@#!!ACTIVE_FILE_8855_ṔḁṨṨCṏḌḙ#$[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

@#!!ACTIVE_FILE_8855_ṔḁṨṨCṏḌḙ#$.zip
Size

16.3MB
MD5

97a90dbc39e85a10b84df2b963fd569f
SHA1

e88609ebef43458f1c2260e6bf6c85f4c38e0152
SHA256

813372c2ae8212a3d3827221390844d32ae552be0f60011f6387f2f777b13928
SHA512

50da0b81c603f53456aad56086b5cc08c5fdd3af14264236d7003925c73c78454299e32b6254d0059975192a9da45f2c1d27a5249c8241af2292c691b0671695
SSDEEP

393216:U1Iqdooa8c9S/1nfyzfR3kqeJVfpzr8nLpXlD59FFXn:UvyH8OSRfstCxX8nlL9Fpn

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/iepdf32.dll

Files

@#!!ACTIVE_FILE_8855_ṔḁṨṨCṏḌḙ#$.zip
.zip

Password: 8855
@#!!ACTIVE_FILE_8855_ṔḁṨṨCṏḌḙ#$.rar
.rar

Password: 8855
[email protected]
Setup.exe
.exe windows:6 windows x86 arch:x86

Password: 8855

e76c4470619433796d0ce964e2d84f10

Code Sign

72:97:37:c2:78:d8:d1:ba:73:a2:b5:fa:be:80:eb:77
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/03/2021, 00:00

Not After

24/03/2024, 23:59

Subject

CN=German Gorodokuplya,O=German Gorodokuplya,POSTALCODE=69000,STREET=Nyzhnya\, 3,L=Zaporizhzhya,ST=Zaporizhka,C=UA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12/03/2019, 00:00

Not After

31/12/2028, 23:59

Subject

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/11/2018, 00:00

Not After

31/12/2030, 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:4d:ec:0d:98:a2:8a:a9:c8:da:65:d8:8f:fc:4f:62:77:07:9e:8e:38:98:b9:a0:f8:36:6c:35:ef:dc:ee:f6
Signer

Actual PE Digest

70:4d:ec:0d:98:a2:8a:a9:c8:da:65:d8:8f:fc:4f:62:77:07:9e:8e:38:98:b9:a0:f8:36:6c:35:ef:dc:ee:f6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetDefaultPrinterW
EnumPrintersW

comdlg32

FindTextW
ReplaceTextW
ChooseFontW
ChooseColorW
GetSaveFileNameW
GetSaveFileNameA
GetOpenFileNameW
GetOpenFileNameA
PrintDlgW

comctl32

ImageList_GetImageInfo
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
ImageList_Copy
FlatSB_GetScrollInfo
ImageList_Write
ImageList_DrawIndirect
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Replace
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_LoadImageW
ImageList_Draw
ImageList_Remove
ImageList_ReplaceIcon
ImageList_SetOverlayImage

shell32

SHBrowseForFolderW
DragQueryFileW
SHGetSpecialFolderLocation
Shell_NotifyIconW
SHGetSpecialFolderPathW
SHGetDataFromIDListA
ShellExecuteExW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetMalloc
SHGetDesktopFolder
SHGetImageList
SHFileOperationA
SHAppBarMessage
ShellExecuteW

user32

CopyImage
MoveWindow
SetMenuItemInfoW
GetMenuItemInfoW
SetCaretPos
DefFrameProcW
PrintWindow
GetDlgCtrlID
FrameRect
RegisterWindowMessageW
GetMenuStringW
FillRect
SendMessageA
IsClipboardFormatAvailable
EnumWindows
ShowOwnedPopups
GetClassInfoExW
GetClassInfoW
GetScrollRange
SetActiveWindow
GetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
EnumChildWindows
GetScrollBarInfo
UnhookWindowsHookEx
SetCapture
GetCapture
ShowCaret
CreatePopupMenu
GetMenuItemID
DestroyCaret
CharLowerBuffW
PostMessageW
SetWindowLongW
IsZoomed
SetParent
DrawMenuBar
GetClientRect
IsChild
LoadImageA
SendDlgItemMessageW
IsIconic
CallNextHookEx
ShowWindow
GetWindowTextW
SetForegroundWindow
GetAsyncKeyState
IsDialogMessageW
DestroyWindow
RegisterClassW
EndMenu
CharNextW
GetFocus
GetDC
SetFocus
ReleaseDC
GetClassLongW
SetScrollRange
DrawTextW
PeekMessageA
MessageBeep
SetClassLongW
RemovePropW
GetSubMenu
DestroyIcon
IsWindowVisible
PtInRect
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
GetComboBoxInfo
GetWindowInfo
LoadStringW
CreateMenu
CharLowerW
SetWindowRgn
SetWindowPos
GetMenuItemCount
wvsprintfA
GetSysColorBrush
GetWindowDC
GetDlgItemTextA
DrawTextExW
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
GetSysColor
EnableScrollBar
TrackPopupMenu
DrawIconEx
GetClassNameW
GetMessagePos
GetIconInfo
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
SetCursorPos
GetCursorPos
EnumDisplaySettingsExW
SetMenu
GetMenuState
GetMenu
SetRect
GetKeyState
IsRectEmpty
ValidateRect
GetCursor
KillTimer
BeginDeferWindowPos
WaitMessage
TranslateMDISysAccel
GetWindowPlacement
GetClipboardFormatNameW
GetMenuItemRect
CreateIconIndirect
CreateWindowExW
GetMessageW
GetDCEx
PeekMessageW
MonitorFromWindow
GetUpdateRect
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
MapVirtualKeyW
OffsetRect
IsWindowUnicode
DispatchMessageW
CreateAcceleratorTableW
DefMDIChildProcW
GetSystemMenu
SetScrollPos
GetScrollPos
InflateRect
DrawFocusRect
ReleaseCapture
LoadCursorW
ScrollWindow
GetLastActivePopup
GetDlgItemTextW
GetSystemMetrics
CharUpperBuffW
ClientToScreen
SetClipboardData
GetClipboardData
SetWindowPlacement
GetMonitorInfoW
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
EnableWindow
GetWindowThreadProcessId
RedrawWindow
CreateCursor
EndPaint
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
ActivateKeyboardLayout
DestroyAcceleratorTable
GetParent
CreateCaret
MonitorFromRect
InsertMenuItemW
GetPropW
MessageBoxW
SetPropW
UpdateWindow
MsgWaitForMultipleObjects
DestroyMenu
SetWindowsHookExW
EmptyClipboard
GetDlgItem
AdjustWindowRectEx
IsWindow
DrawIcon
EnumThreadWindows
InvalidateRect
GetKeyboardState
ScreenToClient
DrawFrameControl
BringWindowToTop
SetCursor
CreateIcon
RemoveMenu
GetKeyboardLayoutNameW
OpenClipboard
TranslateMessage
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
CopyIcon
PostQuitMessage
ShowScrollBar
EnableMenuItem
DeferWindowPos
HideCaret
EndDeferWindowPos
FindWindowExW
MonitorFromPoint
LoadIconW
SystemParametersInfoW
GetWindow
GetWindowRect
GetWindowLongW
InsertMenuW
IsWindowEnabled
IsDialogMessageA
FindWindowW
GetKeyboardLayout
DeleteMenu

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oledlg

OleUIPasteSpecialW
OleUIObjectPropertiesW
OleUIInsertObjectW

oleaut32

SafeArrayPutElement
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SysAllocString
SafeArrayCreate
OleCreatePropertyFrame
GetActiveObject
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantChangeType
VariantCopyInd

advapi32

RegSetValueExW
RegConnectRegistryW
RegEnumKeyExW
RegLoadKeyW
RegDeleteKeyW
CryptDestroyHash
RegOpenKeyExW
RegQueryInfoKeyW
RegUnLoadKeyW
CryptGetHashParam
CryptReleaseContext
RegSaveKeyW
RegDeleteValueW
RegReplaceKeyW
RegFlushKey
RegQueryValueExW
RegEnumValueW
CryptHashData
RegCloseKey
CryptCreateHash
RegCreateKeyExW
CryptAcquireContextA
RegRestoreKeyW

msvcrt

memcpy
memset

avifil32

AVIStreamInfoW
AVIFileCreateStreamW
AVIStreamGetFrame
AVIMakeCompressedStream
AVIFileOpenW
AVISaveOptionsFree
AVIFileRelease
AVIStreamRelease
AVIStreamGetFrameClose
AVIStreamWrite
AVIStreamGetFrameOpen
AVIFileInit
AVISaveOptions
AVIFileGetStream
AVISaveVW
AVIStreamSetFormat
AVIFileExit

kernel32

SetFileAttributesW
GetFileType
SetFileTime
QueryDosDeviceW
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
HeapAlloc
ExitProcess
GetFileAttributesA
GetCPInfoExW
GlobalSize
GetLongPathNameW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
SystemTimeToTzSpecificLocalTime
GetModuleHandleW
FreeLibrary
TryEnterCriticalSection
HeapDestroy
GetWindowsDirectoryA
FileTimeToDosDateTime
ReadFile
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
lstrlenA
CreateThread
CompareStringW
CopyFileW
GetFileSizeEx
lstrcatA
MapViewOfFile
LoadLibraryA
GetVolumeInformationW
ResetEvent
MulDiv
CreateFileA
EnumResourceNamesA
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FindFirstChangeNotificationW
FormatMessageW
SwitchToThread
GetExitCodeThread
ReadDirectoryChangesW
GetCurrentThread
GetFileAttributesExW
IsBadReadPtr
LoadLibraryExW
LockResource
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
GlobalFindAtomW
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
WaitForMultipleObjects
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
GlobalLock
SetThreadPriority
VirtualAlloc
GetTempPathW
GetCommandLineW
GetSystemInfo
LeaveCriticalSection
GetProcAddress
ResumeThread
EnumResourceTypesA
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
CreateProcessA
GetConsoleOutputCP
UnmapViewOfFile
GetConsoleCP
FindResourceA
lstrlenW
SetEndOfFile
QueryPerformanceCounter
lstrcmpW
InitializeCriticalSectionAndSpinCount
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
SystemTimeToFileTime
EnumResourceNamesW
DeleteFileW
IsDBCSLeadByteEx
FindCloseChangeNotification
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
CreatePipe
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
TzSpecificLocalTimeToSystemTime
IsValidLocale
TlsSetValue
CreateDirectoryW
GetOverlappedResult
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
GlobalMemoryStatus
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

msvfw32

DrawDibOpen
DrawDibDraw
DrawDibClose

shfolder

SHGetFolderPathW

ole32

OleCreateLinkToFile
StgCreateDocfileOnILockBytes
StgCreateDocfile
CreateBindCtx
CoCreateGuid
OleCreateStaticFromData
CoCreateInstance
OleCreate
IsEqualGUID
CreateILockBytesOnHGlobal
OleCreateFromData
CLSIDFromProgID
CoInitialize
CoTaskMemAlloc
DoDragDrop
StringFromCLSID
RevokeDragDrop
OleGetIconOfClass
CoUninitialize
OleCreateFromFile
RegisterDragDrop
OleSetContainedObject
OleInitialize
ProgIDFromCLSID
CoInitializeEx
OleUninitialize
FreePropVariantArray
OleCreateLinkFromData
CoTaskMemFree
OleSetMenuDescriptor

gdi32

Pie
SetPaletteEntries
SetBkMode
GetRandomRgn
CreateCompatibleBitmap
CreatePolygonRgn
GetEnhMetaFileHeader
RectVisible
AngleArc
CloseMetaFile
CreateMetaFileW
SetAbortProc
SetTextColor
GetTextColor
StretchBlt
RoundRect
SelectClipRgn
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
OffsetViewportOrgEx
CreateDCW
CreateICW
PolyBezierTo
GetStockObject
CreateSolidBrush
GetBkMode
Polygon
MoveToEx
PlayEnhMetaFile
Ellipse
ModifyWorldTransform
StartPage
GetBitmapBits
StartDocW
AbortDoc
GetSystemPaletteEntries
GetEnhMetaFileBits
OffsetWindowOrgEx
CreatePenIndirect
GetEnhMetaFilePaletteEntries
SetMapMode
CreateFontIndirectW
PolyBezier
ExtCreatePen
DeleteMetaFile
EndDoc
GetObjectW
GetCurrentObject
GetWinMetaFileBits
SetROP2
GetEnhMetaFileDescriptionW
ArcTo
Arc
TextOutW
SelectPalette
SetGraphicsMode
GetGraphicsMode
ExcludeClipRect
SetWindowOrgEx
MaskBlt
EndPage
DeleteEnhMetaFile
Chord
SetDIBits
SetViewportOrgEx
GetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
GetGlyphOutlineW
CreateBrushIndirect
PatBlt
LineDDA
SetEnhMetaFileBits
CreateEllipticRgn
PlgBlt
Rectangle
DeleteDC
SaveDC
BitBlt
SetWorldTransform
FrameRgn
GetDeviceCaps
GetTextExtentPoint32W
GetClipBox
GetClipRgn
Polyline
IntersectClipRect
CreateBitmap
CombineRgn
SetWinMetaFileBits
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
SetStretchBltMode
GetDIBits
ExtCreateRegion
LineTo
GetRgnBox
EnumFontsW
SetWindowExtEx
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
OffsetRgn
SetBkColor
SetMetaFileBitsEx
CreateCompatibleDC
GetBrushOrgEx
GetCurrentPositionEx
SetDCPenColor
SetTextAlign
CreateRoundRectRgn
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
GdiFlush
SetViewportExtEx
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 6.7MB - Virtual size: 6.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 150KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 100B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 462KB - Virtual size: 461KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
iepdf32.dll
.dll windows:5 windows x86 arch:x86

Password: 8855

224f7c709bbe989ade2d7ede1bc05f77

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\pdfium-binaries\pdfium-binaries\pdfium\out\pdfium.dll.pdb

Imports

kernel32

AcquireSRWLockExclusive
CloseHandle
CompareStringW
CreateEventW
CreateFileW
CreateMutexW
DecodePointer
DeleteCriticalSection
DeleteFileW
EncodePointer
EnterCriticalSection
EnumSystemLocalesW
ExitProcess
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
FlushFileBuffers
FormatMessageA
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetDateFormatW
GetEnvironmentStringsW
GetFileSizeEx
GetFileType
GetLastError
GetLocaleInfoW
GetLogicalProcessorInformation
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemDirectoryA
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTimeFormatW
GetTimeZoneInformation
GetUserDefaultLCID
GetWindowsDirectoryA
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitOnceExecuteOnce
InitializeCriticalSection
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
IsValidLocale
IsWow64Process
K32EnumProcessModules
K32GetModuleFileNameExA
K32GetModuleInformation
LCMapStringW
LeaveCriticalSection
LoadLibraryA
LoadLibraryExW
LoadLibraryW
LocalAlloc
LocalFree
MultiByteToWideChar
OpenProcess
QueryPerformanceCounter
RaiseException
ReadConsoleW
ReadFile
ReleaseMutex
ReleaseSRWLockExclusive
ResetEvent
RtlCaptureStackBackTrace
RtlUnwind
SetEndOfFile
SetEnvironmentVariableW
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
Sleep
SleepConditionVariableSRW
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryAcquireSRWLockExclusive
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WaitForSingleObject
WaitForSingleObjectEx
WakeAllConditionVariable
WideCharToMultiByte
WriteConsoleW
WriteFile
lstrlenA

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

gdi32

BeginPath
BitBlt
CloseFigure
CreateBitmap
CreateCompatibleBitmap
CreateCompatibleDC
CreateFontA
CreateFontIndirectA
CreatePen
CreateRectRgn
CreateSolidBrush
DeleteDC
DeleteObject
EndPath
EnumFontFamiliesExA
ExtCreatePen
ExtEscape
FillPath
GdiComment
GetCharWidthW
GetClipBox
GetClipRgn
GetDIBits
GetDeviceCaps
GetFontData
GetObjectType
GetObjectW
GetOutlineTextMetricsW
GetRegionData
GetTextFaceA
GetTextMetricsW
IntersectClipRect
LineTo
MoveToEx
PolyBezierTo
RestoreDC
SaveDC
SelectClipPath
SelectObject
SetDIBitsToDevice
SetMiterLimit
SetPolyFillMode
SetStretchBltMode
StretchDIBits
StrokeAndFillPath
StrokePath
WidenPath

user32

FillRect
GetDC
ReleaseDC

Exports

Exports

FORM_CanRedo
FORM_CanUndo
FORM_DoDocumentAAction
FORM_DoDocumentJSAction
FORM_DoDocumentOpenAction
FORM_DoPageAAction
FORM_ForceToKillFocus
FORM_GetFocusedAnnot
FORM_GetFocusedText
FORM_GetSelectedText
FORM_IsIndexSelected
FORM_OnAfterLoadPage
FORM_OnBeforeClosePage
FORM_OnChar
FORM_OnFocus
FORM_OnKeyDown
FORM_OnKeyUp
FORM_OnLButtonDoubleClick
FORM_OnLButtonDown
FORM_OnLButtonUp
FORM_OnMouseMove
FORM_OnMouseWheel
FORM_OnRButtonDown
FORM_OnRButtonUp
FORM_Redo
FORM_ReplaceAndKeepSelection
FORM_ReplaceSelection
FORM_SelectAllText
FORM_SetFocusedAnnot
FORM_SetIndexSelected
FORM_Undo
FPDFAction_GetDest
FPDFAction_GetFilePath
FPDFAction_GetType
FPDFAction_GetURIPath
FPDFAnnot_AddInkStroke
FPDFAnnot_AppendAttachmentPoints
FPDFAnnot_AppendObject
FPDFAnnot_CountAttachmentPoints
FPDFAnnot_GetAP
FPDFAnnot_GetAttachmentPoints
FPDFAnnot_GetBorder
FPDFAnnot_GetColor
FPDFAnnot_GetFlags
FPDFAnnot_GetFocusableSubtypes
FPDFAnnot_GetFocusableSubtypesCount
FPDFAnnot_GetFontSize
FPDFAnnot_GetFormAdditionalActionJavaScript
FPDFAnnot_GetFormControlCount
FPDFAnnot_GetFormControlIndex
FPDFAnnot_GetFormFieldAlternateName
FPDFAnnot_GetFormFieldAtPoint
FPDFAnnot_GetFormFieldExportValue
FPDFAnnot_GetFormFieldFlags
FPDFAnnot_GetFormFieldName
FPDFAnnot_GetFormFieldType
FPDFAnnot_GetFormFieldValue
FPDFAnnot_GetInkListCount
FPDFAnnot_GetInkListPath
FPDFAnnot_GetLine
FPDFAnnot_GetLink
FPDFAnnot_GetLinkedAnnot
FPDFAnnot_GetNumberValue
FPDFAnnot_GetObject
FPDFAnnot_GetObjectCount
FPDFAnnot_GetOptionCount
FPDFAnnot_GetOptionLabel
FPDFAnnot_GetRect
FPDFAnnot_GetStringValue
FPDFAnnot_GetSubtype
FPDFAnnot_GetValueType
FPDFAnnot_GetVertices
FPDFAnnot_HasAttachmentPoints
FPDFAnnot_HasKey
FPDFAnnot_IsChecked
FPDFAnnot_IsObjectSupportedSubtype
FPDFAnnot_IsOptionSelected
FPDFAnnot_IsSupportedSubtype
FPDFAnnot_RemoveInkList
FPDFAnnot_RemoveObject
FPDFAnnot_SetAP
FPDFAnnot_SetAttachmentPoints
FPDFAnnot_SetBorder
FPDFAnnot_SetColor
FPDFAnnot_SetFlags
FPDFAnnot_SetFocusableSubtypes
FPDFAnnot_SetRect
FPDFAnnot_SetStringValue
FPDFAnnot_SetURI
FPDFAnnot_UpdateObject
FPDFAttachment_GetFile
FPDFAttachment_GetName
FPDFAttachment_GetStringValue
FPDFAttachment_GetValueType
FPDFAttachment_HasKey
FPDFAttachment_SetFile
FPDFAttachment_SetStringValue
FPDFAvail_Create
FPDFAvail_Destroy
FPDFAvail_GetDocument
FPDFAvail_GetFirstPageNum
FPDFAvail_IsDocAvail
FPDFAvail_IsFormAvail
FPDFAvail_IsLinearized
FPDFAvail_IsPageAvail
FPDFBitmap_Create
FPDFBitmap_CreateEx
FPDFBitmap_Destroy
FPDFBitmap_FillRect
FPDFBitmap_GetBuffer
FPDFBitmap_GetFormat
FPDFBitmap_GetHeight
FPDFBitmap_GetStride
FPDFBitmap_GetWidth
FPDFBookmark_Find
FPDFBookmark_GetAction
FPDFBookmark_GetCount
FPDFBookmark_GetDest
FPDFBookmark_GetFirstChild
FPDFBookmark_GetNextSibling
FPDFBookmark_GetTitle
FPDFCatalog_IsTagged
FPDFClipPath_CountPathSegments
FPDFClipPath_CountPaths
FPDFClipPath_GetPathSegment
FPDFDOC_ExitFormFillEnvironment
FPDFDOC_InitFormFillEnvironment
FPDFDest_GetDestPageIndex
FPDFDest_GetLocationInPage
FPDFDest_GetView
FPDFDoc_AddAttachment
FPDFDoc_CloseJavaScriptAction
FPDFDoc_DeleteAttachment
FPDFDoc_GetAttachment
FPDFDoc_GetAttachmentCount
FPDFDoc_GetJavaScriptAction
FPDFDoc_GetJavaScriptActionCount
FPDFDoc_GetPageMode
FPDFFont_Close
FPDFFont_GetAscent
FPDFFont_GetDescent
FPDFFont_GetFlags
FPDFFont_GetFontData
FPDFFont_GetFontName
FPDFFont_GetGlyphPath
FPDFFont_GetGlyphWidth
FPDFFont_GetIsEmbedded
FPDFFont_GetItalicAngle
FPDFFont_GetWeight
FPDFFormObj_CountObjects
FPDFFormObj_GetObject
FPDFGlyphPath_CountGlyphSegments
FPDFGlyphPath_GetGlyphPathSegment
FPDFImageObj_GetBitmap
FPDFImageObj_GetImageDataDecoded
FPDFImageObj_GetImageDataRaw
FPDFImageObj_GetImageFilter
FPDFImageObj_GetImageFilterCount
FPDFImageObj_GetImageMetadata
FPDFImageObj_GetImagePixelSize
FPDFImageObj_GetRenderedBitmap
FPDFImageObj_LoadJpegFile
FPDFImageObj_LoadJpegFileInline
FPDFImageObj_SetBitmap
FPDFImageObj_SetMatrix
FPDFJavaScriptAction_GetName
FPDFJavaScriptAction_GetScript
FPDFLink_CloseWebLinks
FPDFLink_CountQuadPoints
FPDFLink_CountRects
FPDFLink_CountWebLinks
FPDFLink_Enumerate
FPDFLink_GetAction
FPDFLink_GetAnnot
FPDFLink_GetAnnotRect
FPDFLink_GetDest
FPDFLink_GetLinkAtPoint
FPDFLink_GetLinkZOrderAtPoint
FPDFLink_GetQuadPoints
FPDFLink_GetRect
FPDFLink_GetTextRange
FPDFLink_GetURL
FPDFLink_LoadWebLinks
FPDFPageObjMark_CountParams
FPDFPageObjMark_GetName
FPDFPageObjMark_GetParamBlobValue
FPDFPageObjMark_GetParamIntValue
FPDFPageObjMark_GetParamKey
FPDFPageObjMark_GetParamStringValue
FPDFPageObjMark_GetParamValueType
FPDFPageObjMark_RemoveParam
FPDFPageObjMark_SetBlobParam
FPDFPageObjMark_SetIntParam
FPDFPageObjMark_SetStringParam
FPDFPageObj_AddMark
FPDFPageObj_CountMarks
FPDFPageObj_CreateNewPath
FPDFPageObj_CreateNewRect
FPDFPageObj_CreateTextObj
FPDFPageObj_Destroy
FPDFPageObj_GetBounds
FPDFPageObj_GetClipPath
FPDFPageObj_GetDashArray
FPDFPageObj_GetDashCount
FPDFPageObj_GetDashPhase
FPDFPageObj_GetFillColor
FPDFPageObj_GetLineCap
FPDFPageObj_GetLineJoin
FPDFPageObj_GetMark
FPDFPageObj_GetMatrix
FPDFPageObj_GetRotatedBounds
FPDFPageObj_GetStrokeColor
FPDFPageObj_GetStrokeWidth
FPDFPageObj_GetType
FPDFPageObj_HasTransparency
FPDFPageObj_NewImageObj
FPDFPageObj_NewTextObj
FPDFPageObj_RemoveMark
FPDFPageObj_SetBlendMode
FPDFPageObj_SetDashArray
FPDFPageObj_SetDashPhase
FPDFPageObj_SetFillColor
FPDFPageObj_SetLineCap
FPDFPageObj_SetLineJoin
FPDFPageObj_SetMatrix
FPDFPageObj_SetStrokeColor
FPDFPageObj_SetStrokeWidth
FPDFPageObj_Transform
FPDFPageObj_TransformClipPath
FPDFPage_CloseAnnot
FPDFPage_CountObjects
FPDFPage_CreateAnnot
FPDFPage_Delete
FPDFPage_Flatten
FPDFPage_FormFieldZOrderAtPoint
FPDFPage_GenerateContent
FPDFPage_GetAnnot
FPDFPage_GetAnnotCount
FPDFPage_GetAnnotIndex
FPDFPage_GetArtBox
FPDFPage_GetBleedBox
FPDFPage_GetCropBox
FPDFPage_GetDecodedThumbnailData
FPDFPage_GetMediaBox
FPDFPage_GetObject
FPDFPage_GetRawThumbnailData
FPDFPage_GetRotation
FPDFPage_GetThumbnailAsBitmap
FPDFPage_GetTrimBox
FPDFPage_HasFormFieldAtPoint
FPDFPage_HasTransparency
FPDFPage_InsertClipPath
FPDFPage_InsertObject
FPDFPage_New
FPDFPage_RemoveAnnot
FPDFPage_RemoveObject
FPDFPage_SetArtBox
FPDFPage_SetBleedBox
FPDFPage_SetCropBox
FPDFPage_SetMediaBox
FPDFPage_SetRotation
FPDFPage_SetTrimBox
FPDFPage_TransFormWithClip
FPDFPage_TransformAnnots
FPDFPathSegment_GetClose
FPDFPathSegment_GetPoint
FPDFPathSegment_GetType
FPDFPath_BezierTo
FPDFPath_Close
FPDFPath_CountSegments
FPDFPath_GetDrawMode
FPDFPath_GetPathSegment
FPDFPath_LineTo
FPDFPath_MoveTo
FPDFPath_SetDrawMode
FPDFSignatureObj_GetByteRange
FPDFSignatureObj_GetContents
FPDFSignatureObj_GetDocMDPPermission
FPDFSignatureObj_GetReason
FPDFSignatureObj_GetSubFilter
FPDFSignatureObj_GetTime
FPDFTextObj_GetFont
FPDFTextObj_GetFontSize
FPDFTextObj_GetRenderedBitmap
FPDFTextObj_GetText
FPDFTextObj_GetTextRenderMode
FPDFTextObj_SetTextRenderMode
FPDFText_ClosePage
FPDFText_CountChars
FPDFText_CountRects
FPDFText_FindClose
FPDFText_FindNext
FPDFText_FindPrev
FPDFText_FindStart
FPDFText_GetBoundedText
FPDFText_GetCharAngle
FPDFText_GetCharBox
FPDFText_GetCharIndexAtPos
FPDFText_GetCharIndexFromTextIndex
FPDFText_GetCharOrigin
FPDFText_GetFillColor
FPDFText_GetFontInfo
FPDFText_GetFontSize
FPDFText_GetFontWeight
FPDFText_GetLooseCharBox
FPDFText_GetMatrix
FPDFText_GetRect
FPDFText_GetSchCount
FPDFText_GetSchResultIndex
FPDFText_GetStrokeColor
FPDFText_GetText
FPDFText_GetTextIndexFromCharIndex
FPDFText_GetTextRenderMode
FPDFText_GetUnicode
FPDFText_HasUnicodeMapError
FPDFText_IsGenerated
FPDFText_IsHyphen
FPDFText_LoadFont
FPDFText_LoadPage
FPDFText_LoadStandardFont
FPDFText_SetCharcodes
FPDFText_SetText
FPDF_AddInstalledFont
FPDF_CloseDocument
FPDF_ClosePage
FPDF_CloseXObject
FPDF_CopyViewerPreferences
FPDF_CountNamedDests
FPDF_CreateClipPath
FPDF_CreateNewDocument
FPDF_DestroyClipPath
FPDF_DestroyLibrary
FPDF_DeviceToPage
FPDF_DocumentHasValidCrossReferenceTable
FPDF_FFLDraw
FPDF_FreeDefaultSystemFontInfo
FPDF_GetDefaultSystemFontInfo
FPDF_GetDefaultTTFMap
FPDF_GetDocPermissions
FPDF_GetDocUserPermissions
FPDF_GetFileIdentifier
FPDF_GetFileVersion
FPDF_GetFormType
FPDF_GetLastError
FPDF_GetMetaText
FPDF_GetNamedDest
FPDF_GetNamedDestByName
FPDF_GetPageAAction
FPDF_GetPageBoundingBox
FPDF_GetPageCount
FPDF_GetPageHeight
FPDF_GetPageHeightF
FPDF_GetPageLabel
FPDF_GetPageSizeByIndex
FPDF_GetPageSizeByIndexF
FPDF_GetPageWidth
FPDF_GetPageWidthF
FPDF_GetSecurityHandlerRevision
FPDF_GetSignatureCount
FPDF_GetSignatureObject
FPDF_GetTrailerEnds
FPDF_GetXFAPacketContent
FPDF_GetXFAPacketCount
FPDF_GetXFAPacketName
FPDF_ImportNPagesToOne
FPDF_ImportPages
FPDF_ImportPagesByIndex
FPDF_InitLibrary
FPDF_InitLibraryWithConfig
FPDF_LoadCustomDocument
FPDF_LoadDocument
FPDF_LoadMemDocument
FPDF_LoadMemDocument64
FPDF_LoadPage
FPDF_LoadXFA
FPDF_MovePages
FPDF_NewFormObjectFromXObject
FPDF_NewXObjectFromPage
FPDF_PageToDevice
FPDF_RemoveFormFieldHighlight
FPDF_RenderPage
FPDF_RenderPageBitmap
FPDF_RenderPageBitmapWithColorScheme_Start
FPDF_RenderPageBitmapWithMatrix
FPDF_RenderPageBitmap_Start
FPDF_RenderPage_Close
FPDF_RenderPage_Continue
FPDF_SaveAsCopy
FPDF_SaveWithVersion
FPDF_SetFormFieldHighlightAlpha
FPDF_SetFormFieldHighlightColor
FPDF_SetPrintMode
FPDF_SetSandBoxPolicy
FPDF_SetSystemFontInfo
FPDF_StructElement_Attr_GetBlobValue
FPDF_StructElement_Attr_GetBooleanValue
FPDF_StructElement_Attr_GetCount
FPDF_StructElement_Attr_GetName
FPDF_StructElement_Attr_GetNumberValue
FPDF_StructElement_Attr_GetStringValue
FPDF_StructElement_Attr_GetType
FPDF_StructElement_CountChildren
FPDF_StructElement_GetActualText
FPDF_StructElement_GetAltText
FPDF_StructElement_GetAttributeAtIndex
FPDF_StructElement_GetAttributeCount
FPDF_StructElement_GetChildAtIndex
FPDF_StructElement_GetID
FPDF_StructElement_GetLang
FPDF_StructElement_GetMarkedContentID
FPDF_StructElement_GetMarkedContentIdAtIndex
FPDF_StructElement_GetMarkedContentIdCount
FPDF_StructElement_GetObjType
FPDF_StructElement_GetParent
FPDF_StructElement_GetStringAttribute
FPDF_StructElement_GetTitle
FPDF_StructElement_GetType
FPDF_StructTree_Close
FPDF_StructTree_CountChildren
FPDF_StructTree_GetChildAtIndex
FPDF_StructTree_GetForPage
FPDF_VIEWERREF_GetDuplex
FPDF_VIEWERREF_GetName
FPDF_VIEWERREF_GetNumCopies
FPDF_VIEWERREF_GetPrintPageRange
FPDF_VIEWERREF_GetPrintPageRangeCount
FPDF_VIEWERREF_GetPrintPageRangeElement
FPDF_VIEWERREF_GetPrintScaling
FSDK_SetLocaltimeFunction
FSDK_SetTimeFunction
FSDK_SetUnSpObjProcessHandler

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 161B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

malloc_h
Size: 512B - Virtual size: 243B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/Config/nppPluginList.dll
.dll windows:6 windows x64 arch:x64

Password: 8855

c5d2c3c7e7bb46877c74a361a465d678

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:aa:64:92:de:9d:96:a9:0a:4b:ca:97:be:ad:b4:4a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/05/2022, 00:00

Not After

14/05/2025, 23:59

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

65:31:5f:80:fd:46:e1:98:8f:47:62:11:db:df:61:6b:4c:36:26:c6:88:6d:4e:da:ab:d7:25:c8:2d:c5:07:32
Signer

Actual PE Digest

65:31:5f:80:fd:46:e1:98:8f:47:62:11:db:df:61:6b:4c:36:26:c6:88:6d:4e:da:ab:d7:25:c8:2d:c5:07:32

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\sources\nppPluginList\bin64\nppPluginList.pdb

Imports

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW

Sections

.text
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/NppConverter/NppConverter.dll
.dll windows:6 windows x64 arch:x64

Password: 8855

17abc1921b1a8c690d253e032045d8d7

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:aa:64:92:de:9d:96:a9:0a:4b:ca:97:be:ad:b4:4a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/05/2022, 00:00

Not After

14/05/2025, 23:59

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:db:91:5e:18:03:af:c5:b3:f2:56:fa:81:a1:fc:63:dc:7a:e2:c2:84:b4:3b:0c:d0:c3:20:6f:6d:dd:6f:e8
Signer

Actual PE Digest

78:db:91:5e:18:03:af:c5:b3:f2:56:fa:81:a1:fc:63:dc:7a:e2:c2:84:b4:3b:0c:d0:c3:20:6f:6d:dd:6f:e8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

PathFindFileNameW
PathFileExistsW

kernel32

InterlockedFlushSList
SetEndOfFile
WriteConsoleW
lstrlenW
GlobalAlloc
GlobalLock
GlobalUnlock
SizeofResource
GetLastError
LockResource
GlobalFree
LoadResource
FindResourceW
GetPrivateProfileIntW
GetModuleFileNameW
GetPrivateProfileSectionNamesW
lstrcpyW
HeapReAlloc
HeapSize
CreateFileW
ReadConsoleW
ReadFile
SetStdHandle
GetStringTypeW
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
CloseHandle
GetFileSizeEx
SetFilePointerEx
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP

user32

ShowWindow
MoveWindow
SetFocus
GetDlgItem
UpdateWindow
InvalidateRect
GetWindowTextW
CreateDialogParamW
GetWindowRect
SetWindowLongPtrW
IsWindowVisible
MessageBoxA
GetClientRect
CreateDialogIndirectParamW
RegisterClipboardFormatW
SendMessageW
OpenClipboard
CloseClipboard
EmptyClipboard
SendDlgItemMessageW
SendDlgItemMessageA
SetClipboardData
DestroyWindow
MessageBoxW
GetWindowLongPtrW

Exports

Exports

beNotified
getFuncsArray
getName
isUnicode
messageProc
setInfo

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/NppExport/NppExport.dll
.dll windows:6 windows x64 arch:x64

Password: 8855

17ff9a294f3152c5c744802081c5e1c4

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:aa:64:92:de:9d:96:a9:0a:4b:ca:97:be:ad:b4:4a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/05/2022, 00:00

Not After

14/05/2025, 23:59

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f3:a6:d3:86:9a:f7:27:61:b9:8a:41:7f:34:73:6e:4f:14:92:04:a8:15:b0:eb:3c:5b:b5:a3:41:1e:53:f7:a9
Signer

Actual PE Digest

f3:a6:d3:86:9a:f7:27:61:b9:8a:41:7f:34:73:6e:4f:14:92:04:a8:15:b0:eb:3c:5b:b5:a3:41:1e:53:f7:a9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameW
MulDiv
lstrcpynW
lstrcpyW
lstrcatW
MultiByteToWideChar
WriteConsoleW
CloseHandle
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
SetStdHandle
GetStringTypeW
WriteFile
CreateFileW
lstrcmpiA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
SetFilePointerEx
GetProcessHeap
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW

user32

GetDC
EmptyClipboard
ReleaseDC
CloseClipboard
OpenClipboard
SendMessageW
MessageBoxW
RegisterClipboardFormatW
SetClipboardData

gdi32

GetTextExtentPoint32W
GetDeviceCaps
DeleteObject
CreateFontW
SelectObject

comdlg32

GetSaveFileNameW

shlwapi

PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW

Exports

Exports

beNotified
getFuncsArray
getName
isUnicode
messageProc
setInfo

Sections

.text
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
plugins/mimeTools/mimeTools.dll
.dll windows:6 windows x64 arch:x64

Password: 8855

c893688ea90d5f1750f25aa8bbbbf08d

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:aa:64:92:de:9d:96:a9:0a:4b:ca:97:be:ad:b4:4a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/05/2022, 00:00

Not After

14/05/2025, 23:59

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ef:44:89:27:34:53:e1:5d:bc:b8:52:1c:64:4a:25:81:43:40:75:f7:df:9e:89:1a:67:6f:72:fc:3a:f2:68:8d
Signer

Actual PE Digest

ef:44:89:27:34:53:e1:5d:bc:b8:52:1c:64:4a:25:81:43:40:75:f7:df:9e:89:1a:67:6f:72:fc:3a:f2:68:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
WriteConsoleW

user32

GetClientRect
ClientToScreen
CreateDialogParamW
SetWindowPos
SendMessageW
EndDialog
MessageBoxW

Exports

Exports

beNotified
getFuncsArray
getName
isUnicode
messageProc
setInfo

Sections

.text
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sheila.zip
updater/Data.pt
.exe windows:6 windows x64 arch:x64

Password: 8855

bbc63216b8ddbe8c707b7e797b57565d

Code Sign

87:82:52:60:00:00:00:00:51:d3:73:d9
Certificate

Issuer

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

10/06/2015, 13:42

Not After

10/11/2030, 14:12

Subject

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

05:f9:7d:05:4a:9b:fc:bf:9d:5e:12:f8:d0:ab:be:07
Certificate

Issuer

CN=Entrust Extended Validation Code Signing CA - EVCS1,OU=See www.entrust.net/legal-terms+OU=(c) 2015 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Not Before

08/12/2020, 14:34

Not After

08/12/2023, 14:34

Subject

SERIALNUMBER=31 333 532,CN=ESET\, spol. s r.o.,O=ESET\, spol. s r.o.,L=Bratislava,C=SK,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#1302534b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:42:00:ba:5e:23:b0:a1:f3:99:00:00:00:00:00:42
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/07/2015, 20:55

Not After

07/07/2025, 20:55

Subject

CN=Entrust Root Certification Authority - G2,OU=See www.entrust.net/legal-terms+OU=(c) 2009 Entrust\, Inc. - for authorized use only,O=Entrust\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fa:9c:19:a9:f4:39:a7:aa:c6:bf:8d:46:c8:f8:b4:cd:6a:ca:1e
Certificate

Issuer

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

13/07/2023, 00:00

Not After

15/07/2026, 00:00

Subject

CN=ESET\, spol. s r.o.,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7d:90:d1:7c:6b:36:ca:f6:8f:b9:b7:2f:65:68:b8:22:3d:30:2d:a8
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

17/07/2020, 00:00

Not After

17/07/2030, 00:00

Subject

CN=ESET Code Signing CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:1b:95:25:17:c8:de:e2:27:42:79:ec:df:05:5d:81:0b:2e:c3:fe
Certificate

Issuer

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

12/07/2023, 00:00

Not After

16/07/2026, 00:00

Subject

CN=ESET Timestamp,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

76:79:fc:14:55:72:11:3a:f7:92:d1:f4:af:3c:4e:3a:8a:8a:6e:38
Certificate

Issuer

CN=ESET Root Certificate Authority 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Not Before

16/07/2020, 00:00

Not After

16/07/2030, 00:00

Subject

CN=ESET Timestamping CA 2020,O=ESET\, spol. s r.o.,L=Bratislava,C=SK

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:1c:b2:8a:00:00:00:00:00:26
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:41

Not After

15/04/2021, 19:51

Subject

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:10:0c:ea:cc:9c:92:79:d2:8e:18:55:1b:b7:42:b0:22:79:fb:e0:c0:34:df:be:72:04:94:d2:0b:a5:ec:b4
Signer

Actual PE Digest

61:10:0c:ea:cc:9c:92:79:d2:8e:18:55:1b:b7:42:b0:22:79:fb:e0:c0:34:df:be:72:04:94:d2:0b:a5:ec:b4

Digest Algorithm

sha256

PE Digest Matches

true

61:10:0c:ea:cc:9c:92:79:d2:8e:18:55:1b:b7:42:b0:22:79:fb:e0:c0:34:df:be:72:04:94:d2:0b:a5:ec:b4
Signer

Actual PE Digest

61:10:0c:ea:cc:9c:92:79:d2:8e:18:55:1b:b7:42:b0:22:79:fb:e0:c0:34:df:be:72:04:94:d2:0b:a5:ec:b4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SysInspector.pdb

Imports

sciter-x

SciterCreateElement
SciterSetScrollPos
ValueClear
ValueInt64DataSet
ValueCompare
ValueNthElementValueSet
ValueNthElementKey
SciterCallBehaviorMethod
SciterSetElementText
SciterSetElementHtml
SciterInsertElement
SciterUpdateElement
SciterReleaseCapture
SciterDeleteElement
SciterHidePopup
SciterSetCapture
ValueInt64Data
SciterSetCallback
SciterGetMinHeight
SciterShowPopupAt
SciterSetMediaVars
SciterSetMediaType
SciterProcND
SciterCallScriptingFunction
SciterPostEvent
SciterSelectParent
SciterGetFocusElement
SciterWindowAttachEventHandler
ValueSetValueToKey
ValueNthElementValue
ValueElementsCount
ValueBinaryDataSet
ValueFloatDataSet
ValueFloatData
SciterEval
SciterDataReady
SciterSetTimer
SciterSetElementState
SciterGetElementHwnd
SciterRefreshElementArea
SciterGetStyleAttribute
ValueIntData
SciterSetStyleAttribute
SciterLoadHtml
SciterSetAttributeByName
SciterRender
SciterSetMasterCSS
SciterGetScrollInfo
GraphinAPI
SciterSetValue
SciterGetValue
SciterControlGetType
SciterSendEvent
SciterIsElementVisible
SciterIsElementEnabled
SciterGetElementState
SciterGetElementTextCB
SciterGetElementHtmlCB
SciterGetElementByUID
SciterGetElementUID
SciterGetElementType
SciterGetElementLocation
SciterSelectElements
SciterFindElement
SciterGetRootElement
SciterGetAttributeByName
SciterGetNthAttribute
SciterGetAttributeCount
SciterGetElementIndex
SciterGetParentElement
SciterGetNthChild
SciterGetChildrenCount
Sciter_UnuseElement
Sciter_UseElement
ValueGetValueOfKey
ValueToString
ValueFromString
ValueStringData
ValueStringDataSet
ValueIntDataSet
ValueCopy
ValueInit

protobuflite

?ReadTagFallback@CodedInputStream@io@protobuf@google@@AEAAII@Z
??1CodedInputStream@io@protobuf@google@@QEAA@XZ
?SkipField@WireFormatLite@internal@protobuf@google@@SA_NPEAVCodedInputStream@io@34@I@Z
?SerializeWithCachedSizesToArray@MessageLite@protobuf@google@@QEBAPEAEPEAE@Z
?ParseFromArray@MessageLite@protobuf@google@@QEAA_NPEBXH@Z
?PushLimit@CodedInputStream@io@protobuf@google@@QEAAHH@Z
?PopLimit@CodedInputStream@io@protobuf@google@@QEAAXH@Z
??0CodedInputStream@io@protobuf@google@@QEAA@PEBEH@Z
?ReadVarintSizeAsInt@CodedInputStream@io@protobuf@google@@QEAA_NPEAH@Z
?ReadVarint64@CodedInputStream@io@protobuf@google@@QEAA_NPEA_K@Z
?WriteStringOutline@EpsCopyOutputStream@io@protobuf@google@@AEAAPEAEIAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAE@Z
?kGlobalEmptyTable@internal@protobuf@google@@3QBQEAXB
?UnknownFieldParse@internal@protobuf@google@@YAPEBDIPEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBDPEAVParseContext@123@@Z
?ReadSizeAndPushLimitAndDepth@ParseContext@internal@protobuf@google@@AEAAPEBDPEBDPEAH@Z
?ParseMessage@ParseContext@internal@protobuf@google@@QEAAPEBDPEAVMessageLite@34@PEBD@Z
?fixed_address_empty_string@internal@protobuf@google@@3V?$ExplicitlyConstructed@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@$07@123@A
?InlineGreedyStringParser@internal@protobuf@google@@YAPEBDPEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEBDPEAVParseContext@123@@Z
??$DoMergeFrom@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@InternalMetadata@internal@protobuf@google@@AEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??$DoClear@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@InternalMetadata@internal@protobuf@google@@AEAAXXZ
?ClearToEmpty@ArenaStringPtr@internal@protobuf@google@@QEAAXXZ
?Destroy@ArenaStringPtr@internal@protobuf@google@@QEAAXXZ
?Mutable@ArenaStringPtr@internal@protobuf@google@@QEAAPEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAVArena@34@@Z
?Set@ArenaStringPtr@internal@protobuf@google@@QEAAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAVArena@34@@Z
?ReadTagFallback@internal@protobuf@google@@YA?AU?$pair@PEBDI@std@@PEBDI@Z
?GenericSwap@internal@protobuf@google@@YAXPEAVMessageLite@23@0@Z
?ReadSizeFallback@internal@protobuf@google@@YA?AU?$pair@PEBDH@std@@PEBDI@Z
?VerifyUTF8@internal@protobuf@google@@YA_NVStringPiece@stringpiece_internal@23@PEBD@Z
?AddCleanup@ThreadSafeArena@internal@protobuf@google@@QEAAXPEAXP6AX0@Z@Z
?InternalWriteMessage@WireFormatLite@internal@protobuf@google@@SAPEAEHAEBVMessageLite@34@HPEAEPEAVEpsCopyOutputStream@io@34@@Z
?VerifyUtf8String@WireFormatLite@internal@protobuf@google@@SA_NPEBDHW4Operation@1234@0@Z
?InitializationErrorString@MessageLite@protobuf@google@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?MergeFrom@?$RepeatedPtrField@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@protobuf@google@@QEAAXAEBV123@@Z
?Clear@?$RepeatedPtrField@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@protobuf@google@@QEAAXXZ
?Get@?$RepeatedPtrField@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@protobuf@google@@QEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?size@?$RepeatedPtrField@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@protobuf@google@@QEBAHXZ
??1?$RepeatedPtrField@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@protobuf@google@@QEAA@XZ
??0?$RepeatedPtrField@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@protobuf@google@@QEAA@XZ
??0?$RepeatedPtrField@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@protobuf@google@@QEAA@PEAVArena@12@@Z
?AllocateAlignedWithCleanup@Arena@protobuf@google@@AEAA?AU?$pair@PEAXPEAUCleanupNode@SerialArena@internal@protobuf@google@@@std@@_KPEBVtype_info@@@Z
??0CachedSize@internal@protobuf@google@@QEAA@XZ
?Done@ParseContext@internal@protobuf@google@@QEAA_NPEAPEBD@Z
?ReadString@EpsCopyInputStream@internal@protobuf@google@@QEAAPEBDPEBDHPEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?PopLimit@EpsCopyInputStream@internal@protobuf@google@@QEAA_NH@Z
?Set@CachedSize@internal@protobuf@google@@QEAAXH@Z
?Get@CachedSize@internal@protobuf@google@@QEBAHXZ
?GetArenaForAllocation@MessageLite@protobuf@google@@IEBAPEAVArena@23@XZ
?LengthDelimitedSize@WireFormatLite@internal@protobuf@google@@SA_K_K@Z
?StringSize@WireFormatLite@internal@protobuf@google@@SA_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??1MessageLite@protobuf@google@@UEAA@XZ
?GetOwningArena@MessageLite@protobuf@google@@IEBAPEAVArena@23@XZ
??0MessageLite@protobuf@google@@IEAA@PEAVArena@12@_N@Z
?OnDemandRegisterArenaDtor@MessageLite@protobuf@google@@UEAAXPEAVArena@23@@Z
??0MessageLite@protobuf@google@@QEAA@XZ
?InitDefault@ArenaStringPtr@internal@protobuf@google@@QEAAXXZ
??0ArenaStringPtr@internal@protobuf@google@@QEAA@PEAV?$ExplicitlyConstructed@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@$07@123@UConstantInitialized@123@@Z
?AllocateAlignedWithHook@Arena@protobuf@google@@AEAAPEAX_K0PEBVtype_info@@@Z
?AllocateAlignedWithHookForArray@Arena@protobuf@google@@AEAAPEAX_K0PEBVtype_info@@@Z
?VarintSize32@CodedOutputStream@io@protobuf@google@@SA_KI@Z
?WriteVarint32ToArray@CodedOutputStream@io@protobuf@google@@SAPEAEIPEAE@Z
?WriteStringMaybeAliased@EpsCopyOutputStream@io@protobuf@google@@QEAAPEAEIAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAE@Z
?WriteRaw@EpsCopyOutputStream@io@protobuf@google@@QEAAPEAEPEBXHPEAE@Z
?EnsureSpace@EpsCopyOutputStream@io@protobuf@google@@QEAAPEAEPEAE@Z
?VarintParseSlow64@internal@protobuf@google@@YA?AU?$pair@PEBD_K@std@@PEBDI@Z
?AddOutOfLineHelper@RepeatedPtrFieldBase@internal@protobuf@google@@AEAAPEAXPEAX@Z
?DestroyProtos@RepeatedPtrFieldBase@internal@protobuf@google@@IEAAXXZ
?Int64SizePlusOne@WireFormatLite@internal@protobuf@google@@SA_K_J@Z
?EnumSize@WireFormatLite@internal@protobuf@google@@SA_KH@Z
?MergeFromInternal@RepeatedPtrFieldBase@internal@protobuf@google@@AEAAXAEBV1234@P81234@EAAXPEAPEAX1HH@Z@Z
??1RepeatedPtrFieldBase@internal@protobuf@google@@IEAA@XZ
?GetEmptyStringAlreadyInited@internal@protobuf@google@@YAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?WriteVarint32SignExtendedToArray@CodedOutputStream@io@protobuf@google@@SAPEAEHPEAE@Z
?WriteVarint64ToArray@CodedOutputStream@io@protobuf@google@@SAPEAE_KPEAE@Z
?VarintParseSlow32@internal@protobuf@google@@YA?AU?$pair@PEBDI@std@@PEBDI@Z
?Add@?$RepeatedPtrField@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@protobuf@google@@QEAAPEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?UInt32SizePlusOne@WireFormatLite@internal@protobuf@google@@SA_KI@Z
?BytesSize@WireFormatLite@internal@protobuf@google@@SA_KAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?UInt64SizePlusOne@WireFormatLite@internal@protobuf@google@@SA_K_K@Z
?WriteBytesMaybeAliased@EpsCopyOutputStream@io@protobuf@google@@QEAAPEAEIAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAE@Z

kernel32

InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
WaitForSingleObjectEx
CreateSymbolicLinkW
AreFileApisANSI
SetFileInformationByHandle
GetFileAttributesExW
GetLocaleInfoEx
FormatMessageA
OutputDebugStringW
VirtualFree
SwitchToThread
QueryPerformanceCounter
lstrcmpW
FreeConsole
GetConsoleWindow
AttachConsole
AllocConsole
CheckRemoteDebuggerPresent
TerminateProcess
GetUserDefaultLCID
DisconnectNamedPipe
ConnectNamedPipe
CreateNamedPipeW
GetNumberFormatW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
lstrcpyW
lstrcpynW
LoadLibraryExW
GetTimeZoneInformation
GetVersion
FindResourceExW
GetModuleHandleW
MulDiv
SizeofResource
LockResource
LoadResource
FindResourceW
MoveFileExW
GetProcessTimes
OpenProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
GetEnvironmentVariableW
OpenMutexW
ReleaseMutex
GetLocaleInfoW
GetModuleFileNameW
SystemTimeToFileTime
SetUnhandledExceptionFilter
OpenFileMappingW
OpenEventW
GetCurrentThreadId
LeaveCriticalSection
TryEnterCriticalSection
EnterCriticalSection
InitializeCriticalSection
VirtualProtect
HeapAlloc
VirtualAlloc
HeapFree
HeapSize
GetLastError
HeapReAlloc
GetSystemTimeAsFileTime
HeapDestroy
DeleteCriticalSection
GetProcessHeap
GetCurrentThread
GetCurrentProcess
VerSetConditionMask
VerifyVersionInfoW
LoadLibraryW
FreeLibrary
GetProcAddress
FindFirstFileW
FindClose
LocalFree
WideCharToMultiByte
MultiByteToWideChar
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDateFormatW
GetSystemTime
GetTimeFormatW
GetCurrentProcessId
GetTickCount
SetLastError
Sleep
FlushFileBuffers
FindFirstFileExW
FindNextFileW
CreateDirectoryW
SetErrorMode
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
GetFileSize
DeleteFileW
MoveFileW
CopyFileW
GetTempPathW
GetTempFileNameW
GetFileAttributesW
SetFileAttributesW
GetFileInformationByHandle
SetFileTime
GetSystemInfo
MapViewOfFile
UnmapViewOfFile

user32

CreateMenu
AppendMenuW
GetSubMenu
InsertMenuItemW
DestroyMenu
TrackPopupMenuEx
RegisterWindowMessageW
GetWindowLongPtrA
SetWindowLongPtrA
PostQuitMessage
FindWindowA
SendMessageTimeoutW
GetClassInfoExA
RegisterClassExA
PostMessageA
UnregisterClassA
IsWindow
CreateWindowExA
TranslateMessage
GetClientRect
GetWindowRect
WindowFromPoint
ScreenToClient
GetCursorPos
SetCursorPos
SendMessageW
GetDC
ReleaseDC
IntersectRect
DrawTextW
GetProcessDefaultLayout
NotifyWinEvent
PeekMessageW
EnableWindow
GetSystemMetrics
PtInRect
GetPropW
ShowWindow
GetClassInfoW
SetProcessDefaultLayout
SetWindowLongPtrW
SetPropW
SetWindowPos
CopyRect
GetParent
MonitorFromWindow
GetWindowLongW
GetKeyState
GetWindowTextLengthW
GetWindowTextW
IsWindowVisible
GetWindow
SetFocus
AdjustWindowRectEx
GetSysColor
DrawFocusRect
OffsetRect
UnionRect
LoadStringW
LoadAcceleratorsW
LoadIconW
LoadCursorW
RegisterClassExW
SetWindowLongW
GetWindowContextHelpId
SetWindowContextHelpId
GetDesktopWindow
MapWindowPoints
SetActiveWindow
SetForegroundWindow
GetWindowPlacement
SetWindowPlacement
DestroyIcon
GetAsyncKeyState
MessageBoxW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TranslateAcceleratorW
MsgWaitForMultipleObjectsEx

ws2_32

gethostbyaddr
getservbyport
ntohs
inet_ntoa
socket
getservbyname
htons
gethostbyname
inet_addr
send
closesocket
htonl
recv
getsockopt
setsockopt
ioctlsocket
connect
select
__WSAFDIsSet
WSAGetLastError

gdi32

CreateFontIndirectW
GetDCPenColor
MoveToEx
SetDCPenColor
GetTextMetricsW
GetStockObject
CreateDIBSection
SelectClipRgn
IntersectClipRect
GetClipRgn
CreateRectRgn
ExtTextOutW
GetTextAlign
GetTextColor
SetBkMode
SetBkColor
SetTextColor
GetWindowOrgEx
GetClipBox
RemoveFontMemResourceEx
AddFontMemResourceEx
GetDeviceCaps
GetObjectW
GetBitmapBits
SetBitmapBits
CreateBitmap
GetCurrentObject
DeleteDC
DeleteObject
SetDIBits
GetDIBits
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
LineTo
SetTextAlign

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RevertToSelf
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
FreeSid
RegEnumKeyExW
RegDeleteKeyW
RegGetValueA
RegEnumKeyExA
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
SetThreadToken
IsValidSid
EqualSid
GetSidIdentifierAuthority
GetSidSubAuthorityCount
GetSidSubAuthority
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueW

shell32

ShellExecuteExW

ole32

OleInitialize
OleUninitialize
CoFreeUnusedLibraries

oleaut32

SysAllocStringLen
SysAllocString

msvcp140

??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Random_device@std@@YAIXZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?write@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEB_W_J@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
_Thrd_join
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?_Xbad_alloc@std@@YAXXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
_Cnd_do_broadcast_at_thread_exit
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@PEBX@Z
?uncaught_exception@std@@YA_NXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
_Mtx_lock
_Mtx_unlock
_Cnd_init_in_situ
_Cnd_destroy_in_situ
_Cnd_broadcast
_Cnd_wait
_Cnd_register_at_thread_exit
_Cnd_unregister_at_thread_exit
?_Xinvalid_argument@std@@YAXPEBD@Z
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
?_IsCurrentOriginSTA@_ContextCallback@details@Concurrency@@CA_NXZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?__ExceptionPtrRethrow@@YAXPEBX@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrCreate@@YAXPEAX@Z
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_Xbad_function_call@std@@YAXXZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Mtx_current_owns
_Cnd_timedwait
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?wcin@std@@3V?$basic_istream@_WU?$char_traits@_W@std@@@1@A
?sync_with_stdio@ios_base@std@@SA_N_N@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
??Bid@locale@std@@QEAA_KXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@_K@Z
??_7_Facet_base@std@@6B@
_Wcscoll
_Wcsxfrm
??_7facet@locale@std@@6B@
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?is@?$ctype@_W@std@@QEBA_NF_W@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
??1_Facet_base@std@@UEAA@XZ
_Xtime_get_ticks
_Query_perf_frequency
_Query_perf_counter
?_Throw_C_error@std@@YAXH@Z
_Thrd_detach
_Thrd_sleep
_Mtx_init_in_situ
_Mtx_destroy_in_situ

comctl32

ImageList_DrawEx
ImageList_Destroy
ImageList_GetIconSize

gdiplus

GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipSaveImageToStream
GdipCloneImage
GdipDrawImageRectRectI
GdipSetInterpolationMode
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipSetImageAttributesWrapMode
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipAlloc
GdipFree
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromStream
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipCreateBitmapFromScan0

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memcmp
memcpy
strchr
__std_exception_destroy
__std_exception_copy
wcsrchr
_purecall
__C_specific_handler
memchr
wcsstr
wcschr
strstr
__std_type_info_compare
memmove
memset
__current_exception
__current_exception_context
_CxxThrowException
_set_se_translator
__RTDynamicCast

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
calloc
realloc
free
_recalloc
_callnewh

api-ms-win-crt-convert-l1-1-0

_wtol
_itow_s
wcstof
wcstoul
strtol
strtoul
strtof
atoi
wcstol
_wtoi
wcstoll

api-ms-win-crt-string-l1-1-0

_stricmp
wcsncmp
wmemcpy_s
strcmp
wcscpy_s
_strnicmp
towupper
towlower
toupper
_wcsnicmp
tolower
isalpha
strncpy
wcsncpy
strnlen
_wcsicmp
isdigit
isspace
_wcsdup
wcstok_s
wcsnlen
wcsncpy_s
iswspace
iswalnum
strcpy_s
strncpy_s
strcat_s
wcscat_s
wcspbrk
isxdigit
isalnum
_wcsupr_s

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsnprintf_s
__stdio_common_vsscanf
_ftelli64
fread
_fseeki64
__stdio_common_vsprintf
__stdio_common_vswprintf
__stdio_common_vswscanf
fwrite
__stdio_common_vfprintf
_set_fmode
fgetc
fputc
__acrt_iob_func
__stdio_common_vsnwprintf_s
ungetc
__p__commode
__stdio_common_vswprintf_s
_get_stream_buffer_pointers
fgetpos
fflush
_wfopen_s
fclose
fsetpos
__stdio_common_vsprintf_s
setvbuf
freopen_s

api-ms-win-crt-runtime-l1-1-0

terminate
_beginthreadex
_cexit
_configure_wide_argv
_set_app_type
_invalid_parameter_noinfo_noreturn
_resetstkoflw
_invalid_parameter_noinfo
_errno
_register_thread_local_exe_atexit_callback
_c_exit
abort
signal
_crt_atexit
_exit
exit
_initterm_e
_initterm
__p___wargv
__p___argc
_get_wide_winmain_command_line
_register_onexit_function
_initialize_onexit_table
_seh_filter_exe
_initialize_wide_environment

api-ms-win-crt-time-l1-1-0

_localtime64
_mkgmtime64
_mktime64
wcsftime
_time64
_gmtime64_s
_localtime64_s

api-ms-win-crt-utility-l1-1-0

qsort
rand_s
bsearch

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_unlock_file

api-ms-win-crt-math-l1-1-0

sin
__setusermatherr
pow
ceilf
cos
floorf

api-ms-win-crt-multibyte-l1-1-0

_mbsstr

api-ms-win-crt-locale-l1-1-0

___lc_codepage_func
_configthreadlocale

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 461KB - Virtual size: 461KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updater/GUP
.exe windows:6 windows x64 arch:x64

2b01d1e6f097308c51e2174a892534f3

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:aa:64:92:de:9d:96:a9:0a:4b:ca:97:be:ad:b4:4a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/05/2022, 00:00

Not After

14/05/2025, 23:59

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:24:fa:dd:5c:f4:50:b6:73:9a:85:cf:22:8b:85:de:4d:8b:04:c6:b3:24:f2:84:71:aa:41:fc:0e:f7:94:c5
Signer

Actual PE Digest

9e:24:fa:dd:5c:f4:50:b6:73:9a:85:cf:22:8b:85:de:4d:8b:04:c6:b3:24:f2:84:71:aa:41:fc:0e:f7:94:c5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

libcurl

curl_easy_setopt
curl_easy_cleanup
curl_easy_init
curl_easy_perform

comctl32

InitCommonControlsEx

shlwapi

PathFileExistsA
PathFindExtensionW
PathIsDirectoryW
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW

kernel32

HeapReAlloc
CreateFileW
HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
CreateDirectoryW
lstrlenW
GetCurrentThreadId
Sleep
OutputDebugStringW
DeleteFileW
CreateThread
lstrcpyW
lstrcmpW
MulDiv
MoveFileW
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
InitializeCriticalSection
SetEndOfFile
CreateEventW
GetLastError
SetEvent
CloseHandle
ResetEvent
CreateSemaphoreW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetConsoleOutputCP
FlushFileBuffers
GetFileSizeEx
HeapAlloc
HeapFree
GetFileType
WaitForSingleObject
ReadConsoleW
GetConsoleMode
SetFilePointerEx
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeSListHead
MultiByteToWideChar
WideCharToMultiByte
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableSRW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
TryAcquireSRWLockExclusive
GetExitCodeThread
WriteConsoleW
InitializeCriticalSectionEx
EncodePointer
DecodePointer
GetLocaleInfoEx
LCMapStringEx
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
GetStringTypeW
CompareStringEx
GetCPInfo
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwind
ReadFile
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
WriteFile

user32

CallNextHookEx
EndDialog
SetWindowTextW
SetDlgItemTextW
CreateWindowExW
MessageBoxA
UnhookWindowsHookEx
SetWindowsHookExW
GetDlgItemInt
SystemParametersInfoW
SetDlgItemInt
DialogBoxParamW
LoadImageW
ReleaseDC
MessageBoxW
SendMessageW
SetWindowPos
GetDC
GetWindowRect
FindWindowExW
GetDlgItemTextW

gdi32

GetDeviceCaps

shell32

SHGetFolderPathW
ShellExecuteW
SHFileOperationW

Sections

.text
Size: 613KB - Virtual size: 613KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 148KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updater/LICENSE
updater/README.md
updater/enco.dll
.exe windows:6 windows x86 arch:x86

7f483786751f690c02ae2784f1534515

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:c2:8a:8f:8e:8d:c4:f6:16:a0:ed:63:24:46:ca:42
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

25/05/2023, 00:00

Not After

01/06/2024, 23:59

Subject

SERIALNUMBER=HRB 742261,CN=Avira Operations GmbH,O=Avira Operations GmbH,L=Tettnang,ST=Baden-Württemberg,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#1303556c6d,1.3.6.1.4.1.311.60.2.1.2=#0c12426164656e2d57c3bc727474656d62657267,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:46:4b:63:e9:29:7f:0b:6e:90:ae:f8:23:d0:6e:6e:51:45:8c:c8:83:1e:1b:22:de:8c:d8:27:ac:64:ea:21
Signer

Actual PE Digest

a3:46:4b:63:e9:29:7f:0b:6e:90:ae:f8:23:d0:6e:6e:51:45:8c:c8:83:1e:1b:22:de:8c:d8:27:ac:64:ea:21

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\bamboo-build\SPL-SBFW269-JOB1\Bootstrapper\Bootstrapper.Presetup\bin\Release\Avira.Spotlight.Bootstrapper.Presetup.pdb

Imports

advapi32

RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerW
SetServiceStatus
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW
InitializeSecurityDescriptor
FreeSid
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl

ole32

CoTaskMemFree

shell32

SHGetKnownFolderPath

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

user32

ExitWindowsEx

kernel32

HeapSize
SetStdHandle
GetProcessHeap
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetModuleFileNameW
GetLastError
GetWindowsDirectoryW
CreateDirectoryW
GetLongPathNameW
GetTempPathW
WaitForMultipleObjects
CreateMutexW
WaitForSingleObject
ReleaseMutex
CreateEventW
SetEvent
CloseHandle
GetModuleHandleW
lstrcmpiW
GetLocalTime
GetCurrentProcess
GetProcAddress
MoveFileExW
CreateProcessW
GetExitCodeProcess
SizeofResource
EnumResourceNamesW
CreateFileW
UnmapViewOfFile
LockResource
LoadResource
FindResourceW
CreateFileMappingW
MapViewOfFile
LocalAlloc
LocalFree
GetSystemDirectoryW
FormatMessageA
FindClose
FindFirstFileExW
FindNextFileW
GetFileAttributesW
GetFileAttributesExW
GetFileInformationByHandle
GetFinalPathNameByHandleW
SetEndOfFile
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
DeviceIoControl
CopyFileW
CreateHardLinkW
GetFileInformationByHandleEx
CreateSymbolicLinkW
MultiByteToWideChar
WideCharToMultiByte
GetStringTypeW
InitializeSRWLock
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
WaitForSingleObjectEx
GetExitCodeThread
EncodePointer
DecodePointer
LCMapStringEx
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetLocaleInfoEx
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetCurrentProcessId
InitializeSListHead
GetACP
RtlUnwind
RaiseException
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
WriteFile
HeapAlloc
HeapFree
GetFileType
GetFileSizeEx
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
IsValidCodePage
WriteConsoleW

Sections

.text
Size: 313KB - Virtual size: 313KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5.8MB - Virtual size: 5.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updater/gup.xml
.xml
updater/libcurl.dll
.dll windows:6 windows x64 arch:x64

6ef556d2b31956dae3aa7d51b8168879

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:aa:64:92:de:9d:96:a9:0a:4b:ca:97:be:ad:b4:4a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

13/05/2022, 00:00

Not After

14/05/2025, 23:59

Subject

CN=Notepad\+\+,O=Notepad\+\+,L=Saint Cloud,ST=Ile-de-France,C=FR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:d6:7d:27:e9:65:3f:14:4b:d4:6f:80:bb:de:06:65:34:6c:56:98:39:a4:aa:9c:6b:c6:56:73:fc:1d:31:a5
Signer

Actual PE Digest

b9:d6:7d:27:e9:65:3f:14:4b:d4:6f:80:bb:de:06:65:34:6c:56:98:39:a4:aa:9c:6b:c6:56:73:fc:1d:31:a5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

ws2_32

send
WSAGetLastError
bind
sendto
recvfrom
WSACleanup
WSAStartup
select
__WSAFDIsSet
htonl
ioctlsocket
WSAWaitForMultipleEvents
WSASetEvent
WSAResetEvent
WSAEventSelect
WSAEnumNetworkEvents
WSACreateEvent
WSACloseEvent
listen
accept
gethostname
freeaddrinfo
getaddrinfo
WSAIoctl
WSASetLastError
socket
setsockopt
recv
ntohs
htons
getsockopt
getsockname
getpeername
connect
closesocket

wldap32

ord46
ord217
ord211
ord301
ord200
ord30
ord79
ord35
ord33
ord32
ord27
ord26
ord22
ord41
ord50
ord45
ord60
ord143

advapi32

CryptAcquireContextA
CryptDestroyKey
CryptImportKey
CryptEncrypt
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
CryptReleaseContext

crypt32

CertFreeCertificateContext
CryptDecodeObjectEx
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CryptStringToBinaryA
PFXImportCertStore
CertAddCertificateContextToStore
CertFindExtension
CertGetNameStringA
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFindCertificateInStore
CertFreeCertificateChain

normaliz

IdnToUnicode
IdnToAscii

bcrypt

BCryptGenRandom

kernel32

GetFileAttributesExW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
SetStdHandle
HeapAlloc
HeapFree
GetConsoleOutputCP
WriteFile
ReadConsoleW
GetConsoleMode
GetModuleFileNameW
ExitProcess
SetFilePointerEx
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
SetEndOfFile
GetCurrentDirectoryW
GetFullPathNameW
HeapReAlloc
FlushFileBuffers
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
DeleteFileW
GetStringTypeW
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetLastError
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetFileInformationByHandle
GetDriveTypeW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
DeleteCriticalSection
SleepEx
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
CloseHandle
WaitForSingleObjectEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
GetEnvironmentVariableA
Sleep
MoveFileExA
GetCurrentProcessId
GetLastError
FormatMessageW
QueryPerformanceFrequency
GetSystemDirectoryA
GetModuleHandleA
LoadLibraryA
GetStdHandle
GetFileType
ReadFile
PeekNamedPipe
WaitForMultipleObjects
QueryPerformanceCounter
GetTickCount
VerSetConditionMask
VerifyVersionInfoW
CreateFileA
GetFileSizeEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
CreateFileW
RtlUnwindEx
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
RtlUnwind

Exports

Exports

curl_easy_cleanup
curl_easy_duphandle
curl_easy_escape
curl_easy_getinfo
curl_easy_header
curl_easy_init
curl_easy_nextheader
curl_easy_option_by_id
curl_easy_option_by_name
curl_easy_option_next
curl_easy_pause
curl_easy_perform
curl_easy_recv
curl_easy_reset
curl_easy_send
curl_easy_setopt
curl_easy_strerror
curl_easy_unescape
curl_easy_upkeep
curl_escape
curl_formadd
curl_formfree
curl_formget
curl_free
curl_getdate
curl_getenv
curl_global_cleanup
curl_global_init
curl_global_init_mem
curl_global_sslset
curl_global_trace
curl_maprintf
curl_mfprintf
curl_mime_addpart
curl_mime_data
curl_mime_data_cb
curl_mime_encoder
curl_mime_filedata
curl_mime_filename
curl_mime_free
curl_mime_headers
curl_mime_init
curl_mime_name
curl_mime_subparts
curl_mime_type
curl_mprintf
curl_msnprintf
curl_msprintf
curl_multi_add_handle
curl_multi_assign
curl_multi_cleanup
curl_multi_fdset
curl_multi_get_handles
curl_multi_info_read
curl_multi_init
curl_multi_perform
curl_multi_poll
curl_multi_remove_handle
curl_multi_setopt
curl_multi_socket
curl_multi_socket_action
curl_multi_socket_all
curl_multi_strerror
curl_multi_timeout
curl_multi_wait
curl_multi_wakeup
curl_mvaprintf
curl_mvfprintf
curl_mvprintf
curl_mvsnprintf
curl_mvsprintf
curl_pushheader_byname
curl_pushheader_bynum
curl_share_cleanup
curl_share_init
curl_share_setopt
curl_share_strerror
curl_slist_append
curl_slist_free_all
curl_strequal
curl_strnequal
curl_unescape
curl_url
curl_url_cleanup
curl_url_dup
curl_url_get
curl_url_set
curl_url_strerror
curl_version
curl_version_info
curl_ws_meta
curl_ws_recv
curl_ws_send

Sections

.text
Size: 531KB - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 141KB - Virtual size: 140KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updater/nativeLang.xml
.xml
updater/updater.dll
.exe windows:5 windows x86 arch:x86

027ea80e8125c6dda271246922d4c3b0

Code Sign

0d:38:f0:86:d3:c3:ce:bb:f1:b4:5e:2a:95:50:83:8f
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

27/11/2020, 00:00

Not After

05/12/2023, 23:59

Subject

CN=Bitdefender SRL,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

09:ff:ab:74:b1:21:89:75:f0:2f:f3:8e:6a:95:d6:4b
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

14/12/2020, 00:00

Not After

05/12/2023, 23:59

Subject

CN=Bitdefender SRL,O=Bitdefender SRL,L=Bucharest,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

50:d2:d0:24:36:39:f2:07:9c:ec:8a:1e:fd:d6:d7:fb:8e:64:ae:a6:cd:73:f6:53:cc:c8:8b:1b:01:d8:a3:1e
Signer

Actual PE Digest

50:d2:d0:24:36:39:f2:07:9c:ec:8a:1e:fd:d6:d7:fb:8e:64:ae:a6:cd:73:f6:53:cc:c8:8b:1b:01:d8:a3:1e

Digest Algorithm

sha256

PE Digest Matches

true

9c:e5:c6:a3:11:af:cc:2f:b6:36:0e:4f:8b:91:9c:17:be:71:96:65
Signer

Actual PE Digest

9c:e5:c6:a3:11:af:cc:2f:b6:36:0e:4f:8b:91:9c:17:be:71:96:65

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Projects\WinRAR\sfx\build\sfxrar32\Release\sfxrar.pdb

Imports

kernel32

GetLastError
SetLastError
GetCurrentProcess
DeviceIoControl
SetFileTime
CloseHandle
CreateDirectoryW
RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
GetFileType
GetStdHandle
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
GetModuleFileNameW
GetModuleHandleW
FindResourceW
FreeLibrary
GetProcAddress
GetCurrentProcessId
ExitProcess
SetThreadExecutionState
Sleep
LoadLibraryW
GetSystemDirectoryW
CompareStringW
AllocConsole
FreeConsole
AttachConsole
WriteConsoleW
GetProcessAffinityMask
CreateThread
SetThreadPriority
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
GetTickCount
SetCurrentDirectoryW
GetExitCodeProcess
GetLocalTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetCommandLineW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetTempPathW
MoveFileExW
GetLocaleInfoW
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
LoadLibraryExA
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TerminateProcess
RtlUnwind
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
GetModuleHandleExW
GetModuleFileNameA
GetACP
HeapFree
HeapAlloc
HeapReAlloc
GetStringTypeW
LCMapStringW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetStdHandle
HeapSize
GetConsoleCP
GetConsoleMode
SetFilePointerEx
DecodePointer

Sections

.text
Size: 184KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
wound.aspx
Key.png
.png
[email protected]

Sharing

General

Malware Config

Signatures

Files

Password: 8855

Password: 8855

Password: 8855

e76c4470619433796d0ce964e2d84f10

Code Sign

72:97:37:c2:78:d8:d1:ba:73:a2:b5:fa:be:80:eb:77Certificate

Extended Key Usages

Key Usages

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95Certificate

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

70:4d:ec:0d:98:a2:8a:a9:c8:da:65:d8:8f:fc:4f:62:77:07:9e:8e:38:98:b9:a0:f8:36:6c:35:ef:dc:ee:f6Signer

Headers

DLL Characteristics

File Characteristics

Imports

winspool.drv

comdlg32

comctl32

shell32

user32

version

oledlg

oleaut32

advapi32

msvcrt

avifil32

kernel32

msvfw32

shfolder

ole32

gdi32

Exports

Exports

Sections

.text Size: 6.7MB - Virtual size: 6.7MB

.itext Size: 10KB - Virtual size: 10KB

.data Size: 224KB - Virtual size: 223KB

.bss Size: - Virtual size: 150KB

.idata Size: 18KB - Virtual size: 17KB

.didata Size: 4KB - Virtual size: 3KB

.edata Size: 512B - Virtual size: 148B

.tls Size: - Virtual size: 100B

.rdata Size: 512B - Virtual size: 93B

.reloc Size: 462KB - Virtual size: 461KB

.rsrc Size: 1.2MB - Virtual size: 1.2MB

Password: 8855

224f7c709bbe989ade2d7ede1bc05f77

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

gdi32

user32

Exports

Exports

Sections

.text Size: 2.4MB - Virtual size: 2.4MB

.rdata Size: 1.8MB - Virtual size: 1.8MB

.data Size: 22KB - Virtual size: 52KB

.00cfg Size: 512B - Virtual size: 8B

.tls Size: 512B - Virtual size: 161B

malloc_h Size: 512B - Virtual size: 243B

.rsrc Size: 1024B - Virtual size: 920B

72:97:37:c2:78:d8:d1:ba:73:a2:b5:fa:be:80:eb:77
Certificate

39:72:44:3a:f9:22:b7:51:d7:d3:6c:10:dd:31:35:95
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

70:4d:ec:0d:98:a2:8a:a9:c8:da:65:d8:8f:fc:4f:62:77:07:9e:8e:38:98:b9:a0:f8:36:6c:35:ef:dc:ee:f6
Signer

.text
Size: 6.7MB - Virtual size: 6.7MB

.itext
Size: 10KB - Virtual size: 10KB

.data
Size: 224KB - Virtual size: 223KB

.bss
Size: - Virtual size: 150KB

.idata
Size: 18KB - Virtual size: 17KB

.didata
Size: 4KB - Virtual size: 3KB

.edata
Size: 512B - Virtual size: 148B

.tls
Size: - Virtual size: 100B

.rdata
Size: 512B - Virtual size: 93B

.reloc
Size: 462KB - Virtual size: 461KB

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

.text
Size: 2.4MB - Virtual size: 2.4MB

.rdata
Size: 1.8MB - Virtual size: 1.8MB

.data
Size: 22KB - Virtual size: 52KB

.00cfg
Size: 512B - Virtual size: 8B

.tls
Size: 512B - Virtual size: 161B

malloc_h
Size: 512B - Virtual size: 243B

.rsrc
Size: 1024B - Virtual size: 920B

.reloc
Size: 74KB - Virtual size: 74KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:aa:64:92:de:9d:96:a9:0a:4b:ca:97:be:ad:b4:4a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

65:31:5f:80:fd:46:e1:98:8f:47:62:11:db:df:61:6b:4c:36:26:c6:88:6d:4e:da:ab:d7:25:c8:2d:c5:07:32
Signer

.text
Size: 54KB - Virtual size: 54KB

.rdata
Size: 38KB - Virtual size: 37KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 4KB - Virtual size: 3KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 90KB - Virtual size: 90KB

.reloc
Size: 2KB - Virtual size: 1KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

03:aa:64:92:de:9d:96:a9:0a:4b:ca:97:be:ad:b4:4a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

78:db:91:5e:18:03:af:c5:b3:f2:56:fa:81:a1:fc:63:dc:7a:e2:c2:84:b4:3b:0c:d0:c3:20:6f:6d:dd:6f:e8
Signer

.text
Size: 121KB - Virtual size: 121KB

.rdata
Size: 50KB - Virtual size: 49KB

.data
Size: 4KB - Virtual size: 9KB

.pdata
Size: 7KB - Virtual size: 6KB

_RDATA
Size: 512B - Virtual size: 348B

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB