetaFileW
SetWindowExtEx
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
DeleteObject
GetObjectW
GetDeviceCaps
SetDIBColorTable
SetViewportOrgEx
SetWindowOrgEx
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
CreateSolidBrush
CreateFontIndirectW
CreateBitmap
CreateDIBitmap
GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
SetROP2
SetTextAlign
CreateEllipticRgn
Ellipse
GetTextColor
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn

advapi32

QueryServiceStatusEx
OpenSCManagerW
CloseServiceHandle
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
StartServiceW
ControlService
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyW
RegQueryValueW
RegEnumKeyExW
GetUserNameW
OpenServiceW

shell32

SHGetSpecialFolderPathW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetFolderPathW
SHGetDesktopFolder
SHBrowseForFolderW
DragQueryFileW
DragFinish
SHAppBarMessage
SHGetSpecialFolderLocation
ShellExecuteW
CommandLineToArgvW

msimg32

AlphaBlend
TransparentBlt

shlwapi

PathFileExistsW
PathIsRelativeW
PathFindExtensionW
PathFindFileNameW
StrFormatKBSizeW
PathStripToRootW
PathRemoveFileSpecW
PathIsUNCW

uxtheme

OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
DrawThemeParentBackground
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetThemePartSize
GetCurrentThemeName
DrawThemeText

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

winmm

timeEndPeriod
timeBeginPeriod
PlaySoundW

ws2_32

closesocket

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

rpcrt4

UuidFromStringW

iphlpapi

DeleteIPAddress

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

ole32

CreateStreamOnHGlobal
CoDisconnectObject
CoTaskMemFree
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CoInitializeSecurity
CoInitializeEx
StgCreateDocfile
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
VariantInit
VariantClear
VariantChangeType
LoadTypeLi
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SysFreeString
VariantCopy
VarBstrFromDate

wininet

InternetConnectW
InternetCloseHandle
InternetOpenW
HttpOpenRequestA
HttpQueryInfoA
InternetQueryOptionW
InternetSetOptionW
InternetReadFile
HttpSendRequestA

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 695KB - Virtual size: 695KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 52KB - Virtual size: 340KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

oldrsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 50.9MB - Virtual size: 50.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HDClone32.exe
.exe windows:5 windows x86 arch:x86

e301e3e155ad1a927f2b8ad287bccb3a

Code Sign

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

05/04/2023, 00:00

Not After

04/07/2026, 23:59

Subject

CN=Miray Software AG,O=Miray Software AG,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

05/04/2023, 00:00

Not After

04/07/2026, 23:59

Subject

CN=Miray Software AG,O=Miray Software AG,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dc:2a:c4:d6:6a:f3:f4:80:e2:c4:33:e3:c8:0c:c9:6c:7b:e2:86:8d:b2:31:b4:64:8f:c5:c9:11:c2:6a:6d:c0
Signer

Actual PE Digest

dc:2a:c4:d6:6a:f3:f4:80:e2:c4:33:e3:c8:0c:c9:6c:7b:e2:86:8d:b2:31:b4:64:8f:c5:c9:11:c2:6a:6d:c0

Digest Algorithm

sha256

PE Digest Matches

true

3d:34:14:c4:d4:cd:05:dc:17:7b:eb:78:3e:a7:a5:dd:25:af:2a:b1
Signer

Actual PE Digest

3d:34:14:c4:d4:cd:05:dc:17:7b:eb:78:3e:a7:a5:dd:25:af:2a:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

P:\dbg\_x86\choice.pdb

Imports

psapi

GetProcessImageFileNameW
EnumProcesses

kernel32

GetProcessHeap
AllocConsole
FlushFileBuffers
CreateProcessW
CallNamedPipeW
GetEnvironmentVariableW
MultiByteToWideChar
GetVersionExA
GetUserDefaultUILanguage
SetErrorMode
QueryDosDeviceW
GetVolumeInformationW
FindFirstFileW
EnterCriticalSection
FindNextFileW
DeviceIoControl
SetThreadPriority
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
CreateMutexW
OpenFile
FindClose
GetFileAttributesW
GetVersion
SetFileAttributesW
GetCurrentThread
GetFileSize
SystemTimeToFileTime
GetSystemTime
GetSystemWindowsDirectoryW
GetTickCount
MoveFileW
ExitProcess
GetTimeZoneInformation
GetDiskFreeSpaceW
SetEndOfFile
GetLogicalDrives
LocalLock
LocalAlloc
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
LocalUnlock
SetEvent
SetStdHandle
GetFileType
CreateEventA
GetModuleFileNameA
SetProcessAffinityMask
GetProcessAffinityMask
SuspendThread
GetModuleHandleA
GetLocaleInfoA
FileTimeToSystemTime
QueryPerformanceFrequency
GetLocalTime
GetCurrentDirectoryW
QueryPerformanceCounter
SetLastError
WaitForMultipleObjects
GetQueuedCompletionStatus
ResumeThread
TerminateThread
QueueUserAPC
GetThreadContext
SwitchToThread
EnumResourceNamesA
FindResourceA
FormatMessageA
CreateNamedPipeA
CreateThread
CreateProcessA
Module32Next
Module32First
GetCurrentThreadId
CreateToolhelp32Snapshot
ReadProcessMemory
GetCurrentProcessId
AddVectoredExceptionHandler
HeapCreate
GetSystemInfo
GlobalMemoryStatusEx
SleepEx
GetSystemTimeAsFileTime
GetProcessTimes
SetThreadExecutionState
SetThreadContext
WaitForSingleObjectEx
ResetEvent
VirtualFree
VirtualAlloc
FlushInstructionCache
VirtualQuery
HeapLock
HeapWalk
HeapUnlock
WideCharToMultiByte
EncodePointer
GetStringTypeW
GetCPInfo
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
GlobalSize
GlobalFree
FormatMessageW
CopyFileW
OutputDebugStringA
GlobalDeleteAtom
lstrcmpA
lstrcmpW
CompareStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GlobalAddAtomW
GetSystemDirectoryW
GlobalFindAtomW
CompareStringW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GetLocaleInfoW
GetSystemDefaultUILanguage
GlobalFlags
GetFullPathNameW
LockFile
UnlockFile
DuplicateHandle
lstrcmpiW
GlobalGetAtomNameW
VirtualProtect
lstrcpyW
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
FindResourceExW
GetWindowsDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetProfileIntW
SearchPathW
GetTempFileNameW
GetUserDefaultLCID
OutputDebugStringW
RaiseException
RtlUnwind
GetModuleHandleExW
ExitThread
FreeLibraryAndExitThread
WriteConsoleW
GetFileInformationByHandle
PeekNamedPipe
GetCommandLineA
HeapQueryInformation
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
GetConsoleOutputCP
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
DeleteCriticalSection
LocalFree
HeapDestroy
DecodePointer
HeapAlloc
HeapReAlloc
AttachConsole
HeapSize
GetVersionExW
InitializeCriticalSectionAndSpinCount
GetStdHandle
GetCommandLineW
HeapFree
GetStartupInfoW
LoadLibraryExW
GetModuleHandleW
FindResourceW
LoadResource
GetNativeSystemInfo
DeleteFileW
LockResource
GetLastError
OpenProcess
GetTempPathW
SetEnvironmentVariableW
RemoveDirectoryW
TerminateProcess
GetCurrentProcess
SizeofResource
ReadFile
CreateDirectoryW
CreateSemaphoreW
FreeLibrary
GetProcAddress
LoadLibraryW
CloseHandle
LoadLibraryA
Sleep
CreateFileW
WaitForSingleObject
GetModuleFileNameW
WriteFile
ReleaseSemaphore
GetDriveTypeW
CreateFileA

user32

MapWindowPoints
CopyRect
EqualRect
GetClassLongW
GetTopWindow
SetScrollInfo
GetScrollInfo
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
GetNextDlgTabItem
LoadMenuW
WindowFromPoint
SendDlgItemMessageA
SetRectEmpty
OffsetRect
GetKeyNameTextW
MapVirtualKeyW
GetSysColorBrush
LoadCursorW
DeleteMenu
RealChildWindowFromPoint
CharUpperW
DestroyMenu
GetMenuItemInfoW
InflateRect
MapDialogRect
IntersectRect
LoadImageW
CreatePopupMenu
GetMenuDefaultItem
GetNextDlgGroupItem
DrawFocusRect
IsRectEmpty
DrawIconEx
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
SetLayeredWindowAttributes
EnumDisplayMonitors
DrawStateW
SetClassLongW
SetWindowRgn
SetParent
DrawEdge
DrawFrameControl
BringWindowToTop
SetCursorPos
CopyIcon
FrameRect
UnionRect
UpdateLayeredWindow
LoadAcceleratorsW
TranslateAcceleratorW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
GetComboBoxInfo
PostThreadMessageW
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
CreateAcceleratorTableW
DestroyAcceleratorTable
CopyAcceleratorTableW
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
CreateMenu
GetWindowRgn
DestroyCursor
CheckMenuItem
GetFocus
UnhookWindowsHookEx
GetWindowThreadProcessId
IsWindowEnabled
ShowOwnedPopups
CallNextHookEx
SetWindowsHookExW
ValidateRect
GetKeyState
IsWindowVisible
PostMessageW
RemoveMenu
AppendMenuW
RemovePropW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
WaitForInputIdle
GetKeyboardState
ToUnicode
DefWindowProcW
GetMessageA
DispatchMessageA
LoadCursorA
PostMessageA
CreateWindowExW
RegisterClassExW
GetWindowPlacement
PostThreadMessageA
SetWindowLongA
GetWindowLongA
TrackMouseEvent
MessageBoxA
GetMonitorInfoA
SendMessageA
SetCapture
SetCursor
IsZoomed
PeekMessageA
GetDesktopWindow
RegisterWindowMessageW
ReleaseCapture
ShowCursor
InvalidateRect
GetLastActivePopup
GetSystemMenu
GetWindow
DestroyWindow
FillRect
GetSystemMetrics
MessageBeep
WaitMessage
DrawIcon
LoadStringW
GetActiveWindow
IsWindow
GetAsyncKeyState
OpenClipboard
RedrawWindow
IsDialogMessageW
CloseClipboard
EmptyClipboard
GetSysColor
MoveWindow
GetDialogBaseUnits
WinHelpW
SetFocus
LoadIconW
GetClassNameW
SetClipboardData
GetClientRect
DrawTextW
SetRect
CheckDlgButton
PostQuitMessage
CreateDialogIndirectParamW
EnableMenuItem
SystemParametersInfoW
GetParent
BeginPaint
EndPaint
GetWindowTextW
GetWindowRect
ScreenToClient
ClientToScreen
PtInRect
UpdateWindow
EnableWindow
ShowWindow
FindWindowW
IsIconic
CopyImage
CreateIconIndirect
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetForegroundWindow
GetMonitorInfoW
MonitorFromWindow
AdjustWindowRectEx
wsprintfW
GetCursorPos
ReleaseDC
DialogBoxParamW
KillTimer
GetDlgItem
SetWindowLongW
AnimateWindow
TranslateMessage
LoadBitmapW
RegisterClassW
SetDlgItemTextW
PeekMessageW
DestroyIcon
SetTimer
DispatchMessageW
GetClassInfoW
SetWindowTextW
EndDialog
SendMessageW
GetIconInfo
MessageBoxW
SetWindowPos
GetDC
MonitorFromPoint
CreateDialogParamW
GetWindowLongW
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetDlgCtrlID
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
IsChild
IsMenu
GetClassInfoExW
CallWindowProcW
GetMessageTime
GetMessagePos
GetWindowTextLengthW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
InsertMenuW
SetMenuItemBitmaps
GetMessageW

gdi32

OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
PatBlt
CombineRgn
SetRectRgn
DPtoLP
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
DeleteDC
GetStockObject
SetBkColor
SetTextColor
GetTextExtentPoint32W
CreateDCW
SelectObject
StretchBlt
CreateCompatibleDC
CreateDIBSection
SetWindowOrgEx
CopyMetaFileW
CreateBitmap
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
DeleteObject
GetObjectW
GetDeviceCaps
CreatePolygonRgn
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
OffsetViewportOrgEx
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
TextOutW
MoveToEx
CreateSolidBrush
CreateFontIndirectW
BitBlt
CreateDIBitmap
GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
SetROP2
SetTextAlign
Polygon

advapi32

QueryServiceStatusEx
OpenSCManagerW
CloseServiceHandle
RegDeleteValueW
RegCreateKeyExW
RegDeleteKeyW
StartServiceW
ControlService
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyW
RegQueryValueW
RegEnumKeyExW
RegCloseKey
RegFlushKey
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
OpenServiceW

shell32

SHGetSpecialFolderPathW
SHGetFileInfoW
SHGetPathFromIDListW
SHGetFolderPathW
SHGetDesktopFolder
SHBrowseForFolderW
DragQueryFileW
DragFinish
SHAppBarMessage
SHGetSpecialFolderLocation
ShellExecuteW
CommandLineToArgvW

msimg32

AlphaBlend
TransparentBlt

shlwapi

PathFileExistsW
PathIsRelativeW
PathFindExtensionW
PathFindFileNameW
StrFormatKBSizeW
PathStripToRootW
PathRemoveFileSpecW
PathIsUNCW

uxtheme

OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
DrawThemeParentBackground
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetThemePartSize
GetCurrentThemeName
DrawThemeText

gdiplus

GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

winmm

timeBeginPeriod
PlaySoundW
timeEndPeriod

ws2_32

closesocket

oleacc

CreateStdAccessibleObject
LresultFromObject
AccessibleObjectFromWindow

imm32

ImmGetOpenStatus
ImmGetContext
ImmReleaseContext

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

rpcrt4

UuidFromStringW

iphlpapi

DeleteIPAddress

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

ole32

CreateStreamOnHGlobal
CoDisconnectObject
CoTaskMemFree
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleLockRunning
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CoInitializeSecurity
CoInitializeEx
StgCreateDocfile
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysAllocString
VariantInit
VariantClear
VariantChangeType
LoadTypeLi
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
SysFreeString
VariantCopy
VarBstrFromDate

wininet

InternetConnectW
InternetCloseHandle
InternetOpenW
HttpOpenRequestA
HttpQueryInfoA
InternetQueryOptionW
InternetSetOptionW
InternetReadFile
HttpSendRequestA

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 440KB - Virtual size: 440KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 44KB - Virtual size: 317KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

oldrsrc
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 159KB - Virtual size: 158KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 46.8MB - Virtual size: 46.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
amgr.exe
.exe windows:5 windows x86 arch:x86

5f278a3cac21b82835bf94fa52c1c7be

Code Sign

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

05/04/2023, 00:00

Not After

04/07/2026, 23:59

Subject

CN=Miray Software AG,O=Miray Software AG,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

05/04/2023, 00:00

Not After

04/07/2026, 23:59

Subject

CN=Miray Software AG,O=Miray Software AG,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:38:13:20:16:16:47:95:bc:2f:15:db:06:8a:22:67:84:5c:f0:6c:1f:9d:5b:20:33:50:00:7c:bb:36:06:1a
Signer

Actual PE Digest

31:38:13:20:16:16:47:95:bc:2f:15:db:06:8a:22:67:84:5c:f0:6c:1f:9d:5b:20:33:50:00:7c:bb:36:06:1a

Digest Algorithm

sha256

PE Digest Matches

true

4f:ed:97:c7:4a:04:93:14:9c:8f:be:26:75:27:a9:ae:70:3c:6a:60
Signer

Actual PE Digest

4f:ed:97:c7:4a:04:93:14:9c:8f:be:26:75:27:a9:ae:70:3c:6a:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

W:\exe\_x86.win\amgr.unreg.pdb

Imports

user32

CreateIconIndirect
MessageBoxW
LoadBitmapW
CopyImage
GetPropW
SetForegroundWindow
DialogBoxParamW
GetDlgItem
SetDlgItemTextW
SetWindowTextW
EndDialog
SendMessageW
EnableWindow
KillTimer
SetDlgItemTextA
SendDlgItemMessageA
SetFocus
SendDlgItemMessageW
ClientToScreen
RedrawWindow
SetTimer
SetWindowPos
GetWindowRect
SendInput
GetCursorPos
GetDesktopWindow
DrawTextW
SetWindowLongW
GetForegroundWindow
TrackMouseEvent
GetWindowLongA
SetWindowLongA
ScreenToClient
CreateWindowExW
GetDC
DestroyWindow
GetKeyState
RealChildWindowFromPoint
GetWindowLongW
ShowWindow
ReleaseDC
GetWindowTextW
GetWindowTextLengthA
GetClientRect
SetClipboardData
GetWindowTextA
EmptyClipboard
CloseClipboard
OpenClipboard
CallWindowProcW
GetWindowTextLengthW
SendMessageA
CreateWindowExA
SetWindowTextA
GetParent
SetPropW
RemovePropW
wsprintfW

advapi32

RegDeleteValueW
RegQueryInfoKeyW
RegDeleteKeyW
RegQueryValueExW
RegCreateKeyW
RegOpenKeyExA
RegSetValueExW
RegCloseKey
RegOpenKeyExW
RegCreateKeyExW

wininet

InternetConnectW
InternetQueryOptionW
HttpQueryInfoA
InternetReadFile
InternetSetOptionW
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
InternetCloseHandle
InternetOpenA
InternetOpenW

comctl32

InitCommonControlsEx

setupapi

SetupDiDestroyDeviceInfoList
CM_Get_Device_IDA
SetupDiGetDeviceRegistryPropertyA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
CM_Get_Parent
SetupDiEnumDeviceInfo

ws2_32

ioctlsocket
setsockopt
WSAGetLastError
freeaddrinfo
htons
recv
__WSAFDIsSet
WSAStringToAddressA
closesocket
select
shutdown
connect
ntohs
socket
send
WSAAddressToStringA
getaddrinfo
WSAStartup

mpr

WNetGetUniversalNameW

iphlpapi

GetAdaptersInfo

kernel32

GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
WriteConsoleW
GetProcessHeap
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
OutputDebugStringW
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
ReadFile
SetConsoleCtrlHandler
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileSizeEx
ExitProcess
Sleep
GetLastError
MultiByteToWideChar
CloseHandle
CreateThread
GetTickCount
CreateMutexW
WaitForSingleObject
ReleaseMutex
CreateEventW
SetEvent
GetModuleHandleW
LoadLibraryW
GetProcAddress
WriteFile
CreateFileW
SetLastError
WaitForMultipleObjects
ResetEvent
FreeLibrary
GetSystemTimeAsFileTime
GetSystemTime
GetModuleFileNameW
LocalAlloc
LocalFree
DeviceIoControl
CreateFileA
GetVersionExA
GlobalAlloc
GlobalFree
GlobalLock
WideCharToMultiByte
GlobalUnlock
SizeofResource
LockResource
LoadResource
FindResourceW
FormatMessageA
GetStringTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
EncodePointer
DecodePointer
GetLocaleInfoEx
LCMapStringEx
CompareStringEx
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetCommandLineA
GetCommandLineW
GetStdHandle
VirtualQuery
GetModuleHandleExW
GetCurrentThread
HeapFree
HeapAlloc
GetFileType
HeapReAlloc
HeapSize
HeapQueryInformation

gdi32

CreateDIBitmap
CreateFontW
GetDeviceCaps
SelectObject
GetStockObject
SetBkColor
CreateSolidBrush
DeleteObject

shell32

ShellExecuteW

ole32

CoCreateInstance
CoUninitialize
CoSetProxyBlanket
CoInitializeEx

oleaut32

CreateErrorInfo
SetErrorInfo
VariantChangeType
GetErrorInfo
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayGetLBound
VariantInit
SysFreeString
SysAllocString
VariantClear

Sections

.text
Size: 860KB - Virtual size: 859KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
help.chm
.chm
manual.pdf
.pdf
- http://www.miray-software.com/HDClone
- https://help.miray.de/HDClone
- http://www.gnu.org/copyleft/gpl.htm
- http://www.miray-software.com/Feedback
- http://www.miray-software.com/support/
- http://www.miray-software.com/HDClone.1.4
- https://help.miray.de/HDClone.
- http://www.gnu.org/copyleft/gpl.html.
- http://miray.de
- http://miray-software.com/FeedbackEmail��
- http://miray-software.com/support
- Show all
readme.txt
uninstall.exe
.exe windows:4 windows x86 arch:x86

eb0806dae800674e97000f10e2ec3aa2

Code Sign

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

05/04/2023, 00:00

Not After

04/07/2026, 23:59

Subject

CN=Miray Software AG,O=Miray Software AG,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

05/04/2023, 00:00

Not After

04/07/2026, 23:59

Subject

CN=Miray Software AG,O=Miray Software AG,ST=Bayern,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01/01/2004, 00:00

Not After

31/12/2028, 23:59

Subject

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:48:34:1a:43:22:a7:91:f7:ba:dc:2c:e1:b6:15:27:17:b5:76:fb:92:d6:f0:5d:84:a1:b1:a6:6d:5c:e9:ad
Signer

Actual PE Digest

48:48:34:1a:43:22:a7:91:f7:ba:dc:2c:e1:b6:15:27:17:b5:76:fb:92:d6:f0:5d:84:a1:b1:a6:6d:5c:e9:ad

Digest Algorithm

sha256

PE Digest Matches

true

6f:39:8d:ea:6a:0c:3b:50:e2:98:e3:e3:3e:92:2c:90:02:20:6f:d9
Signer

Actual PE Digest

6f:39:8d:ea:6a:0c:3b:50:e2:98:e3:e3:3e:92:2c:90:02:20:6f:d9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
SetFileSecurityA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryExA
MoveFileA
MoveFileExA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetEnvironmentVariableA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WideCharToMultiByte
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
IIDFromString
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteExA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ReleaseDC
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 105KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 512B - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2c8f995b53686e9af55e5204b29f94af

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
GlobalSize
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

_amsg_exit
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
realloc
strlen
strncmp
vfprintf

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfA

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1020B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 179B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

ba7979c5a57c89a520f669065f4d9c5d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
GetUserNameA
OpenProcessToken
OpenThreadToken

kernel32

CloseHandle
GetCurrentProcess
GetCurrentThread
GetLastError
GetModuleHandleA
GetProcAddress
GetVersion
GlobalAlloc
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
lstrcpyA
lstrcpynA

user32

wsprintfA

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 164B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 129B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 756B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsSCM.dll
.dll windows:6 windows x86 arch:x86

229b9a9bb8f995fd7c94b17188fa7b7e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

T:\dll\_x86.win\nsscm.pdb

Imports

kernel32

GetCurrentProcess
TerminateProcess
lstrcpynW
lstrcpyW
GlobalFree
GlobalAlloc
GetLastError
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent

user32

wsprintfW

advapi32

DeleteService
CreateServiceW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
ControlService
StartServiceW
OpenServiceW

Exports

Exports

Install
QueryStatus
Remove
Start
Stop

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 468B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

730491907e677638ab304e28646ba09c

Code Sign

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55Certificate

Extended Key Usages

Key Usages

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0aCertificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

01Certificate

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

aa:3b:52:63:6e:0b:00:b8:a3:09:f9:d8:0c:89:0a:63:84:05:61:b1:cf:c3:15:24:87:ca:0b:ad:fc:3f:bc:9dSigner

0f:d0:35:3c:d4:f7:20:da:66:24:b4:d8:90:1c:f6:2f:31:bf:91:9aSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

Sections

.text Size: 37KB - Virtual size: 36KB

.data Size: 512B - Virtual size: 224B

.rdata Size: 29KB - Virtual size: 29KB

.bss Size: - Virtual size: 127KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 512B - Virtual size: 244KB

.rsrc Size: 90KB - Virtual size: 89KB

45fa690faed482cb9bfd08458ed442ae

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 998B

.data Size: - Virtual size: 12B

.reloc Size: 512B - Virtual size: 300B

c20327fced07b6e73d2262fc88b11552

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

01
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

a9:98:54:37:fa:60:5f:ab:1b:f3:47:bc:b3:e9:c0:55
Certificate

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

01
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

aa:3b:52:63:6e:0b:00:b8:a3:09:f9:d8:0c:89:0a:63:84:05:61:b1:cf:c3:15:24:87:ca:0b:ad:fc:3f:bc:9d
Signer

0f:d0:35:3c:d4:f7:20:da:66:24:b4:d8:90:1c:f6:2f:31:bf:91:9a
Signer

.text
Size: 37KB - Virtual size: 36KB

.data
Size: 512B - Virtual size: 224B

.rdata
Size: 29KB - Virtual size: 29KB

.bss
Size: - Virtual size: 127KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 512B - Virtual size: 244KB

.rsrc
Size: 90KB - Virtual size: 89KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 998B

.data
Size: - Virtual size: 12B

.reloc
Size: 512B - Virtual size: 300B

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 1024B - Virtual size: 548B

.bss
Size: - Virtual size: 10KB

.edata
Size: 512B - Virtual size: 101B

.idata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 468B

.text
Size: 1KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 587B

.data
Size: 512B - Virtual size: 76B

.reloc
Size: 1024B - Virtual size: 514B

.text
Size: 17KB - Virtual size: 17KB

.data
Size: 512B - Virtual size: 52B

.rdata
Size: 2KB - Virtual size: 2KB

.bss
Size: - Virtual size: 1020B

.edata
Size: 512B - Virtual size: 179B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 512B - Virtual size: 200B

.bss
Size: - Virtual size: 16B

.edata
Size: 512B - Virtual size: 129B

.idata
Size: 1024B - Virtual size: 756B