SecuriteInfo[.]com[.]Heur[.]29658[.]32746[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SecuriteInfo.com.Heur.29658.32746.exe
Size

8.9MB
MD5

39962b4f6063dd77e976efadeb2e89d1
SHA1

8852e5ea61e1d8d927bef788d0885741f50bf414
SHA256

382310c26cf1269c851408058cf921e3d8b1e27a6e0fc95a5b9da6da624052b3
SHA512

5fbfd8e4f3fe2da61de51e9cbe52d3b06fea8605fcb0e9410f7473c2d8ad9ceba195d4f494dcd1b5df2310fe15365e2c110012b9eeb78d0b68f2b723cd9884a4
SSDEEP

196608:qmEOLu6pgtrILBxH97osvoly0+tsUSqBbTgV/uFNCoPbCIQsT+9r6qUXxXlSNg1v:gOi++47/QImrqBTUHoDClNOx1GsQK

Score

3^/10

Malware Config

Signatures

Unsigned PE 30 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/CryDll.dll
unpack001/CryDll64.dll
unpack001/CubeLib64up.dll
unpack001/CubeLibM.dll
unpack001/CubeLibM64.dll
unpack001/CubeLibUp.dll
unpack001/GDISpy.sys
unpack001/GDISpyB.sys
unpack001/ProcessManager64Up.dll
unpack001/ProcessManagerUp.dll
unpack001/THook.dll
unpack001/TPWatermark64up.dll
unpack001/TPWatermarkUp.dll
unpack001/TRCLib.dll
unpack001/Tptbmlib.dll
unpack001/Tptlib.dll
unpack001/Tptmlib.dll
unpack001/TsCheckHook.dll
unpack001/TsCheckHook64.dll
unpack001/VerDownDll.dll
unpack001/WebCubeReg.dll
unpack001/WebCubeReg64.dll
unpack001/WebShellReg.dll
unpack001/WebShellReg64.dll
unpack001/WeblibMsg.dll
unpack001/WeblibMsg64.dll
unpack001/importpfx.exe

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

SecuriteInfo.com.Heur.29658.32746.exe
.exe windows:4 windows x86 arch:x86

ced282d9b261d1462772017fe2f6972b

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/11/2020, 00:00

Not After

26/02/2024, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:40:54:0b:95:84:45:3b:f5:85:0a:d2:a9:b4:25:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/02/2022, 00:00

Not After

04/03/2025, 23:59

Subject

CN=Teruten Inc.,O=Teruten Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:b1:fd:d6:e9:bf:e8:54:2c:be:5f:47:6f:23:a7:45:37:11:eb:9b:6c:70:83:ff:39:67:6f:70:60:6f:f9:96
Signer

Actual PE Digest

a3:b1:fd:d6:e9:bf:e8:54:2c:be:5f:47:6f:23:a7:45:37:11:eb:9b:6c:70:83:ff:39:67:6f:70:60:6f:f9:96

Digest Algorithm

sha256

PE Digest Matches

true

2f:fa:bd:cd:59:ed:b2:6d:25:1b:9d:58:6e:d5:8c:65:6d:dc:cb:ba
Signer

Actual PE Digest

2f:fa:bd:cd:59:ed:b2:6d:25:1b:9d:58:6e:d5:8c:65:6d:dc:cb:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExA
RegEnumKeyA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteValueA
RegDeleteKeyA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
RegOpenKeyExA
RegEnumValueA

shell32

SHGetFileInfoA
SHFileOperationA
SHGetPathFromIDListA
ShellExecuteExA
SHGetSpecialFolderLocation
SHBrowseForFolderA

ole32

IIDFromString
OleInitialize
OleUninitialize
CoCreateInstance
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

SetClipboardData
CharPrevA
CallWindowProcA
PeekMessageA
DispatchMessageA
MessageBoxIndirectA
GetDlgItemTextA
SetDlgItemTextA
GetSystemMetrics
CreatePopupMenu
AppendMenuA
TrackPopupMenu
FillRect
EmptyClipboard
LoadCursorA
GetMessagePos
CheckDlgButton
GetSysColor
SetCursor
GetWindowLongA
SetClassLongA
SetWindowPos
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassA
ScreenToClient
EndDialog
GetClassInfoA
SystemParametersInfoA
CreateWindowExA
ExitWindowsEx
DialogBoxParamA
CharNextA
SetTimer
DestroyWindow
CreateDialogParamA
SetForegroundWindow
SetWindowTextA
PostQuitMessage
SendMessageTimeoutA
ShowWindow
wsprintfA
GetDlgItem
FindWindowExA
IsWindow
GetDC
SetWindowLongA
LoadImageA
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageA
DefWindowProcA
DrawTextA
GetClientRect
EndPaint
IsWindowVisible
CloseClipboard
OpenClipboard

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetProcAddress
GetSystemDirectoryA
WideCharToMultiByte
MoveFileExA
ReadFile
GetTempFileNameA
WriteFile
RemoveDirectoryA
CreateProcessA
CreateFileA
GetLastError
CreateThread
CreateDirectoryA
GlobalUnlock
GetDiskFreeSpaceA
GlobalLock
SetErrorMode
GetVersion
lstrcpynA
GetCommandLineA
GetTempPathA
lstrlenA
SetEnvironmentVariableA
ExitProcess
GetWindowsDirectoryA
GetCurrentProcess
GetModuleFileNameA
CopyFileA
GetTickCount
Sleep
GetFileSize
GetFileAttributesA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetShortPathNameA
MoveFileA
CompareFileTime
SetFileTime
SearchPathA
lstrcmpiA
lstrcmpA
CloseHandle
GlobalFree
GlobalAlloc
ExpandEnvironmentStringsA
LoadLibraryExA
FreeLibrary
lstrcpyA
lstrcatA
FindClose
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
SetFilePointer
GetModuleHandleA
FindNextFileA
FindFirstFileA
DeleteFileA
MulDiv

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 149KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

610235b90207a63ccf481f0d4375d329

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileStringA
SetCurrentDirectoryA
GetModuleHandleA
lstrcmpiA
WritePrivateProfileStringA
lstrcatA
lstrcpynA
GlobalFree
lstrlenA
lstrcpyA
GlobalUnlock
GlobalAlloc
GlobalLock

user32

MapWindowPoints
PtInRect
CloseClipboard
LoadCursorA
GetDlgCtrlID
OpenClipboard
GetClientRect
SetWindowRgn
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
DrawTextA
SetCursor
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
GetSysColor
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetWindowLongA
EnableMenuItem
GetSystemMenu
GetClipboardData
LoadIconA

gdi32

DeleteObject
CombineRgn
SetTextColor
GetDIBits
SelectObject
CreateRectRgn
GetObjectA
CreateCompatibleDC

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

274b99a815ba574d8c9e1712916d8b30

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
lstrcmpA
GetModuleHandleA
lstrlenA
MulDiv
lstrcpynA
GetACP
lstrcpyA

user32

SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
SetWindowTextA
LoadIconA
GetDC
ShowWindow
SendMessageA

gdi32

DeleteObject
CreateFontIndirectA
GetDeviceCaps

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 362B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
CryDll.dll
.dll windows:5 windows x86 arch:x86

7a116c3d492465591c6deb499aeb3107

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
Sleep
ExitProcess
RaiseException
HeapSize
HeapReAlloc
VirtualAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetACP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetOEMCP
GetCPInfo
GetModuleHandleW
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
GlobalGetAtomNameA
GlobalFindAtomA
LoadLibraryA
lstrcmpW
GetVersionExA
InterlockedIncrement
FormatMessageA
MultiByteToWideChar
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
lstrlenA
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalUnlock
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomA
CloseHandle
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryExA
WideCharToMultiByte
CompareStringA
FindResourceA
LoadResource
LockResource
SizeofResource
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetModuleHandleA
HeapCreate
GetProcAddress

user32

DestroyMenu
LoadCursorA
GetSysColorBrush
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetMenuItemID
GetSubMenu
GetWindow
GetDlgCtrlID
GetWindowRect
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringA
MapWindowPoints
GetMenuState
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuItemCount
UnregisterClassA
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetMenu

gdi32

DeleteDC
GetStockObject
GetDeviceCaps
SelectObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
SetViewportOrgEx

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

Cry_EncryptDataEx
HashDataEx

Sections

.text
Size: 126KB - Virtual size: 125KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CryDll64.dll
.dll windows:5 windows x64 arch:x64

87d97560fbbc7a5c3e1b7e91a643d5ef

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
Sleep
ExitProcess
RaiseException
RtlPcToFileHeader
HeapSize
HeapQueryInformation
HeapReAlloc
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FlsSetValue
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetACP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetOEMCP
GetCPInfo
GetModuleHandleW
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
GlobalGetAtomNameA
GlobalFindAtomA
LoadLibraryA
lstrcmpW
GetVersionExA
FormatMessageA
MultiByteToWideChar
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
lstrlenA
TlsFree
GlobalFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalUnlock
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalFree
LocalAlloc
GetModuleFileNameW
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomA
CloseHandle
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryExA
WideCharToMultiByte
CompareStringA
FindResourceA
LoadResource
LockResource
SizeofResource
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetModuleHandleA
FreeEnvironmentStringsA
GetProcAddress

user32

DestroyMenu
LoadCursorA
GetSysColorBrush
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetMenuItemID
GetSubMenu
GetWindow
GetDlgCtrlID
GetWindowRect
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
GetSysColor
ReleaseDC
GetDC
ClientToScreen
GrayStringA
GetMessagePos
GetMenuState
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
DrawTextExA
DrawTextA
TabbedTextOutA
GetMenuItemCount
UnregisterClassA
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA

gdi32

DeleteDC
GetStockObject
GetDeviceCaps
SelectObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
SetViewportOrgEx

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

Cry_EncryptDataEx
HashDataEx

Sections

.text
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CubeE.exe
.exe windows:5 windows x86 arch:x86

6b17291b822e08be3d8137626fe3a119

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:40:54:0b:95:84:45:3b:f5:85:0a:d2:a9:b4:25:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/02/2022, 00:00

Not After

04/03/2025, 23:59

Subject

CN=Teruten Inc.,O=Teruten Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

84:33:ae:e8:61:02:ef:da:c7:52:fe:4f:f9:52:be:31:3a:cc:52:2a
Signer

Actual PE Digest

84:33:ae:e8:61:02:ef:da:c7:52:fe:4f:f9:52:be:31:3a:cc:52:2a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\01.Git\WebCubeAgent\Release\CubeE.pdb

Imports

kernel32

LocalFree
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
CreateThread
Sleep
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
GetCurrentProcessId
GetProcAddress
GetModuleHandleA
GetSystemInfo
GetCurrentProcess
GetModuleFileNameA
LoadLibraryA
FreeLibrary
DisconnectNamedPipe
FlushFileBuffers
WriteFile
ReadFile
ConnectNamedPipe
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
SetEvent
OpenEventA
CreateNamedPipeA
CloseHandle
GetLastError
GetSystemDirectoryA
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStdHandle
HeapReAlloc
VirtualFree
HeapCreate
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
SetLastError
RtlUnwind
RaiseException
SetConsoleCtrlHandler
ExitProcess
InterlockedDecrement
InterlockedIncrement
GetStartupInfoA
CreateEventA
GetCommandLineA
TlsAlloc
TlsFree
GetFileAttributesA
GetLocaleInfoA
CreateFileA
GetTempPathA
CreateDirectoryA
GetFileSize
CreateSemaphoreA
TlsGetValue
TlsSetValue
WaitForSingleObject
GetLocalTime
GetCurrentThreadId
ReleaseSemaphore
RtlCaptureContext
SetUnhandledExceptionFilter
CreateFileMappingA
MapViewOfFile
CreateMutexA
UnmapViewOfFile
ReleaseMutex
HeapFree
UnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
VirtualProtect
VirtualAlloc
GetModuleHandleW
VirtualQuery

user32

CloseWindow
GetWindowTextA
PostMessageA
IsIconic
FindWindowA
GetClipboardOwner
GetWindowThreadProcessId
MessageBoxA
GetParent
ShowWindow
SendInput
IsWindowVisible
SetForegroundWindow
SendMessageTimeoutA
IsWindow
GetClassNameA
GetAncestor
IsWindowEnabled
OpenClipboard
RegisterWindowMessageA
GetWindow
FindWindowExA
EnumChildWindows
GetTopWindow
GetForegroundWindow
CloseClipboard
EmptyClipboard

advapi32

SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

ole32

CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysAllocString

oleacc

ObjectFromLresult

Sections

.text
Size: 105KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CubeLib64up.dll
.dll windows:5 windows x64 arch:x64

b9a18ea3422a0a4e2b800c4a436853f7

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\00.git_Teruten\WebCubeIE\Bin\Release\CubeLib\CubeLib.pdb

Imports

ws2_32

recv
gethostbyname
send
WSAStartup
WSACleanup
shutdown
connect
closesocket
gethostname

snmpapi

SnmpUtilVarBindFree
SnmpUtilOidCpy
SnmpUtilOidNCmp

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wininet

FindNextUrlCacheEntryExA
InternetOpenA
DeleteUrlCacheEntry
HttpOpenRequestA
HttpSendRequestExA
InternetWriteFile
GetUrlCacheEntryInfoA
InternetConnectA
FindCloseUrlCache
InternetCloseHandle
HttpEndRequestA
FindFirstUrlCacheEntryExA

kernel32

WritePrivateProfileStringA
CreateSemaphoreA
GetLocaleInfoA
TlsAlloc
TlsFree
ReleaseSemaphore
GetLocalTime
TlsSetValue
TlsGetValue
SetLastError
GetCurrentDirectoryA
GetThreadContext
SuspendThread
VirtualQuery
VirtualProtect
FlushInstructionCache
SetThreadContext
lstrlenA
LocalFree
FormatMessageA
GetModuleFileNameW
lstrcmpW
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
EnumResourceLanguagesA
ConvertDefaultLocale
FlushFileBuffers
SetEndOfFile
FindClose
FindFirstFileA
GetFullPathNameA
CompareFileTime
LocalAlloc
GlobalHandle
LocalReAlloc
SetErrorMode
GetModuleHandleW
GlobalFlags
GetCPInfo
GetOEMCP
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapAlloc
HeapFree
ExitProcess
SetConsoleCtrlHandler
FlsSetValue
GetCommandLineA
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
HeapQueryInformation
GetACP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
GetStartupInfoA
HeapSetInformation
HeapCreate
HeapDestroy
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetDriveTypeA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
SetFilePointer
WriteFile
GetLongPathNameA
lstrcpyA
GetExitCodeThread
GetTempFileNameA
SetThreadPriority
ResumeThread
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
ProcessIdToSessionId
SetEvent
CreateEventA
GetExitCodeProcess
TerminateProcess
Module32Next
Module32First
GetSystemInfo
CreateToolhelp32Snapshot
Process32First
Process32Next
RemoveDirectoryA
DeleteFileA
TerminateThread
VirtualAlloc
OpenProcess
GetVersionExA
SetUnhandledExceptionFilter
RtlCaptureContext
GetTempPathA
CreateDirectoryA
GetCurrentProcessId
GetCurrentProcess
GetUserDefaultLangID
GetSystemDirectoryA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateProcessW
CreateFileW
GetCurrentThread
GlobalSize
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalReAlloc
GlobalFree
lstrlenW
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
CreateThread
GetSystemDefaultLangID
LoadLibraryA
FreeLibrary
WaitForSingleObject
GetTickCount
CopyFileA
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetModuleHandleA
GetProcAddress
GetFileAttributesA
GetPrivateProfileStringA
GetCurrentThreadId
GetLastError
lstrcmpA
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
CallNamedPipeA
GetModuleFileNameA
CreateProcessA
Sleep
FindResourceA
LoadResource
LockResource
SizeofResource
FindNextFileA

user32

TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
PostQuitMessage
ValidateRect
GetMessageA
UnregisterClassA
GetSysColorBrush
DestroyMenu
GetLastActivePopup
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetDlgCtrlID
PtInRect
CallWindowProcA
GetMenu
GetWindowPlacement
RemovePropA
SystemParametersInfoA
PeekMessageA
CloseWindow
WaitForInputIdle
IsWindowEnabled
GetCursorPos
WindowFromPoint
GetKeyState
SetWindowsHookExA
GetDlgItem
FindWindowA
GetWindow
ShowWindow
FindWindowExA
GetMenuStringA
GetSystemMetrics
CopyRect
LoadBitmapA
LoadCursorA
SetCursor
GetWindowLongA
GetWindowRect
ClientToScreen
SendMessageA
EnumWindows
GetSysColor
GetClientRect
wsprintfA
SetClipboardData
GetClipboardData
IsClipboardFormatAvailable
GetSubMenu
SetWindowTextW
SetWindowTextA
GetActiveWindow
TranslateMessage
DispatchMessageW
DispatchMessageA
CreateWindowExW
CreateWindowExA
DefWindowProcW
DefWindowProcA
CreatePopupMenu
EnumChildWindows
CopyImage
GetClipboardFormatNameA
RegisterClipboardFormatA
mouse_event
GetDC
ReleaseDC
EnableMenuItem
GetMenuItemCount
GetMenuItemID
GetParent
RegisterWindowMessageA
SendMessageTimeoutA
EnableWindow
UnhookWindowsHookEx
LoadStringA
IsWindow
IsIconic
IsWindowVisible
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetMenuState
GetPropA
GetForegroundWindow
MessageBoxA
PostMessageA
GetWindowTextA
GetFocus
GetAncestor
GetClassNameA
GetWindowThreadProcessId
CallNextHookEx
SetWindowPos

gdi32

GdiSetBatchLimit
GetClipBox
SetTextColor
SetBkColor
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
DeleteDC
SetWindowExtEx
SelectObject
GetDeviceCaps
CreateBitmap
BitBlt
DeleteObject
GetStockObject
SelectPalette
RealizePalette
GetDIBits
GetObjectA
SetMapMode
RestoreDC
SaveDC

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegEnumKeyA
ConvertStringSecurityDescriptorToSecurityDescriptorA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
VariantChangeType
SysAllocStringLen
SysFreeString
SysAllocString
VariantClear

urlmon

URLDownloadToFileA

dbghelp

MiniDumpWriteDump

psapi

EmptyWorkingSet

Exports

Exports

CheckWebCube
CmdMethod
EnablePopupMenu
FileexpandExcept
FileexpandInit
MouseHook
ProtectCacheFile
SetCurrentPageID
SetHtmlPolicy
SetPolicy
SetProtect
StartRemoteService
THook_ChangeURL
THook_SockIoHook
ThreadAdd
ThreadDel
ThreadSearch
UpdateModule
WebShellInit

Sections

.text
Size: 560KB - Virtual size: 560KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CubeLibM.dll
.dll windows:5 windows x86 arch:x86

8740744e9d81e36e00388a4a86fffc0c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\01.Git\WebCubeM\Release\CubeLibM.pdb

Imports

kernel32

SetFilePointer
FlushFileBuffers
GetCPInfo
GetOEMCP
RtlUnwind
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
VirtualQuery
GetCommandLineA
ExitProcess
SetConsoleCtrlHandler
HeapReAlloc
HeapSize
GetACP
IsValidCodePage
LCMapStringA
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
InterlockedIncrement
GetModuleHandleW
SetThreadContext
GetThreadContext
FlushInstructionCache
InterlockedCompareExchange
GlobalFlags
SetErrorMode
LocalReAlloc
GlobalHandle
LocalAlloc
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalAddAtomA
SuspendThread
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesA
CompareStringA
InterlockedExchange
lstrcmpA
FormatMessageA
SetUnhandledExceptionFilter
RtlCaptureContext
ReleaseSemaphore
GetLocalTime
TlsSetValue
TlsGetValue
CreateSemaphoreA
GetFileSize
CreateDirectoryA
GetLocaleInfoA
TlsFree
TlsAlloc
GetExitCodeThread
CreateRemoteThread
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
WritePrivateProfileStringA
LocalFree
CallNamedPipeA
CopyFileA
LoadLibraryA
FreeLibrary
GetFileAttributesA
SetEvent
CreateEventA
lstrlenW
GetTempPathA
GetExitCodeProcess
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
GetLastError
InterlockedDecrement
lstrlenA
SetThreadPriority
ResumeThread
GetVersionExA
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetCurrentProcess
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetSystemDirectoryA
GetUserDefaultLangID
GetModuleFileNameA
FindFirstFileA
DeleteFileA
CreateFileA
FindNextFileA
FindClose
TerminateThread
CreateThread
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
MoveFileA
OpenEventA
CloseHandle
MultiByteToWideChar
CreateFileW
WriteFile
CreateProcessW
LoadResource
LockResource
SizeofResource
FindResourceA
GetCurrentThread
GlobalSize
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalReAlloc
GlobalFree
GetNamedPipeInfo
Sleep
GetCurrentProcessId
GetTickCount
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
LCMapStringW
SetLastError

user32

DestroyMenu
LoadCursorA
GetSysColorBrush
SetWindowTextA
UnregisterClassA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetDlgItem
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetClientRect
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
CallWindowProcA
PtInRect
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
EnumChildWindows
GetForegroundWindow
GetAncestor
GetClassNameA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSysColor
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DefWindowProcA
PostQuitMessage
CreateWindowExA
RegisterClassExA
RegisterWindowMessageA
GetClassInfoExA
EnumThreadWindows
IsWindowVisible
GetWindow
GetWindowThreadProcessId
MessageBoxA
GetCursorPos
mouse_event
SendInput
PostMessageA
RegisterClipboardFormatA
GetClipboardFormatNameA
ReleaseDC
GetDC
GetActiveWindow
CopyImage
DefWindowProcW
IsClipboardFormatAvailable
GetClipboardData
SetClipboardData
SetWindowTextW
DestroyWindow
GetSystemMetrics
SetForegroundWindow
GetTopWindow
SetWinEventHook
GetMessageA
TranslateMessage
DispatchMessageA
EnumWindows
GetParent
GetWindowTextA
IsIconic
ShowWindow
FindWindowA
IsWindow
GetWindowRect
UnhookWinEvent
GetKeyState
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
wsprintfA
CreateWindowExW

gdi32

GetDeviceCaps
CreateBitmap
DeleteDC
SelectObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetDIBits
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
StartDocW
DeleteObject
GetObjectA
GetStockObject
SelectPalette
RealizePalette
SetViewportOrgEx

comdlg32

PrintDlgExW
PrintDlgW
GetSaveFileNameW

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

shlwapi

PathRemoveFileSpecA
PathFindExtensionA
PathFindFileNameA

ole32

CoInitialize
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantChangeType
VariantInit

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetConnectA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetSetOptionA
InternetQueryOptionA
HttpSendRequestA
HttpOpenRequestA
InternetCrackUrlA
InternetOpenA

Exports

Exports

CmdMethod
DisableChromeUpdate
GetProtect
ProtectCacheFile
SetBrowserLanguage
SetPolicy
SetProtect
SetSCProtectMode

Sections

.text
Size: 379KB - Virtual size: 379KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CubeLibM64.dll
.dll windows:5 windows x64 arch:x64

96eb9ad2f70fd8527e8653c919445716

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\01.Git\WebCubeM\Release\CubeLibM64.pdb

Imports

kernel32

ReadFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
GetFullPathNameA
GetCPInfo
GetOEMCP
RtlLookupFunctionEntry
RtlUnwindEx
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RaiseException
RtlPcToFileHeader
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
VirtualQuery
FlsSetValue
GetCommandLineA
ExitProcess
SetConsoleCtrlHandler
HeapReAlloc
HeapSize
HeapQueryInformation
DebugBreak
EncodePointer
DecodePointer
FlsGetValue
FlsFree
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetDriveTypeA
GetProcessHeap
GetConsoleCP
GetConsoleMode
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetCurrentDirectoryA
GetThreadContext
SetThreadContext
FlushInstructionCache
GetModuleHandleW
GlobalFlags
SetErrorMode
LocalReAlloc
GlobalHandle
LocalAlloc
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalAddAtomA
SuspendThread
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesA
CompareStringA
lstrcmpA
FormatMessageA
SetUnhandledExceptionFilter
RtlCaptureContext
ReleaseSemaphore
GetLocalTime
TlsSetValue
TlsGetValue
CreateSemaphoreA
GetFileSize
CreateDirectoryA
GetLocaleInfoA
TlsFree
TlsAlloc
GetExitCodeThread
CreateRemoteThread
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
WritePrivateProfileStringA
LocalFree
CallNamedPipeA
ProcessIdToSessionId
CopyFileA
LoadLibraryA
FreeLibrary
GetFileAttributesA
SetEvent
CreateEventA
lstrlenW
RemoveDirectoryA
GetTempFileNameA
GetTempPathA
GetExitCodeProcess
UnmapViewOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
GetLastError
lstrlenA
SetThreadPriority
ResumeThread
GetVersionExA
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetCurrentProcess
WaitForSingleObject
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThreadId
GetSystemDirectoryA
FileTimeToLocalFileTime
GetFileTime
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetUserDefaultLangID
GetModuleFileNameA
FindFirstFileA
DeleteFileA
CreateFileA
FindNextFileA
FindClose
TerminateThread
CreateThread
CreateToolhelp32Snapshot
Process32First
OpenProcess
TerminateProcess
Process32Next
MoveFileA
OpenEventA
CloseHandle
MultiByteToWideChar
CreateFileW
WriteFile
CreateProcessW
LoadResource
LockResource
SizeofResource
FindResourceA
GetCurrentThread
GlobalSize
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalReAlloc
GlobalFree
GetNamedPipeInfo
Sleep
GetCurrentProcessId
GetTickCount
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
FlsAlloc
SetLastError

user32

DestroyMenu
LoadCursorA
GetSysColorBrush
SetWindowTextA
UnregisterClassA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetDlgItem
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
PtInRect
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
SetCursor
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
EnumChildWindows
GetForegroundWindow
GetAncestor
GetClassNameA
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSysColor
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DefWindowProcA
PostQuitMessage
CreateWindowExA
RegisterClassExA
RegisterWindowMessageA
GetSystemMetrics
GetClientRect
EnumThreadWindows
IsWindowVisible
GetWindowThreadProcessId
GetWindow
MessageBoxA
GetCursorPos
mouse_event
SendInput
PostMessageA
RegisterClipboardFormatA
GetClipboardFormatNameA
ReleaseDC
GetDC
GetActiveWindow
CopyImage
DefWindowProcW
IsClipboardFormatAvailable
GetClipboardData
SetClipboardData
SetWindowTextW
DestroyWindow
SetForegroundWindow
GetTopWindow
SetWinEventHook
GetMessageA
TranslateMessage
DispatchMessageA
EnumWindows
GetParent
GetWindowTextA
IsIconic
ShowWindow
FindWindowA
IsWindow
GetWindowRect
UnhookWinEvent
GetKeyState
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExA
wsprintfA
CreateWindowExW

gdi32

GetDeviceCaps
CreateBitmap
DeleteDC
SelectObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
GetDIBits
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
StartDocW
DeleteObject
GetObjectA
GetStockObject
SelectPalette
RealizePalette
SetViewportOrgEx

comdlg32

PrintDlgExW
PrintDlgW
GetSaveFileNameW

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

shlwapi

PathRemoveFileSpecA
PathFindExtensionA
PathFindFileNameA

ole32

CoInitialize
CoInitializeEx
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantChangeType
VariantInit

urlmon

URLDownloadToFileA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wininet

InternetCrackUrlA
InternetConnectA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
InternetSetOptionA
InternetQueryOptionA
HttpSendRequestA
HttpOpenRequestA
InternetOpenA

Exports

Exports

CmdMethod
DisableChromeUpdate
GetProtect
ProtectCacheFile
SetBrowserLanguage
SetPolicy
SetProtect
SetSCProtectMode

Sections

.text
Size: 545KB - Virtual size: 544KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 161KB - Virtual size: 161KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CubeLibUp.dll
.dll windows:5 windows x86 arch:x86

826853e443143454de26322c51c4de34

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\00.git_Teruten\WebCubeIE\Bin\Release\CubeLib\CubeLib.pdb

Imports

ws2_32

recv
gethostbyname
send
WSAStartup
WSACleanup
shutdown
connect
closesocket
gethostname

snmpapi

SnmpUtilVarBindFree
SnmpUtilOidCpy
SnmpUtilOidNCmp

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

wininet

FindNextUrlCacheEntryExA
InternetOpenA
DeleteUrlCacheEntry
HttpOpenRequestA
HttpSendRequestExA
InternetWriteFile
GetUrlCacheEntryInfoA
InternetConnectA
FindCloseUrlCache
InternetCloseHandle
HttpEndRequestA
FindFirstUrlCacheEntryExA

kernel32

CompareFileTime
WritePrivateProfileStringA
CreateSemaphoreA
GetLocaleInfoA
TlsAlloc
TlsFree
ReleaseSemaphore
GetLocalTime
TlsSetValue
TlsGetValue
SetLastError
GetCurrentDirectoryA
GetThreadContext
SuspendThread
VirtualQuery
InterlockedCompareExchange
VirtualProtect
FlushInstructionCache
SetThreadContext
lstrlenA
LocalFree
FormatMessageA
GetModuleFileNameW
lstrcmpW
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
InterlockedExchange
EnumResourceLanguagesA
ConvertDefaultLocale
FlushFileBuffers
SetFilePointer
FindClose
FindFirstFileA
GetFullPathNameA
FindNextFileA
LocalAlloc
GlobalHandle
LocalReAlloc
SetErrorMode
GetModuleHandleW
InterlockedIncrement
GlobalFlags
GetCPInfo
GetOEMCP
UnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
HeapAlloc
HeapFree
ExitProcess
SetConsoleCtrlHandler
GetCommandLineA
HeapReAlloc
SetStdHandle
GetFileType
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetHandleCount
GetStdHandle
GetStartupInfoA
HeapCreate
HeapDestroy
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetDriveTypeA
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
WriteFile
GetLongPathNameA
lstrcpyA
GetExitCodeThread
GetTempFileNameA
SetThreadPriority
ResumeThread
OpenFileMappingA
MapViewOfFile
UnmapViewOfFile
ProcessIdToSessionId
SetEvent
CreateEventA
GetExitCodeProcess
TerminateProcess
Module32Next
Module32First
GetSystemInfo
CreateToolhelp32Snapshot
Process32First
Process32Next
RemoveDirectoryA
DeleteFileA
TerminateThread
VirtualAlloc
VirtualFree
OpenProcess
GetVersionExA
SetUnhandledExceptionFilter
RtlCaptureContext
GetTempPathA
CreateDirectoryA
GetCurrentProcessId
GetCurrentProcess
GetUserDefaultLangID
GetSystemDirectoryA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateProcessW
CreateFileW
GetCurrentThread
GlobalSize
GlobalLock
GlobalUnlock
GlobalAlloc
GlobalReAlloc
GlobalFree
lstrlenW
InterlockedDecrement
MultiByteToWideChar
InitializeCriticalSection
DeleteCriticalSection
CreateThread
GetSystemDefaultLangID
LoadLibraryA
FreeLibrary
WaitForSingleObject
GetTickCount
CopyFileA
CreateFileA
GetFileSize
ReadFile
CloseHandle
GetModuleHandleA
GetProcAddress
GetFileAttributesA
GetPrivateProfileStringA
GetCurrentThreadId
GetLastError
lstrcmpA
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
CallNamedPipeA
GetModuleFileNameA
CreateProcessA
Sleep
FindResourceA
LoadResource
LockResource
SizeofResource
SetEndOfFile

user32

TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
PostQuitMessage
ValidateRect
GetMessageA
UnregisterClassA
GetSysColorBrush
DestroyMenu
RemovePropA
GetLastActivePopup
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetDlgCtrlID
CallWindowProcA
PtInRect
GetMenu
GetWindowPlacement
GetMenuState
SetPropA
SystemParametersInfoA
PeekMessageA
CloseWindow
WaitForInputIdle
IsWindowEnabled
GetCursorPos
WindowFromPoint
GetKeyState
SetWindowsHookExA
GetDlgItem
FindWindowA
GetWindow
ShowWindow
FindWindowExA
GetMenuStringA
GetSystemMetrics
CopyRect
LoadBitmapA
LoadCursorA
SetCursor
GetWindowLongA
SetWindowLongA
SetWindowPos
ClientToScreen
SendMessageA
EnumWindows
GetSysColor
GetClientRect
wsprintfA
SetClipboardData
GetClipboardData
IsClipboardFormatAvailable
GetSubMenu
SetWindowTextW
SetWindowTextA
GetActiveWindow
TranslateMessage
DispatchMessageW
DispatchMessageA
CreateWindowExW
CreateWindowExA
DefWindowProcW
DefWindowProcA
CreatePopupMenu
EnumChildWindows
CopyImage
GetClipboardFormatNameA
RegisterClipboardFormatA
mouse_event
GetDC
ReleaseDC
EnableMenuItem
GetMenuItemCount
GetMenuItemID
GetParent
RegisterWindowMessageA
SendMessageTimeoutA
EnableWindow
UnhookWindowsHookEx
LoadStringA
IsWindow
IsIconic
IsWindowVisible
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuA
CheckMenuItem
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetForegroundWindow
MessageBoxA
PostMessageA
GetWindowTextA
GetFocus
GetAncestor
GetClassNameA
GetWindowThreadProcessId
CallNextHookEx
GetPropA
GetWindowRect

gdi32

GdiSetBatchLimit
GetClipBox
SetTextColor
SetBkColor
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
ScaleWindowExtEx
DeleteDC
SetWindowExtEx
SelectObject
GetDeviceCaps
CreateBitmap
BitBlt
DeleteObject
GetStockObject
SelectPalette
RealizePalette
GetDIBits
GetObjectA
SetMapMode
RestoreDC
SaveDC

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegEnumKeyA
ConvertStringSecurityDescriptorToSecurityDescriptorA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

ShellExecuteExA
ShellExecuteA
SHGetSpecialFolderPathA

shlwapi

PathFindExtensionA
PathFindFileNameA
PathRemoveFileSpecA

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantInit
VariantChangeType
SysAllocStringLen
SysFreeString
SysAllocString
VariantClear

urlmon

URLDownloadToFileA

dbghelp

MiniDumpWriteDump

psapi

EmptyWorkingSet

Exports

Exports

CheckWebCube
CmdMethod
EnablePopupMenu
FileexpandExcept
FileexpandInit
MouseHook
ProtectCacheFile
SetCurrentPageID
SetHtmlPolicy
SetPolicy
SetProtect
StartRemoteService
THook_ChangeURL
THook_SockIoHook
ThreadAdd
ThreadDel
ThreadSearch
UpdateModule
WebShellInit

Sections

.text
Size: 430KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CubeManager.dll
.dll windows:5 windows x86 arch:x86

37310ed97052f4618963094f8e608586

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:40:54:0b:95:84:45:3b:f5:85:0a:d2:a9:b4:25:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/02/2022, 00:00

Not After

04/03/2025, 23:59

Subject

CN=Teruten Inc.,O=Teruten Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fa:99:83:42:0a:58:0e:b3:76:0d:12:da:84:42:46:cd:23:02:bd:01
Signer

Actual PE Digest

fa:99:83:42:0a:58:0e:b3:76:0d:12:da:84:42:46:cd:23:02:bd:01

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\01.Git\WebCubeAgent\Release\CubeManager.pdb

Imports

kernel32

GetCurrentProcessId
Process32Next
GetModuleFileNameA
CreateEventA
CreateThread
TerminateThread
WaitForSingleObject
CloseHandle
WriteFile
SetEvent
ConnectNamedPipe
ReadFile
FlushFileBuffers
DisconnectNamedPipe
Process32First
CreateToolhelp32Snapshot
GetLastError
OpenEventA
CreateNamedPipeA
FreeLibrary
GetProcAddress
LoadLibraryA
WideCharToMultiByte
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
TlsAlloc
TlsFree
GetFileAttributesA
GetLocaleInfoA
GetTempPathA
CreateDirectoryA
GetFileSize
CreateSemaphoreA
TlsGetValue
TlsSetValue
GetLocalTime
GetCurrentThreadId
ReleaseSemaphore
GetCurrentProcess
OpenProcess
GetModuleHandleA
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
CreateRemoteThread
GetExitCodeThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
GetCommandLineA
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
Sleep
ExitProcess
SetConsoleCtrlHandler
RaiseException
RtlUnwind
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetLastError
LCMapStringA
LCMapStringW
HeapSize
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
MultiByteToWideChar

user32

wsprintfA

advapi32

GetSidSubAuthority
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken

shell32

SHGetSpecialFolderPathA

Exports

Exports

?dummy@@YAHXZ

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CubeManager64.dll
.dll windows:5 windows x64 arch:x64

07b6ed5c5071ad555d57fcb795282296

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:40:54:0b:95:84:45:3b:f5:85:0a:d2:a9:b4:25:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/02/2022, 00:00

Not After

04/03/2025, 23:59

Subject

CN=Teruten Inc.,O=Teruten Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

55:26:a6:62:0a:82:26:b8:5b:cc:94:71:1e:a3:73:70:38:4c:c4:94
Signer

Actual PE Digest

55:26:a6:62:0a:82:26:b8:5b:cc:94:71:1e:a3:73:70:38:4c:c4:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\01.Git\WebCubeAgent\Release\CubeManager64.pdb

Imports

kernel32

CloseHandle
GetCurrentProcessId
CreateFileA
WaitForSingleObject
SetEvent
ConnectNamedPipe
WriteFile
CreateToolhelp32Snapshot
CreateEventA
ReadFile
DisconnectNamedPipe
FlushFileBuffers
GetModuleFileNameA
CreateThread
OpenEventA
Process32Next
LoadLibraryA
CreateNamedPipeA
GetProcAddress
GetLastError
Process32First
FreeLibrary
MultiByteToWideChar
TerminateThread
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
HeapReAlloc
GetConsoleMode
GetConsoleCP
SetFilePointer
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
TlsAlloc
TlsFree
GetFileAttributesA
GetLocaleInfoA
GetTempPathA
CreateDirectoryA
GetFileSize
CreateSemaphoreA
TlsGetValue
TlsSetValue
GetLocalTime
GetCurrentThreadId
ReleaseSemaphore
GetCurrentProcess
OpenProcess
GetModuleHandleA
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
CreateRemoteThread
GetExitCodeThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
SetUnhandledExceptionFilter
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
HeapFree
HeapAlloc
FlsSetValue
GetCommandLineA
GetModuleHandleW
Sleep
ExitProcess
SetConsoleCtrlHandler
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
FlsAlloc
LCMapStringA
LCMapStringW
HeapSize
HeapSetInformation
HeapCreate
HeapDestroy
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
WideCharToMultiByte

user32

wsprintfA

advapi32

GetSidSubAuthority
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetTokenInformation
OpenProcessToken

shell32

SHGetSpecialFolderPathA

Exports

Exports

?dummy@@YAHXZ

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CubeU.exe
.exe windows:5 windows x86 arch:x86

8e034c1e1f613c63115084701efd7d58

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:40:54:0b:95:84:45:3b:f5:85:0a:d2:a9:b4:25:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/02/2022, 00:00

Not After

04/03/2025, 23:59

Subject

CN=Teruten Inc.,O=Teruten Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c1:bd:f9:b9:e9:02:4c:0f:a0:b6:d6:8f:0d:8b:62:0e:b4:0c:a7:31
Signer

Actual PE Digest

c1:bd:f9:b9:e9:02:4c:0f:a0:b6:d6:8f:0d:8b:62:0e:b4:0c:a7:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\01.Git\WebCubeAgent\Release\CubeU.pdb

Imports

kernel32

CreateDirectoryA
GetProcAddress
RemoveDirectoryA
CopyFileA
EnterCriticalSection
SetFileAttributesA
ProcessIdToSessionId
LocalAlloc
IsWow64Process
WritePrivateProfileStringA
GetExitCodeThread
GetSystemInfo
WaitForMultipleObjects
GetModuleFileNameA
GetModuleHandleA
DeleteCriticalSection
GetCurrentProcessId
GetTempPathA
LocalFree
DeleteFileA
FreeLibrary
GetSystemDirectoryA
LoadLibraryA
CreateEventA
GetProcessHeap
WriteConsoleW
ConnectNamedPipe
WriteConsoleA
SetStdHandle
GetLocaleInfoW
GetConsoleMode
GetConsoleCP
SetFilePointer
WritePrivateProfileStringW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
TerminateProcess
CreateProcessA
GetFileAttributesA
LeaveCriticalSection
SetEvent
HeapFree
HeapAlloc
UnmapViewOfFile
MapViewOfFile
MultiByteToWideChar
WideCharToMultiByte
CreateThread
CloseHandle
CreateToolhelp32Snapshot
FindNextFileA
OpenEventA
Process32Next
FreeEnvironmentStringsA
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
HeapSize
GetStdHandle
VirtualAlloc
OpenProcess
InitializeCriticalSection
WriteFile
GetCurrentProcess
GetFileSize
CreateFileA
OpenFileMappingA
GetVersionExA
CreateNamedPipeA
FlushFileBuffers
CallNamedPipeA
VirtualFree
HeapDestroy
DisconnectNamedPipe
GetStringTypeW
ReadFile
FindClose
GetLastError
FindFirstFileA
Sleep
TerminateThread
WaitForSingleObject
Process32First
GetConsoleOutputCP
HeapCreate
SetLastError
IsValidCodePage
GetOEMCP
GetACP
LCMapStringW
LCMapStringA
CompareStringW
GetCPInfo
CompareStringA
RtlUnwind
RaiseException
SetConsoleCtrlHandler
GetStartupInfoA
GetCommandLineA
ExitProcess
GetModuleHandleW
HeapReAlloc
IsDebuggerPresent
UnhandledExceptionFilter
InterlockedExchange
InterlockedDecrement
InterlockedIncrement
CreateRemoteThread
WriteProcessMemory
VirtualFreeEx
VirtualAllocEx
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
GetLocaleInfoA
CreateSemaphoreA
TlsGetValue
TlsSetValue
GetLocalTime
GetCurrentThreadId
ReleaseSemaphore
RtlCaptureContext

user32

SetWindowLongA
TranslateMessage
BeginPaint
GetClientRect
DrawTextA
PostQuitMessage
RegisterClassExA
SetTimer
GetMessageA
EndPaint
FindWindowA
MessageBoxA
LoadCursorA
UpdateWindow
CreateWindowExA
DefWindowProcA
SetWindowPos
GetSystemMetrics
SystemParametersInfoA
DispatchMessageA
ShowWindow
wsprintfA
GetWindowThreadProcessId
GetWindowLongA

gdi32

SelectObject
DeleteObject
CreateFontA

advapi32

GetSidSubAuthority
LookupPrivilegeValueA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
SetSecurityDescriptorSacl
OpenProcessToken
ConvertSidToStringSidA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA
GetTokenInformation
AdjustTokenPrivileges

shell32

SHGetSpecialFolderPathA
SHCreateDirectoryExA
ShellExecuteA

httpapi

HttpAddUrl
HttpReceiveHttpRequest
HttpTerminate
HttpRemoveUrl
HttpDeleteServiceConfiguration
HttpSetServiceConfiguration
HttpInitialize
HttpSendHttpResponse
HttpCreateHttpHandle

shlwapi

PathRemoveFileSpecA

iphlpapi

GetAdaptersInfo
SendARP

crypt32

CertOpenStore
CertFreeCertificateContext
CertAddCertificateContextToStore
CertCloseStore
CertGetNameStringA
PFXImportCertStore
CertEnumCertificatesInStore
PFXIsPFXBlob

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WinVerifyTrust
WTHelperProvDataFromStateData

wininet

HttpQueryInfoA
InternetConnectA
InternetCrackUrlA
InternetSetOptionA
HttpOpenRequestA
HttpSendRequestA
InternetOpenA
InternetCloseHandle
InternetQueryOptionA
InternetReadFile

ws2_32

htons
WSACleanup
WSAStartup
gethostname
inet_addr
gethostbyname
inet_ntoa

Sections

.text
Size: 319KB - Virtual size: 319KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CubeU64.exe
.exe windows:5 windows x64 arch:x64

e1b8755e8308295f1ca8b8e56a3b6e7b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:40:54:0b:95:84:45:3b:f5:85:0a:d2:a9:b4:25:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/02/2022, 00:00

Not After

04/03/2025, 23:59

Subject

CN=Teruten Inc.,O=Teruten Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

46:07:42:8f:69:62:68:54:2b:34:36:78:29:e6:bd:92:79:05:3e:1a
Signer

Actual PE Digest

46:07:42:8f:69:62:68:54:2b:34:36:78:29:e6:bd:92:79:05:3e:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\01.Git\WebCubeAgent\Release\CubeU64.pdb

Imports

kernel32

Process32Next
IsWow64Process
OpenEventA
GetSystemInfo
GetModuleFileNameA
GetModuleHandleA
CreateToolhelp32Snapshot
CloseHandle
LocalFree
WriteFile
ConnectNamedPipe
CreateNamedPipeA
WaitForSingleObject
DisconnectNamedPipe
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoW
HeapReAlloc
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetProcAddress
GetLastError
SetEvent
FlushFileBuffers
Process32First
GetCurrentProcess
CallNamedPipeA
GetFileSize
CreateFileA
MultiByteToWideChar
InitializeCriticalSectionAndSpinCount
ReadFile
TerminateProcess
GetFileAttributesA
CreateEventA
Sleep
OpenProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
DeleteCriticalSection
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapSize
GetStdHandle
HeapCreate
HeapSetInformation
LCMapStringW
LCMapStringA
FlsAlloc
WideCharToMultiByte
SetLastError
FlsFree
FlsSetValue
FlsGetValue
DecodePointer
EncodePointer
IsValidCodePage
GetOEMCP
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
GetTempPathA
CreateDirectoryA
GetCurrentThreadId
LoadLibraryA
GetCurrentProcessId
FreeLibrary
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
GetLocaleInfoA
CreateSemaphoreA
TlsGetValue
TlsSetValue
GetLocalTime
ReleaseSemaphore
VirtualAllocEx
VirtualFreeEx
WriteProcessMemory
CreateRemoteThread
GetExitCodeThread
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
HeapFree
HeapAlloc
GetCommandLineA
GetStartupInfoA
GetModuleHandleW
ExitProcess
SetConsoleCtrlHandler
RaiseException
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
GetACP

user32

wsprintfA

advapi32

GetSidSubAuthority
SetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorA
GetSecurityDescriptorSacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
GetTokenInformation

shell32

SHGetSpecialFolderPathA

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GDISpy.sys
.sys windows:5 windows x86 arch:x86

feedeb8aec95504be31c203da63ed8b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_except_handler3
InterlockedExchange
InterlockedCompareExchange
_stricmp
strncpy
IoGetCurrentProcess
ObReferenceObjectByHandle
ZwCreateEvent
RtlInitUnicodeString
ZwClose
ObfDereferenceObject
KeSetEvent
PsSetCreateProcessNotifyRoutine
IoRegisterShutdownNotification
IoDeleteDevice
IoCreateSymbolicLink
ExFreePool
IoCreateDevice
RtlCopyUnicodeString
ExAllocatePoolWithTag
IofCompleteRequest
InterlockedIncrement
InterlockedDecrement
RtlAssert
IoUnregisterShutdownNotification
IoDeleteSymbolicLink
PsGetCurrentProcessId
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
ObOpenObjectByPointer
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeServiceDescriptorTable
MmIsAddressValid
KeAddSystemServiceTable
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
strstr
_strlwr
ExInitializeResourceLite
ExDeleteResourceLite
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
ExAcquireResourceSharedLite
PsLookupProcessByProcessId
DbgPrint
RtlUnicodeToMultiByteN

hal

KeGetCurrentIrql

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
GDISpyB.sys
.sys windows:5 windows x86 arch:x86

feedeb8aec95504be31c203da63ed8b8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

_except_handler3
InterlockedExchange
InterlockedCompareExchange
_stricmp
strncpy
IoGetCurrentProcess
ObReferenceObjectByHandle
ZwCreateEvent
RtlInitUnicodeString
ZwClose
ObfDereferenceObject
KeSetEvent
PsSetCreateProcessNotifyRoutine
IoRegisterShutdownNotification
IoDeleteDevice
IoCreateSymbolicLink
ExFreePool
IoCreateDevice
RtlCopyUnicodeString
ExAllocatePoolWithTag
IofCompleteRequest
InterlockedIncrement
InterlockedDecrement
RtlAssert
IoUnregisterShutdownNotification
IoDeleteSymbolicLink
PsGetCurrentProcessId
ZwFreeVirtualMemory
ZwAllocateVirtualMemory
ObOpenObjectByPointer
ZwSetInformationFile
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
RtlAnsiStringToUnicodeString
RtlInitAnsiString
KeServiceDescriptorTable
MmIsAddressValid
KeAddSystemServiceTable
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
strstr
_strlwr
ExInitializeResourceLite
ExDeleteResourceLite
KeLeaveCriticalRegion
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
KeEnterCriticalRegion
ExAcquireResourceSharedLite
PsLookupProcessByProcessId
DbgPrint
RtlUnicodeToMultiByteN

hal

KeGetCurrentIrql

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ProcessManager64Up.dll
.dll windows:5 windows x64 arch:x64

2821f59a8e0b94b356f23bb6d88278ea

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\01.Git\WebCubeSub\Bin\Release\ProcessManager\ProcessManager64.pdb

Imports

kernel32

HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
FlsSetValue
GetCommandLineA
HeapFree
ExitProcess
HeapReAlloc
HeapSize
HeapQueryInformation
GetACP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
LCMapStringW
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetOEMCP
GetCPInfo
CreateFileA
FlushFileBuffers
SetFilePointer
WriteFile
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalGetAtomNameA
GlobalFlags
WritePrivateProfileStringA
GetModuleHandleW
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GlobalAddAtomA
GetModuleFileNameW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
CompareStringA
lstrcmpA
FreeLibrary
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
lstrlenA
GetLastError
SetLastError
GetModuleFileNameA
CreateThread
SetThreadPriority
ResumeThread
CreateMutexA
Sleep
Process32First
Process32Next
WideCharToMultiByte
UnmapViewOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
VirtualFreeEx
CreateToolhelp32Snapshot
CloseHandle
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetCurrentProcess
FindResourceA
LoadResource
LockResource
LCMapStringA
SizeofResource

user32

DestroyMenu
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
GetMenuState
PostQuitMessage
PostMessageA
UnhookWindowsHookEx
CheckMenuItem
EnableMenuItem
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
UnregisterClassA
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetClientRect

gdi32

TextOutA
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ExtTextOutA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shlwapi

PathRemoveFileSpecA
PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

AddSpyTidCount
CloseMapping
CreateMapping
DelSpyTidCount
GetCmdMethod
GetCmdMethodCnt
GetCurrentPageID
GetEnablePopupMenu
GetExceptCapture
GetFileexpandExcept
GetFileexpandInit
GetHtmlPolicy
GetIsCustomInfoPolicy
GetIsIpPolicy
GetIsMacAddressPolicy
GetIsPscAdminInfoPolicy
GetMutex
GetMutex64
GetPolicy
GetPolicyCnt
GetPolicyKeyUrl
GetPolicyMaxCnt
GetProtect
GetProtectCacheFile
GetSpyKeyNumber
GetSpyPidNumber
GetSpyTidCount
GetStartRemoteService
GetThreadIdHwnd
GetThreadIdHwndAll
GetUpdateModule
IsAttachKeyUrl
OpenMapping
SetCmdMethod
SetCurrentPageID
SetEnablePopupMenu
SetExceptCapture
SetFileexpandExcept
SetFileexpandInit
SetHtmlPolicy
SetMutex
SetMutex64
SetPolicy
SetPolicyKeyUrl
SetProtect
SetProtectCacheFile
SetSpyKeyNumber
SetSpyPidNumber
SetStartRemoteService
SetThreadIdHwnd
SetUpdateModule
StartCustomInfoPolicy
StartIpPolicy
StartMacAddressPolicy
StartPscAdminInfoPolicy

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ProcessManagerUp.dll
.dll windows:5 windows x86 arch:x86

50246a08609b7bea2d9fbc1f59953457

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\01.Git\WebCubeSub\Bin\Release\ProcessManager\ProcessManager.pdb

Imports

kernel32

GetCPInfo
GetOEMCP
HeapAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
RtlUnwind
GetCommandLineA
HeapFree
VirtualAlloc
ExitProcess
HeapReAlloc
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
VirtualFree
CreateFileA
HeapDestroy
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
SetFilePointer
WriteFile
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalGetAtomNameA
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
GetModuleHandleW
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GlobalAddAtomA
InterlockedDecrement
GetModuleFileNameW
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryA
CompareStringA
InterlockedExchange
lstrcmpA
FreeLibrary
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
lstrlenA
GetLastError
SetLastError
GetModuleFileNameA
CreateThread
SetThreadPriority
ResumeThread
CreateMutexA
Sleep
Process32First
Process32Next
WideCharToMultiByte
UnmapViewOfFile
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
OpenProcess
VirtualAllocEx
WriteProcessMemory
CreateRemoteThread
WaitForSingleObject
GetExitCodeThread
VirtualFreeEx
CreateToolhelp32Snapshot
CloseHandle
GetModuleHandleA
GetProcAddress
GetSystemInfo
GetCurrentProcess
FindResourceA
LoadResource
LockResource
HeapCreate
SizeofResource

user32

DestroyMenu
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetSubMenu
GetMenuItemCount
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
SetMenu
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageA
UnhookWindowsHookEx
CheckMenuItem
EnableMenuItem
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
UnregisterClassA
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
SetForegroundWindow

gdi32

GetStockObject
TextOutA
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ExtTextOutA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges

shlwapi

PathRemoveFileSpecA
PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

AddSpyTidCount
CloseMapping
CreateMapping
DelSpyTidCount
GetCmdMethod
GetCmdMethodCnt
GetCurrentPageID
GetEnablePopupMenu
GetExceptCapture
GetFileexpandExcept
GetFileexpandInit
GetHtmlPolicy
GetIsCustomInfoPolicy
GetIsIpPolicy
GetIsMacAddressPolicy
GetIsPscAdminInfoPolicy
GetMutex
GetMutex64
GetPolicy
GetPolicyCnt
GetPolicyKeyUrl
GetPolicyMaxCnt
GetProtect
GetProtectCacheFile
GetSpyKeyNumber
GetSpyPidNumber
GetSpyTidCount
GetStartRemoteService
GetThreadIdHwnd
GetThreadIdHwndAll
GetUpdateModule
IsAttachKeyUrl
OpenMapping
SetCmdMethod
SetCurrentPageID
SetEnablePopupMenu
SetExceptCapture
SetFileexpandExcept
SetFileexpandInit
SetHtmlPolicy
SetMutex
SetMutex64
SetPolicy
SetPolicyKeyUrl
SetProtect
SetProtectCacheFile
SetSpyKeyNumber
SetSpyPidNumber
SetStartRemoteService
SetThreadIdHwnd
SetUpdateModule
StartCustomInfoPolicy
StartIpPolicy
StartMacAddressPolicy
StartPscAdminInfoPolicy

Sections

.text
Size: 137KB - Virtual size: 137KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ProcessMgr.exe
.exe windows:5 windows x86 arch:x86

b8f7a50536d9c66b792d6a36463a0a76

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:f9:4f:b3:4c:1b:b9:8b:6c:4a:ef:7e:3a:65:14:b8
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/01/2020, 00:00

Not After

25/01/2021, 12:00

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:29:92:29:45:93:bc:01:f5:21:f8:08:bf:1e:ac:fd:b3:b7:42:d6:17:e3:04:71:e7:19:35:bc:ef:77:56:ad
Signer

Actual PE Digest

f2:29:92:29:45:93:bc:01:f5:21:f8:08:bf:1e:ac:fd:b3:b7:42:d6:17:e3:04:71:e7:19:35:bc:ef:77:56:ad

Digest Algorithm

sha256

PE Digest Matches

true

27:45:c5:a7:36:20:f1:fb:65:fe:54:16:00:b0:b1:b2:71:40:dd:10
Signer

Actual PE Digest

27:45:c5:a7:36:20:f1:fb:65:fe:54:16:00:b0:b1:b2:71:40:dd:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\01.src\WebCubeSub\ProcessMgr\bin\ProcessMgr.pdb

Imports

kernel32

SetErrorMode
GetTickCount
GetFileSizeEx
GetFileTime
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
RtlUnwind
RaiseException
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetStdHandle
GetOEMCP
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetDriveTypeA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
MoveFileA
GetThreadLocale
GetModuleHandleW
InterlockedIncrement
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetCurrentDirectoryA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
GetModuleFileNameW
GlobalAddAtomA
WritePrivateProfileStringA
FreeResource
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
MulDiv
lstrlenA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
GetCurrentProcessId
FreeLibrary
LoadLibraryA
DisconnectNamedPipe
WriteFile
ReadFile
WaitForMultipleObjects
ConnectNamedPipe
ResetEvent
CreateNamedPipeA
ResumeThread
SetThreadPriority
CreateThread
ExitProcess
CreateProcessA
CopyFileA
GetModuleFileNameA
GetFileAttributesA
DeleteFileA
SetFileAttributesA
GetSystemInfo
GetModuleHandleA
GetProcAddress
GetLastError
CreateEventA
Process32Next
Sleep
TerminateProcess
GetExitCodeProcess
OpenProcess
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
Process32First
GetCurrentProcess
Module32First
CloseHandle
FreeEnvironmentStringsA
CreateToolhelp32Snapshot

user32

DestroyMenu
UnregisterClassA
CharUpperA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
ReleaseCapture
LoadCursorA
SetCapture
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSysColor
EndPaint
BeginPaint
LoadIconA
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
PostThreadMessageA
IsWindowVisible
GetKeyState
RegisterClipboardFormatA
SendMessageA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
WaitForInputIdle
EnableWindow
PostMessageA
PostQuitMessage
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
SetWindowPos
MapDialogRect
GetParent
SetWindowContextHelpId
GetWindow
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongA
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetFocus
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA

gdi32

GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
SetViewportOrgEx
ScaleViewportExtEx
SetViewportExtEx
GetDeviceCaps
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetObjectA
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
OffsetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegOpenKeyA
RegQueryValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
OpenProcessToken
RegCloseKey
RegCreateKeyA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueA

shell32

SHFileOperationA
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecA
PathFindFileNameA
PathFindExtensionA
PathIsUNCA
PathStripToRootA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

psapi

GetModuleFileNameExA

Sections

.text
Size: 214KB - Virtual size: 214KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ProcessMgr64.exe
.exe windows:5 windows x64 arch:x64

64d33a6de1f6f2575a5cd1b4188e6526

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:f9:4f:b3:4c:1b:b9:8b:6c:4a:ef:7e:3a:65:14:b8
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/01/2020, 00:00

Not After

25/01/2021, 12:00

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:5e:91:58:88:08:92:e5:5e:40:23:a7:fc:68:34:25:7a:e5:84:e7:fb:79:95:d9:4b:7a:59:c7:46:0a:56:c3
Signer

Actual PE Digest

28:5e:91:58:88:08:92:e5:5e:40:23:a7:fc:68:34:25:7a:e5:84:e7:fb:79:95:d9:4b:7a:59:c7:46:0a:56:c3

Digest Algorithm

sha256

PE Digest Matches

true

aa:2c:d3:9e:99:bd:e2:23:5a:c2:30:a3:64:3d:d8:c5:5b:85:12:75
Signer

Actual PE Digest

aa:2c:d3:9e:99:bd:e2:23:5a:c2:30:a3:64:3d:d8:c5:5b:85:12:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\01.src\WebCubeSub\ProcessMgr\bin\ProcessMgr64.pdb

Imports

kernel32

GetFileSizeEx
GetFileTime
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
HeapQueryInformation
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetACP
IsValidCodePage
LCMapStringA
GetStringTypeA
GetStringTypeW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetDriveTypeA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetTickCount
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
MoveFileA
GetThreadLocale
GetModuleHandleW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GlobalFlags
GetCurrentDirectoryA
FindFirstFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindNextFileA
FindClose
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetModuleFileNameW
GlobalAddAtomA
WritePrivateProfileStringA
FreeResource
SetLastError
GlobalFree
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
MulDiv
lstrlenA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
GlobalLock
lstrcmpA
GlobalAlloc
GetCurrentProcessId
FreeLibrary
LoadLibraryA
DisconnectNamedPipe
WriteFile
ReadFile
WaitForMultipleObjects
ConnectNamedPipe
ResetEvent
CreateNamedPipeA
ResumeThread
SetThreadPriority
CreateThread
ExitProcess
CreateProcessA
CopyFileA
GetModuleFileNameA
GetFileAttributesA
DeleteFileA
SetFileAttributesA
GetSystemInfo
GetModuleHandleA
GetProcAddress
GetLastError
CreateEventA
Process32Next
Sleep
TerminateProcess
GetExitCodeProcess
OpenProcess
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
Process32First
GetCurrentProcess
Module32First
CloseHandle
LCMapStringW
CreateToolhelp32Snapshot

user32

DestroyMenu
UnregisterClassA
CharUpperA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
ReleaseCapture
LoadCursorA
SetCapture
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetSysColor
EndPaint
BeginPaint
LoadIconA
PostThreadMessageA
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
UnhookWindowsHookEx
GetWindowThreadProcessId
GetLastActivePopup
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
RegisterClipboardFormatA
IsWindowVisible
GetKeyState
SendMessageA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
WaitForInputIdle
EnableWindow
PostMessageA
PostQuitMessage
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
SetWindowPos
MapDialogRect
GetParent
SetWindowContextHelpId
GetWindow
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongA
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetFocus
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetTopWindow

gdi32

GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetViewportOrgEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
GetDeviceCaps
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetObjectA
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
OffsetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegOpenKeyA
RegQueryValueA
RegCreateKeyExA
RegOpenKeyExA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
OpenProcessToken
RegCloseKey
RegCreateKeyA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
LookupPrivilegeValueA

shell32

SHFileOperationA
SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecA
PathFindFileNameA
PathFindExtensionA
PathIsUNCA
PathStripToRootA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

rpcrt4

UuidCreate
RpcStringFreeA
UuidToStringA

psapi

GetModuleFileNameExA

Sections

.text
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PscMng.exe
.exe windows:4 windows x86 arch:x86

a1fc88f05d8df85abcf395a8dfb0ae9a

Code Sign

29:a2:8e:c1:a2:fa:cf:c4:23:c7:2f:05:62:18:af:d5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

20/02/2020, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:1a:0c:73:9d:0e:05:52:04:f6:79:1a:e2:25:ec:66:e7:5d:2a:49:a4:a6:00:75:8c:88:bd:59:e0:08:0d:09
Signer

Actual PE Digest

4f:1a:0c:73:9d:0e:05:52:04:f6:79:1a:e2:25:ec:66:e7:5d:2a:49:a4:a6:00:75:8c:88:bd:59:e0:08:0d:09

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

RtlUnwind
RaiseException
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
GetACP
ExitProcess
HeapReAlloc
HeapSize
SetUnhandledExceptionFilter
Sleep
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
VirtualQuery
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetModuleFileNameA
GetUserDefaultLangID
FileTimeToSystemTime
FileTimeToLocalFileTime
CloseHandle
GetFileTime
CreateFileA
DeleteFileA
CopyFileA
GetSystemDirectoryA
GetLastError
CreateMutexA
GetVersionExA
FreeLibrary
GetProcAddress
LoadLibraryA
InterlockedIncrement
InterlockedDecrement
lstrlenA
WideCharToMultiByte
MultiByteToWideChar
LocalFree
FormatMessageA
GetCurrentThreadId
GetCurrentThread
lstrcmpiA
lstrcmpA
GlobalDeleteAtom
GlobalAlloc
GlobalLock
GetFileSize
GetFileAttributesA
GetTickCount
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
MoveFileA
SetEndOfFile
UnlockFile
LockFile
GetProfileStringA
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
SetErrorMode
GetOEMCP
GetCPInfo
SizeofResource
GetThreadLocale
GetProcessVersion
WritePrivateProfileStringA
GlobalFlags
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcpynA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
MulDiv
SetLastError
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GlobalUnlock
FindResourceA
LoadResource
LockResource
GlobalFree
InterlockedExchange

user32

CopyAcceleratorTableA
SetRect
GetNextDlgGroupItem
MessageBeep
InvalidateRect
CharUpperA
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
GetDesktopWindow
LoadCursorA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
DestroyMenu
LoadStringA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
CharNextA
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
EndDialog
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
GetSysColorBrush
PtInRect
GetClassNameA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
wsprintfA
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
LoadIconA
GetMenuItemCount

gdi32

SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
IntersectClipRect
DeleteObject
GetStockObject
GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
PatBlt
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetTextExtentPointA
BitBlt
CreateCompatibleDC
CreateDIBitmap
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA

shell32

SHGetSpecialFolderPathA

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
OleFlushClipboard
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleIsCurrentClipboard
CoRegisterMessageFilter
CoRevokeClassObject

olepro32

ord253

oleaut32

SysStringLen
SysAllocStringByteLen
SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RDUtil.dll
.dll windows:5 windows x86 arch:x86

3b082133c75d4c617f8bd0c46fca5736

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/11/2020, 00:00

Not After

26/02/2024, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:41:9f:fa:f0:d3:5a:94:ba:1a:2c:4d:eb:97:e7:8a:83:70:c2:13:a8:77:0d:da:4d:dd:54:d8:c4:5d:6b:06
Signer

Actual PE Digest

c2:41:9f:fa:f0:d3:5a:94:ba:1a:2c:4d:eb:97:e7:8a:83:70:c2:13:a8:77:0d:da:4d:dd:54:d8:c4:5d:6b:06

Digest Algorithm

sha256

PE Digest Matches

true

b6:df:2c:f1:4e:c0:87:18:bc:4f:da:6c:35:9d:41:77:d7:5e:da:e4
Signer

Actual PE Digest

b6:df:2c:f1:4e:c0:87:18:bc:4f:da:6c:35:9d:41:77:d7:5e:da:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFullPathNameA
GetCPInfo
GetOEMCP
VirtualAlloc
RtlUnwind
RaiseException
GetCommandLineA
HeapReAlloc
ExitProcess
HeapSize
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetDriveTypeA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
SetFilePointer
GlobalFindAtomA
lstrcmpW
GlobalFlags
GetCurrentDirectoryA
WritePrivateProfileStringA
GlobalGetAtomNameA
InterlockedIncrement
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetModuleFileNameW
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
lstrlenA
SetLastError
lstrlenW
InterlockedDecrement
GetFileAttributesA
WaitForSingleObject
FreeLibrary
LoadLibraryA
WTSGetActiveConsoleSessionId
ReadProcessMemory
GetModuleHandleW
GetCurrentProcess
FindFirstFileA
GetLastError
FindNextFileA
FindClose
ReadFile
Process32First
OpenProcess
Process32Next
CreateToolhelp32Snapshot
GetModuleFileNameA
GetUserDefaultLangID
WideCharToMultiByte
GetSystemDirectoryA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetModuleHandleA
GetProcAddress
GetSystemInfo
CreateThread
SetThreadPriority
ResumeThread
CreateFileA
WriteFile
CloseHandle
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
GetLocalTime
CallNamedPipeA
EnterCriticalSection
GetTimeZoneInformation
LeaveCriticalSection

user32

DestroyMenu
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
IsWindowVisible
GetWindowTextA
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
UnhookWindowsHookEx
SetForegroundWindow
IsWindow
EnumWindows
GetWindowThreadProcessId
GetWindow
GetWindowLongA
GetSystemMetrics
wsprintfA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
GetDlgItem

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportOrgEx
SetViewportExtEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
DeleteObject
OffsetViewportOrgEx

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
LookupAccountSidA
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteExA

shlwapi

PathStripPathA
PathRemoveFileSpecA
PathGetArgsA
PathFindExtensionA
PathFindFileNameA

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantChangeType
VariantInit

gdiplus

GdiplusShutdown

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

psapi

GetModuleBaseNameA
EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSQueryUserToken

Exports

Exports

RDLib_Init
RDLib_IsMirrorDriver
RDLib_IsRemote
RDLib_Release

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 215KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RDUtil64.dll
.dll windows:5 windows x64 arch:x64

f1b7428e602f7a91e893120378858923

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/11/2020, 00:00

Not After

26/02/2024, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fb:89:6f:6c:a6:30:0d:0f:ae:14:9d:a6:80:2d:7b:31:b4:f1:06:fe:99:e7:f5:b5:34:b5:f1:e1:9d:b8:74:3f
Signer

Actual PE Digest

fb:89:6f:6c:a6:30:0d:0f:ae:14:9d:a6:80:2d:7b:31:b4:f1:06:fe:99:e7:f5:b5:34:b5:f1:e1:9d:b8:74:3f

Digest Algorithm

sha256

PE Digest Matches

true

12:3c:5a:8a:46:b6:f6:3e:b8:d3:bb:a5:ad:b1:3c:e8:bb:0b:6f:6a
Signer

Actual PE Digest

12:3c:5a:8a:46:b6:f6:3e:b8:d3:bb:a5:ad:b1:3c:e8:bb:0b:6f:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetFullPathNameA
GetCPInfo
GetOEMCP
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
FlsSetValue
GetCommandLineA
HeapReAlloc
ExitProcess
HeapSize
HeapQueryInformation
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetTimeZoneInformation
EncodePointer
FlsGetValue
FlsFree
FlsAlloc
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetDriveTypeA
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
SetFilePointer
GlobalFindAtomA
lstrcmpW
GlobalFlags
GetCurrentDirectoryA
WritePrivateProfileStringA
GlobalGetAtomNameA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
TlsGetValue
LocalAlloc
GetModuleFileNameW
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
lstrlenA
SetLastError
lstrlenW
GetFileAttributesA
WaitForSingleObject
FreeLibrary
LoadLibraryA
WTSGetActiveConsoleSessionId
ReadProcessMemory
GetModuleHandleW
GetCurrentProcess
FindFirstFileA
GetLastError
FindNextFileA
FindClose
ReadFile
Process32First
OpenProcess
Process32Next
CreateToolhelp32Snapshot
GetModuleFileNameA
GetUserDefaultLangID
WideCharToMultiByte
GetSystemDirectoryA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetModuleHandleA
GetProcAddress
GetSystemInfo
CreateThread
SetThreadPriority
ResumeThread
CreateFileA
WriteFile
CloseHandle
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
GetLocalTime
CallNamedPipeA
EnterCriticalSection
DecodePointer
LeaveCriticalSection

user32

DestroyMenu
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessagePos
MapWindowPoints
SetMenu
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
IsWindowVisible
GetWindowTextA
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
LoadCursorA
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
UnhookWindowsHookEx
SetForegroundWindow
IsWindow
EnumWindows
GetWindowThreadProcessId
GetWindow
GetWindowLongA
GetSystemMetrics
wsprintfA
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
GetMessageTime

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
SetViewportOrgEx
ScaleViewportExtEx
SetViewportExtEx
SelectObject
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
DeleteObject
OffsetViewportOrgEx

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyExA
GetSidSubAuthority
OpenProcessToken
GetTokenInformation
LookupAccountSidA
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
RegQueryValueExA
RegCloseKey

shell32

ShellExecuteExA

shlwapi

PathStripPathA
PathRemoveFileSpecA
PathGetArgsA
PathFindExtensionA
PathFindFileNameA

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoSetProxyBlanket

oleaut32

SysAllocString
SysFreeString
VariantClear
VariantChangeType
VariantInit

gdiplus

GdiplusShutdown

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

psapi

GetModuleBaseNameA
EnumProcessModules
GetModuleFileNameExA

wtsapi32

WTSQueryUserToken

Exports

Exports

RDLib_Init
RDLib_IsMirrorDriver
RDLib_IsRemote
RDLib_Release

Sections

.text
Size: 197KB - Virtual size: 197KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 217KB - Virtual size: 243KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TDCommonLib64up.dll
.dll windows:5 windows x64 arch:x64

11079cfaa54db739ea44b25d9a4de797

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/11/2020, 00:00

Not After

26/02/2024, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:eb:24:a4:b0:7f:5f:bb:6e:90:e4:a7:ec:4e:59:2a:b8:c9:1a:e1:73:33:93:dd:66:e3:8b:a5:af:1f:9a:50
Signer

Actual PE Digest

aa:eb:24:a4:b0:7f:5f:bb:6e:90:e4:a7:ec:4e:59:2a:b8:c9:1a:e1:73:33:93:dd:66:e3:8b:a5:af:1f:9a:50

Digest Algorithm

sha256

PE Digest Matches

true

fb:33:a6:57:81:05:ba:27:25:76:46:d6:7e:b9:d7:14:83:ef:4c:96
Signer

Actual PE Digest

fb:33:a6:57:81:05:ba:27:25:76:46:d6:7e:b9:d7:14:83:ef:4c:96

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\Users\his\Documents\Visual Studio 2008\Projects\Windows_PSC\TDepend\Bin\Release\TDCommonLib\TDCommonLib64.pdb

Imports

kernel32

SetFilePointer
FlushFileBuffers
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
FlsSetValue
GetCommandLineA
HeapReAlloc
ExitProcess
HeapSize
HeapQueryInformation
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GlobalFlags
GetModuleHandleW
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
TlsGetValue
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GetModuleFileNameW
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
MultiByteToWideChar
lstrlenA
SetLastError
GetFileAttributesA
GetProcessHandleCount
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
GetLastError
OpenProcess
LocalAlloc
LocalFree
GetModuleHandleA
GetSystemInfo
GetCurrentProcess
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetModuleFileNameA
GetUserDefaultLangID
WideCharToMultiByte
GetSystemDirectoryA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceA
LoadResource
LockResource
SizeofResource
CreateFileA
WriteFile
CloseHandle
GetTickCount
HeapAlloc
HeapFree
Sleep
GetCurrentProcessId
GetCurrentThreadId
CallNamedPipeA
EnterCriticalSection
RtlCaptureContext
LeaveCriticalSection

user32

GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
DestroyMenu
ShowWindow
SetWindowTextA
LoadCursorA
GetDC
ReleaseDC
GetSysColorBrush
UnregisterClassA
IsWindowEnabled
SetCursor
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
PostQuitMessage
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetFocus
GetWindowTextA
GetForegroundWindow
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
EnableWindow
SetForegroundWindow
GetClientRect
PostMessageA
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CheckMenuItem
GetDlgCtrlID
SendMessageA
PtInRect
DefWindowProcA
CallWindowProcA
GetMenu
GetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
wsprintfA
EnumWindows
IsWindowVisible
GetParent
GetClassNameA
GetWindowRect
GetWindowThreadProcessId
IsWindow
EqualRect
CopyRect
GetLastActivePopup

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
DeleteObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegQueryValueA

shell32

ShellExecuteExA

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

gdiplus

GdiplusShutdown

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

AddDepend
AddDependHwnd
AddTPWDepend
CloseMemMap
DelDepend
DelDependHwnd
DelTAdminLog
DelTPWDepend
EarseClipboardExceptProcess
EarseExceptProcess
EarseInjectExceptProcess
GetDllKillList
GetDllKillRefreshCount
GetDomain
GetImagePath
GetTAdminLog
InsertClipboardExceptProcess
InsertDllKillList
InsertExceptProcess
InsertInjectExceptProcess
IsClipboardExceptProcess
IsExceptProcess
IsInjectExceptProcess
IsOwnerProcessMe
IsProtectPid
P_GetProtectFlag
SetDefaultProtect
SetDomain
SetImagePath
SetTAdminLog
TPWEarseProtectDocumentName
TPWEarseProtectProcess
TPWGetConfigFilePath
TPWGetPolicy
TPWInsertProtectDocumentName
TPWInsertProtectProcess
TPWIsDocumentName
TPWIsProtectProcess
TPWSetConfigFilePath
TPWSetPolicy
T_GetClipBoardOwner
T_GetPiece
T_GetProtect
T_GetProtectCount
T_GetProtectFlag
T_GetShareData
T_SetClipBoardOwner
T_SetPiece
T_SetProtect
T_SetProtectFlag

Sections

.text
Size: 193KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

TCommonl
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TDCommonLibup.dll
.dll windows:5 windows x86 arch:x86

949f3f967e40db2b2d09cad80f85782e

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/11/2020, 00:00

Not After

26/02/2024, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:69:d1:dd:a0:4b:64:8a:16:9b:c6:8e:70:46:8a:58:9e:4f:fb:e3:3c:ac:31:f2:55:1c:f4:9e:9e:49:02:8b
Signer

Actual PE Digest

09:69:d1:dd:a0:4b:64:8a:16:9b:c6:8e:70:46:8a:58:9e:4f:fb:e3:3c:ac:31:f2:55:1c:f4:9e:9e:49:02:8b

Digest Algorithm

sha256

PE Digest Matches

true

70:80:54:7f:1c:e7:24:6d:15:7b:4c:bb:89:24:4d:ea:a4:37:43:6a
Signer

Actual PE Digest

70:80:54:7f:1c:e7:24:6d:15:7b:4c:bb:89:24:4d:ea:a4:37:43:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\his\Documents\Visual Studio 2008\Projects\Windows_PSC\TDepend\Bin\Release\TDCommonLib\TDCommonLib.pdb

Imports

kernel32

SetFilePointer
FlushFileBuffers
RtlUnwind
RaiseException
GetCommandLineA
HeapReAlloc
ExitProcess
HeapSize
HeapCreate
HeapDestroy
GetStdHandle
TerminateProcess
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
WritePrivateProfileStringA
GetOEMCP
GetCPInfo
GlobalFlags
InterlockedIncrement
GetModuleHandleW
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
MultiByteToWideChar
lstrlenA
SetLastError
GetFileAttributesA
GetProcessHandleCount
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
VirtualAlloc
GetLastError
VirtualFree
OpenProcess
LocalAlloc
LocalFree
GetModuleHandleA
GetSystemInfo
GetCurrentProcess
LoadLibraryA
GetProcAddress
FreeLibrary
GetVersionExA
GetModuleFileNameA
GetUserDefaultLangID
WideCharToMultiByte
GetSystemDirectoryA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceA
LoadResource
LockResource
SizeofResource
CreateFileA
WriteFile
CloseHandle
GetTickCount
HeapAlloc
HeapFree
Sleep
GetCurrentProcessId
GetCurrentThreadId
CallNamedPipeA
EnterCriticalSection
UnhandledExceptionFilter
LeaveCriticalSection

user32

GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
DestroyMenu
ShowWindow
SetWindowTextA
LoadCursorA
GetDC
ReleaseDC
GetSysColorBrush
UnregisterClassA
IsWindowEnabled
SetCursor
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
EnableMenuItem
CheckMenuItem
PostQuitMessage
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetDlgItem
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
EnableWindow
SetForegroundWindow
GetClientRect
PostMessageA
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
ModifyMenuA
GetDlgCtrlID
SendMessageA
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
GetWindowLongA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
wsprintfA
EnumWindows
IsWindowVisible
GetParent
GetClassNameA
GetWindowRect
GetWindowThreadProcessId
IsWindow
EqualRect
CopyRect
GetFocus

gdi32

GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
CreateBitmap
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
DeleteObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegEnumKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegCreateKeyExA
RegOpenKeyExA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
RegQueryValueA

shell32

ShellExecuteExA

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

gdiplus

GdiplusShutdown

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

Exports

Exports

AddDepend
AddDependHwnd
AddTPWDepend
CloseMemMap
DelDepend
DelDependHwnd
DelTAdminLog
DelTPWDepend
EarseClipboardExceptProcess
EarseExceptProcess
EarseInjectExceptProcess
GetDllKillList
GetDllKillRefreshCount
GetDomain
GetImagePath
GetTAdminLog
InsertClipboardExceptProcess
InsertDllKillList
InsertExceptProcess
InsertInjectExceptProcess
IsClipboardExceptProcess
IsExceptProcess
IsInjectExceptProcess
IsOwnerProcessMe
IsProtectPid
P_GetProtectFlag
SetDefaultProtect
SetDomain
SetImagePath
SetTAdminLog
TPWEarseProtectDocumentName
TPWEarseProtectProcess
TPWGetConfigFilePath
TPWGetPolicy
TPWInsertProtectDocumentName
TPWInsertProtectProcess
TPWIsDocumentName
TPWIsProtectProcess
TPWSetConfigFilePath
TPWSetPolicy
T_GetClipBoardOwner
T_GetPiece
T_GetProtect
T_GetProtectCount
T_GetProtectFlag
T_GetShareData
T_SetClipBoardOwner
T_SetPiece
T_SetProtect
T_SetProtectFlag

Sections

.text
Size: 160KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TCommonl
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TDepend64up.exe
.exe windows:5 windows x64 arch:x64

634bde3637c606822eb563abbe0d3a87

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/11/2020, 00:00

Not After

26/02/2024, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:c0:bc:52:9b:dc:41:ab:6f:99:e9:41:d3:4f:8a:36:19:47:e1:bf:69:65:d2:8a:36:a5:78:63:de:94:66:3b
Signer

Actual PE Digest

22:c0:bc:52:9b:dc:41:ab:6f:99:e9:41:d3:4f:8a:36:19:47:e1:bf:69:65:d2:8a:36:a5:78:63:de:94:66:3b

Digest Algorithm

sha256

PE Digest Matches

true

be:43:15:2b:b3:29:bf:78:c2:5c:16:94:eb:80:36:d1:e2:ca:6a:35
Signer

Actual PE Digest

be:43:15:2b:b3:29:bf:78:c2:5c:16:94:eb:80:36:d1:e2:ca:6a:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Users\his\Documents\Visual Studio 2008\Projects\Windows_PSC\TDepend\Bin\Release\TDepend\TDepend64.pdb

Imports

psapi

EnumProcessModules
GetModuleFileNameExA

kernel32

GetThreadLocale
GlobalFlags
WritePrivateProfileStringA
GetCurrentDirectoryA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
GetFileSizeEx
GetFileTime
GetCPInfo
GetOEMCP
SetErrorMode
VirtualProtect
VirtualQuery
SetConsoleCtrlHandler
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
ExitProcess
GetDriveTypeA
GetCommandLineA
GetStartupInfoA
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapReAlloc
LocalReAlloc
HeapSize
SetStdHandle
GetFileType
HeapSetInformation
HeapCreate
GetStdHandle
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetACP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GlobalHandle
GlobalReAlloc
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
LocalAlloc
DeleteCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeResource
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
CompareStringA
GetModuleFileNameW
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
MulDiv
lstrlenA
SetLastError
WriteProcessMemory
LocalFree
WTSGetActiveConsoleSessionId
FindNextFileA
FindClose
VirtualAllocEx
FindFirstFileA
GetFileAttributesA
VirtualFreeEx
CreateRemoteThread
DeleteFileA
WaitForMultipleObjects
Process32Next
ResetEvent
CreateNamedPipeA
DisconnectNamedPipe
MultiByteToWideChar
ReadFile
TerminateProcess
GetExitCodeProcess
ConnectNamedPipe
Process32First
SetFilePointer
CreateMutexA
DuplicateHandle
LockResource
VirtualAlloc
GetLastError
SizeofResource
WideCharToMultiByte
OpenProcess
LoadResource
FindResourceA
GetVersionExA
QueryPerformanceCounter
GetModuleHandleW
Module32Next
CreateToolhelp32Snapshot
GetModuleHandleA
GetSystemInfo
Module32First
GetSystemDirectoryA
GetExitCodeThread
TerminateThread
SetEvent
TlsFree
TlsAlloc
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
TlsSetValue
WaitForSingleObject
GetLocaleInfoA
TlsGetValue
GetFileSize
GetTempPathA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
InitializeCriticalSection
GetCurrentProcess
SetUnhandledExceptionFilter
FreeLibrary
RtlCaptureContext
CreateThread
ResumeThread
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
ProcessIdToSessionId
GetLocalTime
EnterCriticalSection
CreateDirectoryA
SetThreadPriority
LeaveCriticalSection
Sleep
WriteFile
GetProcessHeap
GetTickCount
HeapFree
HeapAlloc
CreateFileA
HeapQueryInformation

user32

RegisterClipboardFormatA
PostThreadMessageA
IsRectEmpty
CopyAcceleratorTableA
CharNextA
CharUpperA
ReleaseCapture
SetCapture
UnregisterClassA
LoadCursorA
GetSysColorBrush
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
TabbedTextOutA
GetDesktopWindow
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
IsWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetLastActivePopup
IsWindowEnabled
SetCursor
PostMessageA
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
DestroyMenu
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
PtInRect
SetRect
ModifyMenuA
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
WaitForInputIdle
EmptyClipboard
GetClipboardViewer
SetClipboardViewer
CloseClipboard
IsIconic
IsClipboardFormatAvailable
LoadIconA
DrawIcon
GetClientRect
SendMessageA
SetWindowLongA
GetWindowLongA
GetClipboardData
OpenClipboard
GetSystemMetrics
EnableWindow
GetClipboardOwner
GetOpenClipboardWindow
GetWindowTextA
GetWindowThreadProcessId
TranslateMessage
MessageBoxA
PeekMessageA
DispatchMessageA
DrawTextA

gdi32

GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
SetViewportOrgEx
SelectObject
Escape
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
GetDeviceCaps
DeleteObject
GetMapMode
GetObjectA
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
OffsetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
DuplicateTokenEx
RegOpenKeyExA
ConvertSidToStringSidA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountSidA
GetTokenInformation
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyA
LookupPrivilegeValueA
RegCreateKeyA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

shlwapi

PathFindExtensionA
PathFindFileNameA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CoRegisterMessageFilter
OleFlushClipboard
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysStringLen
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysAllocStringLen
SysFreeString

gdiplus

GdiplusShutdown

wtsapi32

WTSQueryUserToken

Sections

.text
Size: 356KB - Virtual size: 355KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TDependup.exe
.exe windows:5 windows x86 arch:x86

23e338cb2daabdcb68364a63ddfe2f29

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/11/2020, 00:00

Not After

26/02/2024, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:02:51:52:e4:9d:e6:13:75:88:dd:1e:be:4b:8b:20:4b:0d:67:84:28:e3:12:1e:02:a5:3d:71:59:c0:cc:08
Signer

Actual PE Digest

6a:02:51:52:e4:9d:e6:13:75:88:dd:1e:be:4b:8b:20:4b:0d:67:84:28:e3:12:1e:02:a5:3d:71:59:c0:cc:08

Digest Algorithm

sha256

PE Digest Matches

true

21:18:8e:08:91:d4:53:eb:25:a1:1b:6d:b9:07:6e:2a:24:2c:b2:6c
Signer

Actual PE Digest

21:18:8e:08:91:d4:53:eb:25:a1:1b:6d:b9:07:6e:2a:24:2c:b2:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\his\Documents\Visual Studio 2008\Projects\Windows_PSC\TDepend\Bin\Release\TDepend\TDepend.pdb

Imports

psapi

EnumProcessModules
GetModuleFileNameExA

kernel32

LocalReAlloc
GetModuleHandleW
InterlockedIncrement
GetThreadLocale
GlobalFlags
WritePrivateProfileStringA
GetCurrentDirectoryA
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetVolumeInformationA
GetFullPathNameA
GetFileSizeEx
GetFileTime
GetCPInfo
GetOEMCP
SetErrorMode
VirtualProtect
VirtualQuery
SetConsoleCtrlHandler
UnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetDriveTypeA
GlobalGetAtomNameA
GetStartupInfoA
RtlUnwind
RaiseException
HeapReAlloc
HeapSize
SetStdHandle
GetFileType
HeapCreate
GetStdHandle
GetACP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
GlobalHandle
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GlobalFindAtomA
lstrcmpW
LocalAlloc
DeleteCriticalSection
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeResource
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
CompareStringA
InterlockedExchange
InterlockedDecrement
GetModuleFileNameW
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
MulDiv
lstrlenA
SetLastError
SuspendThread
WriteProcessMemory
LocalFree
WTSGetActiveConsoleSessionId
FindNextFileA
OpenThread
FindClose
VirtualAllocEx
FindFirstFileA
Thread32Next
GetFileAttributesA
VirtualFreeEx
Thread32First
CreateRemoteThread
DeleteFileA
WaitForMultipleObjects
Process32Next
ResetEvent
CreateNamedPipeA
DisconnectNamedPipe
MultiByteToWideChar
ReadFile
TerminateProcess
GetExitCodeProcess
ConnectNamedPipe
Process32First
SetFilePointer
CreateMutexA
DuplicateHandle
LockResource
VirtualAlloc
GetLastError
SizeofResource
WideCharToMultiByte
OpenProcess
VirtualFree
LoadResource
FindResourceA
GetVersionExA
WriteConsoleA
GlobalReAlloc
Module32Next
CreateToolhelp32Snapshot
GetModuleHandleA
GetSystemInfo
Module32First
GetSystemDirectoryA
GetExitCodeThread
TerminateThread
SetEvent
TlsFree
TlsAlloc
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
TlsSetValue
WaitForSingleObject
GetLocaleInfoA
TlsGetValue
GetFileSize
GetTempPathA
GetModuleFileNameA
LoadLibraryA
GetProcAddress
InitializeCriticalSection
GetCurrentProcess
SetUnhandledExceptionFilter
FreeLibrary
RtlCaptureContext
CreateThread
ResumeThread
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
ProcessIdToSessionId
GetLocalTime
EnterCriticalSection
CreateDirectoryA
SetThreadPriority
LeaveCriticalSection
Sleep
WriteFile
GetProcessHeap
GetTickCount
HeapFree
HeapAlloc
CreateFileA
GetCommandLineA

user32

PostThreadMessageA
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
CharUpperA
ReleaseCapture
SetCapture
UnregisterClassA
LoadCursorA
GetSysColorBrush
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextA
TabbedTextOutA
GetDesktopWindow
SetFocus
ShowWindow
MoveWindow
GetDlgCtrlID
IsWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
GetWindow
SetWindowContextHelpId
MapDialogRect
SetWindowPos
GetLastActivePopup
IsWindowEnabled
SetCursor
PostMessageA
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
RegisterClipboardFormatA
DestroyMenu
PtInRect
MessageBeep
EnableMenuItem
CheckMenuItem
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
wsprintfA
WaitForInputIdle
EmptyClipboard
GetClipboardViewer
SetClipboardViewer
CloseClipboard
IsIconic
IsClipboardFormatAvailable
LoadIconA
DrawIcon
GetClientRect
SendMessageA
SetWindowLongA
GetWindowLongA
GetClipboardData
ChangeClipboardChain
OpenClipboard
GetSystemMetrics
EnableWindow
GetClipboardOwner
GetOpenClipboardWindow
GetWindowTextA
GetWindowThreadProcessId
MsgWaitForMultipleObjects
TranslateMessage
MessageBoxA
PeekMessageA
DispatchMessageA
DrawTextExA

gdi32

GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
SetViewportOrgEx
GetMapMode
SelectObject
Escape
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
GetDeviceCaps
DeleteObject
GetObjectA
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
OffsetViewportOrgEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
RegOpenKeyExA
ConvertSidToStringSidA
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
LookupAccountSidA
GetTokenInformation
RegCloseKey
AdjustTokenPrivileges
RegOpenKeyA
LookupPrivilegeValueA
RegCreateKeyA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
OpenProcessToken
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

shlwapi

PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
PathStripToRootA
PathIsUNCA

oledlg

ord8

ole32

CoRegisterMessageFilter
OleFlushClipboard
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SysStringLen
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringByteLen
SysAllocStringLen
SysFreeString

gdiplus

GdiplusShutdown

ws2_32

gethostname
inet_ntoa
WSAStartup
WSACleanup
gethostbyname

iphlpapi

GetAdaptersInfo

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA
WTSQueryUserToken

wininet

HttpOpenRequestA
InternetConnectA
HttpSendRequestA
InternetReadFile
InternetWriteFile
InternetSetFilePointer
InternetSetStatusCallback
InternetOpenA
InternetGetLastResponseInfoA
InternetCloseHandle
HttpQueryInfoA
HttpAddRequestHeadersA
InternetQueryDataAvailable
InternetCrackUrlA
InternetCanonicalizeUrlA

Sections

.text
Size: 337KB - Virtual size: 337KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TFMng.exe
.exe windows:5 windows x86 arch:x86

9558aa37c83a68770d750a7ea6ee75f3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:f9:4f:b3:4c:1b:b9:8b:6c:4a:ef:7e:3a:65:14:b8
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/01/2020, 00:00

Not After

25/01/2021, 12:00

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b4:f7:29:77:60:4f:00:d6:9d:14:b6:d4:84:0b:c1:bb:52:90:ff:0e:cf:97:b2:00:42:a7:27:2f:70:e8:bb
Signer

Actual PE Digest

4e:b4:f7:29:77:60:4f:00:d6:9d:14:b6:d4:84:0b:c1:bb:52:90:ff:0e:cf:97:b2:00:42:a7:27:2f:70:e8:bb

Digest Algorithm

sha256

PE Digest Matches

true

be:ad:28:e0:77:f4:ee:5b:11:ad:67:bd:60:e1:85:28:9b:0d:e4:b2
Signer

Actual PE Digest

be:ad:28:e0:77:f4:ee:5b:11:ad:67:bd:60:e1:85:28:9b:0d:e4:b2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

LockFile
UnlockFile
SetEndOfFile
GetFileSize
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetCPInfo
GetOEMCP
SetErrorMode
GetFileSizeEx
GetTickCount
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
HeapAlloc
GetCommandLineA
GetStartupInfoA
HeapFree
VirtualProtect
VirtualQuery
HeapReAlloc
ExitProcess
HeapSize
UnhandledExceptionFilter
FlushFileBuffers
GetTimeZoneInformation
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
HeapCreate
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetFilePointer
MoveFileA
GlobalFlags
WritePrivateProfileStringA
GetThreadLocale
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GetModuleHandleW
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
lstrcmpA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
MulDiv
lstrlenA
CreateThread
SetThreadPriority
ResumeThread
CreateNamedPipeA
CreateEventA
ConnectNamedPipe
ResetEvent
WaitForMultipleObjects
ReadFile
WriteFile
DisconnectNamedPipe
SetFileAttributesA
GetFileAttributesA
DeleteFileA
CopyFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetExitCodeProcess
TerminateProcess
Sleep
GetSystemInfo
CreateMutexA
VirtualAlloc
GetLastError
VirtualFree
DuplicateHandle
OpenProcess
GetModuleHandleA
GetVersionExA
SetUnhandledExceptionFilter
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetUserDefaultLangID
WideCharToMultiByte
FileTimeToLocalFileTime
FindResourceA
LoadResource
LockResource
SizeofResource
GetSystemDirectoryA
CreateFileA
GetFileTime
FileTimeToSystemTime
IsDebuggerPresent
CloseHandle

user32

PostThreadMessageA
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
CharUpperA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
SetWindowPos
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
RegisterClipboardFormatA
GetDlgCtrlID
IsWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetWindow
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSystemMetrics
LoadIconA
EnableWindow
GetClientRect
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
DrawIcon
GetWindowThreadProcessId
GetWindowTextA

gdi32

GetStockObject
DeleteDC
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
GetBkColor
GetDeviceCaps
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
PtVisible

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueA
RegOpenKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord8

ole32

OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
OleFlushClipboard
CoFreeUnusedLibraries
CoTaskMemAlloc
CoTaskMemFree
CoRegisterMessageFilter
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
CLSIDFromProgID

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen

dbghelp

MiniDumpWriteDump

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 213KB - Virtual size: 213KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TFMng64.exe
.exe windows:5 windows x64 arch:x64

5defe8d1aad915ea2de97d2af2d03044

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:f9:4f:b3:4c:1b:b9:8b:6c:4a:ef:7e:3a:65:14:b8
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/01/2020, 00:00

Not After

25/01/2021, 12:00

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c0:26:8f:2e:32:73:64:a4:59:51:56:e3:fa:57:4f:7b:64:00:11:74:70:9c:72:7b:72:ba:17:cc:20:62:a3:5e
Signer

Actual PE Digest

c0:26:8f:2e:32:73:64:a4:59:51:56:e3:fa:57:4f:7b:64:00:11:74:70:9c:72:7b:72:ba:17:cc:20:62:a3:5e

Digest Algorithm

sha256

PE Digest Matches

true

e9:58:86:b5:eb:c3:28:e3:ee:20:7f:08:69:00:bf:1a:4e:63:ec:06
Signer

Actual PE Digest

e9:58:86:b5:eb:c3:28:e3:ee:20:7f:08:69:00:bf:1a:4e:63:ec:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileSize
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetCPInfo
GetOEMCP
SetErrorMode
GetFileSizeEx
GetTickCount
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetSystemTimeAsFileTime
HeapAlloc
GetCommandLineA
GetStartupInfoA
HeapFree
VirtualProtect
VirtualQuery
HeapReAlloc
ExitProcess
HeapQueryInformation
HeapSize
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetTimeZoneInformation
EncodePointer
SetEndOfFile
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetACP
IsValidCodePage
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetStdHandle
HeapSetInformation
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
MoveFileA
GlobalFlags
WritePrivateProfileStringA
GetThreadLocale
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleHandleW
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
lstrcmpA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
MulDiv
lstrlenA
CreateThread
SetThreadPriority
ResumeThread
CreateNamedPipeA
CreateEventA
ResetEvent
ConnectNamedPipe
WaitForMultipleObjects
ReadFile
WriteFile
DisconnectNamedPipe
SetFileAttributesA
DeleteFileA
GetFileAttributesA
CopyFileA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetExitCodeProcess
TerminateProcess
Sleep
GetSystemInfo
CreateMutexA
VirtualAlloc
GetLastError
DuplicateHandle
OpenProcess
GetModuleHandleA
GetVersionExA
SetUnhandledExceptionFilter
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
LoadLibraryA
GetProcAddress
FreeLibrary
GetModuleFileNameA
GetUserDefaultLangID
WideCharToMultiByte
FileTimeToLocalFileTime
FindResourceA
LoadResource
LockResource
SizeofResource
GetSystemDirectoryA
CreateFileA
GetFileTime
FileTimeToSystemTime
DecodePointer
CloseHandle

user32

RegisterClipboardFormatA
PostThreadMessageA
IsRectEmpty
CopyAcceleratorTableA
CharNextA
CharUpperA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
CallWindowProcA
GetMenu
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
MapDialogRect
SetWindowPos
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
IsWindow
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetDlgItem
GetWindow
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetMenu
SetRect
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSystemMetrics
LoadIconA
EnableWindow
GetClientRect
IsIconic
GetSystemMenu
SendMessageA
AppendMenuA
DrawIcon
GetWindowThreadProcessId
GetWindowTextA
DefWindowProcA

gdi32

GetStockObject
DeleteDC
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
GetBkColor
GetDeviceCaps
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
PtVisible

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegQueryValueA
RegOpenKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegEnumKeyA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord8

ole32

OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
OleFlushClipboard
CoFreeUnusedLibraries
CoTaskMemAlloc
CoTaskMemFree
CoRegisterMessageFilter
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
CLSIDFromProgID

oleaut32

SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen

dbghelp

MiniDumpWriteDump

rpcrt4

UuidCreate
UuidToStringA
RpcStringFreeA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 264KB - Virtual size: 264KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
THook.dll
.dll windows:4 windows x86 arch:x86

ce750f970e025ba45cb447fd011c42a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
FreeLibrary
GetProcessVersion
WriteFile
SetFilePointer
FlushFileBuffers
GetCPInfo
GetOEMCP
HeapFree
HeapAlloc
RtlUnwind
GetCommandLineA
GetVersionExA
GetProcessHeap
ExitProcess
WritePrivateProfileStringA
RaiseException
HeapSize
HeapReAlloc
GetACP
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InterlockedExchange
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
GetSystemInfo
GetLocaleInfoA
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GlobalFlags
GetVersion
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalAlloc
LocalFree
InterlockedDecrement
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
SetLastError
VirtualAlloc
SuspendThread
GetLastError
SetThreadContext
GetThreadContext
FlushInstructionCache
ResumeThread
VirtualProtect
GetCurrentThreadId
InterlockedCompareExchange
VirtualQuery
lstrlenA
GetCurrentProcess
CloseHandle
GetLogicalDriveStringsA
QueryDosDeviceA
CreateDirectoryW
CreateDirectoryA
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
CreateFileW
OpenFile
_lcreat
_lopen
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExA
GetFileAttributesExW
GetCurrentThread
LoadLibraryA

user32

SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
LoadStringA
DestroyMenu
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
RegisterWindowMessageA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
wsprintfA
GetWindowTextA
SetWindowTextA
ClientToScreen
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
SetClipboardData
GetClipboardData
OpenClipboard
SystemParametersInfoA
PostQuitMessage
PostMessageA
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
GetWindow

gdi32

SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
CreateBitmap
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
StartDocW
StartDocA
DeleteObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA
OpenPrinterW
EnumPrintersA
EnumPrintersW

advapi32

RegSetValueExA
RegCloseKey
RegOpenKeyExA
RegCreateKeyExA

shell32

StrStrIA

comctl32

ord17

ntdll

NtCreateSection
NtDuplicateObject
NtMapViewOfSection
NtQueryFullAttributesFile
NtQueryAttributesFile
NtQueryDirectoryFile
NtClose
NtOpenSection
NtQueryInformationFile
NtQueryVolumeInformationFile
NtWriteFile
NtReadFile
NtOpenSymbolicLinkObject
NtOpenDirectoryObject
NtCreateDirectoryObject
NtOpenFile
NtCreateFile
NtUnlockFile
NtLockFile
NtQueryObject
_strupr
NtUnmapViewOfSection
NtSetInformationFile

Exports

Exports

THook_AddExt
THook_ChangePath
THook_DelExt
THook_FreeBlind
THook_FreePrinter
THook_FreeReDirection
THook_InitExt
THook_Mode
THook_ProtectCopy
THook_SetBlind
THook_SetPrinter
THook_SetProtectCrypt
THook_SetReDirection
THook_SockIoHook
THook_SockIoUnHook
VFS_Init

Sections

.text
Size: 76KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 420KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TLog64up.exe
.exe windows:5 windows x64 arch:x64

cb6a169537f9528c49e2663c18576418

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:bb:3f:bc:7f:06:85:d3:8b:7a:91:64:5e:fd:e1:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

31/10/2013, 00:00

Not After

30/12/2015, 23:59

Subject

CN=Teruten\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\AProject_WebCubeSub\TLog\1.TLog_20100903\bin\TLog64up.pdb

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
RtlUnwindEx
ExitProcess
RaiseException
RtlPcToFileHeader
HeapReAlloc
HeapQueryInformation
HeapSize
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetACP
IsValidCodePage
GetStdHandle
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetDriveTypeA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SetErrorMode
GetOEMCP
GetCPInfo
GetModuleHandleW
GetFullPathNameA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
FormatMessageA
LocalFree
GetModuleFileNameW
MulDiv
MultiByteToWideChar
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalUnlock
GlobalFree
FreeResource
WaitForSingleObject
lstrlenA
WritePrivateProfileStringA
GlobalAddAtomA
SetLastError
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
CompareStringA
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetModuleHandleA
GetProcAddress
CreateThread
DeleteFileA
ResumeThread
GetCurrentProcessId
GetCurrentDirectoryA
FindNextFileA
WaitForMultipleObjects
LockResource
ResetEvent
FindClose
RemoveDirectoryA
CreateNamedPipeA
FindFirstFileA
CreateDirectoryA
DisconnectNamedPipe
SetThreadPriority
ReadFile
TerminateProcess
GetExitCodeProcess
SizeofResource
Sleep
WideCharToMultiByte
OpenProcess
InitializeCriticalSection
WriteFile
ConnectNamedPipe
LoadResource
FindResourceA
CreateFileA
CloseHandle
DeleteCriticalSection
EnterCriticalSection
GetLastError
LeaveCriticalSection
FreeEnvironmentStringsA
CreateEventA

user32

DestroyMenu
UnregisterClassA
LoadCursorA
GetSysColorBrush
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
PtInRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetMenuItemID
GetMenuItemCount
GetSubMenu
EnableWindow
GetSystemMetrics
PostMessageA
SendMessageA
UnhookWindowsHookEx
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetClientRect
DrawIcon
LoadIconA
IsIconic
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
PostQuitMessage
SetCursor
MessageBoxA
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetWindowThreadProcessId
CreateWindowExA

gdi32

GetDeviceCaps
SelectObject
GetStockObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
SetViewportOrgEx

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TLogup.exe
.exe windows:5 windows x86 arch:x86

772356ba44454241e7adaa1f58198c0e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4d:bb:3f:bc:7f:06:85:d3:8b:7a:91:64:5e:fd:e1:5f
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

31/10/2013, 00:00

Not After

30/12/2015, 23:59

Subject

CN=Teruten\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\AProject_WebCubeSub\TLog\1.TLog_20100903\bin\TLogup.pdb

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
GetStartupInfoA
HeapAlloc
HeapFree
RtlUnwind
ExitProcess
RaiseException
HeapReAlloc
VirtualAlloc
HeapSize
GetACP
IsValidCodePage
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetErrorMode
GetFileType
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetDriveTypeA
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
GetModuleHandleW
GetFullPathNameA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
FormatMessageA
LocalFree
InterlockedDecrement
GetModuleFileNameW
MulDiv
MultiByteToWideChar
FileTimeToLocalFileTime
FileTimeToSystemTime
GlobalUnlock
GlobalFree
FreeResource
WaitForSingleObject
lstrlenA
WritePrivateProfileStringA
GlobalAddAtomA
SetLastError
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetModuleHandleA
GetProcAddress
CreateThread
DeleteFileA
ResumeThread
GetCurrentProcessId
GetCurrentDirectoryA
FindNextFileA
WaitForMultipleObjects
LockResource
ResetEvent
FindClose
RemoveDirectoryA
CreateNamedPipeA
FindFirstFileA
CreateDirectoryA
DisconnectNamedPipe
SetThreadPriority
ReadFile
TerminateProcess
GetExitCodeProcess
SizeofResource
Sleep
WideCharToMultiByte
OpenProcess
InitializeCriticalSection
WriteFile
ConnectNamedPipe
LoadResource
FindResourceA
CreateFileA
CloseHandle
DeleteCriticalSection
EnterCriticalSection
GetLastError
LeaveCriticalSection
SetHandleCount
CreateEventA

user32

DestroyMenu
UnregisterClassA
LoadCursorA
GetSysColorBrush
ShowWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
SetFocus
GetWindowTextA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetMenuItemID
GetMenuItemCount
GetSubMenu
EnableWindow
GetSystemMetrics
PostMessageA
SendMessageA
UnhookWindowsHookEx
GetSysColor
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetClientRect
DrawIcon
LoadIconA
IsIconic
CheckMenuItem
EnableMenuItem
GetMenuState
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
PostQuitMessage
SetCursor
MessageBoxA
IsWindowEnabled
GetLastActivePopup
GetWindowLongA
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetWindowThreadProcessId
SetForegroundWindow

gdi32

GetDeviceCaps
GetStockObject
SelectObject
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
CreateBitmap
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
SetViewportOrgEx

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Sections

.text
Size: 155KB - Virtual size: 154KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TMW.exe
.exe windows:5 windows x86 arch:x86

d04c7939e5545b786a7fc3793f78ad86

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/11/2020, 00:00

Not After

26/02/2024, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:94:fa:5f:42:a8:44:52:cf:07:53:89:cc:3f:b5:ff:a7:d8:aa:29:e5:66:9c:81:32:8d:20:25:8b:46:4e:2a
Signer

Actual PE Digest

0e:94:fa:5f:42:a8:44:52:cf:07:53:89:cc:3f:b5:ff:a7:d8:aa:29:e5:66:9c:81:32:8d:20:25:8b:46:4e:2a

Digest Algorithm

sha256

PE Digest Matches

true

bd:f7:ef:84:b3:52:7f:7b:88:1a:ae:eb:27:fc:5f:76:06:1c:48:b4
Signer

Actual PE Digest

bd:f7:ef:84:b3:52:7f:7b:88:1a:ae:eb:27:fc:5f:76:06:1c:48:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Users\his\Documents\Visual Studio 2008\Projects\TMWatermark\Release\TMW.pdb

Imports

kernel32

TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
ExitProcess
SetConsoleCtrlHandler
RaiseException
RtlUnwind
HeapReAlloc
ExitThread
HeapSize
GetACP
IsValidCodePage
LCMapStringA
HeapCreate
VirtualFree
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
LCMapStringW
FlushFileBuffers
SetFilePointer
GetOEMCP
GetCPInfo
LocalReAlloc
GlobalHandle
GlobalReAlloc
LocalAlloc
InterlockedIncrement
GetModuleHandleW
GlobalFlags
InterlockedDecrement
GetModuleFileNameW
SetErrorMode
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetVersionExA
SuspendThread
ResumeThread
SetThreadPriority
GlobalFree
GlobalAlloc
FormatMessageA
LocalFree
GlobalLock
GlobalUnlock
SetLastError
SetUnhandledExceptionFilter
RtlCaptureContext
Process32Next
Process32First
CreateToolhelp32Snapshot
GetTempFileNameA
ReleaseSemaphore
GetCurrentThreadId
TlsSetValue
TlsGetValue
CreateSemaphoreA
CreateDirectoryA
GetTempPathA
GetLocaleInfoA
TlsFree
TlsAlloc
GetSystemInfo
WaitForMultipleObjects
GetCurrentProcessId
GetPrivateProfileStringA
GetPrivateProfileStringW
InterlockedExchange
FindClose
FindNextFileA
FindFirstFileA
GetExitCodeThread
CreateProcessA
DeleteFileA
lstrlenA
WritePrivateProfileStringW
WriteFile
GetCurrentProcess
ReadFile
GetFileSize
GetLocalTime
GetTickCount
OpenProcess
lstrlenW
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateMutexA
OpenEventA
ProcessIdToSessionId
Sleep
WaitForSingleObject
SetEvent
GetPrivateProfileIntA
LeaveCriticalSection
EnterCriticalSection
GetLastError
ResetEvent
DeleteCriticalSection
CreateEventA
InitializeCriticalSection
CloseHandle
CreateFileA
FindResourceA
LoadResource
LockResource
SizeofResource
GetModuleFileNameA
TerminateThread
CreateThread
WideCharToMultiByte
GetTimeZoneInformation
MultiByteToWideChar

user32

GetWindowTextA
GetForegroundWindow
GetDlgItem
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetDlgCtrlID
CallWindowProcA
PtInRect
GetMenu
SetWindowLongA
SystemParametersInfoA
GetWindowPlacement
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
GetKeyState
GetCursorPos
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetParent
GetLastActivePopup
IsWindowEnabled
MessageBoxA
GetSysColor
GetFocus
ClientToScreen
IsZoomed
MoveWindow
SetRect
SendMessageA
ReleaseDC
GetDC
EnableWindow
GetLayeredWindowAttributes
EqualRect
GetWindow
GetWindowRect
IsRectEmpty
CopyRect
InflateRect
SendMessageTimeoutA
EnumChildWindows
GetAncestor
IsWindowVisible
IsIconic
GetClassNameA
GetWindowLongA
EnumWindows
InvalidateRect
PeekMessageA
MsgWaitForMultipleObjects
GetClientRect
TabbedTextOutA
RemovePropA
GetPropA
KillTimer
IsWindow
GetMonitorInfoA
GetWindowThreadProcessId
FindWindowA
GetSystemMetrics
EnumDisplayMonitors
SetLayeredWindowAttributes
DestroyWindow
PostMessageA
DefWindowProcA
PostQuitMessage
EndPaint
BeginPaint
SetWindowPos
RegisterWindowMessageA
SetTimer
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
wsprintfA
GrayStringA
DrawTextExA
DrawTextA
GetClassLongA
GetCapture
WinHelpA
DestroyMenu
GetSysColorBrush
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowTextA
LoadIconA
SetPropA

gdi32

SetMapMode
GetClipBox
LineTo
MoveToEx
SetTextAlign
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateBitmap
GetStockObject
GetDeviceCaps
CreatePen
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
SetPixel
SetDIBColorTable
GetPixel
CreateDIBSection
DeleteDC
GetObjectA
CreateFontA
StretchBlt
PlgBlt
CreateRectRgnIndirect
SelectObject
DeleteObject
Escape
TextOutA
RectVisible
PtVisible
ExtTextOutW
ExtTextOutA
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

CloseServiceHandle
StartServiceA
RegQueryValueExW
GetUserNameW
LookupAccountSidW
RegCreateKeyExA
RegCloseKey
GetUserNameA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA

shell32

SHGetSpecialFolderPathA

shlwapi

PathAddBackslashA
PathFindFileNameA
PathFindExtensionA

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString

psapi

GetModuleBaseNameA

wininet

HttpSendRequestA
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetConnectA
InternetCrackUrlA
InternetOpenA
HttpQueryInfoA
InternetReadFile
HttpOpenRequestA

wtsapi32

WTSQueryUserToken

gdiplus

GdiplusStartup
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdiplusShutdown
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageHeight
GdipDeleteGraphics
GdipDrawImageI
GdipCloneImage
GdipGetImageWidth
GdipGetImageGraphicsContext

ws2_32

WSACleanup
gethostname
WSAStartup
inet_addr
gethostbyname
inet_ntoa

iphlpapi

SendARP

Sections

.text
Size: 365KB - Virtual size: 365KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TMW64.exe
.exe windows:5 windows x64 arch:x64

6ec1ff46785355e9dcaaca50e87eaa54

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/11/2020, 00:00

Not After

26/02/2024, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:25:af:93:a0:f0:c5:3b:d3:02:64:9a:7f:87:6b:5e:2b:6a:a5:99:60:21:bc:98:78:9b:e7:c5:32:d6:79:96
Signer

Actual PE Digest

0d:25:af:93:a0:f0:c5:3b:d3:02:64:9a:7f:87:6b:5e:2b:6a:a5:99:60:21:bc:98:78:9b:e7:c5:32:d6:79:96

Digest Algorithm

sha256

PE Digest Matches

true

87:f8:af:ae:04:d4:95:53:f1:92:3c:5c:55:d8:d4:8f:78:c0:0a:b0
Signer

Actual PE Digest

87:f8:af:ae:04:d4:95:53:f1:92:3c:5c:55:d8:d4:8f:78:c0:0a:b0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\his\Documents\Visual Studio 2008\Projects\TMWatermark\Release\TMW64.pdb

Imports

kernel32

TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
VirtualQuery
GetSystemTimeAsFileTime
GetCommandLineA
GetStartupInfoA
ExitProcess
SetConsoleCtrlHandler
RaiseException
RtlPcToFileHeader
RtlUnwindEx
HeapReAlloc
ExitThread
HeapSize
HeapQueryInformation
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
HeapSetInformation
HeapCreate
SetHandleCount
GetStdHandle
GetFileType
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
GetLocaleInfoW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
FlushFileBuffers
SetFilePointer
GetOEMCP
GetCPInfo
LocalReAlloc
GlobalHandle
GlobalReAlloc
LocalAlloc
GetModuleHandleW
GlobalFlags
GetModuleFileNameW
SetErrorMode
lstrcmpA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetVersionExA
SuspendThread
ResumeThread
SetThreadPriority
GlobalFree
GlobalAlloc
FormatMessageA
LocalFree
GlobalLock
GlobalUnlock
SetLastError
SetUnhandledExceptionFilter
RtlCaptureContext
Process32Next
Process32First
CreateToolhelp32Snapshot
GetTempFileNameA
ReleaseSemaphore
GetCurrentThreadId
TlsSetValue
TlsGetValue
CreateSemaphoreA
CreateDirectoryA
GetTempPathA
GetLocaleInfoA
TlsFree
TlsAlloc
GetSystemInfo
WaitForMultipleObjects
GetCurrentProcessId
GetPrivateProfileStringA
GetPrivateProfileStringW
FindClose
FindNextFileA
FindFirstFileA
GetExitCodeThread
CreateProcessA
DeleteFileA
lstrlenA
WritePrivateProfileStringW
WriteFile
GetCurrentProcess
ReadFile
GetFileSize
GetLocalTime
GetTickCount
OpenProcess
lstrlenW
GetModuleHandleA
FreeLibrary
GetProcAddress
LoadLibraryA
CreateMutexA
OpenEventA
ProcessIdToSessionId
Sleep
WaitForSingleObject
SetEvent
GetPrivateProfileIntA
LeaveCriticalSection
EnterCriticalSection
GetLastError
ResetEvent
DeleteCriticalSection
CreateEventA
InitializeCriticalSection
CloseHandle
CreateFileA
FindResourceA
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetModuleFileNameA
TerminateThread
CreateThread
WideCharToMultiByte
GetACP

user32

RemovePropA
GetFocus
GetWindowTextA
GetForegroundWindow
GetDlgItem
GetTopWindow
SetWindowLongPtrA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetDlgCtrlID
PtInRect
CallWindowProcA
GetMenu
SystemParametersInfoA
GetWindowPlacement
SetWindowsHookExA
CallNextHookEx
GetActiveWindow
GetKeyState
GetCursorPos
ValidateRect
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetParent
GetLastActivePopup
IsWindowEnabled
MessageBoxA
GetSysColor
GetPropA
ClientToScreen
IsZoomed
MoveWindow
SetRect
SendMessageA
ReleaseDC
GetDC
EnableWindow
GetLayeredWindowAttributes
EqualRect
GetWindowLongPtrA
GetWindow
GetWindowRect
IsRectEmpty
CopyRect
InflateRect
SendMessageTimeoutA
EnumChildWindows
GetAncestor
IsWindowVisible
IsIconic
GetClassNameA
GetWindowLongA
EnumWindows
InvalidateRect
PeekMessageA
MsgWaitForMultipleObjects
KillTimer
GetClientRect
SetPropA
GetClassLongPtrA
IsWindow
GetMonitorInfoA
GetWindowThreadProcessId
FindWindowA
GetSystemMetrics
EnumDisplayMonitors
SetLayeredWindowAttributes
DestroyWindow
PostMessageA
DefWindowProcA
PostQuitMessage
EndPaint
BeginPaint
SetWindowPos
RegisterWindowMessageA
SetTimer
DispatchMessageA
TranslateMessage
GetMessageA
UpdateWindow
ShowWindow
CreateWindowExA
RegisterClassExA
LoadCursorA
wsprintfA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetClassLongA
DestroyMenu
GetSysColorBrush
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
SetWindowTextA
LoadIconA
WinHelpA
GetCapture

gdi32

SetMapMode
GetClipBox
LineTo
MoveToEx
SetTextAlign
SelectClipRgn
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
CreateBitmap
GetStockObject
GetDeviceCaps
CreatePen
SetTextColor
SetBkMode
SetBkColor
RestoreDC
SaveDC
SetPixel
SetDIBColorTable
GetPixel
CreateDIBSection
DeleteDC
GetObjectA
CreateFontA
StretchBlt
PlgBlt
CreateRectRgnIndirect
SelectObject
DeleteObject
Escape
TextOutA
RectVisible
PtVisible
ExtTextOutW
ExtTextOutA
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

CloseServiceHandle
StartServiceA
RegQueryValueExW
GetUserNameW
LookupAccountSidW
RegCreateKeyExA
RegCloseKey
GetUserNameA
LookupAccountSidA
GetTokenInformation
OpenProcessToken
ControlService
QueryServiceStatus
OpenServiceA
OpenSCManagerA

shell32

SHGetSpecialFolderPathA

shlwapi

PathAddBackslashA
PathFindFileNameA
PathFindExtensionA

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString

psapi

GetModuleBaseNameA

wininet

HttpQueryInfoA
InternetReadFile
HttpSendRequestA
InternetQueryOptionA
HttpOpenRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetSetOptionA
InternetCloseHandle

wtsapi32

WTSQueryUserToken

gdiplus

GdiplusStartup
GdiplusShutdown
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipBitmapUnlockBits
GdipFree
GdipAlloc
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipDrawImageI
GdipCloneImage
GdipDeleteGraphics

ws2_32

WSACleanup
inet_ntoa
gethostbyname
gethostname
WSAStartup
inet_addr

iphlpapi

SendARP

Sections

.text
Size: 431KB - Virtual size: 430KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 127KB - Virtual size: 127KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TMWatermark.dll
.dll windows:5 windows x86 arch:x86

cf24e842f4082944ab2231de50082993

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/11/2020, 00:00

Not After

26/02/2024, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:bf:9b:99:d4:69:bc:27:f6:78:e4:eb:4a:5f:8c:22:ef:07:bd:87:22:3e:80:37:16:84:7f:a1:6a:7f:65:00
Signer

Actual PE Digest

c2:bf:9b:99:d4:69:bc:27:f6:78:e4:eb:4a:5f:8c:22:ef:07:bd:87:22:3e:80:37:16:84:7f:a1:6a:7f:65:00

Digest Algorithm

sha256

PE Digest Matches

true

6f:2b:79:2d:bb:5d:64:d8:e6:5b:4c:4e:6a:7c:d5:49:89:55:e4:7d
Signer

Actual PE Digest

6f:2b:79:2d:bb:5d:64:d8:e6:5b:4c:4e:6a:7c:d5:49:89:55:e4:7d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\his\Documents\Visual Studio 2008\Projects\TMWatermark\Release\TMWatermark.pdb

Imports

kernel32

SetConsoleCtrlHandler
HeapReAlloc
RtlUnwind
RaiseException
VirtualAlloc
HeapSize
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
ExitProcess
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCommandLineA
IsDebuggerPresent
UnhandledExceptionFilter
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
GlobalFlags
WritePrivateProfileStringA
InterlockedIncrement
GetModuleHandleW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedDecrement
GetModuleFileNameW
FreeResource
GlobalAddAtomA
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
lstrcmpA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
MulDiv
lstrlenA
GetTempFileNameA
SetUnhandledExceptionFilter
FreeLibrary
LoadLibraryA
GetCurrentThreadId
CreateDirectoryA
GetTempPathA
RtlCaptureContext
GetFileAttributesA
GetSystemInfo
CallNamedPipeA
WriteFile
LeaveCriticalSection
GetPrivateProfileStringA
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
ReadFile
GetFileSize
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetCurrentProcess
DeleteFileA
CopyFileA
WaitForMultipleObjects
GetCurrentProcessId
CreateEventA
WaitForSingleObject
SetEvent
CreateThread
GetSystemDirectoryA
CreateFileA
FindResourceA
LoadResource
LockResource
SizeofResource
GetUserDefaultLangID
GetCurrentThread
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
Sleep
GetModuleHandleA
GetProcAddress
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
HeapFree
LocalFree
GetProcessHeap
HeapAlloc
GetLastError
CloseHandle
GetEnvironmentStrings

user32

SendDlgItemMessageA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowTextLengthA
GetWindowTextA
LoadIconA
SetFocus
UnhookWindowsHookEx
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowThreadProcessId
GetWindowLongA
wsprintfA
RegisterWindowMessageA
TabbedTextOutA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSystemMetrics
GetWindowRect
EnableWindow
WaitForInputIdle
FindWindowA
IsWindow
SendMessageA
IsDialogMessageA
SetWindowTextA
ShowWindow
UnregisterClassA
GetSysColorBrush
ReleaseDC
GetDC
LoadCursorA
GetWindow
DrawTextA
DrawTextExA
GrayStringA
DestroyMenu
EndPaint
BeginPaint
ClientToScreen

gdi32

Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
ExtTextOutA
RectVisible
TextOutA
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetSidSubAuthority
GetTokenInformation
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
OpenProcessToken
DeleteService
SetNamedSecurityInfoA
SetServiceObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetSecurityDescriptorDacl
QueryServiceObjectSecurity
CloseServiceHandle
OpenServiceA
OpenSCManagerA

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

shlwapi

PathRemoveFileSpecA
PathAddBackslashA
PathFindExtensionA
PathFindFileNameA

oleaut32

VariantInit
VariantChangeType
VariantClear

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wtsapi32

WTSEnumerateSessionsA
WTSFreeMemory

psapi

GetModuleBaseNameA

wininet

InternetOpenA
InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
HttpSendRequestA
InternetSetOptionA
InternetQueryOptionA

Exports

Exports

InitInstall
TMW_EndWatermarkByHWnd
TMW_EndWatermarkByPid
TMW_EndWatermarkByURL
TMW_Final
TMW_Init
TMW_SetConfigByHWnd
TMW_SetConfigByPid
TMW_SetConfigByURL
TMW_SetCopyrightByHWnd
TMW_SetCopyrightByPid
TMW_SetCopyrightByURL
TMW_SetLongValueByHWnd
TMW_SetLongValueByPid
TMW_SetLongValueByURL
TMW_SetTransparentByHWnd
TMW_SetTransparentByPid
TMW_SetTransparentByURL
TMW_SetUsernameByHWnd
TMW_SetUsernameByPid
TMW_SetUsernameByURL
TMW_SetWatermarkImageByHWnd
TMW_SetWatermarkImageByPid
TMW_SetWatermarkImageByURL
TMW_StartWatermarkByHWnd
TMW_StartWatermarkByPid
TMW_StartWatermarkByURL
UninstallCheck

Sections

.text
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TMWatermark64.dll
.dll windows:5 windows x64 arch:x64

38d133712b4288e89dcb656394e36af7

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/11/2020, 00:00

Not After

26/02/2024, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:42:94:06:c2:9c:2a:97:72:4b:bd:17:0f:b4:db:a5:53:67:df:7c:70:b9:1b:ae:c6:d6:41:56:47:ee:8f:c8
Signer

Actual PE Digest

90:42:94:06:c2:9c:2a:97:72:4b:bd:17:0f:b4:db:a5:53:67:df:7c:70:b9:1b:ae:c6:d6:41:56:47:ee:8f:c8

Digest Algorithm

sha256

PE Digest Matches

true

0f:62:63:c6:95:c3:2e:19:2b:11:c7:22:b4:43:ac:22:90:00:e0:78
Signer

Actual PE Digest

0f:62:63:c6:95:c3:2e:19:2b:11:c7:22:b4:43:ac:22:90:00:e0:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\his\Documents\Visual Studio 2008\Projects\TMWatermark\Release\TMWatermark64.pdb

Imports

kernel32

SetConsoleCtrlHandler
HeapReAlloc
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapSize
HeapQueryInformation
GetACP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
LCMapStringA
LCMapStringW
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
ExitProcess
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCommandLineA
FlsSetValue
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
GetOEMCP
GetCPInfo
FlushFileBuffers
SetFilePointer
GlobalFlags
WritePrivateProfileStringA
GetModuleHandleW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
LocalAlloc
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
GetModuleFileNameW
GlobalAddAtomA
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
lstrcmpA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrlenA
GetTempFileNameA
SetUnhandledExceptionFilter
FreeLibrary
LoadLibraryA
GetCurrentThreadId
CreateDirectoryA
GetTempPathA
RtlCaptureContext
GetFileAttributesA
GetSystemInfo
CallNamedPipeA
ReadFile
GetFileSize
WriteFile
LeaveCriticalSection
GetPrivateProfileStringA
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WTSGetActiveConsoleSessionId
ProcessIdToSessionId
GetCurrentProcess
DeleteFileA
CopyFileA
WaitForMultipleObjects
GetCurrentProcessId
CreateEventA
WaitForSingleObject
SetEvent
CreateThread
GetSystemDirectoryA
CreateFileA
FindResourceA
LoadResource
LockResource
GetCurrentThread
SizeofResource
GetUserDefaultLangID
GetModuleFileNameA
WideCharToMultiByte
MultiByteToWideChar
Sleep
GetModuleHandleA
GetProcAddress
TerminateProcess
OpenProcess
HeapFree
LocalFree
HeapAlloc
GetLastError
CloseHandle
GetStartupInfoA

user32

WinHelpA
GetCapture
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
PtInRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowTextA
LoadIconA
GetWindow
DestroyWindow
GetDlgItem
UnhookWindowsHookEx
GetWindowThreadProcessId
GetWindowLongA
wsprintfA
TabbedTextOutA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetSystemMetrics
GetWindowRect
EnableWindow
WaitForInputIdle
FindWindowA
IsWindow
SendMessageA
SetWindowTextA
ShowWindow
UnregisterClassA
GetSysColorBrush
ReleaseDC
GetDC
LoadCursorA
DestroyMenu
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
RegisterWindowMessageA

gdi32

Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
ExtTextOutA
RectVisible
TextOutA
PtVisible
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
GetDeviceCaps

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
GetSidSubAuthority
GetTokenInformation
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
OpenProcessToken

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

shlwapi

PathRemoveFileSpecA
PathAddBackslashA
PathFindExtensionA
PathFindFileNameA

oleaut32

VariantInit
VariantChangeType
VariantClear

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wtsapi32

WTSEnumerateSessionsA
WTSFreeMemory

psapi

GetModuleBaseNameA

wininet

InternetOpenA
InternetCrackUrlA
InternetConnectA
HttpOpenRequestA
InternetReadFile
HttpQueryInfoA
InternetCloseHandle
HttpSendRequestA
InternetSetOptionA
InternetQueryOptionA

Exports

Exports

TMW_EndWatermarkByHWnd
TMW_EndWatermarkByPid
TMW_EndWatermarkByURL
TMW_Final
TMW_Init
TMW_SetConfigByHWnd
TMW_SetConfigByPid
TMW_SetConfigByURL
TMW_SetCopyrightByHWnd
TMW_SetCopyrightByPid
TMW_SetCopyrightByURL
TMW_SetLongValueByHWnd
TMW_SetLongValueByPid
TMW_SetLongValueByURL
TMW_SetTransparentByHWnd
TMW_SetTransparentByPid
TMW_SetTransparentByURL
TMW_SetUsernameByHWnd
TMW_SetUsernameByPid
TMW_SetUsernameByURL
TMW_SetWatermarkImageByHWnd
TMW_SetWatermarkImageByPid
TMW_SetWatermarkImageByURL
TMW_StartWatermarkByHWnd
TMW_StartWatermarkByPid
TMW_StartWatermarkByURL

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TPWatermark64up.dll
.dll windows:5 windows x64 arch:x64

e4c0f4e29f798881ca06ba4338d22eb6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\1_Teruten\1_Windows\01_CaptureWall\BIN\TPWatermark64up.pdb

Imports

ws2_32

inet_ntoa
WSAStartup
gethostbyname
WSACleanup
gethostname

kernel32

GetStdHandle
GetACP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
HeapDestroy
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
HeapCreate
HeapSetInformation
HeapQueryInformation
HeapSize
ExitProcess
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlPcToFileHeader
RaiseException
HeapReAlloc
RtlLookupFunctionEntry
RtlUnwindEx
FlsSetValue
GetOEMCP
GetCPInfo
SetEndOfFile
FlushFileBuffers
SetFilePointer
ReadFile
WritePrivateProfileStringA
GlobalFlags
GlobalFindAtomA
lstrcmpW
GlobalGetAtomNameA
GetModuleHandleW
SetErrorMode
DeleteCriticalSection
LocalReAlloc
GlobalHandle
GlobalReAlloc
InitializeCriticalSection
LocalAlloc
GetModuleFileNameW
GlobalAddAtomA
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesA
LoadLibraryExA
CompareStringA
lstrcmpA
GlobalFree
FormatMessageA
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
SetThreadContext
GetCurrentProcess
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualQuery
SuspendThread
LoadLibraryA
SetLastError
FreeLibrary
RtlCaptureContext
GetThreadContext
LocalFree
GetPrivateProfileStringA
GetLastError
lstrlenW
GetPrivateProfileIntA
GetCommandLineA
lstrlenA
WriteProcessMemory
GetExitCodeThread
VirtualAllocEx
CreateProcessA
VirtualFreeEx
OpenProcess
CreateRemoteThread
GetCurrentThread
CreateProcessW
TlsFree
GetTempPathA
TlsAlloc
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
TlsSetValue
WaitForSingleObject
GetLocaleInfoA
TlsGetValue
GetFileSize
GetModuleFileNameA
LockResource
GetSystemDirectoryA
SizeofResource
WideCharToMultiByte
GetUserDefaultLangID
LoadResource
FindResourceA
GetVersionExA
GetModuleHandleA
GetSystemInfo
GetProcAddress
CreateThread
ResumeThread
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
ProcessIdToSessionId
GetLocalTime
EnterCriticalSection
CreateDirectoryA
SetThreadPriority
LeaveCriticalSection
Sleep
WriteFile
GetProcessHeap
GetTickCount
HeapFree
HeapAlloc
CallNamedPipeA
CreateFileA
GetStringTypeW

user32

DestroyMenu
GrayStringA
TabbedTextOutA
ClientToScreen
ShowWindow
SetWindowTextA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetSysColor
GetSysColorBrush
UnregisterClassA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
GetMessagePos
SetCursor
PostMessageA
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
FillRect
DrawTextW
DrawTextA
DrawTextExW
DrawTextExA
GetDC
ReleaseDC
MapWindowPoints

gdi32

CreateCompatibleDC
PolyDraw
FlattenPath
SelectClipRgn
SelectObject
SetBkMode
CreateDCW
SetPixel
CreateDCA
PolyTextOutW
PolyTextOutA
ExcludeClipRect
SetMiterLimit
SetArcDirection
AngleArc
SetDIBColorTable
SetBkColor
SetBrushOrgEx
StretchBlt
GetDeviceCaps
CreateFontA
InvertRgn
Polygon
DeleteDC
MaskBlt
DrawEscape
SetTextColor
StretchDIBits
StartPage
WidenPath
FloodFill
SetWindowExtEx
ExtFloodFill
DescribePixelFormat
ExtEscape
LineTo
SetViewportOrgEx
Pie
PatBlt
FrameRgn
SetGraphicsMode
GetViewportOrgEx
SelectClipPath
SetDIBitsToDevice
Arc
PolyPolyline
EndPage
CreateCompatibleBitmap
SetWindowOrgEx
MoveToEx
StrokePath
BeginPath
CloseFigure
ScaleViewportExtEx
CreateDIBPatternBrushPt
GetDIBits
GetClipBox
CreateBitmap
RectVisible
GetStockObject
PtVisible
SetColorAdjustment
SelectPalette
GetTextExtentExPointA
SetStretchBltMode
BitBlt
SetMapMode
SetTextCharacterExtra
SetBoundsRect
PolyBezierTo
StartDocW
Rectangle
GetMapMode
ExtTextOutW
Ellipse
FillRgn
OffsetClipRgn
SaveDC
EndPath
SetMapperFlags
PolylineTo
RealizePalette
SetPolyFillMode
Escape
FillPath
Polyline
SetTextJustification
PlgBlt
PolyPolygon
SetWorldTransform
SetPixelV
GetObjectA
DeleteObject
TextOutA
StrokeAndFillPath
CreateSolidBrush
AbortDoc
UpdateColors
RestoreDC
ModifyWorldTransform
SetSystemPaletteUse
ScaleWindowExtEx
ExtTextOutA
PaintRgn
OffsetViewportOrgEx
EndDoc
TextOutW
IntersectClipRect
ExtSelectClipRgn
SetTextAlign
RoundRect
SetPixelFormat
GetViewportExtEx
SetROP2
ArcTo
ChoosePixelFormat
PolyBezier
SetViewportExtEx
Chord
OffsetWindowOrgEx

msimg32

TransparentBlt
AlphaBlend
GradientFill

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantChangeType
VariantClear
VariantInit

gdiplus

GdiplusShutdown

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

??0CxFile@@QEAA@AEBV0@@Z
??0CxFile@@QEAA@XZ
??0CxIOFile@@QEAA@AEBV0@@Z
??0CxIOFile@@QEAA@PEAU_iobuf@@@Z
??0CxMemFile@@QEAA@AEBV0@@Z
??1CxFile@@UEAA@XZ
??1CxIOFile@@UEAA@XZ
??1CxImage@@UEAA@XZ
??4CxFile@@QEAAAEAV0@AEBV0@@Z
??4CxIOFile@@QEAAAEAV0@AEBV0@@Z
??4CxMemFile@@QEAAAEAV0@AEBV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QEAAXXZ
??_FCxImage@@QEAAXXZ
??_FCxMemFile@@QEAAXXZ
??_OCxImage@@QEAAXAEAV0@@Z
?Close@CxIOFile@@UEAA_NXZ
?Eof@CxIOFile@@UEAA_NXZ
?Error@CxIOFile@@UEAAJXZ
?Flush@CxIOFile@@UEAA_NXZ
?GetC@CxIOFile@@UEAAJXZ
?GetS@CxIOFile@@UEAAPEADPEADH@Z
?Open@CxIOFile@@QEAA_NPEBD0@Z
?PutC@CxFile@@UEAA_NE@Z
?PutC@CxIOFile@@UEAA_NE@Z
?Read@CxIOFile@@UEAA_KPEAX_K1@Z
?Scanf@CxIOFile@@UEAAJPEBDPEAX@Z
?Seek@CxIOFile@@UEAA_NJH@Z
?Size@CxIOFile@@UEAAJXZ
?Tell@CxIOFile@@UEAAJXZ
?Write@CxIOFile@@UEAA_KPEBX_K1@Z

Sections

.text
Size: 253KB - Virtual size: 252KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TPWatermarkUp.dll
.dll windows:5 windows x86 arch:x86

be2256519fb77dd97c139cc7e239e982

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\1_Teruten\1_Windows\01_CaptureWall\BIN\TPWatermarkup.pdb

Imports

ws2_32

inet_ntoa
WSAStartup
gethostbyname
WSACleanup
gethostname

kernel32

GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetLocaleInfoW
CreateFileA
GetStdHandle
CallNamedPipeA
HeapAlloc
HeapFree
GetTickCount
GetProcessHeap
WriteFile
Sleep
LeaveCriticalSection
SetThreadPriority
CreateDirectoryA
EnterCriticalSection
GetLocalTime
ProcessIdToSessionId
GetCurrentThreadId
CloseHandle
GetCurrentProcessId
ResumeThread
CreateThread
GetProcAddress
GetSystemInfo
GetModuleHandleA
GetVersionExA
FindResourceA
LoadResource
GetUserDefaultLangID
WideCharToMultiByte
VirtualFree
HeapDestroy
HeapCreate
HeapSize
ExitProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
HeapReAlloc
RtlUnwind
SizeofResource
GetSystemDirectoryA
LockResource
GetModuleFileNameA
GetFileSize
GetOEMCP
GetCPInfo
SetEndOfFile
FlushFileBuffers
SetFilePointer
ReadFile
WritePrivateProfileStringA
GlobalFlags
GlobalFindAtomA
lstrcmpW
GlobalGetAtomNameA
InterlockedIncrement
GetModuleHandleW
SetErrorMode
DeleteCriticalSection
LocalReAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
TlsGetValue
GlobalAddAtomA
GlobalDeleteAtom
ConvertDefaultLocale
EnumResourceLanguagesA
LoadLibraryExA
CompareStringA
InterlockedExchange
lstrcmpA
GlobalFree
FormatMessageA
MultiByteToWideChar
GlobalAlloc
GlobalLock
GlobalUnlock
VirtualAlloc
SetThreadContext
GetCurrentProcess
FlushInstructionCache
GetLocaleInfoA
VirtualProtect
InterlockedCompareExchange
VirtualQuery
SuspendThread
LoadLibraryA
SetLastError
FreeLibrary
GetThreadContext
LocalFree
GetPrivateProfileStringA
GetLastError
lstrlenW
GetPrivateProfileIntA
GetCommandLineA
lstrlenA
WriteProcessMemory
GetExitCodeThread
VirtualAllocEx
CreateProcessA
VirtualFreeEx
OpenProcess
CreateRemoteThread
GetCurrentThread
CreateProcessW
TlsFree
GetTempPathA
TlsAlloc
ReleaseSemaphore
CreateSemaphoreA
CreateEventA
TlsSetValue
WaitForSingleObject

user32

DestroyMenu
GrayStringA
TabbedTextOutA
ClientToScreen
ShowWindow
SetWindowTextA
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
GetWindow
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetSysColor
GetSysColorBrush
UnregisterClassA
UnhookWindowsHookEx
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
PostMessageA
PostQuitMessage
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
FillRect
DrawTextW
DrawTextA
DrawTextExW
DrawTextExA
GetDC
ReleaseDC
GetMessageTime

gdi32

EndDoc
OffsetViewportOrgEx
PaintRgn
ExtTextOutA
ScaleWindowExtEx
SetSystemPaletteUse
ModifyWorldTransform
RestoreDC
UpdateColors
AbortDoc
CreateSolidBrush
StrokeAndFillPath
TextOutA
DeleteObject
GetObjectA
SetBoundsRect
SetTextCharacterExtra
SetStretchBltMode
GetTextExtentExPointA
SelectPalette
SetColorAdjustment
ScaleViewportExtEx
StretchDIBits
OffsetWindowOrgEx
SetPolyFillMode
RealizePalette
PolylineTo
SetMapperFlags
EndPath
SaveDC
OffsetClipRgn
FillRgn
Ellipse
ExtTextOutW
GetMapMode
Rectangle
CreateCompatibleBitmap
SetMapMode
PolyPolyline
CreateCompatibleDC
PolyDraw
FlattenPath
SelectClipRgn
SelectObject
SetBkMode
CreateDCW
SetPixel
CreateDCA
PolyTextOutW
PolyTextOutA
ExcludeClipRect
SetMiterLimit
SetArcDirection
AngleArc
SetDIBColorTable
SetBkColor
SetBrushOrgEx
StretchBlt
GetDeviceCaps
CreateFontA
InvertRgn
Polygon
TextOutW
MaskBlt
DrawEscape
SetTextColor
StartPage
WidenPath
FloodFill
SetWindowExtEx
ExtFloodFill
DescribePixelFormat
ExtEscape
LineTo
SetViewportOrgEx
Pie
PatBlt
FrameRgn
SetGraphicsMode
GetViewportOrgEx
SelectClipPath
SetDIBitsToDevice
Arc
BitBlt
EndPage
PolyPolygon
SetWindowOrgEx
MoveToEx
StrokePath
BeginPath
CloseFigure
CreateDIBPatternBrushPt
GetDIBits
GetClipBox
CreateBitmap
RectVisible
GetStockObject
PtVisible
ExtSelectClipRgn
IntersectClipRect
SetTextAlign
RoundRect
SetPixelFormat
GetViewportExtEx
SetROP2
ArcTo
ChoosePixelFormat
PolyBezier
SetViewportExtEx
Chord
Escape
FillPath
Polyline
SetTextJustification
PlgBlt
SetWorldTransform
SetPixelV
DeleteDC
PolyBezierTo
StartDocW

msimg32

TransparentBlt
AlphaBlend
GradientFill

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantChangeType
VariantClear
VariantInit

gdiplus

GdiplusShutdown

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Exports

Exports

??0CxFile@@QAE@ABV0@@Z
??0CxFile@@QAE@XZ
??0CxIOFile@@QAE@ABV0@@Z
??0CxIOFile@@QAE@PAU_iobuf@@@Z
??0CxMemFile@@QAE@ABV0@@Z
??1CxFile@@UAE@XZ
??1CxIOFile@@UAE@XZ
??1CxImage@@UAE@XZ
??4CxFile@@QAEAAV0@ABV0@@Z
??4CxIOFile@@QAEAAV0@ABV0@@Z
??4CxMemFile@@QAEAAV0@ABV0@@Z
??_7CxFile@@6B@
??_7CxIOFile@@6B@
??_7CxImage@@6B@
??_7CxMemFile@@6B@
??_FCxIOFile@@QAEXXZ
??_FCxImage@@QAEXXZ
??_FCxMemFile@@QAEXXZ
??_OCxImage@@QAEXAAV0@@Z
?Close@CxIOFile@@UAE_NXZ
?Eof@CxIOFile@@UAE_NXZ
?Error@CxIOFile@@UAEJXZ
?Flush@CxIOFile@@UAE_NXZ
?GetC@CxIOFile@@UAEJXZ
?GetS@CxIOFile@@UAEPADPADH@Z
?Open@CxIOFile@@QAE_NPBD0@Z
?PutC@CxFile@@UAE_NE@Z
?PutC@CxIOFile@@UAE_NE@Z
?Read@CxIOFile@@UAEIPAXII@Z
?Scanf@CxIOFile@@UAEJPBDPAX@Z
?Seek@CxIOFile@@UAE_NJH@Z
?Size@CxIOFile@@UAEJXZ
?Tell@CxIOFile@@UAEJXZ
?Write@CxIOFile@@UAEIPBXII@Z

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TRCLib.dll
.dll windows:4 windows x86 arch:x86

feaeab8c6f138ab1d3ebe14ddf5e39c4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
ExitProcess
GetProcAddress
GetModuleHandleA
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
WriteFile
LeaveCriticalSection
EnterCriticalSection
GetACP
GetOEMCP
GetCPInfo
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
LoadLibraryA
RtlUnwind
InterlockedExchange
VirtualQuery
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo

Exports

Exports

TRCLIB_Svr_GetUseCount
TRCLIB_Svr_Release
TRCLib_GetOnRemoteconnection
TRCLib_GetPValue
TRCLib_SetOnRemoteConnection
TRCLib_SetPValue
TRCLib_Svr_AddRef

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TRC_Shar
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TRemote_Server.exe
.exe windows:5 windows x86 arch:x86

66e6fba3d22acc6039a945fbdd62318c

Code Sign

0c:b5:b6:d3:3c:a3:6d:70:bc:2d:f4:00:3d:43:ac:e6
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

05/12/2015, 00:00

Not After

02/02/2018, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

44:09:d6:6d:a3:20:b3:9b:cd:93:8d:2b:81:f0:87:c3:2f:3c:34:8f:38:d3:e4:f2:af:ef:f5:fb:ae:69:b8:70
Signer

Actual PE Digest

44:09:d6:6d:a3:20:b3:9b:cd:93:8d:2b:81:f0:87:c3:2f:3c:34:8f:38:d3:e4:f2:af:ef:f5:fb:ae:69:b8:70

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

shlwapi

PathFindFileNameA
PathRemoveFileSpecA
PathFindExtensionA
PathStripToRootA
PathIsUNCA

kernel32

SetEndOfFile
GetFileSize
DuplicateHandle
GetCurrentProcess
FindClose
FindFirstFileA
GetVolumeInformationA
GetFullPathNameA
GetFileSizeEx
SetErrorMode
RtlUnwind
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
HeapAlloc
HeapFree
RaiseException
GetCommandLineA
GetStartupInfoA
VirtualProtect
VirtualAlloc
VirtualQuery
HeapReAlloc
Sleep
ExitProcess
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
GetTimeZoneInformation
VirtualFree
HeapCreate
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
UnlockFile
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
SizeofResource
LockResource
LoadResource
FindResourceA
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CloseHandle
WideCharToMultiByte
CreateFileA
GetFileAttributesA
GetModuleFileNameA
WriteFile
SetFilePointer
GetProcAddress
LoadLibraryA
FreeLibrary
GetTickCount
ReleaseMutex
GetLastError
CreateMutexA
lstrcpynA
GetCurrentProcessId
GetSystemDirectoryA
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileTime
GetVersionExA
GetSystemInfo
GetModuleHandleA
FreeResource
GlobalFree
GlobalUnlock
GlobalLock
LockFile
FlushFileBuffers
lstrcmpW
MultiByteToWideChar
SetLastError
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
ReadFile
WritePrivateProfileStringA
GetThreadLocale
GetModuleHandleW
GetOEMCP
GetCPInfo
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GlobalFlags
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
InterlockedExchange
lstrcmpA
WaitForSingleObject
InterlockedDecrement
GetModuleFileNameW
GlobalAlloc
FormatMessageA
LocalFree
MulDiv
lstrlenA
GetCurrentThreadId

user32

GetNextDlgGroupItem
MessageBeep
RegisterClipboardFormatA
PostThreadMessageA
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
CharUpperA
ReleaseCapture
SetCapture
UnregisterClassA
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
SetWindowContextHelpId
MapDialogRect
ShowOwnedPopups
SetCursor
GetMessageA
TranslateMessage
ValidateRect
GetWindowThreadProcessId
ShowWindow
MoveWindow
SetWindowTextA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
SetFocus
GetWindowTextLengthA
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
DispatchMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
EnableWindow
SetTimer
GetWindowRect
KillTimer
IsWindowVisible
UpdateWindow
PostMessageA
GetMenuItemID
GetMenuItemCount
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
GetMonitorInfoA
MonitorFromWindow
DrawIcon
AppendMenuA
SendMessageA
GetSystemMenu
IsIconic
GetClientRect
LoadIconA
GetSystemMetrics
DestroyMenu
TrackPopupMenu
SetForegroundWindow
GetCursorPos
SetMenuDefaultItem
GetSubMenu
LoadMenuA
PostQuitMessage
EndDialog
GetNextDlgTabItem
GetParent
IsWindowEnabled
GetDlgItem
GetWindowLongA
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
GetWindow
GetWindowPlacement
SystemParametersInfoA
IntersectRect
OffsetRect
SetWindowPos
SetWindowLongA
GetMenu
DefWindowProcA
CallWindowProcA
IsDialogMessageA

gdi32

SetMapMode
DeleteObject
GetViewportExtEx
GetWindowExtEx
PtVisible
RectVisible
TextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
RestoreDC
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
GetStockObject
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
SaveDC
ExtTextOutA
GetDeviceCaps
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
ScaleViewportExtEx

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shell32

SHGetSpecialFolderPathA
Shell_NotifyIconA

comctl32

ord17

oledlg

ord8

ole32

OleFlushClipboard
CoTaskMemAlloc
CLSIDFromProgID
CLSIDFromString
CoGetClassObject
StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
OleUninitialize
CoFreeUnusedLibraries
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
CoRegisterMessageFilter
CoTaskMemFree

oleaut32

SysAllocString
OleCreateFontIndirect
VariantClear
VariantChangeType
VariantInit
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocStringByteLen
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime

wsock32

select
gethostbyname
htonl
htons
ioctlsocket
bind
WSAGetLastError
WSASetLastError
socket
sendto
recvfrom
WSAAsyncSelect
send
recv
inet_addr
WSACleanup
WSAStartup
listen
accept
closesocket
connect

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TUCtlBSystem.exe
.exe windows:5 windows x86 arch:x86

5dc3bdaa7ec1fb21c30621977485178c

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/11/2020, 00:00

Not After

26/02/2024, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:24:cf:04:0e:a0:85:23:5d:15:15:6f:8f:20:fb:83:9b:57:3c:19:40:b9:ad:32:ee:a8:94:97:32:14:75:ee
Signer

Actual PE Digest

d2:24:cf:04:0e:a0:85:23:5d:15:15:6f:8f:20:fb:83:9b:57:3c:19:40:b9:ad:32:ee:a8:94:97:32:14:75:ee

Digest Algorithm

sha256

PE Digest Matches

true

bb:14:24:42:dc:35:8e:a7:7f:6a:9e:03:b9:7c:bf:33:a8:dc:7c:84
Signer

Actual PE Digest

bb:14:24:42:dc:35:8e:a7:7f:6a:9e:03:b9:7c:bf:33:a8:dc:7c:84

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\his\Documents\Visual Studio 2008\Projects\Windows_PSC\Bin\TUCtlBSystem.pdb

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

HeapReAlloc
RtlUnwind
RaiseException
VirtualProtect
VirtualAlloc
VirtualQuery
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
VirtualFree
HeapCreate
LCMapStringA
LCMapStringW
HeapFree
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetStartupInfoA
GetCommandLineA
GetFileType
SetStdHandle
HeapAlloc
ExitProcess
GetFileSizeEx
GetTickCount
SetErrorMode
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
MoveFileA
GetOEMCP
GetCPInfo
GlobalFlags
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
InterlockedIncrement
GetModuleHandleW
GetThreadLocale
InterlockedDecrement
GetModuleFileNameW
GetCurrentProcessId
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
lstrcmpA
FreeResource
GetCurrentThreadId
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
SetLastError
GlobalLock
GlobalUnlock
MulDiv
lstrlenA
MultiByteToWideChar
GetCurrentProcess
GetSystemInfo
FreeLibrary
GetFileTime
CreateFileA
FileTimeToLocalFileTime
FileTimeToSystemTime
GetUserDefaultLangID
GetStdHandle
AllocConsole
GlobalFree
GlobalAlloc
FormatMessageA
SetConsoleCtrlHandler
GetModuleFileNameA
GetVersionExA
WritePrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
GetSystemDirectoryA
GetPrivateProfileStringA
CreateThread
ProcessIdToSessionId
WTSGetActiveConsoleSessionId
DisconnectNamedPipe
WriteFile
ReadFile
WaitForMultipleObjects
GetLastError
ConnectNamedPipe
ResetEvent
CreateNamedPipeA
OutputDebugStringA
CreateEventA
SetEvent
GetProcAddress
LoadLibraryA
CopyFileA
DeleteFileA
GetFileAttributesA
Process32Next
Process32First
CreateToolhelp32Snapshot
CloseHandle
Sleep
TerminateProcess
GetExitCodeProcess
OpenProcess
LockResource
SizeofResource
WideCharToMultiByte
LoadResource
FindResourceA
LocalFree
LocalAlloc
SetHandleCount

user32

UnregisterClassA
CharUpperA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
GetDesktopWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
GetWindowThreadProcessId
SetCursor
GetMessageA
TranslateMessage
GetActiveWindow
GetCursorPos
ValidateRect
SetWindowContextHelpId
MapDialogRect
PostQuitMessage
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetFocus
IsWindow
SetFocus
GetWindowTextA
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
DispatchMessageA
GetDlgItem
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
UpdateWindow
PostMessageA
MessageBoxA
GetClassInfoExA
GetClassInfoA
GetSysColor
AdjustWindowRectEx
GetParent
EqualRect
RegisterClipboardFormatA
CopyRect
PostThreadMessageA
GetDlgCtrlID
CallWindowProcA
PtInRect
GetMenu
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
CreateWindowExA
RegisterClassA
DefWindowProcA
DestroyWindow
GetClientRect
GetSystemMetrics
IsIconic
SendMessageA
LoadIconA
EnableWindow
ModifyMenuA
EndDialog

gdi32

GetWindowExtEx
GetMapMode
GetViewportExtEx
GetRgnBox
CreateRectRgnIndirect
GetTextColor
GetBkColor
GetStockObject
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

CopySid
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegDeleteKeyA
DeregisterEventSource
ReportEventA
RegisterEventSourceA
SetServiceStatus
RegisterServiceCtrlHandlerA
StartServiceA
DeleteService
QueryServiceStatus
ControlService
OpenServiceA
CloseServiceHandle
CreateServiceA
OpenSCManagerA
RegCreateKeyA
StartServiceCtrlDispatcherA
RegCloseKey
GetLengthSid
IsValidSid
LookupAccountNameA
GetUserNameA
CreateProcessAsUserA
AdjustTokenPrivileges
SetTokenInformation
DuplicateTokenEx
LookupPrivilegeValueA
OpenProcessToken
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegDeleteValueA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

shell32

SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord8

ole32

OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoFreeUnusedLibraries
CoTaskMemAlloc
CoTaskMemFree
OleInitialize
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

VariantClear
SysAllocString
OleCreateFontIndirect
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
SysAllocStringLen
VariantInit
VariantChangeType
SysAllocStringByteLen
SysFreeString
SysStringLen

urlmon

URLDownloadToFileA

wtsapi32

WTSQueryUserToken
WTSFreeMemory
WTSEnumerateSessionsA

userenv

DestroyEnvironmentBlock
CreateEnvironmentBlock

Sections

.text
Size: 224KB - Virtual size: 223KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TUCtlMng.exe
.exe windows:5 windows x86 arch:x86

aecda29071bcccc8ecc5015cb018bc45

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:f9:4f:b3:4c:1b:b9:8b:6c:4a:ef:7e:3a:65:14:b8
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/01/2020, 00:00

Not After

25/01/2021, 12:00

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:98:1f:7a:9b:b6:8e:1e:ac:85:00:a0:cf:bb:ef:c4:3c:15:d9:64:e9:7b:3a:9c:3a:f3:94:05:d2:d4:78:eb
Signer

Actual PE Digest

80:98:1f:7a:9b:b6:8e:1e:ac:85:00:a0:cf:bb:ef:c4:3c:15:d9:64:e9:7b:3a:9c:3a:f3:94:05:d2:d4:78:eb

Digest Algorithm

sha256

PE Digest Matches

true

d5:26:27:3c:95:66:19:ee:53:73:28:06:2a:66:8f:a7:57:5a:94:21
Signer

Actual PE Digest

d5:26:27:3c:95:66:19:ee:53:73:28:06:2a:66:8f:a7:57:5a:94:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Users\his\Documents\Visual Studio 2008\Projects\Windows_PSC\BIN\TUCtlMng.pdb

Imports

version

GetFileVersionInfoSizeA
VerQueryValueA
GetFileVersionInfoA

kernel32

GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
LocalFree
GetLastError
HeapAlloc
GetProcessHeap
HeapFree
FindResourceA
LoadResource
FreeEnvironmentStringsW
WideCharToMultiByte
SizeofResource
LockResource
CreateMutexA
GetModuleFileNameA
GetSystemDirectoryA
GetProcAddress
GetModuleHandleA
DeleteFileA
CopyFileA
CallNamedPipeA
Sleep
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
lstrlenA
GetUserDefaultLangID
FileTimeToSystemTime
FileTimeToLocalFileTime
CreateFileA
GetFileTime
CloseHandle
GetVersionExA
LoadLibraryA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
GetStdHandle
HeapCreate
VirtualFree
IsValidCodePage
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
VirtualQuery
VirtualAlloc
VirtualProtect
RaiseException
RtlUnwind
HeapReAlloc
GetStartupInfoA
GetCommandLineA
ExitProcess
GetFileSizeEx
GetFileAttributesA
GetTickCount
SetErrorMode
GetOEMCP
GetCPInfo
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileA
GlobalFlags
InterlockedIncrement
FreeLibrary
GetSystemInfo
GetCurrentProcess
MultiByteToWideChar
GetModuleHandleW
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
SetLastError
LocalAlloc
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalAddAtomA
GetCurrentProcessId
InterlockedDecrement
GetModuleFileNameW
WritePrivateProfileStringA
FreeResource
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
CompareStringA
InterlockedExchange
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
MulDiv

user32

CharUpperA
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
GetPropA
RemovePropA
GetForegroundWindow
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowRect
GetWindowTextA
SetFocus
ShowWindow
MoveWindow
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetSysColor
SystemParametersInfoA
DestroyMenu
CopyRect
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
RegisterClipboardFormatA
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
PostThreadMessageA
CreateWindowExA
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
UnhookWindowsHookEx
GetWindow
SetWindowContextHelpId
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
PostMessageA
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
EnableWindow
GetClientRect
GetSystemMetrics
IsIconic
SendMessageA
LoadIconA

gdi32

ExtSelectClipRgn
DeleteDC
GetStockObject
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
GetDeviceCaps
CreateBitmap
GetObjectA
ExtTextOutA

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
OpenPrinterA
DocumentPropertiesA

advapi32

RegOpenKeyExA
RegQueryValueA
RegEnumKeyA
RegOpenKeyA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegCloseKey
RegDeleteKeyA
StartServiceA
DeleteService
ControlService
QueryServiceStatus
ChangeServiceConfigA
QueryServiceConfigA
CreateServiceA
SetServiceObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
QueryServiceObjectSecurity
CloseServiceHandle
OpenServiceA
OpenSCManagerA
SetEntriesInAclA
BuildExplicitAccessWithNameA

shell32

SHGetSpecialFolderPathA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleFlushClipboard
CoTaskMemAlloc
CoTaskMemFree
CoRevokeClassObject
CLSIDFromProgID
OleIsCurrentClipboard
CLSIDFromString
CoRegisterMessageFilter

oleaut32

SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
VariantInit
VariantChangeType
VariantClear
SysAllocStringLen
SysAllocStringByteLen
SysFreeString
OleCreateFontIndirect
SysAllocString

Sections

.text
Size: 217KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TURound64up.exe
.exe windows:5 windows x64 arch:x64

13379a57ecdfeeafaaeaac08889c8d04

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:f9:4f:b3:4c:1b:b9:8b:6c:4a:ef:7e:3a:65:14:b8
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/01/2020, 00:00

Not After

25/01/2021, 12:00

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:51:c5:82:2c:cb:36:bc:63:16:9c:24:7b:a4:9d:c6:e8:82:64:78:37:30:a2:5d:b9:ac:2a:4f:64:9e:a1:85
Signer

Actual PE Digest

90:51:c5:82:2c:cb:36:bc:63:16:9c:24:7b:a4:9d:c6:e8:82:64:78:37:30:a2:5d:b9:ac:2a:4f:64:9e:a1:85

Digest Algorithm

sha256

PE Digest Matches

true

eb:04:9c:78:b7:d7:86:aa:53:0e:91:17:f3:6f:fe:78:96:ee:7e:cf
Signer

Actual PE Digest

eb:04:9c:78:b7:d7:86:aa:53:0e:91:17:f3:6f:fe:78:96:ee:7e:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\01.src\WebCubeSub\TURound\Bin\TURound64up.pdb

Imports

kernel32

FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
HeapFree
HeapAlloc
ExitThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
GetCommandLineA
GetStartupInfoA
HeapReAlloc
RtlUnwindEx
RaiseException
RtlPcToFileHeader
VirtualProtect
VirtualAlloc
VirtualQuery
ExitProcess
HeapQueryInformation
HeapSize
HeapSetInformation
HeapCreate
SetErrorMode
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
LocalAlloc
GetModuleHandleW
FileTimeToSystemTime
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalAddAtomA
WritePrivateProfileStringA
FreeResource
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
GetModuleFileNameW
lstrcmpA
SetLastError
GlobalFree
FormatMessageA
LocalFree
MulDiv
lstrlenA
lstrlenW
MultiByteToWideChar
TerminateProcess
GetExitCodeProcess
GetCurrentProcessId
GetTickCount
GetVersionExA
CreateThread
CreateMutexA
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
GetCurrentProcess
GetSystemInfo
GetModuleHandleA
GetProcAddress
OpenFileMappingA
MapViewOfFile
GetLastError
CreateFileMappingA
UnmapViewOfFile
WriteFile
SetFilePointer
CreateFileA
GetFileAttributesA
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
TerminateThread
SetEvent
ResumeThread
SetThreadPriority
CreateEventA
OutputDebugStringA
WaitForSingleObject
CloseHandle
OpenProcess
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GlobalAlloc
GlobalUnlock
GlobalSize
GetStdHandle
GlobalLock

user32

InvalidateRect
InvalidateRgn
GetNextDlgGroupItem
MessageBeep
CharUpperA
RegisterClipboardFormatA
PostThreadMessageA
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
DefWindowProcA
SetRect
OffsetRect
IntersectRect
GetWindowPlacement
SetFocus
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetSysColor
DestroyMenu
CopyRect
GetLastActivePopup
MessageBoxA
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
OpenClipboard
GetClipboardData
CloseClipboard
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SendMessageTimeoutA
RegisterWindowMessageA
SetForegroundWindow
CallNextHookEx
GetAsyncKeyState
MoveWindow
EqualRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
GetAncestor
InflateRect
ReleaseCapture
SetCapture
UnregisterClassA
LoadCursorA
GetSysColorBrush
EndPaint
GetMenu
BeginPaint
SetClipboardData
GetClipboardOwner
GetWindowThreadProcessId
EmptyClipboard
EnumClipboardFormats
GetCursorPos
GetForegroundWindow
GetWindowRect
PtInRect
WindowFromPoint
IsWindowVisible
IsWindow
GetClassNameA
PostMessageA
GetWindowTextA
EnumChildWindows
EnumWindows
LoadIconA
GetSystemMenu
AppendMenuA
SendMessageA
UpdateWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
FindWindowA
ReplyMessage
SetTimer
ShowWindow
GetKeyState
KillTimer
EnableWindow
GetWindowLongA
GetWindow
SetWindowsHookExA
UnhookWindowsHookEx
ClipCursor
GetDesktopWindow
SystemParametersInfoA
CallWindowProcA

gdi32

GetBkColor
GetTextColor
GetStockObject
GetRgnBox
GetMapMode
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
CreateRectRgnIndirect
GetDeviceCaps
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutA
GetObjectA
CreateBitmap
RectVisible

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecA
PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromString

oleaut32

SysFreeString
VariantInit
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

psapi

GetModuleFileNameExA

Sections

.text
Size: 296KB - Virtual size: 295KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TURoundup.exe
.exe windows:5 windows x86 arch:x86

f48ccde09a270abc4bec1a7aab0cf14a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:f9:4f:b3:4c:1b:b9:8b:6c:4a:ef:7e:3a:65:14:b8
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/01/2020, 00:00

Not After

25/01/2021, 12:00

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e1:53:98:14:7f:c7:f5:37:f2:40:02:3a:2c:fa:02:f4:ae:45:0c:68:77:89:a7:47:ab:09:7a:43:c2:7d:40:86
Signer

Actual PE Digest

e1:53:98:14:7f:c7:f5:37:f2:40:02:3a:2c:fa:02:f4:ae:45:0c:68:77:89:a7:47:ab:09:7a:43:c2:7d:40:86

Digest Algorithm

sha256

PE Digest Matches

true

4f:0c:d6:5e:62:66:06:7e:31:72:56:c3:84:3d:c7:c9:9e:c4:0b:f4
Signer

Actual PE Digest

4f:0c:d6:5e:62:66:06:7e:31:72:56:c3:84:3d:c7:c9:9e:c4:0b:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\01.src\WebCubeSub\TURound\Bin\TURoundup.pdb

Imports

kernel32

GetCPInfo
GetOEMCP
SetErrorMode
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
HeapFree
HeapAlloc
ExitThread
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
GetTimeFormatA
GetDateFormatA
GetCommandLineA
GetStartupInfoA
HeapReAlloc
RtlUnwind
RaiseException
VirtualProtect
VirtualAlloc
VirtualQuery
ExitProcess
HeapSize
HeapCreate
VirtualFree
GetStdHandle
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
ReadFile
GlobalFlags
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
InterlockedIncrement
GetModuleHandleW
FileTimeToSystemTime
GetThreadLocale
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GlobalAddAtomA
WritePrivateProfileStringA
FreeResource
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
InterlockedExchange
InterlockedDecrement
GetModuleFileNameW
lstrcmpA
SetLastError
GlobalFree
FormatMessageA
LocalFree
MulDiv
lstrlenA
lstrlenW
MultiByteToWideChar
TerminateProcess
GetExitCodeProcess
GetCurrentProcessId
GetTickCount
GetVersionExA
CreateThread
CreateMutexA
GetSystemDirectoryA
FreeLibrary
LoadLibraryA
GetCurrentProcess
GetSystemInfo
GetModuleHandleA
GetProcAddress
OpenFileMappingA
MapViewOfFile
GetLastError
CreateFileMappingA
UnmapViewOfFile
WriteFile
SetFilePointer
CreateFileA
GetFileAttributesA
GetModuleFileNameA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
TerminateThread
SetEvent
ResumeThread
SetThreadPriority
CreateEventA
OutputDebugStringA
WaitForSingleObject
CloseHandle
OpenProcess
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
GlobalAlloc
GlobalUnlock
GlobalSize
GlobalLock

user32

MessageBeep
CharUpperA
RegisterClipboardFormatA
PostThreadMessageA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetTopWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
DefWindowProcA
CallWindowProcA
GetMenu
GetNextDlgGroupItem
IntersectRect
GetWindowPlacement
SetFocus
SetWindowLongA
GetDlgCtrlID
SetWindowTextA
IsDialogMessageA
SendDlgItemMessageA
GetSysColor
DestroyMenu
CopyRect
GetLastActivePopup
MessageBoxA
SetCursor
GetMessageA
TranslateMessage
DispatchMessageA
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
CheckMenuItem
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
SetWindowContextHelpId
OpenClipboard
GetClipboardData
CloseClipboard
GetParent
MapDialogRect
SetWindowPos
PostQuitMessage
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
SendMessageTimeoutA
RegisterWindowMessageA
SetForegroundWindow
CallNextHookEx
GetAsyncKeyState
MoveWindow
EqualRect
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
GetAncestor
InflateRect
CharNextA
ReleaseCapture
SetCapture
UnregisterClassA
OffsetRect
LoadCursorA
SetClipboardData
GetClipboardOwner
GetWindowThreadProcessId
EmptyClipboard
EnumClipboardFormats
GetCursorPos
GetForegroundWindow
GetWindowRect
PtInRect
WindowFromPoint
IsWindowVisible
IsWindow
GetClassNameA
PostMessageA
GetWindowTextA
EnumChildWindows
EnumWindows
LoadIconA
GetSystemMenu
AppendMenuA
SendMessageA
UpdateWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
FindWindowA
ReplyMessage
SetTimer
ShowWindow
GetKeyState
KillTimer
EnableWindow
GetWindowLongA
GetWindow
SetWindowsHookExA
UnhookWindowsHookEx
ClipCursor
GetDesktopWindow
SystemParametersInfoA

gdi32

GetBkColor
GetTextColor
GetStockObject
GetRgnBox
GetMapMode
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
CreateRectRgnIndirect
GetDeviceCaps
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutA
GetObjectA
CreateBitmap
RectVisible

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl

comctl32

InitCommonControlsEx

shlwapi

PathRemoveFileSpecA
PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CoInitialize
OleFlushClipboard
CoRegisterMessageFilter
CLSIDFromString

oleaut32

VariantInit
SysAllocStringLen
SysStringLen
SysAllocStringByteLen
VariantClear
VariantChangeType
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString
SysFreeString

psapi

GetModuleFileNameExA

Sections

.text
Size: 235KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
T_Prevent64up.dll
.dll windows:5 windows x64 arch:x64

e1738bc0b17cb1898cd3df8ceb9c4b15

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/11/2020, 00:00

Not After

26/02/2024, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:40:54:0b:95:84:45:3b:f5:85:0a:d2:a9:b4:25:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/02/2022, 00:00

Not After

04/03/2025, 23:59

Subject

CN=Teruten Inc.,O=Teruten Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:ce:e1:0f:19:48:51:5a:67:d2:00:05:74:73:6d:aa:e9:ce:86:16:ad:0a:9e:98:c7:3f:83:d3:a4:be:4b:6c
Signer

Actual PE Digest

b9:ce:e1:0f:19:48:51:5a:67:d2:00:05:74:73:6d:aa:e9:ce:86:16:ad:0a:9e:98:c7:3f:83:d3:a4:be:4b:6c

Digest Algorithm

sha256

PE Digest Matches

true

4b:70:2e:bb:16:69:7a:30:94:db:67:9d:59:be:b9:6e:3b:04:68:a4
Signer

Actual PE Digest

4b:70:2e:bb:16:69:7a:30:94:db:67:9d:59:be:b9:6e:3b:04:68:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\Users\his\Documents\Visual Studio 2008\Projects\Windows_PSC\TDepend\Bin\Release\T_Prevent\T_Prevent64.pdb

Imports

kernel32

lstrcmpW
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
EnumResourceLanguagesA
ConvertDefaultLocale
LocalAlloc
InitializeCriticalSection
GlobalReAlloc
GlobalHandle
LocalReAlloc
DeleteCriticalSection
SetErrorMode
GlobalFlags
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
SetFilePointer
FlushFileBuffers
GetFullPathNameA
RtlLookupFunctionEntry
RtlUnwindEx
ExitProcess
GetSystemTimeAsFileTime
RaiseException
RtlPcToFileHeader
UnhandledExceptionFilter
SetUnhandledExceptionFilter
FindFirstFileA
RtlVirtualUnwind
FlsSetValue
GetCommandLineA
HeapReAlloc
HeapSize
HeapQueryInformation
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
GetACP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetDriveTypeA
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
FindNextFileA
FindClose
GetModuleFileNameW
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
GetModuleHandleW
VirtualProtect
VirtualProtectEx
FlushInstructionCache
VirtualQueryEx
VirtualQuery
SetThreadContext
OpenEventA
GetSystemInfo
VirtualAlloc
VirtualFree
RtlCaptureContext
SuspendThread
GetThreadContext
GetCurrentDirectoryA
GetExitCodeProcess
LoadLibraryA
FreeLibrary
CreateProcessW
SetEvent
GetExitCodeThread
TerminateThread
TlsGetValue
TlsSetValue
WaitForSingleObject
ReleaseSemaphore
TlsFree
TlsAlloc
GetFileAttributesA
GetLocaleInfoA
GetTempPathA
CreateSemaphoreA
CreateEventA
TerminateProcess
GetCurrentProcess
GetUserDefaultLangID
GetVersionExA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceA
LoadResource
LockResource
SizeofResource
CreateFileW
MoveFileA
lstrlenW
FindFirstVolumeA
GetVolumePathNamesForVolumeNameA
QueryDosDeviceA
FindNextVolumeA
FindVolumeClose
DeleteFileA
GetFileSize
ReadFile
WideCharToMultiByte
GetModuleFileNameA
ReadProcessMemory
WriteProcessMemory
GetCurrentThread
CreateToolhelp32Snapshot
Process32First
Process32Next
GetSystemDirectoryA
GetModuleHandleA
GetProcAddress
lstrlenA
MultiByteToWideChar
OpenProcess
SetLastError
GetLastError
CreateThread
SetThreadPriority
ResumeThread
CreateDirectoryA
CreateFileA
WriteFile
CloseHandle
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
GetLocalTime
CallNamedPipeA
EnterCriticalSection
IsDebuggerPresent
LeaveCriticalSection

user32

DestroyMenu
ShowWindow
SetWindowTextA
LoadCursorA
GetSysColorBrush
UnregisterClassA
IsWindowEnabled
SetCursor
GetMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
GetFocus
GetLastActivePopup
GetDlgItem
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
EnableWindow
SetForegroundWindow
PostMessageA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
AdjustWindowRectEx
GetDlgCtrlID
PtInRect
DefWindowProcA
CallWindowProcA
GetMenu
GetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetSysColor
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetActiveWindow
SendMessageA
EnumWindows
GetWindowTextA
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
DispatchMessageA
GetParent
IsWindow
IsWindowVisible
CopyRect
GetWindowRect
TranslateMessage
PrintWindow
WindowFromDC
EnumDisplayMonitors
GetMonitorInfoA
GetClientRect
SetRect
SetClipboardData
OpenClipboard
GetClipboardData
GetClipboardOwner
EmptyClipboard
GetForegroundWindow
GetTopWindow
GetWindowThreadProcessId
GetClassNameA
GetDC
ReleaseDC
GetWindow
RegisterClassA

gdi32

CreateBitmap
GetStockObject
SetWindowExtEx
ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDIBits
StretchBlt
GetDeviceCaps
CreateDCA
CreateCompatibleBitmap
SetPixel
CreateDIBSection
BitBlt
GetPixel
SetDIBColorTable
SelectObject
DeleteDC
CreateCompatibleDC
DeleteObject

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

shlwapi

StrStrW
StrStrIA
StrStrIW
ord213
ord184
PathRemoveFileSpecA
PathStripPathA
PathFindExtensionA
PathFindFileNameA
ord214

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitialize

oleaut32

VariantClear
VariantChangeType
VariantInit

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipCloneImage
GdiplusShutdown
GdipBitmapLockBits
GdipFree
GdipAlloc
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup

psapi

GetModuleFileNameExA
EnumProcessModules

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ntdll

NtFsControlFile
NtFreeVirtualMemory
NtFlushVirtualMemory
NtFlushKey
NtFlushBuffersFile
NtEnumerateValueKey
NtEnumerateKey
NtDuplicateToken
NtDuplicateObject
NtDeviceIoControlFile
NtDeleteValueKey
NtDeleteKey
NtDeleteFile
NtCreateSection
NtCreateKey
NtCreateFile
NtCreateEvent
NtCreateDirectoryObject
NtClose
NtAllocateVirtualMemory
NtAllocateLocallyUniqueId
NtWaitForSingleObject
ZwOpenProcess
NtWriteFile
NtUnmapViewOfSection
NtUnloadDriver
NtTerminateProcess
NtSetVolumeInformationFile
NtSetValueKey
NtSetSecurityObject
NtSetInformationToken
NtSetInformationThread
NtSetInformationFile
NtSetEvent
NtReadFile
NtQueryVolumeInformationFile
NtQueryValueKey
NtQuerySymbolicLinkObject
NtQuerySecurityObject
NtQueryObject
NtQueryKey
NtQueryInformationToken
NtQueryInformationFile
NtQueryFullAttributesFile
NtQueryDirectoryFile
NtOpenSymbolicLinkObject
NtOpenSection
NtOpenProcessTokenEx
NtOpenProcess
NtOpenKey
NtOpenFile
NtOpenEvent
NtOpenDirectoryObject
NtNotifyChangeKey
NtMakeTemporaryObject
NtLockFile
NtLoadDriver

Exports

Exports

T_Prevent64_Mode

Sections

.text
Size: 274KB - Virtual size: 274KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 80KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
T_Preventup.dll
.dll windows:5 windows x86 arch:x86

037b25744933fa8cc68866529b8e8248

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/11/2020, 00:00

Not After

26/02/2024, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:40:54:0b:95:84:45:3b:f5:85:0a:d2:a9:b4:25:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/02/2022, 00:00

Not After

04/03/2025, 23:59

Subject

CN=Teruten Inc.,O=Teruten Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f0:b1:07:3e:8e:8c:89:8a:a5:64:c9:ca:93:fd:df:c8:8a:d4:32:30:d6:ff:42:0d:c8:05:2b:10:47:01:ed:ec
Signer

Actual PE Digest

f0:b1:07:3e:8e:8c:89:8a:a5:64:c9:ca:93:fd:df:c8:8a:d4:32:30:d6:ff:42:0d:c8:05:2b:10:47:01:ed:ec

Digest Algorithm

sha256

PE Digest Matches

true

cd:e5:d5:b7:0a:0b:50:69:45:e3:31:b7:f7:92:8d:d5:56:36:06:b6
Signer

Actual PE Digest

cd:e5:d5:b7:0a:0b:50:69:45:e3:31:b7:f7:92:8d:d5:56:36:06:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\his\Documents\Visual Studio 2008\Projects\Windows_PSC\TDepend\Bin\Release\T_Prevent\T_Prevent.pdb

Imports

kernel32

FindNextFileA
FindFirstFileA
lstrcmpW
CompareStringA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
EnumResourceLanguagesA
ConvertDefaultLocale
LocalAlloc
GlobalReAlloc
GlobalHandle
InitializeCriticalSection
LocalReAlloc
DeleteCriticalSection
SetErrorMode
InterlockedIncrement
GlobalFlags
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
SetFilePointer
FlushFileBuffers
GetFullPathNameA
RtlUnwind
ExitProcess
FindClose
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCommandLineA
HeapReAlloc
HeapSize
HeapCreate
HeapDestroy
GetStdHandle
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetDriveTypeA
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
InterlockedDecrement
GetModuleFileNameW
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
GetModuleHandleW
VirtualProtect
VirtualProtectEx
FlushInstructionCache
VirtualQueryEx
InterlockedCompareExchange
VirtualQuery
SetThreadContext
OpenEventA
GetSystemInfo
VirtualAlloc
VirtualFree
SuspendThread
GetThreadContext
GetCurrentDirectoryA
GetExitCodeProcess
LoadLibraryA
FreeLibrary
CreateProcessW
SetEvent
GetExitCodeThread
TerminateThread
TlsGetValue
TlsSetValue
WaitForSingleObject
ReleaseSemaphore
TlsFree
TlsAlloc
GetFileAttributesA
GetLocaleInfoA
GetTempPathA
CreateSemaphoreA
CreateEventA
TerminateProcess
GetCurrentProcess
GetUserDefaultLangID
GetVersionExA
FileTimeToLocalFileTime
FileTimeToSystemTime
FindResourceA
LoadResource
LockResource
SizeofResource
CreateFileW
MoveFileA
lstrlenW
FindFirstVolumeA
GetVolumePathNamesForVolumeNameA
QueryDosDeviceA
FindNextVolumeA
FindVolumeClose
DeleteFileA
GetFileSize
ReadFile
WideCharToMultiByte
GetModuleFileNameA
ReadProcessMemory
WriteProcessMemory
GetCurrentThread
CreateToolhelp32Snapshot
Process32First
Process32Next
GetSystemDirectoryA
GetModuleHandleA
GetProcAddress
lstrlenA
MultiByteToWideChar
OpenProcess
SetLastError
GetLastError
InterlockedExchange
CreateThread
SetThreadPriority
ResumeThread
CreateDirectoryA
CreateFileA
WriteFile
CloseHandle
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
GetLocalTime
CallNamedPipeA
EnterCriticalSection
GetSystemTimeAsFileTime
LeaveCriticalSection

user32

DestroyMenu
ShowWindow
SetWindowTextA
LoadCursorA
GetSysColorBrush
UnregisterClassA
IsWindowEnabled
SetCursor
GetMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
SetWindowsHookExA
CallNextHookEx
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
GetLastActivePopup
GetDlgItem
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
EnableWindow
SetForegroundWindow
PostMessageA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
GetWindowLongA
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetSysColor
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetActiveWindow
SendMessageA
EnumWindows
GetWindowTextA
MessageBoxA
MsgWaitForMultipleObjects
PeekMessageA
DispatchMessageA
GetParent
IsWindow
IsWindowVisible
CopyRect
GetWindowRect
TranslateMessage
PrintWindow
WindowFromDC
EnumDisplayMonitors
GetMonitorInfoA
GetClientRect
SetRect
SetClipboardData
OpenClipboard
GetClipboardData
GetClipboardOwner
EmptyClipboard
GetForegroundWindow
GetTopWindow
GetWindowThreadProcessId
GetClassNameA
GetDC
ReleaseDC
GetWindow
CreateWindowExA

gdi32

CreateBitmap
GetStockObject
SetWindowExtEx
ScaleWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutA
TextOutA
RectVisible
PtVisible
GetObjectA
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDIBits
StretchBlt
GetDeviceCaps
CreateDCA
CreateCompatibleBitmap
SetPixel
CreateDIBSection
BitBlt
GetPixel
SetDIBColorTable
SelectObject
DeleteDC
CreateCompatibleDC
DeleteObject

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegQueryValueA
RegEnumKeyA
RegOpenKeyExA
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA

shlwapi

StrStrW
StrStrIA
StrStrIW
ord213
ord184
PathRemoveFileSpecA
PathStripPathA
PathFindExtensionA
PathFindFileNameA
ord214

ole32

CreateStreamOnHGlobal
CoUninitialize
CoInitialize

oleaut32

VariantClear
VariantChangeType
VariantInit

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipCloneImage
GdiplusShutdown
GdipBitmapLockBits
GdipFree
GdipAlloc
GdipDisposeImage
GdipSaveImageToStream
GdipCreateBitmapFromScan0
GdipCreateBitmapFromHBITMAP
GdipGetImageEncodersSize
GdipGetImageEncoders
GdiplusStartup

psapi

GetModuleFileNameExA
EnumProcessModules

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

ntdll

NtFsControlFile
NtFreeVirtualMemory
NtFlushVirtualMemory
NtFlushKey
NtFlushBuffersFile
NtEnumerateValueKey
NtEnumerateKey
NtDuplicateToken
NtDuplicateObject
NtDeviceIoControlFile
NtDeleteValueKey
NtDeleteKey
NtDeleteFile
NtCreateSection
NtCreateKey
NtCreateFile
NtCreateEvent
NtCreateDirectoryObject
NtClose
NtAllocateVirtualMemory
NtAllocateLocallyUniqueId
NtWaitForSingleObject
ZwOpenProcess
NtWriteFile
NtUnmapViewOfSection
NtUnloadDriver
NtTerminateProcess
NtSetVolumeInformationFile
NtSetValueKey
NtSetSecurityObject
NtSetInformationToken
NtSetInformationThread
NtSetInformationFile
NtSetEvent
NtReadFile
NtQueryVolumeInformationFile
NtQueryValueKey
NtQuerySymbolicLinkObject
NtQuerySecurityObject
NtQueryObject
NtQueryKey
NtQueryInformationToken
NtQueryInformationFile
NtQueryFullAttributesFile
NtQueryDirectoryFile
NtOpenSymbolicLinkObject
NtOpenSection
NtOpenProcessTokenEx
NtOpenProcess
NtOpenKey
NtOpenFile
NtOpenEvent
NtOpenDirectoryObject
NtNotifyChangeKey
NtMakeTemporaryObject
NtLockFile
NtLoadDriver

Exports

Exports

T_Prevent64_Mode

Sections

.text
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
T_SCMgr64up.exe
.exe windows:5 windows x86 arch:x86

2ba0caa1a10fc2141f91fc150272bbea

Code Sign

70:ba:e4:1d:10:d9:29:34:b6:38:ca:7b:03:cc:ba:bf
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

29/01/1996, 00:00

Not After

01/08/2028, 23:59

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4e:8c:08:d3:91:7c:71:e1:0c:fd:dc:7a:15:e3:14:35
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

14/09/2010, 00:00

Not After

14/10/2011, 23:59

Subject

CN=Teruten\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Teruten\, Inc.,L=Guro,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

h:\10. WebCube\T_SCMgr\Bin\Release\T_SCMgr\T_SCMgr.pdb

Imports

kernel32

GetFileAttributesA
GetFileSizeEx
GetFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetCommandLineA
GetStartupInfoA
HeapFree
RtlUnwind
RaiseException
VirtualProtect
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitProcess
HeapSize
GetACP
IsValidCodePage
HeapCreate
GetStdHandle
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
FileTimeToLocalFileTime
GetTickCount
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GlobalFlags
FileTimeToSystemTime
GetThreadLocale
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedIncrement
GetModuleHandleW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
GlobalAddAtomA
WritePrivateProfileStringA
FreeResource
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
CompareStringA
InterlockedExchange
lstrcmpA
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
MulDiv
lstrlenA
DisconnectNamedPipe
WriteFile
ReadFile
WaitForMultipleObjects
ConnectNamedPipe
Sleep
ResumeThread
SetThreadPriority
CreateThread
ResetEvent
CreateEventA
CreateNamedPipeA
GetSystemDefaultLangID
CreateMutexA
GetLastError
FreeLibrary
LoadLibraryA
FindResourceA
LoadResource
LockResource
SizeofResource
WideCharToMultiByte
CloseHandle
GetCurrentProcess
DuplicateHandle
GetCurrentProcessId
VirtualFree
VirtualAlloc
GetModuleHandleA
GetProcAddress
GetVersionExA
FreeEnvironmentStringsA

user32

PostThreadMessageA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
MoveWindow
SetWindowTextA
IsDialogMessageA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
RemovePropA
SetFocus
GetForegroundWindow
GetTopWindow
RegisterClipboardFormatA
GetMessagePos
MapWindowPoints
TrackPopupMenu
SetMenu
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
EqualRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
GetWindowPlacement
GetWindowRect
GetSysColor
SystemParametersInfoA
DestroyMenu
CopyRect
GetPropA
GetWindowThreadProcessId
GetWindowTextA
UnhookWindowsHookEx
GetLastActivePopup
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
IsWindowVisible
GetKeyState
PeekMessageA
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
ModifyMenuA
EnableMenuItem
UnregisterClassA
CharUpperA
GetMessageTime
LoadIconA
GetSystemMenu
AppendMenuA
SendMessageA
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
LoadMenuA
GetSubMenu
GetCursorPos
SetForegroundWindow
ShowWindow
EnableWindow
GetMenuItemCount
GetMenuItemID
GetMenuState
PostMessageA
PostQuitMessage
SetWindowPos
MapDialogRect
GetParent
SetWindowContextHelpId
GetWindow
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongA
IsWindow
DestroyWindow
CreateDialogIndirectParamA
SetActiveWindow
GetActiveWindow
GetDesktopWindow
CheckMenuItem

gdi32

GetStockObject
GetBkColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ExtSelectClipRgn
DeleteDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
GetTextColor
GetDeviceCaps
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
SetBkColor
SetTextColor
GetClipBox
ExtTextOutA
GetObjectA
CreateBitmap
PtVisible

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegSetValueExA
InitializeSecurityDescriptor
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl

shell32

Shell_NotifyIconA

comctl32

InitCommonControlsEx

shlwapi

PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord8

ole32

OleIsCurrentClipboard
CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleFlushClipboard
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
CoRegisterMessageFilter

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TftLib64up.dll
.dll windows:5 windows x64 arch:x64

228a99b2aa065750b9f54110d6dfa92d

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/11/2020, 00:00

Not After

26/02/2024, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:58:98:31:c0:8b:e4:db:43:62:eb:b1:b1:79:6e:16:21:c2:bb:c9:0f:3b:5f:e3:3e:fb:a5:98:9b:e9:19:74
Signer

Actual PE Digest

77:58:98:31:c0:8b:e4:db:43:62:eb:b1:b1:79:6e:16:21:c2:bb:c9:0f:3b:5f:e3:3e:fb:a5:98:9b:e9:19:74

Digest Algorithm

sha256

PE Digest Matches

true

da:f1:51:86:38:ba:7a:14:6d:6c:5c:ee:06:57:9e:8a:15:fc:b1:0d
Signer

Actual PE Digest

da:f1:51:86:38:ba:7a:14:6d:6c:5c:ee:06:57:9e:8a:15:fc:b1:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\Users\his\Documents\Visual Studio 2008\Projects\Windows_PSC\TDepend\Bin\Release\TftLib\TftLib.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

WritePrivateProfileStringA
MoveFileA
ReadFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetSystemTimeAsFileTime
FlsSetValue
GetCommandLineA
HeapReAlloc
ExitProcess
HeapSize
HeapQueryInformation
GetStdHandle
HeapSetInformation
GetCPInfo
HeapDestroy
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetACP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GlobalFlags
GetModuleHandleW
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
TlsGetValue
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
GetModuleFileNameW
lstrcmpA
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
lstrlenA
SetLastError
GetFileSize
SetFileAttributesA
CopyFileA
GetFileAttributesA
GlobalAlloc
GlobalFree
lstrcpynA
CreateEventA
SetEvent
CreateProcessA
GetProcessHandleCount
GetExitCodeThread
InitializeCriticalSectionAndSpinCount
GetOEMCP
GetModuleHandleA
GetSystemInfo
GetCurrentProcess
RemoveDirectoryA
DeleteFileA
GetVersionExA
GetModuleFileNameA
GetUserDefaultLangID
GetSystemDirectoryA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
WideCharToMultiByte
WaitForSingleObject
GetLastError
TerminateThread
FindResourceA
LoadResource
LockResource
SizeofResource
CreateThread
SetThreadPriority
ResumeThread
CreateDirectoryA
CreateFileA
WriteFile
CloseHandle
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
CallNamedPipeA
EnterCriticalSection
LeaveCriticalSection
HeapCreate

user32

GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
DestroyMenu
SetWindowTextA
LoadCursorA
GetDC
ReleaseDC
GetSysColorBrush
UnregisterClassA
IsWindowEnabled
SetCursor
GetMessageA
GetActiveWindow
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostQuitMessage
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
GetLastActivePopup
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
EnableWindow
GetClientRect
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
SendMessageA
PtInRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetClassLongPtrA
wsprintfA
PeekMessageA
TranslateMessage
DispatchMessageA
WaitForInputIdle
GetClipboardOwner
OpenClipboard
GetClipboardData
EmptyClipboard
CloseClipboard
GetClassNameA
GetWindowTextA
GetAncestor
EnumWindows
SetWindowsHookExA
PostMessageA
GetWindowRect
GetCursorPos
ShowWindow
ClipCursor
IsWindow
GetForegroundWindow
SetForegroundWindow
GetAsyncKeyState
CallNextHookEx
UnhookWindowsHookEx
FindWindowA
GetParent
GetWindowLongA
IsWindowVisible
GetWindow
IsIconic
GetWindowThreadProcessId
SetMenu

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
CreateBitmap
SetBkColor
SetTextColor
GetClipBox

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegEnumKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
LookupAccountSidA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

gdiplus

GdiplusShutdown

ws2_32

gethostbyname
WSACleanup
gethostname
WSAStartup
inet_ntoa

iphlpapi

GetAdaptersInfo

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Exports

Exports

CheckDirect
CheckMirrorDrive
CheckProcess
CheckProtectHealth
Connect
DelTAdminLog
DeleteDependPid
DeletePidHwnd
Disconnect
EarseClipboardExceptProcess
EarseExceptProcess
EarseInjectExceptProcess
EndDepend
EndDependEx
EndExamAltTab
EndExamAppMini
EndExamMouseFix
GetCheckedChromeExtension
GetLogData
GetPiece
GetProtect
GetPscType
InsertClipboardExceptProcess
InsertDependHwnd
InsertDependPid
InsertDllKillList
InsertExceptProcess
InsertInjectExceptProcess
InsertPidHwnd
Install
IsCheckTptDependFiles
IsUAC
ReCmdPSC
ReCmdPSCEx
RemoveDependHwnd
SetAeroProtect
SetCaptureImagePath
SetCreateFolder
SetDefaultProtect
SetDomain
SetFileExtension
SetFileName
SetLogPath
SetLogText
SetModuleNumber
SetPiece
SetPieceProtect
SetProcessLive
SetProtect
SetPscType
SetTAdminLog
SetTAdminLogEx
StartDepend
StartDependEx
StartExamAltTab
StartExamAppMini
StartExamMouseFix
StatusDepend
Std_CheckMirrorDrive
Std_CheckProcess
Std_CheckProtectHealth
Std_CheckPscType
Std_DeleteDependPid
Std_EarseClipboardExceptProcess
Std_EarseExceptProcess
Std_EarseInjectExceptProcess
Std_EndDepend
Std_GetCheckedChromeExtension
Std_GetPiece
Std_GetProtect
Std_InsertClipboardExceptProcess
Std_InsertDependHwnd
Std_InsertDependPid
Std_InsertDllKillList
Std_InsertExceptProcess
Std_InsertInjectExceptProcess
Std_Install
Std_IsCheckTptDependFiles
Std_RemoveDependHwnd
Std_SetAeroProtect
Std_SetCaptureImagePath
Std_SetDefaultProtect
Std_SetPiece
Std_SetPieceProtect
Std_SetProtect
Std_SetPscType
Std_StartDepend
Std_TPWEarseProtectDocumentName
Std_TPWEarseProtectProcess
Std_TPWEndDepend
Std_TPWInsertProtectDocumentName
Std_TPWInsertProtectProcess
Std_TPWInstall
Std_TPWSetConfigFile
Std_TPWSetPolicy
Std_TPWStartDepend
TPWEarseProtectDocumentName
TPWEarseProtectProcess
TPWEndDepend
TPWInsertProtectDocumentName
TPWInsertProtectProcess
TPWInstall
TPWSetConfigFile
TPWSetPolicy
TPWStartDepend
TVMNGInstall
UACWrite

Sections

.text
Size: 240KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TftLibup.dll
.dll windows:5 windows x86 arch:x86

16fc2eda49b1c7f917cf3d115b7ec077

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/11/2020, 00:00

Not After

26/02/2024, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:c9:50:3f:35:d6:08:89:fa:fe:ad:52:22:3f:aa:79:da:2f:77:b5:a2:15:bb:b6:8c:c7:46:d4:c8:ca:8b:9f
Signer

Actual PE Digest

ed:c9:50:3f:35:d6:08:89:fa:fe:ad:52:22:3f:aa:79:da:2f:77:b5:a2:15:bb:b6:8c:c7:46:d4:c8:ca:8b:9f

Digest Algorithm

sha256

PE Digest Matches

true

6f:86:93:87:cd:0f:81:8b:7e:fe:66:b9:f1:20:19:e1:8a:43:29:6c
Signer

Actual PE Digest

6f:86:93:87:cd:0f:81:8b:7e:fe:66:b9:f1:20:19:e1:8a:43:29:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Users\his\Documents\Visual Studio 2008\Projects\Windows_PSC\TDepend\Bin\Release\TftLib\TftLib.pdb

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

kernel32

GetCPInfo
GetOEMCP
WritePrivateProfileStringA
MoveFileA
ReadFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
HeapSize
HeapCreate
HeapDestroy
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
GlobalFlags
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
InterlockedIncrement
GetModuleHandleW
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
LocalAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
InterlockedExchange
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
InterlockedDecrement
GetModuleFileNameW
lstrcmpA
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
lstrlenA
SetLastError
GetFileSize
SetFileAttributesA
CopyFileA
GetFileAttributesA
GlobalAlloc
GlobalFree
lstrcpynA
CreateEventA
SetEvent
CreateProcessA
GetProcessHandleCount
GetExitCodeThread
VirtualAlloc
VirtualFree
GetModuleHandleA
GetSystemInfo
GetCurrentProcess
RemoveDirectoryA
DeleteFileA
GetVersionExA
GetModuleFileNameA
GetUserDefaultLangID
GetSystemDirectoryA
GetFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
LoadLibraryA
GetProcAddress
FreeLibrary
OpenProcess
TerminateProcess
CreateToolhelp32Snapshot
Process32First
Process32Next
WideCharToMultiByte
WaitForSingleObject
GetLastError
TerminateThread
FindResourceA
LoadResource
LockResource
SizeofResource
CreateThread
SetThreadPriority
ResumeThread
CreateDirectoryA
CreateFileA
WriteFile
CloseHandle
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
CallNamedPipeA
EnterCriticalSection
LeaveCriticalSection
ExitProcess

user32

GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
ClientToScreen
DestroyMenu
SetWindowTextA
LoadCursorA
GetDC
ReleaseDC
GetSysColorBrush
UnregisterClassA
IsWindowEnabled
SetCursor
GetMessageA
GetActiveWindow
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
ModifyMenuA
EnableMenuItem
PostQuitMessage
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
SetPropA
GetPropA
RemovePropA
GetFocus
GetLastActivePopup
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
GetKeyState
SetMenu
EnableWindow
GetClientRect
MessageBoxA
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
CopyRect
GetDlgCtrlID
SendMessageA
DefWindowProcA
CallWindowProcA
PtInRect
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
GetWindowPlacement
GetSystemMetrics
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetClassLongA
wsprintfA
PeekMessageA
TranslateMessage
DispatchMessageA
WaitForInputIdle
GetClipboardOwner
OpenClipboard
GetClipboardData
EmptyClipboard
CloseClipboard
GetClassNameA
GetWindowTextA
GetAncestor
EnumWindows
SetWindowsHookExA
PostMessageA
GetWindowRect
GetCursorPos
ShowWindow
ClipCursor
IsWindow
SetForegroundWindow
GetForegroundWindow
GetAsyncKeyState
CallNextHookEx
UnhookWindowsHookEx
FindWindowA
GetParent
GetWindowLongA
IsWindowVisible
GetWindow
IsIconic
GetWindowThreadProcessId
CheckMenuItem

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
PtVisible
GetDeviceCaps
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
CreateBitmap
SetBkColor
SetTextColor
GetClipBox

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

RegQueryValueA
RegEnumKeyA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
GetTokenInformation
LookupAccountSidA
RegQueryInfoKeyA
RegEnumKeyExA
RegOpenKeyExA
RegCreateKeyA
RegCloseKey
RegOpenKeyA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

shlwapi

PathFindExtensionA
PathFindFileNameA

oleaut32

VariantClear
VariantChangeType
VariantInit

gdiplus

GdiplusShutdown

ws2_32

gethostbyname
WSACleanup
gethostname
WSAStartup
inet_ntoa

iphlpapi

GetAdaptersInfo

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationA

Exports

Exports

CheckDirect
CheckMirrorDrive
CheckProcess
CheckProtectHealth
Connect
DelTAdminLog
DeleteDependPid
DeletePidHwnd
Disconnect
EarseClipboardExceptProcess
EarseExceptProcess
EarseInjectExceptProcess
EndDepend
EndDependEx
EndExamAltTab
EndExamAppMini
EndExamMouseFix
GetCheckedChromeExtension
GetLogData
GetPiece
GetProtect
GetPscType
InsertClipboardExceptProcess
InsertDependHwnd
InsertDependPid
InsertDllKillList
InsertExceptProcess
InsertInjectExceptProcess
InsertPidHwnd
Install
IsCheckTptDependFiles
IsUAC
ReCmdPSC
ReCmdPSCEx
RemoveDependHwnd
SetAeroProtect
SetCaptureImagePath
SetCreateFolder
SetDefaultProtect
SetDomain
SetFileExtension
SetFileName
SetLogPath
SetLogText
SetModuleNumber
SetPiece
SetPieceProtect
SetProcessLive
SetProtect
SetPscType
SetTAdminLog
SetTAdminLogEx
StartDepend
StartDependEx
StartExamAltTab
StartExamAppMini
StartExamMouseFix
StatusDepend
Std_CheckMirrorDrive
Std_CheckProcess
Std_CheckProtectHealth
Std_CheckPscType
Std_DeleteDependPid
Std_EarseClipboardExceptProcess
Std_EarseExceptProcess
Std_EarseInjectExceptProcess
Std_EndDepend
Std_GetCheckedChromeExtension
Std_GetPiece
Std_GetProtect
Std_InsertClipboardExceptProcess
Std_InsertDependHwnd
Std_InsertDependPid
Std_InsertDllKillList
Std_InsertExceptProcess
Std_InsertInjectExceptProcess
Std_Install
Std_IsCheckTptDependFiles
Std_RemoveDependHwnd
Std_SetAeroProtect
Std_SetCaptureImagePath
Std_SetDefaultProtect
Std_SetPiece
Std_SetPieceProtect
Std_SetProtect
Std_SetPscType
Std_StartDepend
Std_TPWEarseProtectDocumentName
Std_TPWEarseProtectProcess
Std_TPWEndDepend
Std_TPWInsertProtectDocumentName
Std_TPWInsertProtectProcess
Std_TPWInstall
Std_TPWSetConfigFile
Std_TPWSetPolicy
Std_TPWStartDepend
TPWEarseProtectDocumentName
TPWEarseProtectProcess
TPWEndDepend
TPWInsertProtectDocumentName
TPWInsertProtectProcess
TPWInstall
TPWSetConfigFile
TPWSetPolicy
TPWStartDepend
TVMNGInstall
UACWrite

Sections

.text
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tptbmlib.dll
.dll windows:4 windows x86 arch:x86

a87e2895ffc47bd1af4554a216dc6986

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCPInfo
GetOEMCP
RtlUnwind
HeapAlloc
GetCommandLineA
HeapFree
GetProcessHeap
ExitProcess
RaiseException
HeapSize
HeapReAlloc
GetACP
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapDestroy
HeapCreate
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
VirtualProtect
GetSystemInfo
VirtualQuery
IsBadReadPtr
IsBadCodePtr
InterlockedExchange
GetLocaleInfoA
WriteFile
GetProcessVersion
LoadLibraryA
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
GetProcAddress
WritePrivateProfileStringA
GlobalFlags
SetLastError
GetVersion
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
CloseHandle
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
GetVersionExA
CreateFileA
GetLastError
OutputDebugStringA
GetExitCodeThread
WaitForMultipleObjects
SetEvent
OpenEventA
CreateEventA
CreateThread
SetThreadPriority
ResumeThread
DeviceIoControl
GetCurrentProcessId
GetSystemDirectoryA
Sleep
SetHandleCount

user32

GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
CallWindowProcA
SetWindowPos
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
wsprintfA
RemovePropA
ShowWindow
DefWindowProcA
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
PtInRect

gdi32

SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ScaleViewportExtEx
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
SetSecurityDescriptorDacl
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
InitializeSecurityDescriptor

comctl32

ord17

Exports

Exports

GDIAPI_AddCopyPreventProcessID
GDIAPI_AddGDISpyClipboardHWND
GDIAPI_AddGetClipBoardPid
GDIAPI_AddProcessID
GDIAPI_AddProcessImageName
GDIAPI_AddSetClipBoardPid
GDIAPI_CloseHandle
GDIAPI_DelGDISpyClipboardHWND
GDIAPI_DelGetClipBoardPid
GDIAPI_DelProcessImageName
GDIAPI_DelSetClipBoardPid
GDIAPI_EnableHook
GDIAPI_GetClipboardHWNDList
GDIAPI_GetHookStatus
GDIAPI_Hook
GDIAPI_NtGdiLoadDevice
GDIAPI_NtGdiUnLoadDevice
GDIAPI_RemoveCopyPreventProcessID
GDIAPI_RemoveProcessID
GDIAPI_SetImageFilePath
GDIAPI_Unhook

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tptlib.dll
.dll windows:4 windows x86 arch:x86

bb6622237ee671573209b890775b8fe4

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

psapi

GetModuleBaseNameA
EnumProcessModules
EnumProcesses

kernel32

GlobalFlags
GetProcessVersion
GetCPInfo
GetOEMCP
WritePrivateProfileStringA
ReadFile
SetFilePointer
FlushFileBuffers
SetEndOfFile
MoveFileA
RtlUnwind
RaiseException
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetACP
ExitProcess
SetErrorMode
HeapReAlloc
InterlockedExchange
VirtualQuery
SetUnhandledExceptionFilter
LCMapStringA
LCMapStringW
VirtualProtect
VirtualAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
GetStringTypeA
GetStringTypeW
IsBadReadPtr
IsBadCodePtr
GetLocaleInfoA
SetStdHandle
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalUnlock
GlobalLock
GlobalFree
TlsAlloc
LocalAlloc
GlobalAlloc
lstrcmpA
GetCurrentThread
lstrcpynA
MulDiv
SetLastError
FindResourceA
LoadResource
LockResource
GetVersion
lstrcatA
GlobalGetAtomNameA
lstrcmpiA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
lstrcpyA
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
WriteFile
TerminateThread
GetCurrentThreadId
OutputDebugStringA
GetModuleHandleA
GetSystemInfo
CopyFileA
DeleteFileA
FreeLibrary
Process32First
Process32Next
CreateToolhelp32Snapshot
LoadLibraryA
GetProcAddress
OpenProcess
TerminateProcess
GetVersionExA
SetEvent
GetExitCodeThread
Sleep
WaitForMultipleObjects
OpenEventA
CreateEventA
CreateThread
SetThreadPriority
GetCurrentProcessId
CallNamedPipeA
CreateProcessA
ResumeThread
GetSystemDirectoryA
GetFileAttributesA
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
DeviceIoControl
FormatMessageA
LocalFree
CreateFileA
GetFileTime
CloseHandle
FileTimeToLocalFileTime
FileTimeToSystemTime
GetUserDefaultLangID
GetModuleFileNameA
HeapSize
GetLastError

user32

AdjustWindowRectEx
SetFocus
SetActiveWindow
GetFocus
GetSysColor
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
LoadIconA
IsDialogMessageA
SetWindowTextA
ShowWindow
IsWindowEnabled
GetNextDlgTabItem
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
ModifyMenuA
GetMenuState
LoadBitmapA
GetMenuCheckMarkDimensions
CreateDialogIndirectParamA
GetActiveWindow
EndDialog
ClientToScreen
BeginPaint
EndPaint
TabbedTextOutA
DrawTextA
GrayStringA
SetCursor
GetCursorPos
ValidateRect
GetMessageA
UnregisterClassA
LoadStringA
PtInRect
LoadCursorA
GetSysColorBrush
DestroyMenu
IsWindowVisible
GetTopWindow
GetParent
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetDlgItem
GetDlgCtrlID
GetKeyState
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetWindow
GetWindowLongA
RegisterWindowMessageA
SystemParametersInfoA
GetWindowPlacement
TranslateMessage
MsgWaitForMultipleObjects
PeekMessageA
DispatchMessageA
GetClientRect
GetDC
ReleaseDC
SetTimer
GetSystemMetrics
UnhookWindowsHookEx
SetWindowsHookExA
SetWindowPos
PostQuitMessage
PostMessageA
CallNextHookEx
CallWindowProcA
SetWindowLongA
GetPropA
GetWindowRect
ClipCursor
SetWindowLongW
RemovePropA
IsIconic
EnumWindows
GetClassNameA
GetWindowTextA
IsWindow
GetDesktopWindow
wsprintfA
MessageBoxA
EnableWindow
ReplyMessage
SendMessageA
ChangeClipboardChain
SetClipboardViewer
SetClipboardData
CountClipboardFormats
OpenClipboard
EnumClipboardFormats
CloseClipboard
EmptyClipboard
GetClipboardOwner
GetWindowThreadProcessId
GetClipboardData
LoadImageA
SetWindowRgn
CopyRect

gdi32

DeleteObject
CreateBitmap
DeleteDC
SaveDC
RestoreDC
SelectObject
GetStockObject
SetBkMode
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
SetTextColor
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetClipBox
CreateCompatibleDC
CreateCompatibleBitmap
CreateRectRgn
GetPixel
CombineRgn
SetPixel
GetObjectA
SetBkColor

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegOpenKeyA
RegCreateKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
RegOpenKeyExA
RegEnumKeyExA
RegCloseKey
RegCreateKeyA

shell32

ShellExecuteExA
SHGetSpecialFolderPathA

comctl32

ord17

Exports

Exports

CheckApiHook
CheckMirrorDrive
CheckTerminalSession
ClipBoardExceptionProcess
Gdi_AddAccessPid
Gdi_AddCopyPreventPid
Gdi_AddGetClipBoardPid
Gdi_AddProcessImageName
Gdi_AddSetClipBoardPid
Gdi_DelAccessPid
Gdi_DelCopyPreventPid
Gdi_DelGetClipBoardPid
Gdi_DelProcessImageName
Gdi_DelSetClipBoardPid
Gdi_ExceptTool_Jesus
Gdi_Hook
Gdi_LoadDevice
Gdi_UnHook
Gdi_UnHookEx
Gdi_UnloadDevice
GetScreenCaptureStatus
Get_Url
SetCaptureImgPath
SetInitialize
SetLicenseKey
SetScreenCapture
Set_Url
Std_CheckMirrorDrive
Std_CheckTerminalSession
Std_SetLicenseKey
Std_SetScreenCapture
TPT_CheckRemote
TPT_Finalize
TPT_Initize
TPT_OptionCh
TPT_OptionEx
TPT_SetCaption
TPT_SetParentRect
TPT_Start
TPT_Status
TPT_Stop
WebCube_CacheCleartStart
WebCube_CacheCleartStop
WebCube_CreateTcwImageEx
WebCube_Update
_Std_SetInitialize@0

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

TWebShar
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 208B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Tptmlib.dll
.dll windows:4 windows x86 arch:x86

11b6b4951b2688e92000effeecd7596d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCPInfo
GetOEMCP
RtlUnwind
HeapAlloc
GetCommandLineA
HeapFree
GetProcessHeap
ExitProcess
RaiseException
HeapSize
HeapReAlloc
GetACP
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapDestroy
HeapCreate
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
VirtualProtect
GetSystemInfo
VirtualQuery
IsBadReadPtr
IsBadCodePtr
InterlockedExchange
GetLocaleInfoA
WriteFile
GetProcessVersion
LoadLibraryA
FreeLibrary
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
GetProcAddress
WritePrivateProfileStringA
GlobalFlags
SetLastError
GetVersion
lstrcpynA
lstrcpyA
lstrcatA
SetErrorMode
CloseHandle
TlsGetValue
LocalReAlloc
TlsSetValue
EnterCriticalSection
GlobalReAlloc
LeaveCriticalSection
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
DeleteCriticalSection
TlsAlloc
InitializeCriticalSection
LocalFree
LocalAlloc
GetModuleFileNameA
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThread
GetCurrentThreadId
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
GetVersionExA
CreateFileA
GetLastError
OutputDebugStringA
GetExitCodeThread
WaitForMultipleObjects
SetEvent
OpenEventA
CreateEventA
CreateThread
SetThreadPriority
ResumeThread
DeviceIoControl
GetCurrentProcessId
GetSystemDirectoryA
Sleep
SetHandleCount

user32

SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
DefWindowProcA
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
SetFocus
GetPropA
SetWindowPos
SetWindowLongA
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
SetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
LoadStringA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
wsprintfA
CallWindowProcA
ShowWindow
RemovePropA
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostMessageA
PostQuitMessage
PtInRect

gdi32

SetWindowExtEx
ScaleWindowExtEx
GetClipBox
ScaleViewportExtEx
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
DeleteObject
CreateBitmap

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCloseKey
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
SetSecurityDescriptorDacl
OpenSCManagerA
DeleteService
ControlService
OpenServiceA
StartServiceA
CreateServiceA
CloseServiceHandle
InitializeSecurityDescriptor

comctl32

ord17

Exports

Exports

GDIAPI_AddCopyPreventProcessID
GDIAPI_AddGDISpyClipboardHWND
GDIAPI_AddGetClipBoardPid
GDIAPI_AddProcessID
GDIAPI_AddProcessImageName
GDIAPI_AddSetClipBoardPid
GDIAPI_CloseHandle
GDIAPI_DelGDISpyClipboardHWND
GDIAPI_DelGetClipBoardPid
GDIAPI_DelProcessImageName
GDIAPI_DelSetClipBoardPid
GDIAPI_EnableHook
GDIAPI_GetClipboardHWNDList
GDIAPI_GetHookStatus
GDIAPI_Hook
GDIAPI_NtGdiLoadDevice
GDIAPI_NtGdiUnLoadDevice
GDIAPI_RemoveCopyPreventProcessID
GDIAPI_RemoveProcessID
GDIAPI_SetImageFilePath
GDIAPI_Unhook

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TsBService.exe
.exe windows:4 windows x86 arch:x86

f88d970a132f271af6f76f8e6dd987a1

Code Sign

29:a2:8e:c1:a2:fa:cf:c4:23:c7:2f:05:62:18:af:d5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

20/02/2020, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c4:f4:cf:fa:13:17:2b:51:1c:a8:a5:76:42:3f:4e:8c:a8:73:89:45:f7:bb:82:b5:a6:b3:15:39:bf:21:e9:8d
Signer

Actual PE Digest

c4:f4:cf:fa:13:17:2b:51:1c:a8:a5:76:42:3f:4e:8c:a8:73:89:45:f7:bb:82:b5:a6:b3:15:39:bf:21:e9:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

tptmlib

GDIAPI_CloseHandle
GDIAPI_GetClipboardHWNDList
GDIAPI_GetHookStatus
GDIAPI_SetImageFilePath
GDIAPI_DelGDISpyClipboardHWND
GDIAPI_AddGDISpyClipboardHWND
ord1
GDIAPI_AddProcessImageName
GDIAPI_AddGetClipBoardPid
GDIAPI_DelGetClipBoardPid
GDIAPI_DelSetClipBoardPid
GDIAPI_AddSetClipBoardPid
GDIAPI_RemoveCopyPreventProcessID
GDIAPI_AddCopyPreventProcessID
GDIAPI_RemoveProcessID
GDIAPI_AddProcessID
GDIAPI_EnableHook
GDIAPI_Unhook
GDIAPI_Hook
GDIAPI_NtGdiUnLoadDevice
GDIAPI_DelProcessImageName

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

kernel32

TlsFree
GlobalReAlloc
TlsSetValue
LocalReAlloc
TlsGetValue
GlobalFlags
WritePrivateProfileStringA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetVersion
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
RaiseException
HeapAlloc
ExitProcess
ExitThread
CreateThread
GetCommandLineA
HeapFree
GetProcessHeap
GetStartupInfoA
GetACP
HeapReAlloc
HeapSize
GlobalHandle
VirtualFree
VirtualAlloc
IsBadWritePtr
HeapDestroy
HeapCreate
LCMapStringA
LCMapStringW
VirtualProtect
GetSystemInfo
VirtualQuery
UnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedExchange
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GlobalFree
TlsAlloc
LocalAlloc
GlobalUnlock
lstrcatA
SetErrorMode
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetCurrentThreadId
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
GetModuleFileNameA
FindClose
lstrcpyA
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
DuplicateHandle
FileTimeToLocalFileTime
LocalFree
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
GetTickCount
SetLastError
LeaveCriticalSection
EnterCriticalSection
GetUserDefaultLangID
CloseHandle
FileTimeToSystemTime
FormatMessageA
lstrcmpiA
SetConsoleCtrlHandler
lstrlenA
DeleteCriticalSection
InitializeCriticalSection
GetModuleHandleA
GetCurrentProcess
CopyFileA
SetFileAttributesA
CreateToolhelp32Snapshot
Process32First
Process32Next
GetFileAttributesA
CreateProcessA
Sleep
WaitForSingleObject
GetFileSize
DeleteFileA
GetCurrentProcessId
LoadLibraryA
GetProcAddress
FreeLibrary
SetEvent
ConnectNamedPipe
GetLastError
WaitForMultipleObjects
ReadFile
WriteFile
DisconnectNamedPipe
CreateNamedPipeA
CreateEventA
ResetEvent
GetVersionExA
GetSystemDirectoryA
CreateFileA
GetFileTime
SetUnhandledExceptionFilter

user32

GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
AdjustWindowRectEx
GetClientRect
CopyRect
GetTopWindow
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetSubMenu
GetMenuItemID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
RegisterWindowMessageA
SystemParametersInfoA
IsIconic
GetWindowPlacement
SetFocus
ShowWindow
SetWindowPos
SetWindowLongA
GetDlgItem
GetMenuItemCount
GetWindowTextA
SetWindowTextA
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnhookWindowsHookEx
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
ClientToScreen
LoadStringA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
SetCursor
PostMessageA
PostQuitMessage
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
SendMessageA
MessageBoxA
EnableWindow
GetSystemMetrics
CharUpperA
wsprintfA
EnableMenuItem
UnregisterClassA

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
DeleteObject
GetClipBox
ScaleWindowExtEx
GetDeviceCaps
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetTextColor
SetBkColor
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
CreateBitmap

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
ClosePrinter
DocumentPropertiesA

advapi32

LockServiceDatabase
OpenSCManagerA
DeleteService
CreateServiceA
QueryServiceStatus
StartServiceA
ControlService
CloseServiceHandle
DeregisterEventSource
ReportEventA
RegisterEventSourceA
StartServiceCtrlDispatcherA
RegOpenKeyExA
RegCreateKeyExA
RegisterServiceCtrlHandlerA
SetServiceStatus
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
DuplicateTokenEx
CreateProcessAsUserA
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegDeleteValueA
RegDeleteKeyA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl
UnlockServiceDatabase
OpenServiceA

shell32

SHGetSpecialFolderPathA

comctl32

ord17

userenv

CreateEnvironmentBlock

Sections

.text
Size: 112KB - Virtual size: 110KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TsCheckHook.dll
.dll windows:5 windows x86 arch:x86

c59e1b00746bcff0a481a0de49494e39

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetCPInfo
GetOEMCP
VirtualAlloc
RtlUnwind
RaiseException
GetCommandLineA
HeapReAlloc
ExitProcess
HeapSize
VirtualFree
HeapCreate
HeapDestroy
GetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
SetFilePointer
GlobalFindAtomA
lstrcmpW
GlobalFlags
WritePrivateProfileStringA
GlobalGetAtomNameA
InterlockedIncrement
GetModuleHandleW
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
InterlockedExchange
InterlockedDecrement
GetModuleFileNameW
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrlenA
SetLastError
Process32First
Process32Next
OpenProcess
TerminateProcess
MultiByteToWideChar
LocalAlloc
LocalFree
CreateToolhelp32Snapshot
Module32First
Module32Next
VirtualProtect
GetLastError
FreeLibrary
LoadLibraryA
GetModuleFileNameA
GetUserDefaultLangID
WideCharToMultiByte
GetSystemDirectoryA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetModuleHandleA
GetProcAddress
GetSystemInfo
CreateThread
SetThreadPriority
ResumeThread
CreateFileA
WriteFile
CloseHandle
LeaveCriticalSection
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
GetLocalTime
CallNamedPipeA
EnterCriticalSection

user32

GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
GetForegroundWindow
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetSubMenu
GetMenuItemCount
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
UnhookWindowsHookEx
GetMenuState
IsWindow
RemovePropA
ClientToScreen
GetMenuItemID
DestroyMenu
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GrayStringA
GetPropA
MapWindowPoints

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
DeleteObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyExA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryValueA
RegEnumKeyA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantChangeType
VariantClear
VariantInit

gdiplus

GdiplusShutdown

psapi

GetModuleFileNameExA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

crypt32

CryptMsgClose
CertCloseStore
CertGetNameStringA
CertFindCertificateInStore
CryptMsgGetParam
CertFreeCertificateContext
CryptQueryObject

Exports

Exports

DX_CheckCapture
DX_CheckProcess
DX_CheckRegProcess
DX_HookCheck
DX_HookCheckEx
DX_InsertProcessList

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 35KB - Virtual size: 150KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TsCheckHook64.dll
.dll windows:5 windows x64 arch:x64

7f12b0198c56b9c6d7efc9865803ed4f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentProcess
GetCPInfo
GetOEMCP
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
FlsSetValue
GetCommandLineA
HeapReAlloc
ExitProcess
HeapSize
HeapQueryInformation
GetStdHandle
HeapSetInformation
HeapCreate
HeapDestroy
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
FlsGetValue
FlsFree
FlsAlloc
GetACP
IsValidCodePage
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
SetFilePointer
GlobalFindAtomA
lstrcmpW
GlobalFlags
WritePrivateProfileStringA
GlobalGetAtomNameA
GetModuleHandleW
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
TlsGetValue
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
GetModuleFileNameW
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
lstrlenA
SetLastError
Process32First
Process32Next
OpenProcess
TerminateProcess
MultiByteToWideChar
LocalAlloc
LocalFree
CreateToolhelp32Snapshot
Module32First
Module32Next
VirtualProtect
GetLastError
FreeLibrary
LoadLibraryA
GetModuleFileNameA
GetUserDefaultLangID
WideCharToMultiByte
GetSystemDirectoryA
FindResourceA
LoadResource
LockResource
SizeofResource
GetVersionExA
GetModuleHandleA
GetProcAddress
GetSystemInfo
CreateThread
SetThreadPriority
ResumeThread
LeaveCriticalSection
CreateFileA
WriteFile
CloseHandle
GetTickCount
HeapAlloc
GetProcessHeap
HeapFree
Sleep
GetCurrentProcessId
GetCurrentThreadId
ProcessIdToSessionId
GetLocalTime
CallNamedPipeA
EnterCriticalSection
DecodePointer

user32

GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
GetSubMenu
GetMenuItemCount
GetMenuItemID
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
UnhookWindowsHookEx
GetMenuState
DestroyMenu
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
ClientToScreen
IsWindow

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
DeleteDC
GetStockObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
GetDeviceCaps
DeleteObject

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegCreateKeyExA
RegOpenKeyA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryValueA
RegEnumKeyA

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantChangeType
VariantClear
VariantInit

gdiplus

GdiplusShutdown

psapi

GetModuleFileNameExA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

crypt32

CryptMsgClose
CertCloseStore
CertGetNameStringA
CertFindCertificateInStore
CryptMsgGetParam
CertFreeCertificateContext
CryptQueryObject

Exports

Exports

DX_CheckCapture
DX_CheckProcess
DX_CheckRegProcess
DX_HookCheck
DX_HookCheckEx
DX_InsertProcessList

Sections

.text
Size: 170KB - Virtual size: 169KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TsMng.exe
.exe windows:4 windows x86 arch:x86

6ed1fd4919417d18826aa588b70c0772

Code Sign

29:a2:8e:c1:a2:fa:cf:c4:23:c7:2f:05:62:18:af:d5
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

22/12/2017, 00:00

Not After

20/02/2020, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:e7:4c:55:8b:53:0d:52:06:c6:66:34:fa:da:4a:36:ea:48:40:26:59:b4:64:82:e6:1e:80:b9:b8:ea:5f:c6
Signer

Actual PE Digest

05:e7:4c:55:8b:53:0d:52:06:c6:66:34:fa:da:4a:36:ea:48:40:26:59:b4:64:82:e6:1e:80:b9:b8:ea:5f:c6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

kernel32

HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStdHandle
UnhandledExceptionFilter
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
VirtualProtect
GetSystemInfo
VirtualQuery
IsBadReadPtr
IsBadCodePtr
SetStdHandle
InterlockedExchange
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA
LCMapStringW
GetModuleFileNameA
GetUserDefaultLangID
CloseHandle
FileTimeToSystemTime
GetFileTime
CreateFileA
GetSystemDirectoryA
GetVersionExA
OutputDebugStringA
GetLastError
CreateMutexA
WaitForSingleObject
ResumeThread
CreateProcessA
GetFileAttributesA
CallNamedPipeA
Process32Next
Process32First
CreateToolhelp32Snapshot
Sleep
DeleteFileA
SetFileAttributesA
CopyFileA
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
lstrcmpiA
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
WideCharToMultiByte
MultiByteToWideChar
LocalFree
LCMapStringA
SetUnhandledExceptionFilter
HeapSize
HeapReAlloc
GetACP
GetStartupInfoA
GetProcessHeap
GetCommandLineA
ExitProcess
HeapAlloc
HeapFree
RaiseException
RtlUnwind
GetFileSize
GetTickCount
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
MoveFileA
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
GetCurrentProcess
DuplicateHandle
SetErrorMode
GetOEMCP
GetCPInfo
SizeofResource
GetThreadLocale
GetProcessVersion
WritePrivateProfileStringA
GetProfileStringA
GlobalFlags
TlsGetValue
FormatMessageA
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
lstrcpynA
MulDiv
SetLastError
LoadLibraryA
FreeLibrary
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
lstrcpyA
GetModuleHandleA
GetProcAddress
GlobalUnlock
FindResourceA
LoadResource
LockResource
GlobalFree
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetCurrentThreadId
FileTimeToLocalFileTime

user32

InvalidateRect
MessageBeep
GetNextDlgGroupItem
SetRect
CopyAcceleratorTableA
CharNextA
GetSysColorBrush
PtInRect
GetClassNameA
GetDesktopWindow
LoadCursorA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
DestroyMenu
LoadStringA
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetFocus
AdjustWindowRectEx
ScreenToClient
CopyRect
UnregisterClassA
HideCaret
ShowCaret
ExcludeUpdateRgn
DrawFocusRect
DefDlgProcA
IsWindowUnicode
GetTopWindow
IsChild
GetCapture
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetWindowTextLengthA
GetWindowTextA
GetDlgCtrlID
DefWindowProcA
CreateWindowExA
GetClassLongA
SetPropA
UnhookWindowsHookEx
GetPropA
CallWindowProcA
RemovePropA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
SetWindowLongA
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
EndDialog
SetActiveWindow
IsWindow
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
MapDialogRect
SetWindowPos
GetWindow
SetWindowContextHelpId
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
CharUpperA
InflateRect
RegisterClipboardFormatA
PostThreadMessageA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
ValidateRect
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
SetCursor
PostQuitMessage
PostMessageA
wsprintfA
EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
SendMessageA
LoadIconA
WinHelpA

gdi32

GetDeviceCaps
GetViewportExtEx
GetWindowExtEx
CreateSolidBrush
PtVisible
RectVisible
ExtTextOutA
Escape
GetTextColor
GetBkColor
DPtoLP
LPtoDP
GetMapMode
PatBlt
DeleteObject
IntersectClipRect
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetBkMode
GetStockObject
SelectObject
RestoreDC
SaveDC
DeleteDC
GetObjectA
SetBkColor
SetTextColor
CreateBitmap
GetTextExtentPointA
BitBlt
CreateCompatibleDC
TextOutA
CreateDIBitmap
GetClipBox

comdlg32

GetFileTitleA

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

advapi32

UnlockServiceDatabase
ChangeServiceConfigA
RegOpenKeyExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey
StartServiceA
QueryServiceStatus
ControlService
DeleteService
OpenSCManagerA
OpenServiceA
CreateServiceA
CloseServiceHandle
QueryServiceConfigA

shell32

SHGetSpecialFolderPathA

comctl32

ord17

oledlg

ord8

ole32

CoFreeUnusedLibraries
OleUninitialize
OleInitialize
OleFlushClipboard
CoTaskMemAlloc
CoTaskMemFree
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
OleIsCurrentClipboard
CoRegisterMessageFilter
CoRevokeClassObject

olepro32

ord253

oleaut32

SysStringLen
SysAllocStringByteLen
SysAllocString
VariantChangeType
VariantCopy
VariantTimeToSystemTime
VariantClear
SysAllocStringLen
SysFreeString

Sections

.text
Size: 156KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 4KB - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
VerDownDll.dll
.dll windows:4 windows x86 arch:x86

e0f048c2999aaff02233d7ff52e3cf52

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wininet

InternetCloseHandle
InternetOpenA
InternetSetStatusCallback
InternetConnectA
HttpOpenRequestA
HttpSendRequestA
HttpQueryInfoA
InternetReadFile
InternetSetOptionA
InternetCrackUrlA
InternetCanonicalizeUrlA

kernel32

GetFileAttributesA
GetFileSize
GetFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GlobalFlags
WritePrivateProfileStringA
GetModuleHandleA
GlobalFindAtomA
GlobalAddAtomA
GlobalGetAtomNameA
GetProcessVersion
GetCPInfo
GetOEMCP
RtlUnwind
CreateThread
ExitThread
GetCommandLineA
HeapAlloc
HeapFree
GetACP
RaiseException
ExitProcess
TerminateProcess
HeapSize
SetStdHandle
GetFileType
GetVersion
HeapReAlloc
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
CompareStringA
CompareStringW
SetEnvironmentVariableA
lstrcatA
SetErrorMode
TlsGetValue
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
GlobalUnlock
GlobalFree
TlsAlloc
GlobalLock
GlobalAlloc
GlobalDeleteAtom
lstrcmpA
GetCurrentThread
GetCurrentThreadId
SetLastError
LeaveCriticalSection
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LocalAlloc
FreeLibrary
EnterCriticalSection
LocalFree
GetModuleFileNameA
lstrcmpiA
GetFullPathNameA
lstrcpynA
GetVolumeInformationA
FindFirstFileA
FindClose
lstrcpyA
LoadLibraryA
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetCurrentProcess
DuplicateHandle
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
InterlockedDecrement
InterlockedIncrement
CreateProcessA
GetTickCount
DeleteFileA
WaitForSingleObject
TerminateThread
CloseHandle
SetThreadPriority
GetTimeZoneInformation
ResumeThread

user32

SetWindowLongA
SetWindowPos
ShowWindow
SetFocus
GetWindowPlacement
IsIconic
SystemParametersInfoA
RegisterWindowMessageA
SetForegroundWindow
GetForegroundWindow
GetMessagePos
GetMessageTime
DefWindowProcA
RemovePropA
CallWindowProcA
GetPropA
SetPropA
GetClassLongA
CreateWindowExA
DestroyWindow
GetMenuItemID
GetSubMenu
GetMenu
RegisterClassA
GetClassInfoA
WinHelpA
GetCapture
GetTopWindow
CopyRect
GetClientRect
AdjustWindowRectEx
GetSysColor
MapWindowPoints
LoadIconA
LoadCursorA
GetSysColorBrush
DestroyMenu
GetDlgItem
GrayStringA
DrawTextA
TabbedTextOutA
ReleaseDC
GetDC
GetMenuItemCount
GetWindowTextA
ClientToScreen
GetWindow
GetDlgCtrlID
GetWindowRect
PtInRect
GetClassNameA
UnregisterClassA
UnhookWindowsHookEx
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA
DispatchMessageA
GetActiveWindow
GetKeyState
CallNextHookEx
IsWindowVisible
PeekMessageA
GetCursorPos
SetWindowsHookExA
GetParent
GetLastActivePopup
IsWindowEnabled
GetWindowLongA
MessageBoxA
EnableWindow
SetCursor
SendMessageA
PostQuitMessage
LoadStringA
GetSystemMetrics
CharUpperA
wsprintfA
PostMessageA
TranslateMessage
ValidateRect
SetWindowTextA

gdi32

CreateBitmap
RestoreDC
SelectObject
GetStockObject
SetBkColor
SetTextColor
SetMapMode
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
GetClipBox
DeleteDC
GetDeviceCaps
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
GetObjectA
DeleteObject
SaveDC

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA

comctl32

ord17

Exports

Exports

CompareVersion
ExcuteFile
HTTPDownload
HTTPDownloadStop

Sections

.text
Size: 80KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WMlogo.bmp
WebCubeAgent.exe
.exe windows:5 windows x86 arch:x86

e765c534570fbe11aed22516afc46fba

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:40:54:0b:95:84:45:3b:f5:85:0a:d2:a9:b4:25:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/02/2022, 00:00

Not After

04/03/2025, 23:59

Subject

CN=Teruten Inc.,O=Teruten Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ba:76:41:38:99:ac:41:12:77:5d:6f:55:c6:27:ce:5c:d0:d0:76:85
Signer

Actual PE Digest

ba:76:41:38:99:ac:41:12:77:5d:6f:55:c6:27:ce:5c:d0:d0:76:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\01.Git\WebCubeAgent\Release\WebCubeAgent.pdb

Imports

kernel32

OpenEventA
CreateEventA
WTSGetActiveConsoleSessionId
MoveFileA
CopyFileA
DeleteFileA
CompareFileTime
GetCurrentProcess
WaitForSingleObject
GetFileAttributesA
GetSystemInfo
CallNamedPipeA
ProcessIdToSessionId
GetCurrentProcessId
GetSystemDirectoryA
GetFileTime
CreateFileA
GetUserDefaultLangID
GetModuleFileNameA
Sleep
GetModuleHandleA
GetProcAddress
Process32Next
TerminateProcess
OpenProcess
Process32First
CreateToolhelp32Snapshot
HeapFree
LocalFree
GetProcessHeap
HeapAlloc
GetLastError
CloseHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetLocaleInfoW
FlushFileBuffers
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
InitializeCriticalSectionAndSpinCount
GetStdHandle
HeapSize
HeapReAlloc
TlsAlloc
TlsFree
GetLocaleInfoA
GetTempPathA
CreateDirectoryA
GetFileSize
WriteFile
CreateSemaphoreA
TlsGetValue
TlsSetValue
GetLocalTime
GetCurrentThreadId
ReleaseSemaphore
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
RtlCaptureContext
LoadLibraryA
FreeLibrary
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
ExitProcess
GetCommandLineA
GetStartupInfoA
InterlockedIncrement
InterlockedDecrement
SetConsoleCtrlHandler
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetLastError
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
RaiseException
RtlUnwind
HeapCreate
VirtualFree
DeleteCriticalSection
VirtualAlloc

user32

wsprintfA

advapi32

SetServiceStatus
StartServiceA
ChangeServiceConfig2A
CreateServiceA
RegisterServiceCtrlHandlerExA
StartServiceCtrlDispatcherA
CreateProcessAsUserA
SetTokenInformation
DuplicateTokenEx
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
DeleteService
ControlService
QueryServiceStatus
SetNamedSecurityInfoA
SetServiceObjectSecurity
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclA
BuildExplicitAccessWithNameA
GetSecurityDescriptorDacl
QueryServiceObjectSecurity
CloseServiceHandle
OpenServiceA
OpenSCManagerA

shell32

SHGetSpecialFolderPathA
ShellExecuteExA
ShellExecuteA

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

shlwapi

SHGetValueA
PathRemoveFileSpecA

wtsapi32

WTSEnumerateSessionsA
WTSFreeMemory
WTSQueryUserToken

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

Sections

.text
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WebCubeInit.exe
.exe windows:5 windows x86 arch:x86

dc9016f77a6b5f4037a3e0150c3b068b

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23/10/2020, 00:00

Not After

22/01/2032, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0d:40:54:0b:95:84:45:3b:f5:85:0a:d2:a9:b4:25:e4
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

18/02/2022, 00:00

Not After

04/03/2025, 23:59

Subject

CN=Teruten Inc.,O=Teruten Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:3d:cd:68:62:c1:1b:77:d6:3f:f5:4e:a7:9b:16:dc:65:c0:87:d3
Signer

Actual PE Digest

dd:3d:cd:68:62:c1:1b:77:d6:3f:f5:4e:a7:9b:16:dc:65:c0:87:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\01.Git\WebCubeAgent\Release\WebCubeInit.pdb

Imports

kernel32

GetSystemDefaultLangID
MoveFileA
CreateToolhelp32Snapshot
Process32First
CloseHandle
OpenProcess
TerminateProcess
FindClose
Sleep
CreateFileA
GetFileSize
ReadFile
WriteFile
GetEnvironmentVariableA
GetLastError
FindNextFileA
DeleteFileA
SetFileAttributesA
GetFileAttributesA
Process32Next
FlushFileBuffers
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
LoadLibraryA
GetLocaleInfoA
GetModuleFileNameA
GetCurrentProcessId
GetCurrentProcess
GetProcAddress
HeapFree
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
GetCommandLineA
GetStartupInfoA
HeapCreate
VirtualFree
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
RaiseException
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
ExitProcess
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
RtlUnwind
HeapSize
GetStringTypeA
GetStringTypeW
FindFirstFileA

user32

MessageBoxA
wsprintfA

shell32

SHGetSpecialFolderPathA

shlwapi

PathFileExistsA

advapi32

LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken

Sections

.text
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WebCubeReg.dll
.dll windows:5 windows x86 arch:x86

01196597e4b88b88c087ec01e3053901

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

i:\10. WebCube\WebCubeReg\Bin\WebCubeReg.pdb

Imports

kernel32

GetCPInfo
GetOEMCP
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
RaiseException
VirtualAlloc
HeapReAlloc
Sleep
ExitProcess
HeapSize
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetACP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalFlags
WritePrivateProfileStringA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
CreateFileA
GlobalGetAtomNameA
InterlockedIncrement
GetModuleHandleW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetCurrentProcessId
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
CompareStringA
InterlockedExchange
lstrcmpA
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LocalAlloc
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
lstrlenA
CloseHandle
ResumeThread
SetThreadPriority
CreateMutexA
ReleaseMutex
WaitForSingleObject
OutputDebugStringA
FindResourceA
LoadResource
LockResource
SizeofResource
GetEnvironmentStringsW
WideCharToMultiByte

user32

DestroyMenu
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu

gdi32

DeleteDC
GetStockObject
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ExtTextOutA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegEnumKeyA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegCreateKeyA
RegCreateKeyExA

shlwapi

UrlUnescapeA
PathFindFileNameA
PathFindExtensionA

oleaut32

VariantInit
VariantClear
VariantChangeType

wininet

InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA

Exports

Exports

ExSendParamMessage

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WebCubeReg64.dll
.dll windows:5 windows x64 arch:x64

5365c49e9f384fc8bcb2449625a760f5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

i:\10. WebCube\WebCubeReg\Bin\WebCubeReg64.pdb

Imports

kernel32

ExitThread
CreateThread
FlsSetValue
GetCommandLineA
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapReAlloc
Sleep
ExitProcess
HeapSize
SetStdHandle
GetFileType
HeapQueryInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
SetHandleCount
GetStdHandle
GetSystemTimeAsFileTime
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetACP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetOEMCP
GetCPInfo
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalFlags
WritePrivateProfileStringA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
CreateFileA
GlobalGetAtomNameA
GetModuleHandleW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
GetCurrentProcessId
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
CompareStringA
lstrcmpA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LocalAlloc
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
lstrlenA
CloseHandle
ResumeThread
SetThreadPriority
CreateMutexA
ReleaseMutex
WaitForSingleObject
OutputDebugStringA
FindResourceA
LoadResource
LockResource
SizeofResource
GetStartupInfoA
WideCharToMultiByte

user32

DestroyMenu
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu

gdi32

DeleteDC
GetStockObject
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ExtTextOutA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegEnumKeyA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegCreateKeyA
RegCreateKeyExA

shlwapi

UrlUnescapeA
PathFindFileNameA
PathFindExtensionA

oleaut32

VariantInit
VariantClear
VariantChangeType

wininet

InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA

Exports

Exports

ExSendParamMessage

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WebShellReg.dll
.dll windows:5 windows x86 arch:x86

28e85ca78853e6e14c97f5ed1f1693d6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

F:\내자료\Projects\WebShellReg\Release\WebShellReg.pdb

Imports

kernel32

GetCPInfo
GetOEMCP
GetSystemTimeAsFileTime
ExitThread
CreateThread
GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
RaiseException
VirtualAlloc
HeapReAlloc
Sleep
ExitProcess
HeapSize
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GlobalFindAtomA
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetACP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
lstrcmpW
GetVersionExA
GlobalFlags
WritePrivateProfileStringA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
CreateFileA
GlobalGetAtomNameA
InterlockedIncrement
GetModuleHandleW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetCurrentProcessId
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
CompareStringA
InterlockedExchange
lstrcmpA
InterlockedDecrement
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LocalAlloc
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
lstrlenA
CloseHandle
ResumeThread
SetThreadPriority
CreateMutexA
ReleaseMutex
WaitForSingleObject
OutputDebugStringA
FindResourceA
LoadResource
LockResource
SizeofResource
GetEnvironmentStringsW
WideCharToMultiByte

user32

DestroyMenu
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu

gdi32

DeleteDC
GetStockObject
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ExtTextOutA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegEnumKeyA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegCreateKeyA
RegCreateKeyExA

shlwapi

UrlUnescapeA
PathFindFileNameA
PathFindExtensionA

oleaut32

VariantInit
VariantClear
VariantChangeType

wininet

InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA

Exports

Exports

ExSendParamMessage

Sections

.text
Size: 125KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WebShellReg64.dll
.dll windows:5 windows x64 arch:x64

c7aeadaa2bf15716624a3c7f89b314a7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\내자료\Projects\WebShellReg\x64\Release\WebShellReg64.pdb

Imports

kernel32

GetSystemTimeAsFileTime
ExitThread
CreateThread
FlsSetValue
GetCommandLineA
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapReAlloc
Sleep
ExitProcess
HeapSize
SetStdHandle
GetFileType
HeapQueryInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
SetHandleCount
GetStdHandle
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetACP
IsValidCodePage
InitializeCriticalSectionAndSpinCount
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCPInfo
GlobalFindAtomA
lstrcmpW
GetVersionExA
GlobalFlags
WritePrivateProfileStringA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
CreateFileA
GlobalGetAtomNameA
GetModuleHandleW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
GetCurrentProcessId
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
CompareStringA
lstrcmpA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
LocalAlloc
FreeLibrary
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
LoadLibraryA
GetLastError
SetLastError
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
lstrlenA
CloseHandle
ResumeThread
SetThreadPriority
CreateMutexA
ReleaseMutex
WaitForSingleObject
OutputDebugStringA
FindResourceA
LoadResource
LockResource
SizeofResource
GetStartupInfoA
WideCharToMultiByte

user32

DestroyMenu
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
SetWindowTextA
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetWindowTextA
LoadCursorA
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassA
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA
SetCursor
SetWindowsHookExA
CallNextHookEx
GetMessageA
TranslateMessage
DispatchMessageA
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageA
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapA
GetFocus
GetParent
SendMessageA
ModifyMenuA
EnableMenuItem
CheckMenuItem
PostMessageA
PostQuitMessage
UnhookWindowsHookEx
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
DefWindowProcA

gdi32

DeleteDC
GetStockObject
TextOutA
RectVisible
PtVisible
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
GetDeviceCaps
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
CreateBitmap
ExtTextOutA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegQueryValueA
RegEnumKeyA
RegOpenKeyExA
RegDeleteKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyA
RegCloseKey
RegCreateKeyA
RegCreateKeyExA

shlwapi

UrlUnescapeA
PathFindFileNameA
PathFindExtensionA

oleaut32

VariantInit
VariantClear
VariantChangeType

wininet

InternetOpenA
InternetConnectA
InternetCloseHandle
HttpOpenRequestA
HttpSendRequestA
InternetCrackUrlA
InternetCanonicalizeUrlA

Exports

Exports

ExSendParamMessage

Sections

.text
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WeblibMsg.dll
.dll windows:5 windows x86 arch:x86

4f245519b885a88facd964f38f282b8a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCommandLineA
HeapAlloc
HeapFree
RtlUnwind
Sleep
ExitProcess
RaiseException
VirtualAlloc
HeapReAlloc
HeapSize
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
VirtualFree
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetACP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetOEMCP
GetCPInfo
GetModuleHandleW
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
GetVersionExA
InterlockedIncrement
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GlobalFree
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
lstrlenA
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomA
CloseHandle
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryA
CompareStringA
InterlockedExchange
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetModuleHandleA
GetProcAddress
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
HeapDestroy

user32

DestroyMenu
LoadCursorA
GetSysColorBrush
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
GetSysColor
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
MapWindowPoints
GetMenuState
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
UnregisterClassA
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA

gdi32

DeleteDC
GetStockObject
ScaleWindowExtEx
SetWindowExtEx
TextOutA
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
CreateBitmap
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
ExtTextOutA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

ErrorMsgPrint

Sections

.text
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WeblibMsg64.dll
.dll windows:5 windows x64 arch:x64

43584d17413f5c6b1d6a104a1b116cc8

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

FlsSetValue
GetCommandLineA
HeapAlloc
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
Sleep
ExitProcess
RaiseException
RtlPcToFileHeader
HeapReAlloc
HeapSize
HeapQueryInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetACP
IsValidCodePage
GetConsoleCP
GetConsoleMode
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetOEMCP
GetCPInfo
GetModuleHandleW
CreateFileA
GetCurrentProcess
FlushFileBuffers
SetFilePointer
WriteFile
GlobalGetAtomNameA
GlobalFindAtomA
LoadLibraryA
lstrcmpW
GetVersionExA
GlobalFlags
WritePrivateProfileStringA
SetErrorMode
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleFileNameW
GlobalFree
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
lstrlenA
GetCurrentProcessId
GetLastError
SetLastError
GlobalAddAtomA
CloseHandle
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
GlobalLock
lstrcmpA
GlobalAlloc
FreeLibrary
GetModuleHandleA
GetProcAddress
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
FreeEnvironmentStringsA

user32

DestroyMenu
LoadCursorA
GetSysColorBrush
ShowWindow
RegisterWindowMessageA
LoadIconA
WinHelpA
GetCapture
GetClassLongA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
IsWindow
GetForegroundWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetWindowLongPtrA
SetWindowLongPtrA
GetMessageTime
MapWindowPoints
SetMenu
SetForegroundWindow
GetClientRect
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
AdjustWindowRectEx
CopyRect
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowPos
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetSystemMetrics
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameA
PtInRect
GetWindowTextA
SetWindowTextA
GetSysColor
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetMessagePos
GetMenuState
ModifyMenuA
SendMessageA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
CallNextHookEx
SetWindowsHookExA
SetCursor
UnregisterClassA
UnhookWindowsHookEx
GetMenuItemID
GetMenuItemCount
GetSubMenu
GetWindowThreadProcessId
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
EnableWindow
MessageBoxA

gdi32

DeleteDC
GetStockObject
TextOutA
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
CreateBitmap
RectVisible
PtVisible
DeleteObject
GetClipBox
SetMapMode
SetTextColor
SetBkColor
RestoreDC
SaveDC
GetDeviceCaps
ExtTextOutA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

shlwapi

PathFindFileNameA
PathFindExtensionA

oleaut32

VariantClear
VariantChangeType
VariantInit

Exports

Exports

ErrorMsgPrint

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
importpfx.exe
.exe windows:4 windows x86 arch:x86

7df28816073a08aa9ec105ceb162f421

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

MultiByteToWideChar
CreateFileA
GetFileInformationByHandle
ReadFile
HeapAlloc
ExitProcess
TerminateProcess
GetCurrentProcess
GetLastError
GetCommandLineA
GetVersion
HeapDestroy
HeapCreate
VirtualFree
HeapFree
VirtualAlloc
HeapReAlloc
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
GetProcAddress
LoadLibraryA
FlushFileBuffers
SetFilePointer
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
SetStdHandle
CloseHandle

crypt32

CertOpenStore
CertOpenSystemStoreA
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
PFXIsPFXBlob
CertCloseStore
CertAddCertificateContextToStore
CertGetNameStringA
CertEnumCertificatesInStore
PFXImportCertStore

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
localhost.p12
localhost_xp.p12
texe64up.exe
.exe windows:5 windows x64 arch:x64

2fb9a0f70180a65d4aa0f25066cea887

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:f9:4f:b3:4c:1b:b9:8b:6c:4a:ef:7e:3a:65:14:b8
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/01/2020, 00:00

Not After

25/01/2021, 12:00

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:85:ba:bf:96:81:36:f1:3f:a5:9c:a3:99:09:3e:2c:9b:b1:da:88:e1:98:d8:6b:c3:51:ba:9a:43:eb:b9:f9
Signer

Actual PE Digest

6d:85:ba:bf:96:81:36:f1:3f:a5:9c:a3:99:09:3e:2c:9b:b1:da:88:e1:98:d8:6b:c3:51:ba:9a:43:eb:b9:f9

Digest Algorithm

sha256

PE Digest Matches

true

3c:2f:65:48:90:fa:06:3a:ef:35:f7:91:67:df:18:ac:d5:1c:15:27
Signer

Actual PE Digest

3c:2f:65:48:90:fa:06:3a:ef:35:f7:91:67:df:18:ac:d5:1c:15:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetFileAttributesA
GetFileSizeEx
GetFileTime
GetTickCount
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
GetCommandLineA
GetStartupInfoA
HeapFree
RaiseException
RtlPcToFileHeader
VirtualProtect
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitProcess
HeapQueryInformation
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetACP
IsValidCodePage
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsAlloc
GetStdHandle
HeapSetInformation
HeapCreate
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
FileTimeToLocalFileTime
SetErrorMode
GetOEMCP
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GlobalFlags
WritePrivateProfileStringA
FileTimeToSystemTime
GetThreadLocale
GetModuleHandleW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
InitializeCriticalSection
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
MulDiv
lstrlenA
SetLastError
CreateThread
SetThreadPriority
ResumeThread
CreateNamedPipeA
GetExitCodeProcess
TerminateProcess
ResetEvent
ConnectNamedPipe
WaitForMultipleObjects
ReadFile
WriteFile
DisconnectNamedPipe
Sleep
CreateEventA
LoadLibraryA
FreeLibrary
VirtualAlloc
GetLastError
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentProcessId
CloseHandle
GetCurrentProcess
DuplicateHandle
OpenProcess
GetModuleHandleA
GetProcAddress
FlsFree
GetVersionExA

user32

RegisterClipboardFormatA
PostThreadMessageA
CharUpperA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
GetClassLongPtrA
SetPropA
GetPropA
RemovePropA
SetFocus
GetTopWindow
GetWindowLongPtrA
SetWindowLongPtrA
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
SetWindowContextHelpId
GetWindowTextA
GetWindowThreadProcessId
GetWindow
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
CharNextA
GetForegroundWindow
DrawIcon
AppendMenuA
SendMessageA
GetSystemMenu
IsIconic
GetClientRect
SetTimer
KillTimer
FindWindowExA
EnableWindow
LoadIconA
GetSystemMetrics
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA

gdi32

DeleteDC
GetStockObject
ExtSelectClipRgn
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
GetDeviceCaps
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
PtVisible

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl

shlwapi

PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

Sections

.text
Size: 248KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
texeup.exe
.exe windows:5 windows x86 arch:x86

ba20ea3ad05d5b2e03cbe594ab756a2c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:f9:4f:b3:4c:1b:b9:8b:6c:4a:ef:7e:3a:65:14:b8
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/01/2020, 00:00

Not After

25/01/2021, 12:00

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

41:58:8b:07:75:46:22:70:ae:2e:43:27:01:06:9c:98
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

04/12/2019, 00:00

Not After

04/03/2022, 23:59

Subject

CN=Teruten\, Inc.,O=Teruten\, Inc.,L=Guro-gu,ST=Seoul,C=KR

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02/05/2019, 00:00

Not After

01/08/2030, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:ca:49:f0:3a:03:71:e7:a0:e6:2e:8a:d6:92:c5:f1:c9:8d:fa:2c:06:c7:f3:ec:6b:d4:f0:fe:13:46:77:ca
Signer

Actual PE Digest

11:ca:49:f0:3a:03:71:e7:a0:e6:2e:8a:d6:92:c5:f1:c9:8d:fa:2c:06:c7:f3:ec:6b:d4:f0:fe:13:46:77:ca

Digest Algorithm

sha256

PE Digest Matches

true

a7:eb:4a:63:6d:46:12:b7:4c:28:83:ed:a7:55:24:1a:0a:ba:c9:08
Signer

Actual PE Digest

a7:eb:4a:63:6d:46:12:b7:4c:28:83:ed:a7:55:24:1a:0a:ba:c9:08

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FileTimeToLocalFileTime
GetFileAttributesA
GetFileSizeEx
GetFileTime
GetTickCount
RtlUnwind
HeapAlloc
GetCommandLineA
GetStartupInfoA
HeapFree
RaiseException
VirtualProtect
GetSystemInfo
VirtualQuery
HeapReAlloc
ExitProcess
HeapSize
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetACP
IsValidCodePage
HeapCreate
SetErrorMode
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetOEMCP
GetCPInfo
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
GlobalFlags
WritePrivateProfileStringA
FileTimeToSystemTime
GetThreadLocale
InterlockedIncrement
GetModuleHandleW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
InterlockedDecrement
GetModuleFileNameW
GlobalGetAtomNameA
GlobalFindAtomA
lstrcmpW
FreeResource
GlobalAddAtomA
GlobalDeleteAtom
GetCurrentThread
GetCurrentThreadId
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
LoadLibraryExA
CompareStringA
InterlockedExchange
lstrcmpA
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageA
LocalFree
MultiByteToWideChar
MulDiv
lstrlenA
SetLastError
CreateThread
SetThreadPriority
ResumeThread
CreateNamedPipeA
GetExitCodeProcess
TerminateProcess
ResetEvent
ConnectNamedPipe
WaitForMultipleObjects
ReadFile
WriteFile
DisconnectNamedPipe
Sleep
CreateEventA
LoadLibraryA
FreeLibrary
VirtualAlloc
GetLastError
VirtualFree
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
GetCurrentProcessId
CloseHandle
GetCurrentProcess
DuplicateHandle
OpenProcess
GetModuleHandleA
GetProcAddress
GetVersionExA

user32

RegisterClipboardFormatA
PostThreadMessageA
CopyAcceleratorTableA
CharNextA
CharUpperA
ReleaseCapture
SetCapture
LoadCursorA
GetSysColorBrush
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
DestroyMenu
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
GetClassNameA
SetPropA
RemovePropA
SetFocus
GetForegroundWindow
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
MapWindowPoints
SetMenu
SetForegroundWindow
UpdateWindow
CreateWindowExA
GetClassInfoExA
GetClassInfoA
RegisterClassA
GetSysColor
AdjustWindowRectEx
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
GetMenu
SetWindowLongA
OffsetRect
IntersectRect
SystemParametersInfoA
GetWindowPlacement
GetWindowRect
SetWindowContextHelpId
GetWindowTextA
GetWindowThreadProcessId
GetWindow
MapDialogRect
SetWindowPos
GetDesktopWindow
SetActiveWindow
CreateDialogIndirectParamA
DestroyWindow
IsWindow
GetDlgItem
GetNextDlgTabItem
EndDialog
GetWindowLongA
GetLastActivePopup
IsWindowEnabled
MessageBoxA
ShowOwnedPopups
SetCursor
SetWindowsHookExA
CallNextHookEx
UnregisterClassA
MessageBeep
GetNextDlgGroupItem
InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
DrawIcon
AppendMenuA
SendMessageA
GetSystemMenu
IsIconic
GetClientRect
SetTimer
KillTimer
FindWindowExA
EnableWindow
LoadIconA
GetSystemMetrics
GetSubMenu
GetMenuItemCount
GetMenuItemID
GetMenuState
PostQuitMessage
PostMessageA
CheckMenuItem
EnableMenuItem
ModifyMenuA
GetParent
GetFocus
LoadBitmapA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
GetCursorPos
PeekMessageA
GetKeyState
IsWindowVisible
GetActiveWindow
DispatchMessageA
TranslateMessage
GetMessageA
GetPropA

gdi32

DeleteDC
GetStockObject
ExtSelectClipRgn
GetBkColor
GetTextColor
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
TextOutA
RectVisible
GetDeviceCaps
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
ExtTextOutA
GetObjectA
SetBkColor
SetTextColor
GetClipBox
CreateBitmap
PtVisible

comdlg32

GetFileTitleA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

advapi32

RegSetValueExA
RegCreateKeyExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
SetSecurityDescriptorSacl

shlwapi

PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA

oledlg

ord8

ole32

CoRevokeClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
OleIsCurrentClipboard
CLSIDFromString
CLSIDFromProgID
CoTaskMemAlloc
CoTaskMemFree
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysStringLen
SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantClear
VariantChangeType
VariantInit
VariantCopy
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
OleCreateFontIndirect
SysAllocString

Sections

.text
Size: 199KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
uninstall.exe.nsis

Sharing

General

Malware Config

Signatures

Files

ced282d9b261d1462772017fe2f6972b

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:ddCertificate

Extended Key Usages

Key Usages

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6Certificate

Extended Key Usages

Key Usages

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0d:40:54:0b:95:84:45:3b:f5:85:0a:d2:a9:b4:25:e4Certificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

a3:b1:fd:d6:e9:bf:e8:54:2c:be:5f:47:6f:23:a7:45:37:11:eb:9b:6c:70:83:ff:39:67:6f:70:60:6f:f9:96Signer

2f:fa:bd:cd:59:ed:b2:6d:25:1b:9d:58:6e:d5:8c:65:6d:dc:cb:baSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 25KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 149KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 18KB - Virtual size: 18KB

610235b90207a63ccf481f0d4375d329

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

274b99a815ba574d8c9e1712916d8b30

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

01:a6:ed:ec:94:bf:74:f2:20:fd:db:d2:92:60:8f:c6
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0d:40:54:0b:95:84:45:3b:f5:85:0a:d2:a9:b4:25:e4
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

a3:b1:fd:d6:e9:bf:e8:54:2c:be:5f:47:6f:23:a7:45:37:11:eb:9b:6c:70:83:ff:39:67:6f:70:60:6f:f9:96
Signer

2f:fa:bd:cd:59:ed:b2:6d:25:1b:9d:58:6e:d5:8c:65:6d:dc:cb:ba
Signer

.text
Size: 25KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 149KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 18KB - Virtual size: 18KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 362B

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

.text
Size: 126KB - Virtual size: 125KB

.rdata
Size: 39KB - Virtual size: 38KB

.data
Size: 8KB - Virtual size: 23KB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 27KB - Virtual size: 27KB

.text
Size: 145KB - Virtual size: 144KB

.rdata
Size: 59KB - Virtual size: 58KB

.data
Size: 10KB - Virtual size: 34KB

.pdata
Size: 10KB - Virtual size: 10KB

.rsrc
Size: 13KB - Virtual size: 12KB

.reloc
Size: 9KB - Virtual size: 9KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate