Ruination[.]Swapper 2[.]0[.]8[.]zip

Sharing

Copy URL Twitter E-mail

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-fil>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

Reason

expected element type <jnlp> but have <jnlp-file>

General

Target

Ruination.Swapper 2.0.8.zip
Size

27.5MB
MD5

a88d448b3b371d86bf8203805d8fc810
SHA1

5525fe99468900a2ba3720ffdb491b20a49fa4fe
SHA256

0bd48f713b543fa69cebab66718e20c33defff30e49894d0587ef2e5f6b6e5f9
SHA512

0e65127941645adb48567b858b3bca12f0859d2c3f643d6e041748543402e68a5fe1c9cb6644ba4d060135712b9d0b62969094301cf0a2882a53b206715a2d57
SSDEEP

786432:uHCVECYinW/SYwaZKbzOSRGOaXsk9+baGYnW:uHhSdlbzlRtk9Qj

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/Ruination.Swapper 2.0.8/Ruination.exe
unpack001/Ruination.Swapper 2.0.8/oo2core_9_win64.dll

Files

Ruination.Swapper 2.0.8.zip
.zip

Password: 1313
Ruination.Swapper 2.0.8/D3DCompiler_47_cor3.dll
.dll windows:10 windows x64 arch:x64

Password: 1313

8235041cfd6fffb926142c2c78013446

Code Sign

33:00:00:05:00:27:d6:32:6f:43:73:7b:87:00:00:00:00:05:00
Certificate

Issuer

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/02/2023, 20:11

Not After

31/01/2024, 20:11

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:52:4c:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/07/2010, 20:40

Not After

06/07/2025, 20:50

Subject

CN=Microsoft Code Signing PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:5d:c5:12:35:5e:e1:23:cc:cd:fc:86:0b:c4:64:6d:59:c0:f9:e1:ad:8e:a3:f6:ea:5f:b1:cf:f9:7e:07:c9
Signer

Actual PE Digest

80:5d:c5:12:35:5e:e1:23:cc:cd:fc:86:0b:c4:64:6d:59:c0:f9:e1:ad:8e:a3:f6:ea:5f:b1:cf:f9:7e:07:c9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D3DCompiler_47.pdb

Imports

kernel32

WriteFile
FreeLibrary
Sleep
TlsAlloc
TlsSetValue
HeapDestroy
TlsGetValue
TlsFree
GetFullPathNameW
GetFullPathNameA
GetEnvironmentVariableA
VirtualFree
VirtualAlloc
GetSystemInfo
GetProcAddress
LoadLibraryExW
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
GetCurrentThreadId
GetStdHandle
GetFileType
GetStartupInfoW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ExitProcess
GetModuleHandleW
GetModuleHandleExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetFilePointerEx
GetStringTypeW
ReadFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
RaiseException
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetModuleFileNameW
ReadConsoleW
HeapSize
HeapReAlloc
WriteConsoleW
QueryPerformanceCounter
GetCurrentProcessId
InitializeSListHead
RtlUnwindEx
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionEx
RtlPcToFileHeader
LocalAlloc
LocalFree
GetFileSizeEx
GetLastError
CreateFileW
HeapFree
GetProcessHeap
UnmapViewOfFile
GetFileSize
CreateFileMappingW
MapViewOfFile
GetFileAttributesW
SetFileAttributesW
DeleteFileW
SetEndOfFile
DeviceIoControl
MapViewOfFileEx
CreateFileMappingA
ExpandEnvironmentStringsW
HeapAlloc
OutputDebugStringA
CloseHandle
LeaveCriticalSection
EnterCriticalSection
lstrcmpiA
HeapCreate
GetModuleFileNameA
CreateFileA
DeleteCriticalSection
InitializeCriticalSection
WideCharToMultiByte
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetDriveTypeW
GetCurrentDirectoryW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
MultiByteToWideChar
SetStdHandle
DisableThreadLibraryCalls

advapi32

CryptDestroyHash
CryptAcquireContextW
RegQueryValueExA
RegEnumKeyExA
RegOpenKeyExA
CryptGetHashParam
CryptCreateHash
CryptHashData
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
CryptReleaseContext

rpcrt4

UuidCreate

Exports

Exports

D3DAssemble
D3DCompile
D3DCompile2
D3DCompileFromFile
D3DCompressShaders
D3DCreateBlob
D3DCreateFunctionLinkingGraph
D3DCreateLinker
D3DDecompressShaders
D3DDisassemble
D3DDisassemble10Effect
D3DDisassemble11Trace
D3DDisassembleRegion
D3DGetBlobPart
D3DGetDebugInfo
D3DGetInputAndOutputSignatureBlob
D3DGetInputSignatureBlob
D3DGetOutputSignatureBlob
D3DGetTraceInstructionOffsets
D3DLoadModule
D3DPreprocess
D3DReadFileToBlob
D3DReflect
D3DReflectLibrary
D3DReturnFailure1
D3DSetBlobPart
D3DStripShader
D3DWriteBlobToFile
DebugSetMute

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 916KB - Virtual size: 913KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 128KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ruination.Swapper 2.0.8/PenImc_cor3.dll
.dll regsvr32 windows:6 windows x64 arch:x64

Password: 1313

4093c03428ffebcedcb974ab93290ca8

Code Sign

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/05/2023, 19:03

Not After

08/05/2024, 19:03

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

19:a2:11:49:b3:5f:3d:c9:8e:4a:88:08:ac:b2:b3:67:81:e8:61:f3:da:82:4d:a1:6f:b4:f2:cd:b4:e9:cd:95
Signer

Actual PE Digest

19:a2:11:49:b3:5f:3d:c9:8e:4a:88:08:ac:b2:b3:67:81:e8:61:f3:da:82:4d:a1:6f:b4:f2:cd:b4:e9:cd:95

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\artifacts\bin\PenImc\x64\Release\PenImc_cor3.pdb

Imports

kernel32

SetThreadLocale
DeleteCriticalSection
RaiseException
DecodePointer
EncodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
CreateEventW
GetCurrentProcessId
OpenEventW
OpenMutexW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
SetEvent
LocalFree
SignalObjectAndWait
IsWow64Process
GetCurrentProcess
OutputDebugStringW
GetThreadLocale
CreateThread
QueueUserAPC
SetWaitableTimer
CancelWaitableTimer
CreateActCtxW
ActivateActCtx
VerSetConditionMask
LoadLibraryW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsDebuggerPresent
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
RtlPcToFileHeader
InterlockedFlushSList
CreateMutexW
CloseHandle
GetModuleFileNameW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
GetLastError
lstrcmpiW
GetModuleHandleW
GetProcAddress
FreeLibrary
CreateWaitableTimerW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
RtlUnwindEx
RtlLookupFunctionEntry
GetCurrentThreadId

user32

GetWindow
GetWindowRect
CallNextHookEx
SetWindowsHookExW
EqualRect
GetParent
GetWindowThreadProcessId
CharNextW
PeekMessageW
MsgWaitForMultipleObjectsEx
IsWindow
UnhookWindowsHookEx
GetSystemMetrics
MonitorFromWindow
GetMonitorInfoW
GetDesktopWindow

advapi32

ConvertSidToStringSidW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegDeleteKeyW

shell32

ShellExecuteExW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoLockObjectExternal
StringFromGUID2
CoCreateInstance
CoGetApartmentType

oleaut32

UnRegisterTypeLi
VarUI4FromStr
LoadTypeLi
SysFreeString
RegisterTypeLi
SysStringLen
SysAllocString

api-ms-win-crt-string-l1-1-0

strcpy_s
wcscpy_s
wcscat_s
wcsncmp
wcsncpy_s

api-ms-win-crt-heap-l1-1-0

malloc
calloc
free
realloc
_recalloc
_callnewh

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_invalid_parameter_noinfo
abort
terminate
_initterm
_initterm_e
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_errno
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf

rpcrt4

NdrCStdStubBuffer_Release
CStdStubBuffer_Connect
NdrDllCanUnloadNow
CStdStubBuffer_IsIIDSupported
IUnknown_QueryInterface_Proxy
CStdStubBuffer_Disconnect
NdrDllGetClassObject
NdrDllRegisterProxy
CStdStubBuffer_DebugServerRelease
NdrOleAllocate
CStdStubBuffer_QueryInterface
CStdStubBuffer_CountRefs
CStdStubBuffer_DebugServerQueryInterface
IUnknown_Release_Proxy
CStdStubBuffer_AddRef
NdrOleFree
NdrDllUnregisterProxy
IUnknown_AddRef_Proxy
CStdStubBuffer_Invoke

Exports

Exports

CreateResetEvent
DestroyResetEvent
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GetLastSystemEventData
GetPenEvent
GetPenEventMultiple
GetProxyDllInfo
LockWispObjectFromGit
RaiseResetEvent
RegisterDllForSxSCOM
UnlockWispObjectFromGit

Sections

.text
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 197B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ruination.Swapper 2.0.8/PresentationNative_cor3.dll
.dll windows:6 windows x64 arch:x64

Password: 1313

a09c9abadde79aec9926dc99ee900a1a

Code Sign

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/05/2023, 19:03

Not After

08/05/2024, 19:03

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:b1:45:66:5e:a6:45:c8:7c:73:12:d5:7d:b9:0a:d8:a1:b7:c6:7d:dd:5f:a7:eb:57:90:8a:57:79:98:4e:6f
Signer

Actual PE Digest

43:b1:45:66:5e:a6:45:c8:7c:73:12:d5:7d:b9:0a:d8:a1:b7:c6:7d:dd:5f:a7:eb:57:90:8a:57:79:98:4e:6f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\artifacts\bin\PresentationNative\x64\Release\PresentationNative_cor3.pdb

Imports

kernel32

UnhandledExceptionFilter
GetCurrentThread
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
TerminateThread
GetProcAddress
VerSetConditionMask
FreeLibrary
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
OutputDebugStringW
DeleteCriticalSection
DisableThreadLibraryCalls
LoadLibraryW
InitializeCriticalSection
InitializeCriticalSectionEx
GlobalDeleteAtom
DebugBreak
OutputDebugStringA
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
InterlockedFlushSList
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RaiseException
EncodePointer
SetLastError
GetLastError

ntdll

RtlLookupFunctionEntry
DbgPrompt
RtlPcToFileHeader
RtlUnwindEx
DbgPrintEx
RtlCaptureContext
DbgBreakPoint
RtlVirtualUnwind
NtQuerySystemInformation

api-ms-win-crt-runtime-l1-1-0

terminate
abort
_cexit
_crt_atexit
_execute_onexit_table
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function

api-ms-win-crt-heap-l1-1-0

free
calloc
malloc

api-ms-win-crt-string-l1-1-0

strcpy_s
iswpunct
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf

user32

GetAncestor
FindWindowExW
SetWindowLongPtrW
SetWindowLongW
SetScrollPos
SetFocus
MapWindowPoints
GetWindowTextLengthW
GetWindowTextW
GetWindowLongPtrW
GetWindowLongW
GetWindow
GetKeyboardLayoutList
GetParent
GetMenuBarInfo
EnableWindow

gdi32

GetTextExtentPoint32W

ole32

CoTaskMemFree
CoCreateInstance

oleaut32

SysAllocString
VariantInit
VariantChangeType
VariantClear

Exports

Exports

CreateDocContext
CreateInstalledObjectsInfo
CreateTextAnalysisSink
CreateTextAnalysisSource
DestroyDocContext
DestroyInstalledObjectsInfo
EnableWindowWrapper
FindWindowExWrapper
FsAddFigureObstacle
FsClearUpdateInfoInPage
FsClearUpdateInfoInSubpage
FsClearUpdateInfoInSubtrack
FsClearUpdateInfoInTableSrv
FsCommitFilledRectangle
FsCompareSubpages
FsCompareSubtrack
FsCompareTableSrv
FsCreateDocContext
FsCreateDummyFootnoteRejector
FsCreatePageBottomless
FsCreatePageFinite
FsCreateSubpageBottomless
FsCreateSubpageFinite
FsDestroyDocContext
FsDestroyFootnoteRejector
FsDestroyPage
FsDestroyPageBreakRecord
FsDestroySubpage
FsDestroySubpageBreakRecord
FsDestroySubtrack
FsDestroySubtrackBreakRecord
FsDestroyTableSrv
FsDestroyTableSrvBreakRecord
FsDuplicateGeometry
FsDuplicatePageBreakRecord
FsDuplicateSubpageBreakRecord
FsDuplicateSubtrackBreakRecord
FsDuplicateTableSrvBreakRecord
FsFAllFootnotesAllowed
FsFFootnoteAllowed
FsFormatSubtrackBottomless
FsFormatSubtrackFinite
FsFormatTableSrvBottomless
FsFormatTableSrvFinite
FsGetClientHandle
FsGetColumnRectangle
FsGetEmptySpaces
FsGetFigureObstacleData
FsGetFloaterFsimethods
FsGetIntervals
FsGetMaxNumberEmptySpaces
FsGetMaxNumberIntervals
FsGetNextTick
FsGetNumberSubpageFootnotes
FsGetNumberSubtrackFootnotes
FsGetPageRectangle
FsGetShiftOffset
FsGetSubpageColumnBalancingInfo
FsGetSubpageFootnoteInfo
FsGetSubtrackColumnBalancingInfo
FsGetSubtrackFootnoteInfo
FsGetTableObjFsimethods
FsGetTableSrvColumnBalancingInfo
FsGetTableSrvFootnoteInfo
FsGetTableSrvNumberFootnotes
FsJustifySubpage
FsQueryAttachedObjectList
FsQueryCompositeColumnDetails
FsQueryCompositeColumnFootnoteList
FsQueryDcpLineVariantsFromCachedTextPara
FsQueryEndnoteColumnDetails
FsQueryFigureObjectDetails
FsQueryFloaterDetails
FsQueryFootnoteColumnDetails
FsQueryFootnoteColumnTrackList
FsQueryHeightDefinedColumnSpanAreaList
FsQueryLineCompositeElementList
FsQueryLineListComposite
FsQueryLineListSingle
FsQueryPageDetails
FsQueryPageFootnoteColumnList
FsQueryPageSectionList
FsQuerySectionBasicColumnList
FsQuerySectionCompositeColumnList
FsQuerySectionDetails
FsQuerySectionEndnoteColumnList
FsQuerySegmentDefinedColumnSpanAreaList
FsQuerySubpageBasicColumnList
FsQuerySubpageDetails
FsQuerySubpageHeightDefinedColumnSpanAreaList
FsQuerySubpageSegmentDefinedColumnSpanAreaList
FsQuerySubtrackDetails
FsQuerySubtrackParaList
FsQueryTableObjCellList
FsQueryTableObjDetails
FsQueryTableObjFigureCountWord
FsQueryTableObjFigureListWord
FsQueryTableObjRowDetails
FsQueryTableObjRowList
FsQueryTableObjTableProperDetails
FsQueryTableSrvCellList
FsQueryTableSrvRowDetails
FsQueryTableSrvRowList
FsQueryTableSrvTableDetails
FsQueryTextDetails
FsQueryTrackDetails
FsQueryTrackParaList
FsRegisterFloatObstacle
FsReleaseGeometry
FsResolveOverlap
FsRestoreGeometry
FsShiftSubtrackVertical
FsSynchronizeBottomlessSubtrack
FsTransferDisplayInfoSubpage
FsTransferDisplayInfoSubtrack
FsTransferDisplayInfoTableSrv
FsTransformBbox
FsTransformPoint
FsTransformRectangle
FsTransformVector
FsUpdateBottomlessPage
FsUpdateBottomlessSubpage
FsUpdateBottomlessSubtrack
FsUpdateBottomlessTableSrv
FsUpdateFinitePage
GetAncestorWrapper
GetFloaterHandlerInfo
GetKeyboardLayoutListWrapper
GetMenuBarInfoWrapper
GetNumberSubstitutionList
GetParentWrapper
GetScriptAnalysisList
GetTableObjHandlerInfo
GetTextExtentPoint32Wrapper
GetWindowLongPtrWrapper
GetWindowLongWrapper
GetWindowTextLengthWrapper
GetWindowTextWrapper
GetWindowWrapper
GlobalDeleteAtomWrapper
IsPrintPackageTargetSupported
IsStartXpsPrintJobSupported
IsWindows10OrGreater
IsWindows10RS1OrGreater
IsWindows10RS2OrGreater
IsWindows10RS3OrGreater
IsWindows10RS4OrGreater
IsWindows10RS5OrGreater
IsWindows10TH1OrGreater
IsWindows10TH2OrGreater
IsWindows7OrGreater
IsWindows7SP1OrGreater
IsWindows8OrGreater
IsWindows8Point1OrGreater
IsWindowsServer
IsWindowsVistaOrGreater
IsWindowsVistaSP1OrGreater
IsWindowsVistaSP2OrGreater
IsWindowsXPOrGreater
IsWindowsXPSP1OrGreater
IsWindowsXPSP2OrGreater
IsWindowsXPSP3OrGreater
LateBoundStartXpsPrintJob
LoAcquireBreakRecord
LoAcquirePenaltyModule
LoCloneBreakRecord
LoCreateBreaks
LoCreateContext
LoCreateLine
LoCreateParaBreakingSession
LoDestroyContext
LoDisplayLine
LoDisposeBreakRecord
LoDisposeLine
LoDisposeParaBreakingSession
LoDisposePenaltyModule
LoEnumLine
LoGetEscString
LoGetPenaltyModuleInternalHandle
LoQueryLineCpPpoint
LoQueryLinePointPcp
LoRelievePenaltyResource
LoSetBreaking
LoSetDoc
LoSetTabs
LocbkGetObjectHandlerInfo
MILGetClassificationTables
MapWindowPointsWrapper
NlCreateHyphenator
NlDestroyHyphenator
NlGetClassObject
NlHyphenate
NlLoad
NlUnload
PrintToPackageTarget
SetFocusWrapper
SetScrollPosWrapper
SetWindowLongPtrWrapper
SetWindowLongWrapper

Sections

.text
Size: 951KB - Virtual size: 951KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ruination.Swapper 2.0.8/Ruination.exe
.exe windows:4 windows x86 arch:x86

Password: 1313

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\tucd2rnjuxxnc\obj\Release\Beyound.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 547KB - Virtual size: 547KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ruination.Swapper 2.0.8/Ruination.pdb
Ruination.Swapper 2.0.8/WebView2Loader.dll
.dll windows:5 windows x64 arch:x64

Password: 1313

dc9fbafd0b96c0a640df70f088bfd2b0

Code Sign

33:00:00:02:cf:a0:25:90:e3:13:04:ef:15:00:00:00:00:02:cf
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

12/05/2022, 20:46

Not After

11/05/2023, 20:46

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7e:2e:49:05:9e:ae:a9:1c:3c:b9:6b:29:58:e2:66:98:0f:9e:66:cd:54:19:44:38:27:88:70:01:67:f2:50:d4
Signer

Actual PE Digest

7e:2e:49:05:9e:ae:a9:1c:3c:b9:6b:29:58:e2:66:98:0f:9e:66:cd:54:19:44:38:27:88:70:01:67:f2:50:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WebView2Loader.dll.pdb

Imports

kernel32

CloseHandle
CreateEventW
CreateFileW
DeleteCriticalSection
EncodePointer
EnterCriticalSection
ExitProcess
FindClose
FindFirstFileExW
FindNextFileW
FlsAlloc
FlsFree
FlsGetValue
FlsSetValue
FlushFileBuffers
FreeEnvironmentStringsW
FreeLibrary
GetACP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetConsoleMode
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesW
GetFileType
GetLastError
GetModuleFileNameW
GetModuleHandleExW
GetModuleHandleW
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoW
GetStdHandle
GetStringTypeW
GetSystemInfo
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InitializeSListHead
InterlockedFlushSList
IsDebuggerPresent
IsProcessorFeaturePresent
IsValidCodePage
LCMapStringW
LeaveCriticalSection
LoadLibraryExA
LoadLibraryExW
LoadLibraryW
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
RaiseException
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlPcToFileHeader
RtlUnwindEx
RtlVirtualUnwind
SetEvent
SetFilePointerEx
SetLastError
SetStdHandle
SetUnhandledExceptionFilter
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
UnhandledExceptionFilter
VirtualProtect
VirtualQuery
WaitForSingleObjectEx
WideCharToMultiByte
WriteConsoleW
WriteFile

Exports

Exports

CompareBrowserVersions
CreateCoreWebView2Environment
CreateCoreWebView2EnvironmentWithOptions
GetAvailableCoreWebView2BrowserVersionString

Sections

.text
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gxfg
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.retplne
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.voltbl
Size: 512B - Virtual size: 68B

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ruination.Swapper 2.0.8/WebviewAppShared.pdb
Ruination.Swapper 2.0.8/aspnetcorev2_inprocess.dll
.dll windows:6 windows x64 arch:x64

Password: 1313

cf9e2a3365af497b12c61a3dddf05adb

Code Sign

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/03/2023, 18:43

Not After

14/03/2024, 18:43

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

47:34:af:c5:55:a1:ae:e5:f1:95:43:9f:71:ec:5e:4c:23:c2:8d:37:e6:31:d1:0c:a4:be:85:3d:dc:8c:9e:b3
Signer

Actual PE Digest

47:34:af:c5:55:a1:ae:e5:f1:95:43:9f:71:ec:5e:4c:23:c2:8d:37:e6:31:d1:0c:a4:be:85:3d:dc:8c:9e:b3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\artifacts\bin\InProcessRequestHandler\x64\Release\aspnetcorev2_inprocess.pdb

Imports

kernel32

SetEvent
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
FreeLibrary
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleExW
SetDllDirectoryW
CloseHandle
GetConsoleWindow
DecodePointer
InitializeCriticalSectionEx
DeleteCriticalSection
LoadLibraryA
InitializeCriticalSection
IsDebuggerPresent
SetCurrentDirectoryW
GetLastError
SetEnvironmentVariableW
DisableThreadLibraryCalls
GetCurrentProcessId
InitializeSRWLock
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
InterlockedFlushSList
RtlUnwindEx
RtlPcToFileHeader
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LCMapStringEx
EncodePointer
GetSystemTimeAsFileTime
SleepConditionVariableSRW
WakeAllConditionVariable
GetStringTypeW
QueryPerformanceCounter
GetFileInformationByHandleEx
AreFileApisANSI
SetLastError
HeapCreate
HeapDestroy
HeapAlloc
HeapFree
GetProcessHeap
HeapLock
HeapUnlock
HeapWalk
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
QueryDepthSList
GetCurrentProcessorNumber
GetSystemInfo
GetModuleHandleW
GetStdHandle
CreateFileW
FlushFileBuffers
SetFilePointer
WriteFile
OutputDebugStringW
DuplicateHandle
GetCurrentProcess
CompareStringOrdinal
WideCharToMultiByte
GetConsoleOutputCP
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockShared
CreateDirectoryW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
GetEnvironmentVariableW
ExpandEnvironmentStringsW
GetCurrentDirectoryW
GetNativeSystemInfo
IsWow64Process
GetDllDirectoryW
CopyFileW
GetProcessTimes
FileTimeToSystemTime
GetProcAddress
LoadLibraryW
ReadFile
CreatePipe
CancelSynchronousIo
CreateThread
TerminateThread
GetExitCodeThread
AllocConsole
SetHandleInformation
GetExitCodeProcess
CreateProcessW
LocalFree
GetBinaryTypeW
SetStdHandle
GetFileAttributesW
HeapReAlloc
CreateIoCompletionPort
GetQueuedCompletionStatus
PostQueuedCompletionStatus
ExitThread
QueueUserWorkItem
CreateThreadpoolTimer
SetThreadpoolTimer
WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
ReadDirectoryChangesW
RaiseException
EnterCriticalSection
LeaveCriticalSection
FormatMessageA
GetLocaleInfoEx
WaitForSingleObjectEx
GetCurrentThreadId
FindClose
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
GetFullPathNameW
SetFileInformationByHandle

user32

GetWindowThreadProcessId
PostMessageW
EnumWindows

advapi32

RegCloseKey
RegQueryValueExW
ReportEventW
RegisterEventSourceW
RegGetValueW
RegOpenKeyExW

oleaut32

VariantClear
VariantInit
SysAllocString
VariantChangeType
SysFreeString

api-ms-win-crt-runtime-l1-1-0

terminate
_beginthreadex
_configure_narrow_argv
_seh_filter_dll
_initialize_narrow_environment
abort
_crt_atexit
_cexit
_initterm
_initterm_e
_errno
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_execute_onexit_table
_invalid_parameter_noinfo
_register_onexit_function

api-ms-win-crt-string-l1-1-0

_stricmp
_wcsnicmp
isupper
strcpy_s
_wcsdup
wcsncmp
wcsnlen
__strncnt
toupper
strcspn
islower

api-ms-win-crt-stdio-l1-1-0

fseek
setvbuf
ungetc
__acrt_iob_func
freopen_s
fwrite
__stdio_common_vsprintf_s
__stdio_common_vsnprintf_s
_fseeki64
fsetpos
_fileno
__stdio_common_vsnwprintf_s
fputws
fputwc
_dup
fread
fputc
fgetpos
fgetc
fflush
fclose
_dup2
_get_osfhandle
_get_stream_buffer_pointers
__stdio_common_vswprintf
__stdio_common_vsprintf
__stdio_common_vfwprintf
_wfsopen
_open_osfhandle

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc
_callnewh
_aligned_malloc
_aligned_free

api-ms-win-crt-time-l1-1-0

_gmtime64_s
wcsftime
_time64

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file

api-ms-win-crt-math-l1-1-0

frexp
_dclass
_ldclass
_fdopen

api-ms-win-crt-convert-l1-1-0

_wtoi
wcstoul
strtol

shell32

CommandLineToArgvW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

api-ms-win-crt-locale-l1-1-0

_unlock_locales
setlocale
_lock_locales
___lc_locale_name_func
__pctype_func
___mb_cur_max_func
localeconv
___lc_codepage_func

Exports

Exports

CreateApplication
get_hostfxr_path
http_cancel_io
http_close_connection
http_disable_buffering
http_enable_websockets
http_flush_response_bytes
http_get_application_properties
http_get_authentication_information
http_get_completion_info
http_get_raw_request
http_get_raw_response
http_get_server_variable
http_has_response4
http_indicate_completion
http_post_completion
http_read_request_bytes
http_reset_stream
http_response_set_known_header
http_response_set_need_goaway
http_response_set_trailer
http_response_set_unknown_header
http_set_completion_status
http_set_managed_context
http_set_response_status_code
http_set_server_variable
http_set_startup_error_page_content
http_stop_calls_into_managed
http_stop_incoming_requests
http_websockets_flush_bytes
http_websockets_read_bytes
http_websockets_write_bytes
http_write_response_bytes
register_callbacks
set_main_handler

Sections

.text
Size: 258KB - Virtual size: 257KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ruination.Swapper 2.0.8/items
Ruination.Swapper 2.0.8/oo2core_9_win64.dll
.dll windows:6 windows x64 arch:x64

Password: 1313

edbf2a036293674c2ebc72357df2b00a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

v:\devel\projects\oodle2\cdepbuild\win64_release_dll\oo2core_9_win64.pdb

Imports

kernel32

OutputDebugStringA
HeapAlloc
HeapFree
GetProcessHeap
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
InitializeSListHead

vcruntime140

_purecall
__C_specific_handler
__std_type_info_destroy_list
memset
memcpy
__CxxFrameHandler3
__std_terminate
memmove

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
_execute_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initialize_onexit_table
_initterm
terminate
_cexit
_crt_atexit
_initialize_narrow_environment
_initterm_e

api-ms-win-crt-heap-l1-1-0

free

Exports

Exports

OodleCore_Plugin_DisplayAssertion_Default
OodleCore_Plugin_Free_Default
OodleCore_Plugin_MallocAligned_Default
OodleCore_Plugin_Printf_Default
OodleCore_Plugin_Printf_Verbose
OodleCore_Plugin_RunJob_Default
OodleCore_Plugin_WaitJob_Default
OodleCore_Plugins_SetAllocators
OodleCore_Plugins_SetAssertion
OodleCore_Plugins_SetJobSystem
OodleCore_Plugins_SetJobSystemAndCount
OodleCore_Plugins_SetPrintf
OodleKraken_Decode_Headerless
OodleLZDecoder_Create
OodleLZDecoder_DecodeSome
OodleLZDecoder_Destroy
OodleLZDecoder_MakeValidCircularWindowSize
OodleLZDecoder_MemorySizeNeeded
OodleLZDecoder_Reset
OodleLZLegacyVTable_InstallToCore
OodleLZ_CheckSeekTableCRCs
OodleLZ_Compress
OodleLZ_CompressOptions_GetDefault
OodleLZ_CompressOptions_Validate
OodleLZ_CompressionLevel_GetName
OodleLZ_Compressor_GetName
OodleLZ_CreateSeekTable
OodleLZ_Decompress
OodleLZ_FillSeekTable
OodleLZ_FindSeekEntry
OodleLZ_FreeSeekTable
OodleLZ_GetAllChunksCompressor
OodleLZ_GetChunkCompressor
OodleLZ_GetCompressScratchMemBound
OodleLZ_GetCompressedBufferSizeNeeded
OodleLZ_GetCompressedStepForRawStep
OodleLZ_GetDecodeBufferSize
OodleLZ_GetFirstChunkCompressor
OodleLZ_GetInPlaceDecodeBufferSize
OodleLZ_GetNumSeekChunks
OodleLZ_GetSeekEntryPackedPos
OodleLZ_GetSeekTableMemorySizeNeeded
OodleLZ_Jobify_GetName
OodleLZ_MakeSeekChunkLen
OodleLZ_ThreadPhased_BlockDecoderMemorySizeNeeded
Oodle_CheckVersion
Oodle_GetConfigValues
Oodle_LogHeader
Oodle_SetConfigValues
Oodle_SetUsageWarnings

Sections

.text
Size: 472KB - Virtual size: 471KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ruination.Swapper 2.0.8/vcruntime140_cor3.dll
.dll windows:6 windows x64 arch:x64

Password: 1313

7f07fd94e5bb907093556781cc464017

Code Sign

33:00:00:00:e5:ce:9e:eb:de:4d:48:35:f4:00:00:00:00:00:e5
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/02/2023, 22:33

Not After

31/01/2024, 22:33

Subject

CN=Microsoft Windows Software Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:14:9d:fb:c3:1f:1f:63:c3:10:00:00:00:00:00:14
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

01/05/2013, 20:44

Not After

01/05/2028, 20:54

Subject

CN=Microsoft Windows Third Party Component CA 2013,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:03:3c:2b:0a:49:d9:d2:91:7e:ac:00:00:00:00:03:3c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/02/2023, 20:10

Not After

31/01/2024, 20:10

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:55:39:9d:70:70:f4:f3:a5:2a:ec:30:c8:36:4c:bc:53:5e:94:67:76:ba:fe:fe:52:2a:4f:6f:df:53:c2:6b
Signer

Actual PE Digest

ad:55:39:9d:70:70:f4:f3:a5:2a:ec:30:c8:36:4c:bc:53:5e:94:67:76:ba:fe:fe:52:2a:4f:6f:df:53:c2:6b

Digest Algorithm

sha256

PE Digest Matches

true

ad:55:39:9d:70:70:f4:f3:a5:2a:ec:30:c8:36:4c:bc:53:5e:94:67:76:ba:fe:fe:52:2a:4f:6f:df:53:c2:6b
Signer

Actual PE Digest

ad:55:39:9d:70:70:f4:f3:a5:2a:ec:30:c8:36:4c:bc:53:5e:94:67:76:ba:fe:fe:52:2a:4f:6f:df:53:c2:6b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\binaries\amd64ret\bin\amd64\\vcruntime140.amd64.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

terminate
abort

api-ms-win-crt-heap-l1-1-0

calloc
malloc
free

api-ms-win-crt-string-l1-1-0

strcpy_s
strncmp
wcsncmp

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
__stdio_common_vsprintf_s

api-ms-win-crt-convert-l1-1-0

atol

kernel32

GetLastError
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
RtlLookupFunctionEntry
RtlUnwindEx
GetModuleHandleW
GetModuleFileNameW
RtlUnwind
EncodePointer
RaiseException
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcAddress
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW

Exports

Exports

_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_IsExceptionObjectToBeDestroyed
_SetWinRTOutOfMemoryExceptionCallback
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__C_specific_handler_noexcept
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__GetPlatformExceptionInfo
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__TypeMatch
__current_exception
__current_exception_context
__intrinsic_setjmp
__intrinsic_setjmpex
__processing_throw
__report_gsfailure
__std_exception_copy
__std_exception_destroy
__std_terminate
__std_type_info_compare
__std_type_info_destroy_list
__std_type_info_hash
__std_type_info_name
__telemetry_main_invoke_trigger
__telemetry_main_return_trigger
__unDName
__unDNameEx
__uncaught_exception
__uncaught_exceptions
__vcrt_GetModuleFileNameW
__vcrt_GetModuleHandleW
__vcrt_InitializeCriticalSectionEx
__vcrt_LoadLibraryExW
_get_purecall_handler
_get_unexpected
_is_exception_typeof
_local_unwind
_purecall
_set_purecall_handler
_set_se_translator
longjmp
memchr
memcmp
memcpy
memmove
memset
set_unexpected
strchr
strrchr
strstr
unexpected
wcschr
wcsrchr
wcsstr

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

fothk
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ruination.Swapper 2.0.8/wpfgfx_cor3.dll
.dll windows:6 windows x64 arch:x64

ac3b0abeae626484285b3156c68cdebc

Code Sign

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7c
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/05/2023, 19:03

Not After

08/05/2024, 19:03

Subject

CN=.NET,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:e1:09:a7:e7:d5:f0:07:a4:57:ef:d2:37:7b:45:0d:9d:1e:96:4a:c8:98:b3:48:88:c4:ff:c8:17:b2:35:f2
Signer

Actual PE Digest

90:e1:09:a7:e7:d5:f0:07:a4:57:ef:d2:37:7b:45:0d:9d:1e:96:4a:c8:98:b3:48:88:c4:ff:c8:17:b2:35:f2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\_work\1\s\artifacts\bin\wpfgfx\x64\Release\wpfgfx_cor3.pdb

Imports

kernel32

WaitForSingleObject
CloseHandle
CreateEventW
CreateThread
GetCurrentThreadId
ResetEvent
TryEnterCriticalSection
MulDiv
QueryPerformanceCounter
Sleep
FindResourceW
LoadResource
LockResource
GlobalUnlock
QueryPerformanceFrequency
InitializeSListHead
InterlockedPushEntrySList
QueryDepthSList
InterlockedFlushSList
SleepEx
RtlCaptureStackBackTrace
IsDebuggerPresent
ExitProcess
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
TerminateThread
GetCurrentThread
GetCurrentProcessId
SetThreadPriority
LoadLibraryExW
TryAcquireSRWLockExclusive
GetLocaleInfoEx
LocalFree
FormatMessageA
GetSystemTimeAsFileTime
SleepConditionVariableSRW
FindClose
FindFirstFileW
GetSystemDirectoryW
SystemTimeToFileTime
LoadLibraryA
LoadLibraryExA
DebugBreak
GetModuleFileNameW
FreeLibrary
OutputDebugStringW
LoadLibraryW
LeaveCriticalSection
GetVersionExW
SetEvent
EnterCriticalSection
DeleteCriticalSection
SetLastError
InitializeCriticalSectionAndSpinCount
GetLastError
DisableThreadLibraryCalls
IsProcessorFeaturePresent
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
RaiseException
EncodePointer
VerSetConditionMask
VirtualAlloc
VirtualFree
TerminateProcess
GetCurrentProcess
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
SizeofResource
GetTickCount
WaitForMultipleObjects
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetSystemInfo
VirtualProtect
GetModuleHandleW
GetProcAddress
VirtualQuery

advapi32

UnregisterTraceGuids
RegQueryValueExW
RegCloseKey
AllocateLocallyUniqueId
RegisterTraceGuidsW
GetTraceEnableLevel
GetTraceEnableFlags
GetTraceLoggerHandle
TraceMessage
TraceEvent
RegOpenKeyExW

ntdll

RtlClearBits
RtlFindClearBitsAndSet
RtlSetBits
RtlInitializeBitMap
DbgPrompt
NtQuerySystemInformation
DbgPrintEx
RtlInterlockedFlushSList
DbgBreakPoint
RtlCaptureContext
RtlUnwindEx
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlVirtualUnwind

user32

MonitorFromWindow
OffsetRect
GetMonitorInfoW
SystemParametersInfoW
EnumDisplaySettingsW
ClientToScreen
GetClientRect
InvalidateRect
GetWindowLongW
WindowFromDC
GetDC
GetParent
GetWindowDC
ScreenToClient
UpdateLayeredWindow
IsWindow
PeekMessageW
TranslateMessage
EqualRect
DispatchMessageW
SetLayeredWindowAttributes
GetWindowRect
EnumDisplayMonitors
EnumDisplayDevicesW
ReleaseDC
MsgWaitForMultipleObjects
GetDesktopWindow
GetGuiResources
RegisterWindowMessageW
PostMessageW
IsRectEmpty
SetRect
IntersectRect

gdi32

SetLayout
CreateCompatibleDC
CreatePalette
GetRandomRgn
SelectPalette
GetSystemPaletteEntries
GetDIBits
RealizePalette
OffsetRgn
GetRgnBox
SetRectRgn
CreateRectRgn
GetRegionData
RectInRegion
CombineRgn
CreateRectRgnIndirect
SelectObject
CreateDIBSection
DeleteObject
CreateICW
GetDeviceCaps
DeleteDC
BitBlt
CreateCompatibleBitmap

ole32

CoUninitialize
CoInitialize
CoCreateInstance
PropVariantClear
PropVariantCopy
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SysAllocString
VariantInit
VariantClear
SysFreeString

d3dcompiler_47_cor3

D3DCompile

api-ms-win-crt-runtime-l1-1-0

abort
terminate
_seh_filter_dll
_configure_narrow_argv
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_initialize_narrow_environment
_cexit
_initterm
_initterm_e

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-math-l1-1-0

exp
cosf
_isnan
_finite
floor
cos
ceilf
pow
fmod
fmodf
logf
_copysign
atan2f
modf
sin
sinf
sqrt
sqrtf
nextafterf
floorf
tan

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vswprintf

api-ms-win-crt-heap-l1-1-0

free
malloc
calloc

api-ms-win-crt-string-l1-1-0

strcpy_s
wcsncmp

api-ms-win-crt-utility-l1-1-0

qsort

Exports

Exports

GetNextPerfElementId
IWICColorContext_GetExifColorSpace_Proxy
IWICColorContext_GetProfileBytes_Proxy
IWICColorContext_GetType_Proxy
InteropDeviceBitmap_AddDirtyRect
InteropDeviceBitmap_Create
InteropDeviceBitmap_Detach
InteropDeviceBitmap_GetAsSoftwareBitmap
MIL3DCalcProjected2DBounds
MILAddRef
MILCreateEventProxy
MILCreateFactory
MILCreateStreamFromStreamDescriptor
MILFactoryCreateBitmapRenderTarget
MILFactoryCreateMediaPlayer
MILFactoryCreateSWRenderTargetForBitmap
MILIStreamWrite
MILLoadResource
MILMediaCanPause
MILMediaClose
MILMediaGetBufferingProgress
MILMediaGetDownloadProgress
MILMediaGetMediaLength
MILMediaGetNaturalHeight
MILMediaGetNaturalWidth
MILMediaGetPosition
MILMediaHasAudio
MILMediaHasVideo
MILMediaIsBuffering
MILMediaNeedUIFrameUpdate
MILMediaOpen
MILMediaProcessExitHandler
MILMediaSetBalance
MILMediaSetIsScrubbingEnabled
MILMediaSetPosition
MILMediaSetRate
MILMediaSetVolume
MILMediaShutdown
MILMediaStop
MILQueryInterface
MILRelease
MILRenderTargetBitmapClear
MILRenderTargetBitmapGetBitmap
MILSwDoubleBufferedBitmapAddDirtyRect
MILSwDoubleBufferedBitmapCreate
MILSwDoubleBufferedBitmapGetBackBuffer
MILSwDoubleBufferedBitmapProtectBackBuffer
MILUpdateSystemParametersInfo
MilChannel_AppendCommandData
MilChannel_BeginCommand
MilChannel_CloseBatch
MilChannel_CommitChannel
MilChannel_EndCommand
MilChannel_GetMarshalType
MilChannel_SetNotificationWindow
MilChannel_SetReceiveBroadcastMessages
MilCompositionEngine_DeinitializePartitionManager
MilCompositionEngine_EnterCompositionEngineLock
MilCompositionEngine_ExitCompositionEngineLock
MilCompositionEngine_GetComposedEventId
MilCompositionEngine_InitializePartitionManager
MilCompositionEngine_UpdateSchedulerSettings
MilComposition_PeekNextMessage
MilComposition_SyncFlush
MilComposition_WaitForNextMessage
MilConnection_CreateChannel
MilConnection_DestroyChannel
MilContent_AttachToHwnd
MilContent_DetachFromHwnd
MilGlyphRun_GetGlyphOutline
MilGlyphRun_ReleasePathGeometryData
MilPlayer_Create
MilPlayer_Process
MilResource_CreateCWICWrapperBitmap
MilResource_CreateOrAddRefOnChannel
MilResource_DuplicateHandle
MilResource_GetRefCountOnChannel
MilResource_ReleaseOnChannel
MilResource_SendCommand
MilResource_SendCommandBitmapSource
MilResource_SendCommandMedia
MilUtility_ArcToBezier
MilUtility_CopyPixelBuffer
MilUtility_GeometryGetArea
MilUtility_GetPointAtLengthFraction
MilUtility_GetTileBrushMapping
MilUtility_PathGeometryBounds
MilUtility_PathGeometryCombine
MilUtility_PathGeometryFlatten
MilUtility_PathGeometryHitTest
MilUtility_PathGeometryHitTestPathGeometry
MilUtility_PathGeometryOutline
MilUtility_PathGeometryWiden
MilUtility_PolygonBounds
MilUtility_PolygonHitTest
MilVersionCheck
MilVisualTarget_AttachToHwnd
MilVisualTarget_DetachFromHwnd
RenderOptions_ForceSoftwareRenderingModeForProcess
RenderOptions_IsSoftwareRenderingForcedForProcess
SetMilPerfInstrumentationFlags
WgxConnection_Create
WgxConnection_Disconnect
WgxConnection_SameThreadPresent
WgxConnection_ShouldForceSoftwareForGraphicsStreamClient

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 346KB - Virtual size: 345KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ruination.Swapper 2.0.8/wwwroot/aopaliance/lince/NVSPCAPS/_nvspcaps64.dll
.dll windows:6 windows x64 arch:x64

c27cb76bf211b8bcd4628bb3c785f146

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4b:7d:5d:f4:ad:da:af:83:e0:e5:42:60:86:e7:68:43:ca:5e:b6:75:6c:6b:ae:6f:3a:18:3b:cc:27:93:13:a2
Signer

Actual PE Digest

4b:7d:5d:f4:ad:da:af:83:e0:e5:42:60:86:e7:68:43:ca:5e:b6:75:6c:6b:ae:6f:3a:18:3b:cc:27:93:13:a2

Digest Algorithm

sha256

PE Digest Matches

true

2b:90:4c:82:c6:09:f4:e9:03:a9:fc:30:1b:26:cf:4c:74:db:c1:59
Signer

Actual PE Digest

2b:90:4c:82:c6:09:f4:e9:03:a9:fc:30:1b:26:cf:4c:74:db:c1:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\server\win7_amd64_release\_nvspcaps64.pdb

Imports

kernel32

DeleteCriticalSection
LoadLibraryW
WideCharToMultiByte
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
CreateThread
WaitForMultipleObjects
CreateSemaphoreA
ResetEvent
GetFileAttributesA
Sleep
TerminateProcess
GetExitCodeProcess
GetTickCount
OpenEventA
HeapFree
GetProcessHeap
CreateEventW
GetSystemTimeAsFileTime
OpenProcess
GetCurrentThreadId
GetThreadId
GetModuleHandleA
CreateDirectoryA
CreateFileA
OutputDebugStringA
GetLocalTime
GetModuleFileNameW
MoveFileExA
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryA
MultiByteToWideChar
CreateDirectoryW
RemoveDirectoryW
GetTempPathW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
K32GetModuleFileNameExW
InitializeCriticalSectionEx
Process32FirstW
Process32NextW
SetCurrentDirectoryA
GetCurrentProcess
ProcessIdToSessionId
GetSystemDirectoryA
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
WTSGetActiveConsoleSessionId
K32GetProcessMemoryInfo
GetSystemTime
SystemTimeToFileTime
DeleteFileA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
QueryFullProcessImageNameA
RaiseException
DecodePointer
WriteFile
ReadFile
GetFileSizeEx
VerifyVersionInfoW
SetEndOfFile
ReadConsoleW
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
CloseHandle
lstrcmpA
LocalFree
LocalAlloc
LoadLibraryExW
GetModuleHandleW
CreateProcessW
CreateProcessA
SetLastError
OutputDebugStringW
GetFullPathNameW
GetFileAttributesW
CreateFileW
VerSetConditionMask
GetProcAddress
FreeLibrary
GetSystemDirectoryW
CreateWaitableTimerA
CancelWaitableTimer
SetWaitableTimer
GetLastError
CreateToolhelp32Snapshot
FlushFileBuffers
GetStringTypeW
SetConsoleCtrlHandler
GetACP
GetCurrentThread
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ReleaseMutex
OpenFileMappingA
CreateMutexA
OpenMutexA
CreateMutexW
OpenMutexW
OpenEventW
CreateFileMappingW
OpenFileMappingW

user32

FindWindowA
UnregisterClassA
WaitForInputIdle
PostThreadMessageA
GetMessageA
TranslateMessage
DispatchMessageA
RegisterDeviceNotificationA
UnregisterDeviceNotification
DefWindowProcA
PostQuitMessage
RegisterClassExA
GetWindow
EnumChildWindows
GetDesktopWindow
CreateWindowExA
GetWindowRect
IsWindowVisible
IsWindow
EnumDisplaySettingsExA
GetWindowThreadProcessId
EnumWindows
GetShellWindow
FindWindowExW
FindWindowW
GetWindowLongA
GetForegroundWindow
PostMessageA
SendMessageA
RedrawWindow
EnumDisplayDevicesA
EnumDisplaySettingsA
DestroyWindow

advapi32

RegCloseKey
ConvertStringSidToSidW
OpenSCManagerA
CloseServiceHandle
GetUserNameW
GetUserNameA
SetTokenInformation
GetLengthSid
DuplicateTokenEx
OpenProcessToken
RegDeleteKeyValueA
RegSetValueExA
RegQueryValueExW
RegDeleteKeyExA
RegDeleteKeyA
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityInfo
RegQueryValueExA
RegOpenKeyExA
AllocateAndInitializeSid
CopySid
FreeSid
GetSecurityDescriptorDacl
GetTokenInformation
SetEntriesInAclA

shell32

SHGetPropertyStoreFromParsingName
SHGetKnownFolderPath
SHGetFolderPathW
SHGetFolderPathA

ole32

PropVariantClear
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree

oleaut32

SetErrorInfo
VariantChangeType
GetErrorInfo
SysAllocStringLen
CreateErrorInfo
SysFreeString
VariantInit
VariantCopy
SysAllocString
VariantClear

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

shlwapi

PathFileExistsA

Exports

Exports

NvPluginGetInfo

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ruination.Swapper 2.0.8/wwwroot/aopaliance/lince/Plugins/LocalSystem/_nvspserviceplugin64.dll
.dll windows:6 windows x64 arch:x64

be4f48d4b1a7e383cbeb76503e3754ad

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:75:97:62:96:e8:42:53:f9:0c:db:79:a8:db:c4:48:a8:9b:97:c0:a6:31:2b:a0:66:e0:09:0d:da:79:b3:3b
Signer

Actual PE Digest

41:75:97:62:96:e8:42:53:f9:0c:db:79:a8:db:c4:48:a8:9b:97:c0:a6:31:2b:a0:66:e0:09:0d:da:79:b3:3b

Digest Algorithm

sha256

PE Digest Matches

true

c0:7b:96:9d:57:72:79:8b:4a:37:66:32:d7:ca:86:09:08:cd:37:3d
Signer

Actual PE Digest

c0:7b:96:9d:57:72:79:8b:4a:37:66:32:d7:ca:86:09:08:cd:37:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\ServicePlugin\win7_amd64_release\_nvspserviceplugin64.pdb

Imports

shell32

SHGetFolderPathW
SHGetKnownFolderPath

ole32

CoTaskMemFree

advapi32

RegQueryValueExA
ConvertStringSidToSidW
SetTokenInformation
GetLengthSid
DuplicateTokenEx
RegCloseKey
RegOpenKeyExA
SetSecurityInfo
OpenProcessToken

user32

WaitForInputIdle
UnregisterClassW

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

ReadFile
ReadConsoleW
WriteConsoleW
InitializeCriticalSectionEx
SetEndOfFile
SetFilePointerEx
SetStdHandle
GetStringTypeW
SetConsoleCtrlHandler
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
VerSetConditionMask
CreateFileW
GetFileAttributesW
GetFullPathNameW
OutputDebugStringW
CloseHandle
GetLastError
SetLastError
CreateProcessA
CreateProcessW
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LocalAlloc
LocalFree
lstrcmpA
VerifyVersionInfoW
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateThread
WaitForMultipleObjects
CreateSemaphoreW
CreateDirectoryW
GetFileSizeEx
GetCurrentThreadId
GetLocalTime
GetModuleFileNameW
MoveFileExW
WideCharToMultiByte
SetCurrentDirectoryW
GetCurrentProcess
TerminateProcess
ProcessIdToSessionId
OpenProcess
GetSystemInfo
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
RemoveDirectoryW
DecodePointer
RaiseException
OutputDebugStringA
CreateSymbolicLinkW
GetLocaleInfoW
LCMapStringW
CompareStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
HeapFree
HeapAlloc
GetCurrentThread
GetACP
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW

shlwapi

PathFileExistsW

Exports

Exports

NvPluginGetInfo

Sections

.text
Size: 505KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ruination.Swapper 2.0.8/wwwroot/backup/amd64/cmm/CIEXYZ.pf
Ruination.Swapper 2.0.8/wwwroot/backup/amd64/cmm/GRAY.pf
Ruination.Swapper 2.0.8/wwwroot/backup/amd64/cmm/LINEAR_RGB.pf
Ruination.Swapper 2.0.8/wwwroot/backup/amd64/cmm/PYCC.pf
Ruination.Swapper 2.0.8/wwwroot/backup/amd64/cmm/accessibility.properties
Ruination.Swapper 2.0.8/wwwroot/backup/amd64/cmm/calendars.properties
Ruination.Swapper 2.0.8/wwwroot/backup/amd64/cmm/charsets.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/amd64/cmm/classlist
Ruination.Swapper 2.0.8/wwwroot/backup/amd64/cmm/content-types.properties
Ruination.Swapper 2.0.8/wwwroot/backup/amd64/cmm/currency.data
Ruination.Swapper 2.0.8/wwwroot/backup/amd64/cmm/deploy.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/amd64/cmm/flavormap.properties
Ruination.Swapper 2.0.8/wwwroot/backup/amd64/cmm/javaws.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/amd64/cmm/jsse.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/amd64/cmm/plugin.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/amd64/cmm/sRGB.pf
Ruination.Swapper 2.0.8/wwwroot/backup/amd64/jvm.cfg
Ruination.Swapper 2.0.8/wwwroot/backup/applet/ShadowPlay/NVSPCAPS/_nvspcaps64.dll
.dll windows:6 windows x64 arch:x64

c27cb76bf211b8bcd4628bb3c785f146

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4b:7d:5d:f4:ad:da:af:83:e0:e5:42:60:86:e7:68:43:ca:5e:b6:75:6c:6b:ae:6f:3a:18:3b:cc:27:93:13:a2
Signer

Actual PE Digest

4b:7d:5d:f4:ad:da:af:83:e0:e5:42:60:86:e7:68:43:ca:5e:b6:75:6c:6b:ae:6f:3a:18:3b:cc:27:93:13:a2

Digest Algorithm

sha256

PE Digest Matches

true

2b:90:4c:82:c6:09:f4:e9:03:a9:fc:30:1b:26:cf:4c:74:db:c1:59
Signer

Actual PE Digest

2b:90:4c:82:c6:09:f4:e9:03:a9:fc:30:1b:26:cf:4c:74:db:c1:59

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\server\win7_amd64_release\_nvspcaps64.pdb

Imports

kernel32

DeleteCriticalSection
LoadLibraryW
WideCharToMultiByte
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
CreateThread
WaitForMultipleObjects
CreateSemaphoreA
ResetEvent
GetFileAttributesA
Sleep
TerminateProcess
GetExitCodeProcess
GetTickCount
OpenEventA
HeapFree
GetProcessHeap
CreateEventW
GetSystemTimeAsFileTime
OpenProcess
GetCurrentThreadId
GetThreadId
GetModuleHandleA
CreateDirectoryA
CreateFileA
OutputDebugStringA
GetLocalTime
GetModuleFileNameW
MoveFileExA
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryA
MultiByteToWideChar
CreateDirectoryW
RemoveDirectoryW
GetTempPathW
HeapDestroy
HeapAlloc
HeapReAlloc
HeapSize
K32GetModuleFileNameExW
InitializeCriticalSectionEx
Process32FirstW
Process32NextW
SetCurrentDirectoryA
GetCurrentProcess
ProcessIdToSessionId
GetSystemDirectoryA
GetVersionExA
GetModuleFileNameA
GetVolumeInformationA
WTSGetActiveConsoleSessionId
K32GetProcessMemoryInfo
GetSystemTime
SystemTimeToFileTime
DeleteFileA
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
QueryFullProcessImageNameA
RaiseException
DecodePointer
WriteFile
ReadFile
GetFileSizeEx
VerifyVersionInfoW
SetEndOfFile
ReadConsoleW
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
CloseHandle
lstrcmpA
LocalFree
LocalAlloc
LoadLibraryExW
GetModuleHandleW
CreateProcessW
CreateProcessA
SetLastError
OutputDebugStringW
GetFullPathNameW
GetFileAttributesW
CreateFileW
VerSetConditionMask
GetProcAddress
FreeLibrary
GetSystemDirectoryW
CreateWaitableTimerA
CancelWaitableTimer
SetWaitableTimer
GetLastError
CreateToolhelp32Snapshot
FlushFileBuffers
GetStringTypeW
SetConsoleCtrlHandler
GetACP
GetCurrentThread
ExitProcess
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
RtlUnwindEx
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ReleaseMutex
OpenFileMappingA
CreateMutexA
OpenMutexA
CreateMutexW
OpenMutexW
OpenEventW
CreateFileMappingW
OpenFileMappingW

user32

FindWindowA
UnregisterClassA
WaitForInputIdle
PostThreadMessageA
GetMessageA
TranslateMessage
DispatchMessageA
RegisterDeviceNotificationA
UnregisterDeviceNotification
DefWindowProcA
PostQuitMessage
RegisterClassExA
GetWindow
EnumChildWindows
GetDesktopWindow
CreateWindowExA
GetWindowRect
IsWindowVisible
IsWindow
EnumDisplaySettingsExA
GetWindowThreadProcessId
EnumWindows
GetShellWindow
FindWindowExW
FindWindowW
GetWindowLongA
GetForegroundWindow
PostMessageA
SendMessageA
RedrawWindow
EnumDisplayDevicesA
EnumDisplaySettingsA
DestroyWindow

advapi32

RegCloseKey
ConvertStringSidToSidW
OpenSCManagerA
CloseServiceHandle
GetUserNameW
GetUserNameA
SetTokenInformation
GetLengthSid
DuplicateTokenEx
OpenProcessToken
RegDeleteKeyValueA
RegSetValueExA
RegQueryValueExW
RegDeleteKeyExA
RegDeleteKeyA
RegCreateKeyExA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityInfo
RegQueryValueExA
RegOpenKeyExA
AllocateAndInitializeSid
CopySid
FreeSid
GetSecurityDescriptorDacl
GetTokenInformation
SetEntriesInAclA

shell32

SHGetPropertyStoreFromParsingName
SHGetKnownFolderPath
SHGetFolderPathW
SHGetFolderPathA

ole32

PropVariantClear
CoCreateInstance
CoInitializeEx
CoUninitialize
CoTaskMemFree

oleaut32

SetErrorInfo
VariantChangeType
GetErrorInfo
SysAllocStringLen
CreateErrorInfo
SysFreeString
VariantInit
VariantCopy
SysAllocString
VariantClear

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueA

shlwapi

PathFileExistsA

Exports

Exports

NvPluginGetInfo

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 455KB - Virtual size: 455KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ruination.Swapper 2.0.8/wwwroot/backup/applet/ShadowPlay/NvRemux.dll
.dll windows:6 windows x86 arch:x86

32239a8689b43baf17eaf1d56db9bedf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a9:bf:a3:7a:20:3e:4f:0d:f8:e7:47:c1:bf:54:ae:e0:2a:80:8c:57:98:1d:e5:66:bb:e7:04:8a:53:3d:40:f5
Signer

Actual PE Digest

a9:bf:a3:7a:20:3e:4f:0d:f8:e7:47:c1:bf:54:ae:e0:2a:80:8c:57:98:1d:e5:66:bb:e7:04:8a:53:3d:40:f5

Digest Algorithm

sha256

PE Digest Matches

true

9a:ae:69:9d:72:4a:08:91:a2:6b:32:ce:33:19:5f:4d:21:f1:46:b2
Signer

Actual PE Digest

9a:ae:69:9d:72:4a:08:91:a2:6b:32:ce:33:19:5f:4d:21:f1:46:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\mux\remux\win7_x86_release\NvRemux.pdb

Imports

shell32

SHGetKnownFolderPath
SHGetPropertyStoreFromParsingName
SHGetFolderPathW

ole32

CoUninitialize
CoInitializeEx
CoTaskMemFree
PropVariantClear

oleaut32

VariantClear
SysFreeString
SetErrorInfo
GetErrorInfo
SysAllocString
VariantInit
VariantChangeType
CreateErrorInfo

mfplat

MFStartup
MFShutdown

mfreadwrite

MFCreateSourceReaderFromURL

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey
SetSecurityInfo

user32

PostThreadMessageW

kernel32

SetEndOfFile
HeapReAlloc
HeapSize
SetFilePointerEx
SetStdHandle
ReadFile
SetConsoleCtrlHandler
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
ReadConsoleW
WriteConsoleW
DecodePointer
GetStringTypeW
SetUnhandledExceptionFilter
LCMapStringW
CompareStringW
VerSetConditionMask
ExpandEnvironmentStringsW
CreateFileW
GetFileAttributesW
GetFullPathNameW
OutputDebugStringW
CloseHandle
GetLastError
SetLastError
GetCurrentProcess
CreateProcessA
CreateProcessW
GetSystemDirectoryW
FreeLibrary
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LocalAlloc
LocalFree
lstrcmpA
lstrcmpW
VerifyVersionInfoW
GetVolumeInformationW
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
CreateDirectoryW
InitializeCriticalSection
DeleteCriticalSection
Sleep
GetFileSizeEx
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
GetModuleFileNameW
MoveFileExW
WideCharToMultiByte
GetSystemTime
SystemTimeToFileTime
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
CreateThread
GetThreadId
UnhandledExceptionFilter
OutputDebugStringA
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
RtlUnwind
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
GetCurrentThread
GetACP
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA

Exports

Exports

_CreateInstance@0

Sections

.text
Size: 444KB - Virtual size: 444KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 173KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ruination.Swapper 2.0.8/wwwroot/backup/applet/ShadowPlay/Plugins/LocalSystem/_nvspserviceplugin64.dll
.dll windows:6 windows x64 arch:x64

be4f48d4b1a7e383cbeb76503e3754ad

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

41:75:97:62:96:e8:42:53:f9:0c:db:79:a8:db:c4:48:a8:9b:97:c0:a6:31:2b:a0:66:e0:09:0d:da:79:b3:3b
Signer

Actual PE Digest

41:75:97:62:96:e8:42:53:f9:0c:db:79:a8:db:c4:48:a8:9b:97:c0:a6:31:2b:a0:66:e0:09:0d:da:79:b3:3b

Digest Algorithm

sha256

PE Digest Matches

true

c0:7b:96:9d:57:72:79:8b:4a:37:66:32:d7:ca:86:09:08:cd:37:3d
Signer

Actual PE Digest

c0:7b:96:9d:57:72:79:8b:4a:37:66:32:d7:ca:86:09:08:cd:37:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\ServicePlugin\win7_amd64_release\_nvspserviceplugin64.pdb

Imports

shell32

SHGetFolderPathW
SHGetKnownFolderPath

ole32

CoTaskMemFree

advapi32

RegQueryValueExA
ConvertStringSidToSidW
SetTokenInformation
GetLengthSid
DuplicateTokenEx
RegCloseKey
RegOpenKeyExA
SetSecurityInfo
OpenProcessToken

user32

WaitForInputIdle
UnregisterClassW

wtsapi32

WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

ReadFile
ReadConsoleW
WriteConsoleW
InitializeCriticalSectionEx
SetEndOfFile
SetFilePointerEx
SetStdHandle
GetStringTypeW
SetConsoleCtrlHandler
GetProcessHeap
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
VerSetConditionMask
CreateFileW
GetFileAttributesW
GetFullPathNameW
OutputDebugStringW
CloseHandle
GetLastError
SetLastError
CreateProcessA
CreateProcessW
GetSystemDirectoryW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LocalAlloc
LocalFree
lstrcmpA
VerifyVersionInfoW
GetCurrentProcessId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventW
CreateThread
WaitForMultipleObjects
CreateSemaphoreW
CreateDirectoryW
GetFileSizeEx
GetCurrentThreadId
GetLocalTime
GetModuleFileNameW
MoveFileExW
WideCharToMultiByte
SetCurrentDirectoryW
GetCurrentProcess
TerminateProcess
ProcessIdToSessionId
OpenProcess
GetSystemInfo
WTSGetActiveConsoleSessionId
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
RemoveDirectoryW
DecodePointer
RaiseException
OutputDebugStringA
CreateSymbolicLinkW
GetLocaleInfoW
LCMapStringW
CompareStringW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedPushEntrySList
InterlockedFlushSList
EncodePointer
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
HeapFree
HeapAlloc
GetCurrentThread
GetACP
GetStdHandle
GetFileType
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetDateFormatW
GetTimeFormatW

shlwapi

PathFileExistsW

Exports

Exports

NvPluginGetInfo

Sections

.text
Size: 505KB - Virtual size: 505KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ruination.Swapper 2.0.8/wwwroot/backup/applet/ShadowPlay/cudart64_55.dll
.dll windows:5 windows x64 arch:x64

843c192c7d7896462173279e0cd57f3b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

b0:b0:e0:3e:5d:b1:77:b7:a5:6b:4c:43:ef:21:11:36:b5:fc:77:1a:e8:ba:19:98:3c:4f:c5:e9:6c:5d:cc:be
Signer

Actual PE Digest

b0:b0:e0:3e:5d:b1:77:b7:a5:6b:4c:43:ef:21:11:36:b5:fc:77:1a:e8:ba:19:98:3c:4f:c5:e9:6c:5d:cc:be

Digest Algorithm

sha256

PE Digest Matches

true

ea:1d:f0:ca:ec:41:65:f4:b1:7f:12:3b:2a:06:3c:f8:21:b7:c8:04
Signer

Actual PE Digest

ea:1d:f0:ca:ec:41:65:f4:b1:7f:12:3b:2a:06:3c:f8:21:b7:c8:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FlushFileBuffers
GetProcAddress
FreeLibrary
LoadLibraryA
QueryPerformanceCounter
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
GetCurrentProcessId
GetCurrentThreadId
CloseHandle
SwitchToThread
GetLastError
GetModuleFileNameA
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapCreate
GetModuleHandleW
ExitProcess
DecodePointer
EncodePointer
FlsSetValue
GetCommandLineA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
LoadLibraryW
FlsGetValue
FlsFree
SetLastError
FlsAlloc
RtlUnwindEx
WriteFile
GetStdHandle
GetModuleFileNameW
HeapSize
SetHandleCount
GetStartupInfoW
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
GetVersion
GetTickCount
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
GetConsoleCP
GetConsoleMode
LCMapStringW
MultiByteToWideChar
GetStringTypeW
WriteConsoleW
CreateFileW

Exports

Exports

NvOptimusEnablementCuda
__cudaRegisterDeviceFunction
__cudaRegisterFatBinary
__cudaRegisterFunction
__cudaRegisterPrelinkedFatBinary
__cudaRegisterShared
__cudaRegisterSharedVar
__cudaRegisterSurface
__cudaRegisterTexture
__cudaRegisterVar
__cudaUnregisterFatBinary
cudaArrayGetInfo
cudaBindSurfaceToArray
cudaBindTexture
cudaBindTexture2D
cudaBindTextureToArray
cudaBindTextureToMipmappedArray
cudaChooseDevice
cudaConfigureCall
cudaCreateChannelDesc
cudaCreateSurfaceObject
cudaCreateTextureObject
cudaD3D10GetDevice
cudaD3D10GetDevices
cudaD3D10GetDirect3DDevice
cudaD3D10MapResources
cudaD3D10RegisterResource
cudaD3D10ResourceGetMappedArray
cudaD3D10ResourceGetMappedPitch
cudaD3D10ResourceGetMappedPointer
cudaD3D10ResourceGetMappedSize
cudaD3D10ResourceGetSurfaceDimensions
cudaD3D10ResourceSetMapFlags
cudaD3D10SetDirect3DDevice
cudaD3D10UnmapResources
cudaD3D10UnregisterResource
cudaD3D11GetDevice
cudaD3D11GetDevices
cudaD3D11GetDirect3DDevice
cudaD3D11SetDirect3DDevice
cudaD3D9Begin
cudaD3D9End
cudaD3D9GetDevice
cudaD3D9GetDevices
cudaD3D9GetDirect3DDevice
cudaD3D9MapResources
cudaD3D9MapVertexBuffer
cudaD3D9RegisterResource
cudaD3D9RegisterVertexBuffer
cudaD3D9ResourceGetMappedArray
cudaD3D9ResourceGetMappedPitch
cudaD3D9ResourceGetMappedPointer
cudaD3D9ResourceGetMappedSize
cudaD3D9ResourceGetSurfaceDimensions
cudaD3D9ResourceSetMapFlags
cudaD3D9SetDirect3DDevice
cudaD3D9UnmapResources
cudaD3D9UnmapVertexBuffer
cudaD3D9UnregisterResource
cudaD3D9UnregisterVertexBuffer
cudaDestroySurfaceObject
cudaDestroyTextureObject
cudaDeviceCanAccessPeer
cudaDeviceDisablePeerAccess
cudaDeviceEnablePeerAccess
cudaDeviceGetAttribute
cudaDeviceGetByPCIBusId
cudaDeviceGetCacheConfig
cudaDeviceGetLimit
cudaDeviceGetPCIBusId
cudaDeviceGetSharedMemConfig
cudaDeviceGetStreamPriorityRange
cudaDeviceReset
cudaDeviceSetCacheConfig
cudaDeviceSetLimit
cudaDeviceSetSharedMemConfig
cudaDeviceSynchronize
cudaDriverGetVersion
cudaEventCreate
cudaEventCreateWithFlags
cudaEventDestroy
cudaEventElapsedTime
cudaEventQuery
cudaEventRecord
cudaEventSynchronize
cudaFree
cudaFreeArray
cudaFreeHost
cudaFreeMipmappedArray
cudaFuncGetAttributes
cudaFuncSetCacheConfig
cudaFuncSetSharedMemConfig
cudaGLGetDevices
cudaGLMapBufferObject
cudaGLMapBufferObjectAsync
cudaGLRegisterBufferObject
cudaGLSetBufferObjectMapFlags
cudaGLSetGLDevice
cudaGLUnmapBufferObject
cudaGLUnmapBufferObjectAsync
cudaGLUnregisterBufferObject
cudaGetChannelDesc
cudaGetDevice
cudaGetDeviceCount
cudaGetDeviceProperties
cudaGetErrorString
cudaGetExportTable
cudaGetLastError
cudaGetMipmappedArrayLevel
cudaGetSurfaceObjectResourceDesc
cudaGetSurfaceReference
cudaGetSymbolAddress
cudaGetSymbolSize
cudaGetTextureAlignmentOffset
cudaGetTextureObjectResourceDesc
cudaGetTextureObjectResourceViewDesc
cudaGetTextureObjectTextureDesc
cudaGetTextureReference
cudaGraphicsD3D10RegisterResource
cudaGraphicsD3D11RegisterResource
cudaGraphicsD3D9RegisterResource
cudaGraphicsGLRegisterBuffer
cudaGraphicsGLRegisterImage
cudaGraphicsMapResources
cudaGraphicsResourceGetMappedMipmappedArray
cudaGraphicsResourceGetMappedPointer
cudaGraphicsResourceSetMapFlags
cudaGraphicsSubResourceGetMappedArray
cudaGraphicsUnmapResources
cudaGraphicsUnregisterResource
cudaHostAlloc
cudaHostGetDevicePointer
cudaHostGetFlags
cudaHostRegister
cudaHostUnregister
cudaIpcCloseMemHandle
cudaIpcGetEventHandle
cudaIpcGetMemHandle
cudaIpcOpenEventHandle
cudaIpcOpenMemHandle
cudaLaunch
cudaMalloc
cudaMalloc3D
cudaMalloc3DArray
cudaMallocArray
cudaMallocHost
cudaMallocMipmappedArray
cudaMallocPitch
cudaMemGetInfo
cudaMemcpy
cudaMemcpy2D
cudaMemcpy2DArrayToArray
cudaMemcpy2DAsync
cudaMemcpy2DFromArray
cudaMemcpy2DFromArrayAsync
cudaMemcpy2DToArray
cudaMemcpy2DToArrayAsync
cudaMemcpy3D
cudaMemcpy3DAsync
cudaMemcpy3DPeer
cudaMemcpy3DPeerAsync
cudaMemcpyArrayToArray
cudaMemcpyAsync
cudaMemcpyFromArray
cudaMemcpyFromArrayAsync
cudaMemcpyFromSymbol
cudaMemcpyFromSymbolAsync
cudaMemcpyPeer
cudaMemcpyPeerAsync
cudaMemcpyToArray
cudaMemcpyToArrayAsync
cudaMemcpyToSymbol
cudaMemcpyToSymbolAsync
cudaMemset
cudaMemset2D
cudaMemset2DAsync
cudaMemset3D
cudaMemset3DAsync
cudaMemsetAsync
cudaPeekAtLastError
cudaPointerGetAttributes
cudaProfilerInitialize
cudaProfilerStart
cudaProfilerStop
cudaRuntimeGetVersion
cudaSetDevice
cudaSetDeviceFlags
cudaSetDoubleForDevice
cudaSetDoubleForHost
cudaSetValidDevices
cudaSetupArgument
cudaStreamAddCallback
cudaStreamCreate
cudaStreamCreateWithFlags
cudaStreamCreateWithPriority
cudaStreamDestroy
cudaStreamGetFlags
cudaStreamGetPriority
cudaStreamQuery
cudaStreamSynchronize
cudaStreamWaitEvent
cudaThreadExit
cudaThreadGetCacheConfig
cudaThreadGetLimit
cudaThreadSetCacheConfig
cudaThreadSetLimit
cudaThreadSynchronize
cudaUnbindTexture
cudaWGLGetDevice

Sections

.text
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ruination.Swapper 2.0.8/wwwroot/backup/applet/ShadowPlay/ipccommon64.dll
.dll windows:6 windows x64 arch:x64

a31bc150fd5eb667acc500380648124a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0c:89:df:7d:85:34:aa:5e:aa:9a:ee:57:e2:2a:47:d4:37:09:6b:cf:c4:12:e0:3e:a3:4b:a2:37:be:1f:c5:a7
Signer

Actual PE Digest

0c:89:df:7d:85:34:aa:5e:aa:9a:ee:57:e2:2a:47:d4:37:09:6b:cf:c4:12:e0:3e:a3:4b:a2:37:be:1f:c5:a7

Digest Algorithm

sha256

PE Digest Matches

true

45:3e:8e:09:45:58:76:b0:f8:e1:08:38:66:10:bf:f2:fc:20:bd:3e
Signer

Actual PE Digest

45:3e:8e:09:45:58:76:b0:f8:e1:08:38:66:10:bf:f2:fc:20:bd:3e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\common\ipcwrapper\win7_amd64_release\ipccommon64.pdb

Imports

shell32

SHGetFolderPathA

advapi32

SetSecurityInfo
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

messagebus

getMessageBusInterface
releaseMessageBusInterface

libprotobuf

?ListFields@GeneratedMessageReflection@internal@protobuf@google@@UEBAXAEBVMessage@34@PEAV?$vector@PEBVFieldDescriptor@protobuf@google@@V?$allocator@PEBVFieldDescriptor@protobuf@google@@@std@@@std@@@Z
?MutableMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVMessage@34@PEAV534@PEBVFieldDescriptor@34@PEAVMessageFactory@34@@Z
?MutableRawRepeatedField@GeneratedMessageReflection@internal@protobuf@google@@MEBAPEAXPEAVMessage@34@PEBVFieldDescriptor@34@W4CppType@634@HPEBVDescriptor@34@@Z
?MutableRepeatedMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVMessage@34@PEAV534@PEBVFieldDescriptor@34@H@Z
?MutableUnknownFields@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVUnknownFieldSet@34@PEAVMessage@34@@Z
?ReleaseLast@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVMessage@34@PEAV534@PEBVFieldDescriptor@34@@Z
?ReleaseMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVMessage@34@PEAV534@PEBVFieldDescriptor@34@PEAVMessageFactory@34@@Z
?RemoveLast@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@@Z
?SetAllocatedMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@0PEBVFieldDescriptor@34@@Z
?SetBool@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_N@Z
?SetDouble@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@N@Z
?SetEnum@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@PEBVEnumValueDescriptor@34@@Z
?InitializationErrorString@Message@protobuf@google@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?SetInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@H@Z
?SetInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_J@Z
?SetRepeatedBool@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@H_N@Z
?SetRepeatedDouble@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HN@Z
?SetRepeatedEnum@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HPEBVEnumValueDescriptor@34@@Z
?SetRepeatedFloat@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HM@Z
?SetRepeatedInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HH@Z
?SetRepeatedInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@H_J@Z
?SetRepeatedString@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetRepeatedUInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HI@Z
?SetRepeatedUInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@H_K@Z
?SetString@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetUInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@I@Z
?SetUInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_K@Z
?SpaceUsed@GeneratedMessageReflection@internal@protobuf@google@@UEBAHAEBVMessage@34@@Z
?SpaceUsed@Message@protobuf@google@@UEBAHXZ
?Swap@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@0@Z
?SwapElements@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@HH@Z
?SwapFields@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@0AEBV?$vector@PEBVFieldDescriptor@protobuf@google@@V?$allocator@PEBVFieldDescriptor@protobuf@google@@@std@@@std@@@Z
??_7FunctionClosure0@internal@protobuf@google@@6B@
?HasOneof@GeneratedMessageReflection@internal@protobuf@google@@UEBA_NAEBVMessage@34@PEBVOneofDescriptor@34@@Z
?HasField@GeneratedMessageReflection@internal@protobuf@google@@UEBA_NAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetUnknownFields@GeneratedMessageReflection@internal@protobuf@google@@UEBAAEBVUnknownFieldSet@34@AEBVMessage@34@@Z
?GetUInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBA_KAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetUInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAIAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetTypeName@Message@protobuf@google@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetStringReference@GeneratedMessageReflection@internal@protobuf@google@@UEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVMessage@34@PEBVFieldDescriptor@34@PEAV56@@Z
?GetString@GeneratedMessageReflection@internal@protobuf@google@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetRepeatedUInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBA_KAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedUInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAIAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedStringReference@GeneratedMessageReflection@internal@protobuf@google@@UEBAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVMessage@34@PEBVFieldDescriptor@34@HPEAV56@@Z
?GetRepeatedString@GeneratedMessageReflection@internal@protobuf@google@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAAEBVMessage@34@AEBV534@PEBVFieldDescriptor@34@H@Z
?GetRepeatedInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBA_JAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAHAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedFloat@GeneratedMessageReflection@internal@protobuf@google@@UEBAMAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedEnum@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEBVEnumValueDescriptor@34@AEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedDouble@GeneratedMessageReflection@internal@protobuf@google@@UEBANAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetRepeatedBool@GeneratedMessageReflection@internal@protobuf@google@@UEBA_NAEBVMessage@34@PEBVFieldDescriptor@34@H@Z
?GetReflection@Message@protobuf@google@@UEBAPEBVReflection@23@XZ
?GetOneofFieldDescriptor@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEBVFieldDescriptor@34@AEBVMessage@34@PEBVOneofDescriptor@34@@Z
?GetMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAAEBVMessage@34@AEBV534@PEBVFieldDescriptor@34@PEAVMessageFactory@34@@Z
?GetInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBA_JAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAHAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetFloat@GeneratedMessageReflection@internal@protobuf@google@@UEBAMAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetEnum@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEBVEnumValueDescriptor@34@AEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetDouble@GeneratedMessageReflection@internal@protobuf@google@@UEBANAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?GetBool@GeneratedMessageReflection@internal@protobuf@google@@UEBA_NAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?FindKnownExtensionByNumber@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEBVFieldDescriptor@34@H@Z
?FindKnownExtensionByName@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEBVFieldDescriptor@34@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?FieldSize@GeneratedMessageReflection@internal@protobuf@google@@UEBAHAEBVMessage@34@PEBVFieldDescriptor@34@@Z
?DiscardUnknownFields@Message@protobuf@google@@UEAAXXZ
?ClearOneof@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVOneofDescriptor@34@@Z
?ClearField@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@@Z
?CheckTypeAndMergeFrom@Message@protobuf@google@@UEAAXAEBVMessageLite@23@@Z
?AddUInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_K@Z
?AddUInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@I@Z
?AddString@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?AddMessage@GeneratedMessageReflection@internal@protobuf@google@@UEBAPEAVMessage@34@PEAV534@PEBVFieldDescriptor@34@PEAVMessageFactory@34@@Z
?AddInt64@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_J@Z
?AddInt32@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@H@Z
?AddFloat@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@M@Z
?AddEnum@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@PEBVEnumValueDescriptor@34@@Z
?AddDouble@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@N@Z
?AddBool@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@_N@Z
?VerifyUTF8StringFallback@WireFormat@internal@protobuf@google@@CAXPEBDHW4Operation@1234@0@Z
?ComputeUnknownFieldsSize@WireFormat@internal@protobuf@google@@SAHAEBVUnknownFieldSet@34@@Z
?SerializeUnknownFieldsToArray@WireFormat@internal@protobuf@google@@SAPEAEAEBVUnknownFieldSet@34@PEAE@Z
?SerializeUnknownFields@WireFormat@internal@protobuf@google@@SAXAEBVUnknownFieldSet@34@PEAVCodedOutputStream@io@34@@Z
?SkipField@WireFormat@internal@protobuf@google@@SA_NPEAVCodedInputStream@io@34@IPEAVUnknownFieldSet@34@@Z
?Merge@ReflectionOps@internal@protobuf@google@@SAXAEBVMessage@34@PEAV534@@Z
??1GeneratedMessageReflection@internal@protobuf@google@@UEAA@XZ
??0GeneratedMessageReflection@internal@protobuf@google@@QEAA@PEBVDescriptor@23@PEBVMessage@23@QEBHHHHPEBVDescriptorPool@23@PEAVMessageFactory@23@H@Z
?BytesSize@WireFormatLite@internal@protobuf@google@@SAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?StringSize@WireFormatLite@internal@protobuf@google@@SAHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?WriteEnumNoTagToArray@WireFormatLite@internal@protobuf@google@@SAPEAEHPEAE@Z
?WriteMessageMaybeToArray@WireFormatLite@internal@protobuf@google@@SAXHAEBVMessageLite@34@PEAVCodedOutputStream@io@34@@Z
?WriteBytesMaybeAliased@WireFormatLite@internal@protobuf@google@@SAXHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAVCodedOutputStream@io@34@@Z
?WriteStringMaybeAliased@WireFormatLite@internal@protobuf@google@@SAXHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAVCodedOutputStream@io@34@@Z
?WriteEnum@WireFormatLite@internal@protobuf@google@@SAXHHPEAVCodedOutputStream@io@34@@Z
?WriteBool@WireFormatLite@internal@protobuf@google@@SAXH_NPEAVCodedOutputStream@io@34@@Z
?WriteUInt32@WireFormatLite@internal@protobuf@google@@SAXHIPEAVCodedOutputStream@io@34@@Z
?ReadBytes@WireFormatLite@internal@protobuf@google@@SA_NPEAVCodedInputStream@io@34@PEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ReadString@WireFormatLite@internal@protobuf@google@@SA_NPEAVCodedInputStream@io@34@PEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?VarintSize32Fallback@CodedOutputStream@io@protobuf@google@@CAHI@Z
?WriteVarint32FallbackToArray@CodedOutputStream@io@protobuf@google@@CAPEAEIPEAE@Z
?WriteTagToArray@CodedOutputStream@io@protobuf@google@@SAPEAEIPEAE@Z
?WriteVarint32SignExtendedToArray@CodedOutputStream@io@protobuf@google@@SAPEAEHPEAE@Z
?WriteVarint32ToArray@CodedOutputStream@io@protobuf@google@@SAPEAEIPEAE@Z
?WriteStringWithSizeToArray@CodedOutputStream@io@protobuf@google@@SAPEAEAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PEAE@Z
?PopLimit@CodedInputStream@io@protobuf@google@@QEAAXH@Z
?PushLimit@CodedInputStream@io@protobuf@google@@QEAAHH@Z
?ExpectAtEnd@CodedInputStream@io@protobuf@google@@QEAA_NXZ
?ExpectTag@CodedInputStream@io@protobuf@google@@QEAA_NI@Z
?ReadTagWithCutoff@CodedInputStream@io@protobuf@google@@QEAA?AU?$pair@I_N@std@@I@Z
?ReadVarint64@CodedInputStream@io@protobuf@google@@QEAA_NPEA_K@Z
?ReadVarint32@CodedInputStream@io@protobuf@google@@QEAA_NPEAI@Z
?ClearFallback@UnknownFieldSet@protobuf@google@@AEAAXXZ
?AddVarint@UnknownFieldSet@protobuf@google@@QEAAXH_K@Z
?Swap@UnknownFieldSet@protobuf@google@@QEAAXPEAV123@@Z
?MergeFrom@UnknownFieldSet@protobuf@google@@QEAAXAEBV123@@Z
?empty@UnknownFieldSet@protobuf@google@@QEBA_NXZ
??1UnknownFieldSet@protobuf@google@@QEAA@XZ
??0UnknownFieldSet@protobuf@google@@QEAA@XZ
?Swap@RepeatedPtrFieldBase@internal@protobuf@google@@IEAAXPEAV1234@@Z
?Reserve@RepeatedPtrFieldBase@internal@protobuf@google@@IEAAXH@Z
?InternalRegisterGeneratedMessage@MessageFactory@protobuf@google@@SAXPEBVDescriptor@23@PEBVMessage@23@@Z
?InternalRegisterGeneratedFile@MessageFactory@protobuf@google@@SAXPEBDP6AXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@Z
?generated_factory@MessageFactory@protobuf@google@@SAPEAV123@XZ
??1Message@protobuf@google@@UEAA@XZ
?InternalAddGeneratedFile@DescriptorPool@protobuf@google@@SAXPEBXH@Z
?FindFileByName@DescriptorPool@protobuf@google@@QEBAPEBVFileDescriptor@23@AEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?generated_pool@DescriptorPool@protobuf@google@@SAPEBV123@XZ
?GetEmptyString@internal@protobuf@google@@YAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GoogleOnceInitImpl@protobuf@google@@YAXPEA_JPEAVClosure@12@@Z
?OnShutdown@internal@protobuf@google@@YAXP6AXXZ@Z
??1FunctionClosure0@internal@protobuf@google@@UEAA@XZ
??4LogFinisher@internal@protobuf@google@@QEAAXAEAVLogMessage@123@@Z
??6LogMessage@internal@protobuf@google@@QEAAAEAV0123@PEBD@Z
??1LogMessage@internal@protobuf@google@@QEAA@XZ
??0LogMessage@internal@protobuf@google@@QEAA@W4LogLevel@23@PEBDH@Z
?VerifyVersion@internal@protobuf@google@@YAXHHPEBD@Z
?SerializeToString@MessageLite@protobuf@google@@QEBA_NPEAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?ParseFromArray@MessageLite@protobuf@google@@QEAA_NPEBXH@Z
?GetEmptyStringAlreadyInited@internal@protobuf@google@@YAAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?SetFloat@GeneratedMessageReflection@internal@protobuf@google@@UEBAXPEAVMessage@34@PEBVFieldDescriptor@34@M@Z

kernel32

GetLastError
SetEvent
ResetEvent
CreateEventA
ReadConsoleW
ReadFile
SetEndOfFile
SetStdHandle
SetFilePointerEx
GetStringTypeW
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
CreateSemaphoreW
GetTickCount
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
CreateEventW
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetModuleFileNameA
SetConsoleCtrlHandler
GetStartupInfoW
FatalAppExitA
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThread
IsDebuggerPresent
HeapSize
MultiByteToWideChar
AreFileApisANSI
ExitProcess
IsProcessorFeaturePresent
GetCommandLineA
WriteConsoleW
GetModuleHandleExW
GetFileType
GetStdHandle
RtlUnwindEx
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
DecodePointer
EncodePointer
VerifyVersionInfoW
lstrcmpA
LocalFree
LocalAlloc
LoadLibraryExW
GetProcAddress
GetModuleHandleW
FreeLibrary
GetSystemDirectoryW
CreateProcessW
CreateProcessA
SetLastError
OutputDebugStringW
GetFullPathNameW
GetFileAttributesW
CreateFileW
VerSetConditionMask
WideCharToMultiByte
MoveFileExA
GetModuleFileNameW
GetLocalTime
GetCurrentThreadId
OutputDebugStringA
GetFileSizeEx
CreateFileA
CreateDirectoryA
QueryPerformanceFrequency
QueryPerformanceCounter
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetProcessHeap
HeapFree
HeapAlloc
WaitForMultipleObjects
GetCurrentProcessId
CloseHandle

Exports

Exports

CreateIpcClient
CreateIpcProxyInterface

Sections

.text
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ruination.Swapper 2.0.8/wwwroot/backup/applet/ShadowPlay/nvspscreenshot64.dll
.dll windows:6 windows x64 arch:x64

08d773bb983bd578690d34f825b20422

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f5:c4:f7:fa:7a:65:6b:ff:eb:5b:68:da:a3:af:47:03:c3:12:6b:83:d5:83:f3:a9:91:5e:11:60:3a:cb:e2:96
Signer

Actual PE Digest

f5:c4:f7:fa:7a:65:6b:ff:eb:5b:68:da:a3:af:47:03:c3:12:6b:83:d5:83:f3:a9:91:5e:11:60:3a:cb:e2:96

Digest Algorithm

sha256

PE Digest Matches

true

4d:1b:3b:29:80:e2:4d:4f:1b:ff:50:96:c9:de:9b:2d:e6:26:26:c0
Signer

Actual PE Digest

4d:1b:3b:29:80:e2:4d:4f:1b:ff:50:96:c9:de:9b:2d:e6:26:26:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\screenshot\win7_amd64_release\nvspscreenshot64.pdb

Imports

shell32

SHGetFolderPathA

gdiplus

GdipGetImageEncodersSize
GdipCreateBitmapFromScan0
GdipSetPropertyItem
GdipGetImageEncoders
GdipDisposeImage
GdipCloneImage
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
GdipSaveImageToFile

advapi32

SetEntriesInAclA
InitializeSecurityDescriptor
GetTokenInformation
GetSecurityDescriptorDacl
GetLengthSid
FreeSid
CopySid
AllocateAndInitializeSid
OpenProcessToken
SetSecurityDescriptorDacl
SetSecurityInfo
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

kernel32

IsValidLocale
GetUserDefaultLCID
GetLocaleInfoW
LCMapStringW
CloseHandle
SetEvent
ResetEvent
WaitForSingleObject
CreateEventA
Sleep
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcessId
OpenProcess
FreeLibrary
GetProcAddress
LoadLibraryA
CreateDirectoryA
CreateFileA
GetFileSizeEx
OutputDebugStringA
GetLastError
GetCurrentThreadId
GetLocalTime
EnumSystemLocalesW
MoveFileExA
WideCharToMultiByte
ReleaseMutex
UnmapViewOfFile
OpenFileMappingA
HeapAlloc
HeapFree
GetProcessHeap
CreateMutexA
OpenEventA
GetCurrentProcess
MapViewOfFile
LocalAlloc
LocalFree
OpenMutexA
CreateFileMappingA
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
FreeEnvironmentStringsW
GetStringTypeW
SetStdHandle
SetFilePointerEx
CreateFileW
HeapSize
HeapReAlloc
SetEndOfFile
ReadFile
GetModuleFileNameW
ReadConsoleW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlPcToFileHeader
RaiseException
InterlockedPushEntrySList
InterlockedFlushSList
SetLastError
EncodePointer
GetStdHandle
GetFileType
GetModuleFileNameA
GetModuleHandleExW
WriteConsoleW
ExitProcess
MultiByteToWideChar
WriteFile
OutputDebugStringW
SetConsoleCtrlHandler
GetCurrentThread
GetACP
FlushFileBuffers
GetConsoleCP
GetConsoleMode
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
SetEnvironmentVariableA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

NvCreateScreenshotInterface
NvReleaseScreenshotInterface

Sections

.text
Size: 463KB - Virtual size: 463KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Ruination.Swapper 2.0.8/wwwroot/backup/applet/fonts/LucidaBrightDemiBold.ttf
Ruination.Swapper 2.0.8/wwwroot/backup/applet/fonts/LucidaBrightDemiItalic.ttf
Ruination.Swapper 2.0.8/wwwroot/backup/applet/fonts/LucidaBrightItalic.ttf
Ruination.Swapper 2.0.8/wwwroot/backup/applet/fonts/LucidaBrightRegular.ttf
Ruination.Swapper 2.0.8/wwwroot/backup/applet/fonts/LucidaSansDemiBold.ttf
Ruination.Swapper 2.0.8/wwwroot/backup/applet/fonts/LucidaSansRegular.ttf
Ruination.Swapper 2.0.8/wwwroot/backup/applet/fonts/LucidaTypewriterBold.ttf
Ruination.Swapper 2.0.8/wwwroot/backup/applet/fonts/LucidaTypewriterRegular.ttf
Ruination.Swapper 2.0.8/wwwroot/backup/ext/access-bridge-64.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/cldrdata.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/ffjcext.zip
.zip .js polyglot
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/fontconfig.bfc
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/fontconfig.properties.src
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/hijrah-config-umalqura.properties
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/javafx.properties
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/jce.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/jfr.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/jfxswt.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/jvm.hprof.txt
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/logging.properties
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/management-agent.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/messages.properties
.jnlp
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/messages_de.properties
.jnlp
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/messages_es.properties
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/messages_fr.properties
.jnlp
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/messages_it.properties
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/messages_ja.properties
.jnlp
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/messages_ko.properties
.jnlp
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/messages_pt_BR.properties
.jnlp
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/messages_sv.properties
.jnlp
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/messages_zh_CN.properties
.jnlp
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/messages_zh_HK.properties
.jnlp
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/messages_zh_TW.properties
.jnlp
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/meta-index
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/net.properties
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/psfont.properties.ja
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/psfontj2d.properties
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/splash.gif
.gif
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/[email protected]
.gif
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/splash_11-lic.gif
.gif
Ruination.Swapper 2.0.8/wwwroot/backup/ext/deploy/[email protected]
.gif
Ruination.Swapper 2.0.8/wwwroot/backup/ext/dnsns.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/images/cursors/cursors.properties
Ruination.Swapper 2.0.8/wwwroot/backup/ext/images/cursors/invalid32x32.gif
.gif
Ruination.Swapper 2.0.8/wwwroot/backup/ext/images/cursors/win32_CopyDrop32x32.gif
.gif
Ruination.Swapper 2.0.8/wwwroot/backup/ext/images/cursors/win32_CopyNoDrop32x32.gif
.gif
Ruination.Swapper 2.0.8/wwwroot/backup/ext/images/cursors/win32_LinkDrop32x32.gif
.gif
Ruination.Swapper 2.0.8/wwwroot/backup/ext/images/cursors/win32_LinkNoDrop32x32.gif
.gif
Ruination.Swapper 2.0.8/wwwroot/backup/ext/images/cursors/win32_MoveDrop32x32.gif
.gif
Ruination.Swapper 2.0.8/wwwroot/backup/ext/images/cursors/win32_MoveNoDrop32x32.gif
.gif
Ruination.Swapper 2.0.8/wwwroot/backup/ext/jaccess.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/jfr/default.jfc
.xml
Ruination.Swapper 2.0.8/wwwroot/backup/ext/jfr/profile.jfc
.xml
Ruination.Swapper 2.0.8/wwwroot/backup/ext/jfxrt.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/localedata.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/management/jmxremote.access
Ruination.Swapper 2.0.8/wwwroot/backup/ext/management/jmxremote.password.template
Ruination.Swapper 2.0.8/wwwroot/backup/ext/management/management.properties
Ruination.Swapper 2.0.8/wwwroot/backup/ext/management/snmp.acl.template
Ruination.Swapper 2.0.8/wwwroot/backup/ext/meta-index
Ruination.Swapper 2.0.8/wwwroot/backup/ext/nashorn.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/security/blacklist
Ruination.Swapper 2.0.8/wwwroot/backup/ext/security/blacklisted.certs
Ruination.Swapper 2.0.8/wwwroot/backup/ext/security/cacerts
Ruination.Swapper 2.0.8/wwwroot/backup/ext/security/java.policy
Ruination.Swapper 2.0.8/wwwroot/backup/ext/security/java.security
Ruination.Swapper 2.0.8/wwwroot/backup/ext/security/javaws.policy
Ruination.Swapper 2.0.8/wwwroot/backup/ext/security/policy/limited/US_export_policy.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/security/policy/limited/local_policy.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/security/policy/unlimited/US_export_policy.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/security/policy/unlimited/local_policy.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/security/public_suffix_list.dat
.zip
Ruination.Swapper 2.0.8/wwwroot/backup/ext/sunec.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/sunjce_provider.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/sunmscapi.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/sunpkcs11.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/ext/zipfs.jar
.jar
Ruination.Swapper 2.0.8/wwwroot/backup/nvspapi64.dll
.dll windows:6 windows x64 arch:x64

977f887ba1716db690f3f6cd927adbd9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

14:78:1b:c8:62:e8:dc:50:3a:55:93:46:f5:dc:c5:18
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

28/07/2015, 00:00

Not After

26/07/2018, 23:59

Subject

CN=NVIDIA Corporation,O=NVIDIA Corporation,L=SANTA CLARA,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:c1:5a:f2:13:67:d0:75:8b:ed:dc:ca:11:86:42:de
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/07/2015, 00:00

Not After

13/07/2018, 23:59

Subject

CN=NVIDIA Corporation,OU=IT MIIS,O=NVIDIA Corporation,L=Santa Clara,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:58:e8:ee:54:af:5c:27
Certificate

Issuer

CN=Starfield Services Root Certificate Authority,OU=http://certificates.starfieldtech.com/repository/,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Not Before

13/12/2016, 07:00

Not After

13/12/2021, 07:00

Subject

CN=Starfield Services Timestamp Authority - G1,O=Starfield Technologies\, Inc.,L=Scottsdale,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5c:e6:b8:0f:b6:5e:84:3d:63:24:f8:08:f8:aa:96:62:96:8b:2a:37:3b:17:15:30:0f:58:da:b0:13:51:9b:57
Signer

Actual PE Digest

5c:e6:b8:0f:b6:5e:84:3d:63:24:f8:08:f8:aa:96:62:96:8b:2a:37:3b:17:15:30:0f:58:da:b0:13:51:9b:57

Digest Algorithm

sha256

PE Digest Matches

true

b0:12:be:31:da:b9:f9:e3:24:cd:c6:72:5c:a7:03:ce:e1:64:09:b6
Signer

Actual PE Digest

b0:12:be:31:da:b9:f9:e3:24:cd:c6:72:5c:a7:03:ce:e1:64:09:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dvs\p4\build\sw\rel\gfclient\rel_03_11\shadowplay2\api\win7_amd64_release\nvspapi64.pdb

Imports

shell32

SHGetFolderPathA
SHGetKnownFolderPath

ole32

CoTaskMemFree

oleaut32

SetErrorInfo
CreateErrorInfo
GetErrorInfo
VariantCopy
SysAllocString
SysAllocStringLen
SysFreeString
VariantInit
VariantClear
VariantChangeType

advapi32

FreeSid
ConvertStringSidToSidW
OpenSCManagerA
CloseServiceHandle
GetUserNameW
GetUserNameA
SetTokenInformation
DuplicateTokenEx
RegDeleteKeyValueA
RegSetValueExA
RegQueryValueExW
RegDeleteKeyExA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
SetSecurityInfo
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
AllocateAndInitializeSid
CopySid
RegCreateKeyExA
GetLengthSid
GetSecurityDescriptorDacl
GetTokenInformation
SetEntriesInAclA
LookupAccountNameA
ConvertSidToStringSidA
RegDeleteKeyA

wtsapi32

WTSQuerySessionInformationA
WTSFreeMemory

shlwapi

PathFindFileNameA
PathFileExistsA

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetConsoleCtrlHandler
HeapSize
HeapReAlloc
SetStdHandle
SetFilePointerEx
ReadConsoleW
WriteConsoleW
CreateProcessW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CloseHandle
SetEvent
CreateEventA
WaitForMultipleObjects
GetLastError
ResetEvent
WaitForSingleObject
GetCurrentProcessId
CreateThread
GetCurrentThreadId
GetThreadId
FreeLibrary
GetProcAddress
WideCharToMultiByte
GetSystemDirectoryW
SetLastError
HeapFree
GetProcessHeap
OpenEventA
Sleep
SetDllDirectoryA
GetModuleHandleA
CreateDirectoryA
CreateFileA
GetFileSizeEx
OutputDebugStringA
GetLocalTime
GetModuleFileNameW
MoveFileExA
CreateFileW
ReadFile
WriteFile
WaitNamedPipeW
CreateEventW
QueryPerformanceCounter
QueryPerformanceFrequency
OpenProcess
LoadLibraryA
ReleaseMutex
UnmapViewOfFile
OpenFileMappingA
HeapAlloc
CreateMutexA
GetCurrentProcess
MapViewOfFile
LocalAlloc
LocalFree
OpenMutexA
CreateFileMappingA
GetModuleFileNameA
WTSGetActiveConsoleSessionId
VerSetConditionMask
GetFileAttributesW
GetFullPathNameW
OutputDebugStringW
CreateProcessA
SetEndOfFile
GetModuleHandleW
LoadLibraryExW
lstrcmpA
VerifyVersionInfoW
DecodePointer
RaiseException
InitializeCriticalSectionEx
SetCurrentDirectoryA
GetFileAttributesA
TerminateProcess
ProcessIdToSessionId
GetSystemDirectoryA
GetVersionExA
GetVolumeInformationA
MultiByteToWideChar
K32GetProcessMemoryInfo
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
DeleteFileA
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
FindClose
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
GetFileType
GetStdHandle
GetACP
GetCurrentThread
GetModuleHandleExW
ExitProcess
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
RtlUnwindEx

user32

EnumDisplaySettingsA
wsprintfW
ChangeWindowMessageFilterEx
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
SendMessageA
GetForegroundWindow
TranslateMessage
GetMessageA
PostThreadMessageA
RedrawWindow
PostMessageA
EnumDisplaySettingsExA
DispatchMessageA
GetWindowThreadProcessId
EnumDisplayDevicesA
DefWindowProcA
WaitForInputIdle
EnumWindows
GetShellWindow
FindWindowExW
FindWindowA
FindWindowW

Exports

Exports

CreateOverlayApiInterface
CreateShadowPlayApiInterface
ShadowPlayOnSystemStart

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 319B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

Errors

General

Malware Config

Signatures

Files

Password: 1313

Password: 1313

8235041cfd6fffb926142c2c78013446

Code Sign

33:00:00:05:00:27:d6:32:6f:43:73:7b:87:00:00:00:00:05:00Certificate

Extended Key Usages

61:0c:52:4c:00:00:00:00:00:03Certificate

Key Usages

80:5d:c5:12:35:5e:e1:23:cc:cd:fc:86:0b:c4:64:6d:59:c0:f9:e1:ad:8e:a3:f6:ea:5f:b1:cf:f9:7e:07:c9Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

advapi32

rpcrt4

Exports

Exports

Sections

.text Size: 3.6MB - Virtual size: 3.6MB

.rdata Size: 916KB - Virtual size: 913KB

.data Size: 64KB - Virtual size: 100KB

.pdata Size: 128KB - Virtual size: 127KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 36KB - Virtual size: 34KB

Password: 1313

4093c03428ffebcedcb974ab93290ca8

Code Sign

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7cCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

19:a2:11:49:b3:5f:3d:c9:8e:4a:88:08:ac:b2:b3:67:81:e8:61:f3:da:82:4d:a1:6f:b4:f2:cd:b4:e9:cd:95Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

rpcrt4

Exports

Exports

Sections

.text Size: 85KB - Virtual size: 84KB

.orpc Size: 512B - Virtual size: 197B

.rdata Size: 39KB - Virtual size: 38KB

.data Size: 3KB - Virtual size: 5KB

.pdata Size: 6KB - Virtual size: 5KB

_RDATA Size: 512B - Virtual size: 500B

.rsrc Size: 11KB - Virtual size: 11KB

.reloc Size: 1KB - Virtual size: 1KB

Password: 1313

a09c9abadde79aec9926dc99ee900a1a

Code Sign

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7cCertificate

Extended Key Usages

61:0e:90:d2:00:00:00:00:00:03Certificate

Key Usages

43:b1:45:66:5e:a6:45:c8:7c:73:12:d5:7d:b9:0a:d8:a1:b7:c6:7d:dd:5f:a7:eb:57:90:8a:57:79:98:4e:6fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

33:00:00:05:00:27:d6:32:6f:43:73:7b:87:00:00:00:00:05:00
Certificate

61:0c:52:4c:00:00:00:00:00:03
Certificate

80:5d:c5:12:35:5e:e1:23:cc:cd:fc:86:0b:c4:64:6d:59:c0:f9:e1:ad:8e:a3:f6:ea:5f:b1:cf:f9:7e:07:c9
Signer

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 916KB - Virtual size: 913KB

.data
Size: 64KB - Virtual size: 100KB

.pdata
Size: 128KB - Virtual size: 127KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 36KB - Virtual size: 34KB

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

19:a2:11:49:b3:5f:3d:c9:8e:4a:88:08:ac:b2:b3:67:81:e8:61:f3:da:82:4d:a1:6f:b4:f2:cd:b4:e9:cd:95
Signer

.text
Size: 85KB - Virtual size: 84KB

.orpc
Size: 512B - Virtual size: 197B

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 3KB - Virtual size: 5KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 1KB - Virtual size: 1KB

33:00:00:03:7c:c9:f6:bc:ed:07:59:ae:08:00:00:00:00:03:7c
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

43:b1:45:66:5e:a6:45:c8:7c:73:12:d5:7d:b9:0a:d8:a1:b7:c6:7d:dd:5f:a7:eb:57:90:8a:57:79:98:4e:6f
Signer

.text
Size: 951KB - Virtual size: 951KB

.rdata
Size: 196KB - Virtual size: 195KB

.data
Size: 1024B - Virtual size: 3KB

.pdata
Size: 47KB - Virtual size: 47KB

_RDATA
Size: 512B - Virtual size: 500B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 547KB - Virtual size: 547KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

33:00:00:02:cf:a0:25:90:e3:13:04:ef:15:00:00:00:00:02:cf
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

7e:2e:49:05:9e:ae:a9:1c:3c:b9:6b:29:58:e2:66:98:0f:9e:66:cd:54:19:44:38:27:88:70:01:67:f2:50:d4
Signer

.text
Size: 80KB - Virtual size: 80KB

.rdata
Size: 44KB - Virtual size: 44KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 5KB - Virtual size: 5KB

.00cfg
Size: 512B - Virtual size: 40B

.gxfg
Size: 4KB - Virtual size: 4KB

.retplne
Size: 512B - Virtual size: 92B

.tls
Size: 512B - Virtual size: 9B

.voltbl
Size: 512B - Virtual size: 68B

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

33:00:00:03:4e:b5:3c:7a:c1:84:6f:eb:2b:00:00:00:00:03:4e
Certificate

61:0e:90:d2:00:00:00:00:00:03
Certificate

47:34:af:c5:55:a1:ae:e5:f1:95:43:9f:71:ec:5e:4c:23:c2:8d:37:e6:31:d1:0c:a4:be:85:3d:dc:8c:9e:b3
Signer