f95df2ea879536f15bee8817b4247698_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

f95df2ea879536f15bee8817b4247698_JaffaCakes118
Size

4.3MB
MD5

f95df2ea879536f15bee8817b4247698
SHA1

5190e8ccc0820781003ad5707d5aedf08acbc398
SHA256

913ecfd11233aba6a8af3480baa08d21d4d34729891e7caf840198393fc135d9
SHA512

a2e8f9b83708401ad38278a105b29ff59fc83c739e652a3d4a5bfd2a072c8c5a9786218cfefea58c184b2a1e2bc285d43c9694284e997c5af097323611c8e25d
SSDEEP

49152:i0EN7ITbdiRpMkUcw8zxFaYDB7lzxmL6lZ+4UIPcRdFLg4V3H67+3pJycJxPFEyv:inRpA8zTXxpdkKonJxPFEyqn/gmq

Score

3^/10

Malware Config

Signatures

Unsigned PE 21 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/KillProcDLL.dll
unpack002/$PLUGINSDIR/NSISdl.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/Box/7z.dll
unpack002/Box/7zMgr.dll
unpack002/Box/DSGame.exe
unpack002/Box/SafeMode/4399Safe.exe
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/$PLUGINSDIR/LangDLL.dll
unpack003/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/InstallOptions.dll
unpack004/$PLUGINSDIR/LangDLL.dll
unpack004/$PLUGINSDIR/System.dll
unpack002/Box/SafeMode/Reg32.dat
unpack002/Box/brun.dll
unpack002/Box/hmgr.dll
unpack002/Box/htask.dll
unpack002/Box/netio.dll
unpack002/Box/np4399Plugin.dll
unpack002/Box/zlib.dll

NSIS installer 6 IoCs

installer

Processes:

resource	yara_rule
static1/unpack001/4399box_install.exe	nsis_installer_1
static1/unpack001/4399box_install.exe	nsis_installer_2
static1/unpack002/Box/SafeMode/Install/4399sandbox.exe	nsis_installer_1
static1/unpack002/Box/SafeMode/Install/4399sandbox.exe	nsis_installer_2
static1/unpack002/Box/SafeMode/Install/4399sandbox_win7.exe	nsis_installer_1
static1/unpack002/Box/SafeMode/Install/4399sandbox_win7.exe	nsis_installer_2

Files

f95df2ea879536f15bee8817b4247698_JaffaCakes118
.rar
4399box_install.exe
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:3d:e0:0d:e3:ec:d4:3f:60:5e:6b:6a:f5:c7:2e:c2
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19-05-2011 00:00

Not After

18-05-2013 23:59

Subject

CN=厦门游家网络有限公司,OU=WoSign Class 3 Code Signing,O=厦门游家网络有限公司,L=厦门,ST=福建,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

be:f6:37:81:4c:83:2e:fc:6c:f5:0a:6d:f5:b8:a7:29:ee:fc:d4:6f
Signer

Actual PE Digest

be:f6:37:81:4c:83:2e:fc:6c:f5:0a:6d:f5:b8:a7:29:ee:fc:d4:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Dir.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

295fc8c35dee88b924b0f6bafc807c6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetTickCount
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

LoadCursorA
PtInRect
MapWindowPoints
GetDlgCtrlID
CloseClipboard
SetCursor
OpenClipboard
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
SetTimer
KillTimer
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClipboardData

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 838B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/introduce.bmp
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/meituWel.ini
$PLUGINSDIR/modern-wizard.bmp
$PROGRAMFILES/Icoapp/ɫ.ico
Box/4399Box.exe
.exe windows:4 windows x86 arch:x86

a1a52b0470d31cba02f7b8905cd3bb3e

Code Sign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:3d:e0:0d:e3:ec:d4:3f:60:5e:6b:6a:f5:c7:2e:c2
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19-05-2011 00:00

Not After

18-05-2013 23:59

Subject

CN=厦门游家网络有限公司,OU=WoSign Class 3 Code Signing,O=厦门游家网络有限公司,L=厦门,ST=福建,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

fb:22:70:e7:bd:78:f0:78:1a:b6:24:66:8f:82:40:74:ef:be:9d:64
Signer

Actual PE Digest

fb:22:70:e7:bd:78:f0:78:1a:b6:24:66:8f:82:40:74:ef:be:9d:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostname
WSAStartup
WSACleanup
shutdown
WSAAsyncSelect
gethostbyname
WSAGetLastError

winmm

mixerClose
PlaySoundW
mixerSetControlDetails
mixerGetControlDetailsW
mixerGetLineInfoW
mixerGetLineControlsW
mixerOpen

wininet

InternetOpenUrlW
InternetQueryOptionW
InternetSetOptionW
InternetOpenA
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestW
HttpQueryInfoA
InternetSetOptionA
HttpSendRequestExW
HttpSendRequestW
InternetReadFile
InternetCloseHandle
InternetSetStatusCallbackW
HttpQueryInfoW
HttpOpenRequestW
InternetGetConnectedState
GetUrlCacheEntryInfoW
InternetConnectW
InternetOpenW
InternetSetCookieW
InternetGetCookieW

mfc42u

ord803
ord940
ord927
ord6771
ord922
ord801
ord541
ord6919
ord2857
ord6004
ord3282
ord3292
ord3298
ord2755
ord5857
ord2644
ord1662
ord3909
ord6266
ord860
ord5031
ord4450
ord1833
ord4583
ord4582
ord4893
ord4364
ord4886
ord5070
ord4334
ord4341
ord4714
ord4883
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord6050
ord5236
ord5277
ord3743
ord1718
ord4426
ord1235
ord365
ord784
ord4236
ord2680
ord465
ord466
ord2233
ord610
ord841
ord6285
ord6135
ord968
ord287
ord857
ord856
ord850
ord1565
ord3465
ord455
ord3000
ord2127
ord5256
ord4875
ord2842
ord6139
ord1244
ord2021
ord2069
ord278
ord536
ord4198
ord6770
ord4199
ord6451
ord6374
ord6193
ord6376
ord1971
ord5438
ord665
ord3313
ord5180
ord354
ord6381
ord2776
ord6654
ord1197
ord1196
ord3993
ord5852
ord941
ord668
ord1972
ord3173
ord3176
ord2773
ord2762
ord356
ord4606
ord4604
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord5303
ord5285
ord5710
ord3733
ord815
ord561
ord4041
ord2137
ord2136
ord6221
ord5227
ord5243
ord2124
ord4595
ord1131
ord617
ord824
ord2613
ord1215
ord5208
ord296
ord5431
ord1676
ord1666
ord2620
ord5976
ord2633
ord4117
ord6210
ord6192
ord4293
ord5944
ord3083
ord3866
ord3869
ord3868
ord6194
ord4281
ord4278
ord3132
ord3791
ord5715
ord6088
ord3519
ord4027
ord6091
ord4030
ord2541
ord2425
ord426
ord726
ord826
ord2717
ord6375
ord1105
ord1563
ord1194
ord3025
ord2812
ord3806
ord5641
ord353
ord271
ord6330
ord2350
ord2290
ord6640
ord4718
ord4532
ord4768
ord397
ord699
ord1851
ord4241
ord3864
ord2119
ord2383
ord5096
ord5099
ord3345
ord975
ord2875
ord2375
ord4431
ord700
ord802
ord398
ord542
ord4462
ord4148
ord5251
ord3368
ord4422
ord3646
ord5597
ord2225
ord4451
ord1202
ord4282
ord4279
ord6238
ord6565
ord2757
ord4219
ord656
ord693
ord6279
ord6278
ord5480
ord6865
ord1085
ord5026
ord4767
ord5280
ord1229
ord4331
ord912
ord5589
ord6867
ord4584
ord6563
ord798
ord1989
ord6403
ord924
ord5188
ord533
ord3494
ord609
ord616
ord2507
ord355
ord5461
ord4183
ord551
ord3332
ord2813
ord547
ord4078
ord2862
ord3614
ord2836
ord2769
ord2099
ord5785
ord2637
ord3785
ord3393
ord3728
ord3716
ord772
ord810
ord795
ord6138
ord500
ord5274
ord3808
ord5856
ord2078
ord1808
ord326
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord2567
ord4390
ord3569
ord2291
ord2634
ord2574
ord4396
ord3365
ord3635
ord3605
ord686
ord6896
ord6898
ord2445
ord3991
ord3296
ord2140
ord3905
ord1941
ord2115
ord4238
ord3281
ord6003
ord4524
ord5681
ord3269
ord729
ord439
ord430
ord3211
ord736
ord1088
ord2114
ord2496
ord1699
ord2423
ord2111
ord2579
ord4400
ord5848
ord2879
ord5784
ord472
ord6354
ord613
ord289
ord2631
ord2538
ord291
ord4029
ord2108
ord3084
ord4474
ord2854
ord539
ord2822
ord823
ord6567
ord5456
ord3658
ord6051
ord4073
ord1768
ord4401
ord5237
ord2377
ord6370
ord4347
ord5286
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord1720
ord3747
ord6190
ord3879
ord4221
ord783
ord3706
ord1158
ord4015
ord1191
ord956
ord293
ord2505
ord2112
ord5879
ord2916
ord5880
ord554
ord3725
ord5058
ord1708
ord1703
ord5080
ord4360
ord3290
ord4263
ord1921
ord3170
ord1657
ord3443
ord6237
ord5886
ord2932
ord4055
ord1712
ord3572
ord3347
ord4212
ord4638
ord4391
ord2568
ord4253
ord692
ord489
ord768
ord4829
ord5283
ord4848
ord4371
ord4352
ord4942
ord4970
ord4736
ord4899
ord5154
ord5156
ord5155
ord3634
ord4395
ord4214
ord348
ord543
ord663
ord3579
ord925
ord2294
ord683
ord3626
ord3397
ord2721
ord2722
ord6466
ord2719
ord6445
ord2373
ord4292
ord4128
ord6153
ord2855
ord3701
ord6871
ord562
ord268
ord1258
ord1560
ord6868
ord2756
ord6655
ord4273
ord2745
ord384
ord2088
ord3915
ord3792
ord2746
ord3871
ord4155
ord3574
ord1594
ord2810
ord5679
ord4272
ord6218
ord2914
ord2606
ord1225
ord4197
ord4124
ord5706
ord6874
ord942
ord2910
ord5568
ord6211
ord4788
ord5149
ord5025
ord5048
ord4766
ord6195
ord537
ord5977
ord4421
ord4407
ord4494
ord1230
ord5250
ord4211
ord674
ord401
ord2437
ord4430
ord1658
ord2641

msvcrt

_wcsicmp
wcscmp
fclose
fwrite
_wfopen
_wmkdir
_wcsdup
free
wcsrchr
wcstol
_wtol
malloc
realloc
_wtoi
wcsstr
wcstod
_strrev
_stricmp
strtod
_except_handler3
fprintf
longjmp
_setjmp3
abort
swscanf
iswalpha
vswprintf
qsort
_wcslwr
_CIpow
_wtoi64
swprintf
strrchr
_strdup
_splitpath
wcscpy
_makepath
_vsnwprintf
sprintf
strstr
memmove
wcslen
wcsncpy
__CxxFrameHandler
__set_app_type
_iob
_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
_wstat
wcschr
_itow
wcscat
_wcsnicmp
sscanf
_snwprintf
_beginthreadex
wcsncmp
rand
srand
time
_ftol
_waccess
fread
ftell
fseek
strncpy
_mbsnbcpy
_vsnprintf
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
strtoul
_strnicmp
calloc
wcstoul
_purecall
_snprintf
strchr
wcstok
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ

kernel32

MulDiv
InterlockedIncrement
LockResource
LoadResource
FindResourceW
GetModuleHandleA
GetTimeFormatW
GetDateFormatW
GetLocaleInfoW
SizeofResource
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
lstrcmpA
GetTempFileNameW
SetThreadPriority
GetExitCodeThread
CompareStringW
GetPrivateProfileIntW
LoadLibraryExW
VirtualProtect
VirtualQuery
LoadLibraryExA
GetModuleFileNameA
OutputDebugStringW
GetStartupInfoW
RaiseException
InterlockedExchange
GetCurrentThread
GetThreadContext
GetEnvironmentVariableA
LoadLibraryA
DeviceIoControl
GetCurrentDirectoryW
HeapAlloc
SetLastError
IsDBCSLeadByteEx
GetProcessHeap
HeapFree
FormatMessageA
FormatMessageW
GetPrivateProfileSectionW
GetTempPathW
lstrcpynW
lstrcmpiW
GetPrivateProfileSectionNamesW
LocalAlloc
LocalFree
GetVersion
lstrcmpiA
InterlockedDecrement
GetVolumeInformationW
ExpandEnvironmentStringsW
GetLocalTime
GlobalMemoryStatus
WritePrivateProfileSectionW
WritePrivateProfileStringW
SetSystemPowerState
GetWindowsDirectoryW
OpenEventW
QueryPerformanceCounter
QueryPerformanceFrequency
MoveFileW
SetFileAttributesW
GetCommandLineW
CreateSemaphoreW
CreateMutexW
ReleaseMutex
CreateEventW
WaitForMultipleObjects
GlobalMemoryStatusEx
RemoveDirectoryW
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
OutputDebugStringA
LocalSize
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
GetDiskFreeSpaceExW
lstrlenA
CreateFileA
WriteFile
CreateDirectoryW
GetExitCodeProcess
GetLastError
ResetEvent
TerminateThread
CopyFileW
CreateThread
ResumeThread
lstrcmpW
FindNextFileW
DeleteCriticalSection
InitializeCriticalSection
SetEvent
WaitForSingleObject
OpenFileMappingW
OpenProcess
TerminateProcess
CreateProcessW
GetPrivateProfileStringW
MultiByteToWideChar
FileTimeToSystemTime
GetSystemInfo
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
FindFirstFileW
FileTimeToLocalFileTime
FindClose
FileTimeToDosDateTime
lstrlenW
WideCharToMultiByte
DeleteFileW
SetUnhandledExceptionFilter
GetModuleFileNameW
GetCurrentProcess
SetProcessWorkingSetSize
Sleep
LoadLibraryW
GetProcAddress
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CreateFileW
GetFileSize
SetFilePointer
ReadFile
CloseHandle
GetFileAttributesW
FreeLibrary
GetSystemDirectoryW
lstrcatW
GetVersionExW

user32

CharUpperW
RegisterClassExW
CreateWindowExW
GetMessageW
SetPropW
AppendMenuW
RedrawWindow
PeekMessageW
TranslateMessage
MsgWaitForMultipleObjects
DispatchMessageW
SetTimer
KillTimer
SetWindowPos
FindWindowW
wsprintfW
DrawFocusRect
SetWindowRgn
GetWindowRect
GetWindowLongW
SetWindowLongW
LoadImageW
CopyRect
DrawFrameControl
OffsetRect
InflateRect
SetRect
GetMenuStringW
GetCursorPos
GetWindow
IsWindowVisible
SendMessageW
LoadCursorW
RegisterClassW
IsWindow
GetSystemMetrics
DefWindowProcW
GetParent
IntersectRect
DrawIconEx
LoadIconW
ScreenToClient
GetClientRect
InvalidateRect
EnableWindow
PtInRect
PostMessageW
ClientToScreen
GetSubMenu
ModifyMenuW
IsZoomed
DestroyIcon
LoadMenuW
BringWindowToTop
GetWindowThreadProcessId
EnumWindows
UnregisterHotKey
CheckMenuItem
CharLowerW
ShowWindow
GetAsyncKeyState
GetClassNameW
RegisterHotKey
keybd_event
MapVirtualKeyW
MoveWindow
GetMonitorInfoW
MonitorFromRect
GetKeyNameTextW
MapVirtualKeyExW
GetKeyboardLayout
GetSystemMenu
SetFocus
IsChild
LoadBitmapW
GetSysColor
SetCapture
GetDesktopWindow
SetRectEmpty
SetClassLongW
GetClassLongW
SetParent
IsWindowEnabled
GetDlgCtrlID
GetCapture
SystemParametersInfoW
IsIconic
SetCursor
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
GetClipboardData
GetMenuItemID
GetMenuState
GetMenuItemCount
ExitWindowsEx
UpdateWindow
SetMenu
SetForegroundWindow
MessageBoxW
GetNextDlgGroupItem
GetScrollInfo
GetClipboardFormatNameW
DestroyWindow
DefMDIChildProcW
DefMDIChildProcA
DefFrameProcW
DefFrameProcA
DefWindowProcA
CallWindowProcA
LoadStringW
IsWindowUnicode
GetWindowLongA
SetWindowLongA
EndPaint
BeginPaint
AdjustWindowRectEx
DeleteMenu
EnableMenuItem
SendMessageTimeoutW
DrawEdge
GetDlgItem
GetDoubleClickTime
UnionRect
GetCursor
GetActiveWindow
SetActiveWindow
CreateAcceleratorTableW
GetKeyboardLayoutList
GetKeyboardState
ToUnicodeEx
GetKeyState
GetFocus
EnumChildWindows
FindWindowExW
WindowFromPoint
GetClassInfoW
ReleaseCapture
IsCharLowerW
CopyAcceleratorTableW
TranslateAcceleratorW
LoadAcceleratorsW
GetWindowTextW
RegisterWindowMessageW
DestroyAcceleratorTable
LoadMenuIndirectW
CreatePopupMenu
LookupIconIdFromDirectoryEx
GetLastActivePopup
DestroyMenu
GetMenuDefaultItem
IsMenu
DrawStateW
GetMenu
GetMenuItemInfoW
IsRectEmpty
MessageBeep
GetNextDlgTabItem
ShowCaret
HideCaret
GetWindowRgn
GetForegroundWindow
ReleaseDC
GetDC
EqualRect
InvertRect
GetDCEx
LockWindowUpdate
UnhookWindowsHookEx
SetWindowsHookExW
CallNextHookEx
TabbedTextOutW
DrawTextW
GrayStringW
RegisterClipboardFormatW
CreateIconFromResourceEx
CopyIcon
GetIconInfo
CreateIconIndirect
MapWindowPoints
EndDeferWindowPos
BeginDeferWindowPos
IsClipboardFormatAvailable
IsDialogMessageW
TrackPopupMenu
CallWindowProcW
GetMessagePos
InsertMenuW
FillRect
DeferWindowPos
SetCursorPos

gdi32

GetDIBits
GetRgnBox
CombineRgn
CreateRectRgn
CreateRoundRectRgn
SetPixel
GetTextColor
CreateDIBitmap
SelectObject
PatBlt
CreateFontIndirectW
SetDIBitsToDevice
GetCurrentObject
SelectPalette
GetMapMode
OffsetRgn
CreateDIBSection
PtInRegion
GetPixel
GetTextExtentPoint32W
PtVisible
RectVisible
CreateSolidBrush
TextOutW
ExtTextOutW
Escape
EnumFontFamiliesExW
Polygon
DeleteDC
StretchBlt
GetObjectW
DeleteObject
GetStockObject
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
SetDIBits
CreatePatternBrush
CreatePolygonRgn
CreateRectRgnIndirect
RoundRect
ExtFloodFill
Ellipse
SetBrushOrgEx
SetBkMode
GetTextCharsetInfo
ExtCreateRegion
CreateFontW
GetObjectType
GetBitmapBits
Rectangle
GetViewportOrgEx
StretchDIBits
GetClipBox
GetDeviceCaps
CreatePalette
CreateCompatibleBitmap
CreateCompatibleDC
BitBlt
GetTextMetricsW
CreatePen

advapi32

RegOpenKeyExW
RegSetValueExW
RegCreateKeyW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegCreateKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegEnumValueW
DeleteService
ControlService
QueryServiceStatus
QueryServiceConfigW
RegEnumKeyExW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegCloseKey
RegQueryValueExW
RegSetValueExA
RegOpenKeyW

shell32

SHBrowseForFolderW
Shell_NotifyIconW
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation
SHChangeNotify
ShellExecuteExW
ExtractIconExW
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteW

comctl32

ImageList_DrawIndirect
FlatSB_GetScrollProp
ImageList_Remove
PropertySheetW
ImageList_Add
ImageList_DrawEx
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Destroy
ImageList_GetIcon
_TrackMouseEvent
ImageList_GetImageInfo
ImageList_Draw
ImageList_ReplaceIcon
ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragEnter
ImageList_GetBkColor

ole32

CoUninitialize
CoCreateInstance
CoGetObject
StringFromGUID2
CoTaskMemFree
CoCreateGuid
OleRun
OleUninitialize
OleInitialize
DoDragDrop
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit
VariantCopy
SysAllocStringLen
SysStringLen
GetErrorInfo
CreateErrorInfo
VariantChangeType
SetErrorInfo
OleLoadPicturePath
VariantChangeTypeEx

urlmon

UrlMkSetSessionOption
URLDownloadToFileW
FindMimeFromData
ObtainUserAgentString

msvcp60

??1_Lockit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

gdiplus

GdipCreateHBITMAPFromBitmap
GdipDisposeImage
GdiplusShutdown
GdipCreateBitmapFromFile
GdiplusStartup

zlib

ord82
ord81
ord80
ord65
ord63
ord61
ord68
ord84
ord72
ord66
ord62
ord67
ord64
ord83

dbghelp

SymGetSymFromAddr
SymCleanup
StackWalk
SymGetModuleBase
SymFunctionTableAccess
SymInitialize
SymSetOptions
SymGetOptions
UnDecorateSymbolName
ImageDirectoryEntryToData

shlwapi

StrFormatByteSizeW

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

psapi

GetProcessImageFileNameW

iphlpapi

GetAdaptersInfo
GetIfTable

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 316KB - Virtual size: 316KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 116KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/4399Down.dll
.dll windows:4 windows x86 arch:x86

e27caee0b4bbff4650e5a95f15fb14bd

Code Sign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:3d:e0:0d:e3:ec:d4:3f:60:5e:6b:6a:f5:c7:2e:c2
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19-05-2011 00:00

Not After

18-05-2013 23:59

Subject

CN=厦门游家网络有限公司,OU=WoSign Class 3 Code Signing,O=厦门游家网络有限公司,L=厦门,ST=福建,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

bb:72:17:3e:37:11:55:d4:5a:79:ae:a6:83:81:28:03:7a:9c:01:b3
Signer

Actual PE Digest

bb:72:17:3e:37:11:55:d4:5a:79:ae:a6:83:81:28:03:7a:9c:01:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetErrorMode
GlobalFlags
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
GetProcessVersion
GlobalSize
CopyFileA
LocalUnlock
LocalLock
GetCPInfo
GetOEMCP
GetTempFileNameA
GetDiskFreeSpaceA
SizeofResource
RtlUnwind
ExitProcess
TerminateProcess
CreateDirectoryA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
HeapFree
ExitThread
HeapAlloc
RaiseException
GetACP
HeapSize
HeapReAlloc
FatalAppExitA
LCMapStringA
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
IsBadReadPtr
IsBadCodePtr
SetStdHandle
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
MulDiv
FindResourceA
LoadResource
LockResource
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
FreeLibrary
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
lstrcpyA
LoadLibraryA
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DuplicateHandle
SetLastError
CreateFileA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
lstrcpynA
GetFileTime
GetFileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
GlobalUnlock
SuspendThread
SetThreadPriority
ResumeThread
GetModuleFileNameA
GlobalLock
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThreadId
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
TerminateThread
SetFileAttributesA
RemoveDirectoryA
GetFileAttributesExA
FormatMessageA
LocalFree
FindFirstFileA
FindNextFileA
FindClose
GetFileAttributesA
lstrlenA
CloseHandle
WaitForMultipleObjects
DeleteFileA
GetDiskFreeSpaceExA
CreateThread
MoveFileA
GetLastError
SetEvent
OutputDebugStringA
CreateEventA
GetTickCount
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
GetThreadContext
GlobalAlloc
GlobalFree
GetCurrentProcess
GetEnvironmentVariableA
LCMapStringW
MultiByteToWideChar

user32

AppendMenuA
RemoveMenu
wvsprintfA
InvalidateRect
GetTabbedTextExtentA
SetRect
IsClipboardFormatAvailable
MessageBeep
DestroyMenu
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
ReleaseCapture
LoadMenuA
SetMenu
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
CreateDialogIndirectParamA
EndDialog
GetDialogBaseUnits
GetSysColorBrush
LoadCursorA
GetMenuStringA
DeleteMenu
InsertMenuA
GetDesktopWindow
PtInRect
GetClassNameA
LoadStringA
UnregisterClassA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
LoadIconA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetActiveWindow
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
GetDlgItem
GetDlgCtrlID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
FindWindowA
SendMessageA
IsWindow
PostMessageA
MessageBoxA
KillTimer
PeekMessageA
SetTimer
SetFocus
CharToOemA
OemToCharA
UnhookWindowsHookEx
PostQuitMessage
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
WaitMessage
GetSystemMetrics
CharUpperA
wsprintfA
GetWindowTextLengthA
GetWindowTextA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
ShowOwnedPopups
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
DispatchMessageA
TranslateMessage
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA

gdi32

CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CopyMetaFileA
CreateDCA
GetTextMetricsA
CreateFontIndirectA
GetWindowExtEx
GetCharWidthA
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
GetTextExtentPoint32A
GetViewportExtEx
GetDeviceCaps
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
CreateRectRgn
GetClipRgn
DeleteObject
PolyBezierTo
PolylineTo
PolyDraw
SetArcDirection
ArcTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
DPtoLP
CreateBitmap
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocA
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
SetColorAdjustment

comdlg32

FindTextA
PageSetupDlgA
PrintDlgA
CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA
ReplaceTextA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegDeleteValueA
GetFileSecurityA
SetFileSecurityA
RegSetValueA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyA
RegCloseKey

shell32

DragQueryFileA
DragFinish
DragAcceptFiles
SHBrowseForFolderA
SHGetFileInfoA
SHGetMalloc
SHGetPathFromIDListA

comctl32

ord17

ole32

ReadClassStg
ReadFmtUserTypeStg
CoTreatAsClass
ReleaseStgMedium
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CreateBindCtx
CoTaskMemAlloc
OleDuplicateData
StringFromCLSID
CoCreateInstance
CoDisconnectObject

oleaut32

SysStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex

wsock32

sendto
recvfrom
socket
inet_ntoa
WSAAsyncSelect
send
connect
gethostbyname
closesocket
htonl
htons
bind
accept
inet_addr
recv
getsockname
getpeername
ntohs
WSAStartup
WSACleanup
WSASetLastError
WSAGetLastError
ioctlsocket

imagehlp

SymGetModuleBase
SymFunctionTableAccess
StackWalk
SymGetSymFromAddr
UnDecorateSymbolName
SymGetOptions
SymSetOptions
SymInitialize
SymCleanup

shlwapi

StrTrimA

Exports

Exports

AddTask
InitDownTaskCtrl
RemoveTask
UninitDownTaskCtrl

Sections

.text
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Box/4399Live.dll
.exe windows:4 windows x86 arch:x86

5cbf1bae3a5c6cb679d1861bea7fc5c2

Code Sign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:3d:e0:0d:e3:ec:d4:3f:60:5e:6b:6a:f5:c7:2e:c2
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19-05-2011 00:00

Not After

18-05-2013 23:59

Subject

CN=厦门游家网络有限公司,OU=WoSign Class 3 Code Signing,O=厦门游家网络有限公司,L=厦门,ST=福建,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

40:4a:36:62:35:f6:82:c4:67:51:5a:be:62:22:ff:a0:66:54:b8:a0
Signer

Actual PE Digest

40:4a:36:62:35:f6:82:c4:67:51:5a:be:62:22:ff:a0:66:54:b8:a0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5186
ord354
ord860
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord2725
ord4698
ord5714
ord3738
ord815
ord561
ord1168
ord2614
ord4277
ord2763
ord2092
ord5484
ord2621
ord1134
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord6385
ord2878
ord4151
ord6055
ord4077
ord1776
ord4407
ord5237
ord2385
ord5163
ord6374
ord4353
ord5282
ord2649
ord1665
ord3798
ord4837
ord4436
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord2446
ord2124
ord5277
ord4627
ord4427
ord366
ord674
ord5572
ord1106
ord4457
ord5252
ord4413
ord2379
ord1270
ord1232
ord5442
ord1979
ord665
ord2726
ord2818
ord537
ord6877
ord924
ord922
ord858
ord535
ord2915
ord5683
ord4129
ord825
ord565
ord540
ord817
ord800
ord4424
ord4622
ord4080
ord3079
ord1576
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5715
ord5289
ord5307
ord4699
ord4079
ord5303
ord5300
ord3346
ord2396
ord4226
ord1948
ord2879
ord823

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
fclose
fseek
ftell
fwrite
fread
fopen
_strnicmp
strncpy
strtoul
__getmainargs
??0exception@@QAE@ABV0@@Z
wcscpy
??1exception@@UAE@XZ
??0exception@@QAE@XZ
wcslen
sprintf
_ftol
realloc
_except_handler3
_mbsrchr
malloc
atoi
_mbsstr
_stat
_mbschr
_mbsnbcpy
_mkdir
_makepath
_splitpath
_setmbcp
_stricmp
_acmdln
exit
_vsnprintf
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CxxThrowException
_mbscmp
_strdup
strrchr
free
_mbsicmp
__CxxFrameHandler

kernel32

CloseHandle
WriteFile
CreateFileA
lstrlenA
WaitForSingleObject
GetVersionExA
OpenProcess
GetPrivateProfileStringA
GetModuleFileNameA
GetCommandLineA
CreateSemaphoreA
FreeLibrary
GetProcAddress
GetFileAttributesA
ResumeThread
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
GetFileSize
ReadFile
IsDBCSLeadByteEx
GetStartupInfoA
CreateDirectoryA
GetLastError
CopyFileA
Sleep
LoadLibraryA
DeleteFileA

user32

PostThreadMessageA
GetClassInfoA
DefWindowProcA
LoadCursorA
KillTimer
SetTimer
PostMessageA

advapi32

RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

ole32

CoCreateGuid

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

wininet

InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetWriteFile
HttpEndRequestA
HttpQueryInfoA
InternetSetOptionA
InternetReadFile

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/4399LiveUpdate.exe
.exe windows:4 windows x86 arch:x86

e7626713af29f5c91e8be87ea3df6564

Code Sign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:3d:e0:0d:e3:ec:d4:3f:60:5e:6b:6a:f5:c7:2e:c2
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19-05-2011 00:00

Not After

18-05-2013 23:59

Subject

CN=厦门游家网络有限公司,OU=WoSign Class 3 Code Signing,O=厦门游家网络有限公司,L=厦门,ST=福建,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

5f:2d:3d:05:2f:9e:ca:a3:04:cb:08:fe:d3:df:cd:b5:ab:4a:e8:32
Signer

Actual PE Digest

5f:2d:3d:05:2f:9e:ca:a3:04:cb:08:fe:d3:df:cd:b5:ab:4a:e8:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4835
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3573
ord491
ord1907
ord768
ord1641
ord489
ord3626
ord2414
ord4258
ord6197
ord4710
ord4976
ord2864
ord2379
ord2754
ord3619
ord3089
ord5875
ord4478
ord6055
ord1776
ord5290
ord4837
ord3610
ord656
ord567
ord4275
ord3402
ord3721
ord795
ord1146
ord1168
ord536
ord4219
ord2581
ord4401
ord1771
ord6366
ord2413
ord2024
ord3639
ord699
ord686
ord692
ord397
ord384
ord2860
ord2096
ord6453
ord3803
ord2859
ord4123
ord4188
ord2753
ord4124
ord2639
ord4284
ord955
ord640
ord6654
ord283
ord1640
ord323
ord3797
ord613
ord5789
ord289
ord5981
ord5710
ord5593
ord3438
ord912
ord3742
ord3571
ord818
ord755
ord5785
ord470
ord4400
ord3630
ord682
ord6242
ord3706
ord4133
ord4297
ord5788
ord472
ord5786
ord2405
ord2567
ord2862
ord4774
ord2582
ord4402
ord3370
ord3640
ord693
ord4243
ord6007
ord3286
ord3998
ord6696
ord3996
ord3301
ord3293
ord6905
ord6888
ord3910
ord3798
ord6883
ord541
ord4396
ord3574
ord609
ord5781
ord3874
ord1908
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord1008
ord496
ord4259
ord4287
ord5850
ord6241
ord6176
ord4160
ord1768
ord6215
ord4715
ord3092
ord2642
ord2882
ord2646
ord6380
ord2302
ord6199
ord2452
ord3698
ord765
ord4224
ord4083
ord2575
ord3093
ord1783
ord3584
ord3643
ord696
ord543
ord394
ord803
ord6662
ord6418
ord2393
ord1263
ord6307
ord909
ord4167
ord521
ord5628
ord2820
ord548
ord4185
ord1166
ord2763
ord4202
ord1871
ord3258
ord1265
ord2233
ord6442
ord1233
ord5590
ord2448
ord5834
ord2044
ord296
ord617
ord5214
ord5222
ord5221
ord5219
ord2827
ord665
ord1979
ord5186
ord354
ord5442
ord1200
ord1799
ord654
ord772
ord610
ord801
ord614
ord341
ord500
ord287
ord290
ord2729
ord6467
ord2727
ord2730
ord4226
ord4003
ord5603
ord5606
ord5602
ord5608
ord5858
ord5860
ord5857
ord6140
ord6142
ord6139
ord6143
ord3353
ord446
ord743
ord3127
ord3616
ord5651
ord3126
ord3613
ord350
ord3579
ord5287
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4854
ord4377
ord5265
ord4358
ord4948
ord4742
ord4905
ord5160
ord5162
ord5161
ord5683
ord6383
ord5440
ord2107
ord6394
ord5450
ord2841
ord6876
ord6282
ord6283
ord2764
ord4129
ord1187
ord6877
ord4204
ord6223
ord2919
ord3663
ord941
ord939
ord926
ord922
ord4278
ord537
ord538
ord2915
ord5572
ord2614
ord858
ord2818
ord535
ord2725
ord1134
ord2621
ord924
ord561
ord540
ord823
ord860
ord815
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord800
ord825
ord6907
ord4673
ord1576

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_except_handler3
_beginthreadex
srand
rand
time
_mbsicmp
_makepath
_strdup
strrchr
malloc
free
atol
strtoul
__CxxFrameHandler
memcpy
fclose
sprintf
_setmbcp
_mkdir
_mbsnbicmp
fread
ftell
fseek
fopen
fwrite
strcpy
_mbsnbcpy
_mbclen
_mbschr
strlen
_mbsnbcmp
wctomb
strtol
strncpy
setlocale
mbtowc
_mbsstr
_mbscmp
strerror
_errno
memset
memmove
_purecall
atoi
_ftol
abs
strchr
memcmp
__RTDynamicCast
_splitpath
_controlfp

kernel32

LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
GetDriveTypeA
GetLogicalDrives
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
lstrcmpiA
lstrlenA
MultiByteToWideChar
CreateProcessA
GetTempPathA
SetFileAttributesA
EnterCriticalSection
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcatA
GetShortPathNameA
MoveFileExA
ReleaseMutex
WaitForSingleObject
SetThreadPriority
TerminateThread
WaitForMultipleObjects
GetTempFileNameA
WideCharToMultiByte
lstrlenW
GetModuleHandleA
GetStartupInfoA
DeleteFileA
QueryPerformanceFrequency
QueryPerformanceCounter
GetWindowsDirectoryA
OpenMutexA
CreateMutexA
CloseHandle
GetComputerNameA
GetLastError
lstrcpyA
GetModuleFileNameA
GetFileAttributesA
lstrcpynA
CreateDirectoryA
CreateEventA
CreateFileA
SetEvent
ResetEvent
HeapFree
GetProcessHeap
WriteFile
HeapAlloc
GetVersionExA
GetFileSize
SetEndOfFile
SetFilePointer
GlobalFree
LoadLibraryA
FreeLibrary
CopyFileA
GetVolumeInformationA
LocalAlloc
InterlockedExchange
RaiseException
LocalFree
GetProcAddress

user32

GetWindowLongA
AdjustWindowRectEx
LoadIconA
GetKeyState
LoadBitmapA
PostMessageA
ClientToScreen
IsWindow
GetCursorPos
RedrawWindow
InvalidateRect
DrawStateA
DestroyIcon
SendMessageA
CopyRect
SetRect
GetDesktopWindow
DrawFocusRect
GetSystemMetrics
FillRect
GetDC
ReleaseDC
LoadImageA
SetCursor
ShowCursor
GetMessagePos
ScreenToClient
PtInRect
KillTimer
GetWindowRect
GetParent
GetClientRect
GetSysColor
EnableWindow
LoadCursorA
wsprintfA
OffsetRect

gdi32

CreatePatternBrush
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextExtentPoint32A
BitBlt
GetTextMetricsA
CreateCompatibleDC
GetCurrentObject
GetObjectA
DeleteObject
GetStockObject
CreateFontIndirectA
CreateSolidBrush
CreateRoundRectRgn

advapi32

RegCloseKey
RegOpenKeyExA
RegSetValueExA
GetUserNameA
RegDeleteValueA
RegQueryValueExA

shell32

ShellExecuteA

comctl32

ImageList_GetIconSize
ImageList_Draw
ImageList_GetImageInfo
_TrackMouseEvent
ImageList_GetImageCount
ImageList_AddMasked
ImageList_GetIcon
ImageList_Remove

ole32

CoCreateGuid
StgOpenStorage
StgCreateDocfile
CoTaskMemAlloc
CoTaskMemFree

wininet

HttpSendRequestA
HttpAddRequestHeadersA
InternetReadFileExA
InternetErrorDlg
HttpOpenRequestA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetSetOptionA
InternetQueryOptionA
HttpQueryInfoA
InternetSetStatusCallback

netapi32

Netbios

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

htonl
ntohl

Sections

.text
Size: 224KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/4399Panel.exe
.exe windows:4 windows x86 arch:x86

25e5b9c8c3e657b419ef413428e33b9a

Code Sign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:3d:e0:0d:e3:ec:d4:3f:60:5e:6b:6a:f5:c7:2e:c2
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19-05-2011 00:00

Not After

18-05-2013 23:59

Subject

CN=厦门游家网络有限公司,OU=WoSign Class 3 Code Signing,O=厦门游家网络有限公司,L=厦门,ST=福建,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

11:88:94:bd:bd:03:f4:ad:f1:36:a0:8b:72:fe:25:a7:ac:2a:a9:e4
Signer

Actual PE Digest

11:88:94:bd:bd:03:f4:ad:f1:36:a0:8b:72:fe:25:a7:ac:2a:a9:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

e:\zfz\4399Pro\4399_svn\Build\4399Panel.pdb

Imports

kernel32

SetEndOfFile
CloseHandle
GetLastError
CreateMutexA
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
WideCharToMultiByte
GetTickCount
MultiByteToWideChar
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
CreateThread
RaiseException
InitializeCriticalSection
DeleteCriticalSection
GetVersion
lstrlenW
lstrlenA
CompareStringA
CompareStringW
GetStringTypeExA
EnterCriticalSection
LeaveCriticalSection
SetEvent
WriteFile
CreateFileA
WaitForSingleObject
Sleep
GetFileSize
InterlockedDecrement
InterlockedIncrement
TerminateThread
DeleteFileA
UnmapViewOfFile
WaitForMultipleObjects
ResetEvent
CreateEventA
WritePrivateProfileStringA
FreeResource
GlobalFree
GlobalUnlock
GlobalLock
LoadLibraryA
lstrcpyA
EnumResourceLanguagesA
ConvertDefaultLocale
GetProcAddress
GetModuleHandleA
lstrcmpA
GlobalDeleteAtom
FreeLibrary
GlobalAlloc
GetCurrentThreadId
GetCurrentThread
GlobalAddAtomA
lstrcpynA
lstrcmpW
lstrcatA
GlobalFindAtomA
GlobalGetAtomNameA
GetPrivateProfileIntA
SetFileTime
GetFileTime
GetTempFileNameA
GetFullPathNameA
GetDiskFreeSpaceA
LocalFree
FormatMessageA
GlobalSize
MulDiv
CopyFileA
SetLastError
FileTimeToSystemTime
FileTimeToLocalFileTime
FindClose
FindFirstFileA
LocalFileTimeToFileTime
SystemTimeToFileTime
GlobalFlags
LocalAlloc
GlobalReAlloc
GlobalHandle
TlsGetValue
TlsAlloc
TlsSetValue
LocalReAlloc
TlsFree
MoveFileA
ReadFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
lstrcmpiA
DuplicateHandle
GetCurrentProcess
GetVolumeInformationA
GetShortPathNameA
GetCPInfo
GetOEMCP
SetErrorMode
lstrcpynW
RtlUnwind
ExitProcess
HeapAlloc
HeapFree
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
ExitThread
GetStartupInfoA
GetCommandLineA
TerminateProcess
HeapReAlloc
HeapSize
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
SetUnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
HeapDestroy
HeapCreate
VirtualFree
IsBadWritePtr
UnhandledExceptionFilter
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTimeZoneInformation
IsBadReadPtr
IsBadCodePtr
SetStdHandle
SetEnvironmentVariableA
OpenFileMappingA
CreateFileMappingA
MapViewOfFile
OutputDebugStringA
GetCurrentDirectoryA
GetPrivateProfileStringA

user32

BeginDeferWindowPos
GetWindowTextA
GetWindowTextLengthA
IsChild
SetFocus
SendDlgItemMessageA
RemovePropA
GetPropA
SetPropA
GetClassInfoExA
GetClassLongA
CreateWindowExA
GetCapture
WinHelpA
RegisterWindowMessageA
GetDlgItemInt
SetDlgItemInt
SetDlgItemTextA
IsDialogMessageA
SetWindowTextA
MoveWindow
ShowWindow
wsprintfA
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatA
InvalidateRect
TranslateAcceleratorA
SetMenu
SetRectEmpty
InsertMenuItemA
LoadAcceleratorsA
ReleaseCapture
ReuseDDElParam
UnpackDDElParam
DestroyMenu
LoadMenuA
GetDC
ReleaseDC
RemoveMenu
InsertMenuA
GetMenuStringA
InflateRect
GetMenuItemInfoA
ClientToScreen
SetCapture
SetCursorPos
DestroyCursor
LoadCursorA
IsRectEmpty
DeleteMenu
GetSystemMenu
SetParent
IsZoomed
FillRect
DrawIcon
SetWindowRgn
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetWindowDC
BeginPaint
EndPaint
MessageBeep
SetRect
IsClipboardFormatAvailable
CountClipboardFormats
GetSysColorBrush
DestroyIcon
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
EndDeferWindowPos
WindowFromPoint
GetDCEx
LockWindowUpdate
SendNotifyMessageA
ScrollWindow
ShowScrollBar
GetMenu
GetSubMenu
GetMenuItemID
GetMenuItemCount
GetSysColor
AdjustWindowRectEx
EqualRect
GetScrollInfo
SetScrollInfo
RegisterClassA
GetDlgCtrlID
DefWindowProcA
CallWindowProcA
SetWindowPos
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
CopyRect
PtInRect
GetWindow
SetMenuItemBitmaps
GetFocus
ModifyMenuA
GetMenuState
EnableMenuItem
CheckMenuItem
GetMenuCheckMarkDimensions
LoadBitmapA
SetWindowsHookExA
CallNextHookEx
GetMessageA
GetKeyState
ValidateRect
GetLastActivePopup
ShowOwnedPopups
SetCursor
PostQuitMessage
GetDesktopWindow
GetActiveWindow
SetActiveWindow
GetSystemMetrics
CreateDialogIndirectParamA
DestroyWindow
GetDlgItem
IsWindowEnabled
GetParent
GetNextDlgTabItem
EndDialog
SendMessageA
BringWindowToTop
UpdateWindow
FindWindowA
SetForegroundWindow
EnableWindow
SetWindowLongA
DeferWindowPos
GetWindowLongA
CreatePopupMenu
AppendMenuA
GetClientRect
SetTimer
KillTimer
ScreenToClient
GetCursorPos
IsWindow
SendMessageTimeoutA
PostMessageA
GetTopWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
LoadIconA
PostThreadMessageA
MapWindowPoints
GetForegroundWindow
GetClassInfoA
GetClassNameA
GetLastInputInfo
CharUpperA
UnregisterClassA
RedrawWindow
IsWindowVisible
DispatchMessageA
TranslateMessage
PeekMessageA
MessageBoxA
TrackPopupMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos

gdi32

Ellipse
SaveDC
RestoreDC
SetBkMode
SetMapMode
ExcludeClipRect
IntersectClipRect
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
LPtoDP
CreateBitmap
PtVisible
BitBlt
TextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
DPtoLP
CreateEllipticRgn
GetTextMetricsA
CreateFontA
GetCharWidthA
DeleteObject
StretchDIBits
DeleteDC
SelectObject
GetTextExtentPoint32A
GetPixel
ExtTextOutA
CreateFontIndirectA
CreateSolidBrush
GetStockObject
CreateDCA
CopyMetaFileA
GetDeviceCaps
PatBlt
CreateRectRgnIndirect
CreateCompatibleDC
CreateCompatibleBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
RectVisible
GetBkColor
GetTextColor
GetRgnBox
SetRectRgn
CombineRgn
GetMapMode

advapi32

RegOpenKeyExA
RegEnumKeyA
RegQueryValueA
RegCreateKeyExA
RegDeleteValueA
SetFileSecurityA
GetFileSecurityA
RegQueryValueExA
RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegSetValueA
RegDeleteKeyA

shell32

DragFinish
DragQueryFileA
DragAcceptFiles
ExtractIconA
SHGetFileInfoA
SHGetFolderPathA

ole32

StgOpenStorageOnILockBytes
StgCreateDocfileOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
CreateFileMoniker
OleSave
WriteClassStm
OleSaveToStream
CreateStreamOnHGlobal
OleLockRunning
CoGetClassObject
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateFromFile
OleCreateLinkToFile
OleCreate
OleLoad
OleGetIconOfClass
CreateItemMoniker
CreateGenericComposite
GetHGlobalFromILockBytes
OleSetMenuDescriptor
OleGetClipboard
CoDisconnectObject
OleDuplicateData
ReleaseStgMedium
CoTaskMemAlloc
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadClassStg
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
OleInitialize
CoFreeUnusedLibraries
CLSIDFromString
CLSIDFromProgID
OleUninitialize
OleSetContainedObject

oleaut32

SafeArrayDestroy
SystemTimeToVariantTime
OleCreateFontIndirect
SysStringLen
VariantChangeType
SysAllocString
SysAllocStringByteLen
SysFreeString
VariantInit
VariantCopy
VariantClear
SysAllocStringLen

brun

ord1
ord14
ord13
ord27
_BOX_GetPeerInfo@16
_BOX_GetPeerCount@16
_BOX_GapDump@4
ord12
_BOX_SetHttpNumPerTask@8
ord11
_BOX_GetGapList@12
ord2
ord24
ord9
ord19
ord18

comctl32

ord17
ImageList_GetImageInfo
ImageList_Destroy
ImageList_Draw

shlwapi

PathFileExistsA
PathFindFileNameA
PathStripToRootA
PathIsUNCA
PathFindExtensionA

oledlg

ord11
ord4
ord3
ord8

wininet

InternetSetStatusCallback
HttpQueryInfoA
InternetCloseHandle
InternetConnectA
InternetOpenA
HttpSendRequestA
HttpOpenRequestA
InternetReadFile

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

winspool.drv

OpenPrinterA
DocumentPropertiesA
ClosePrinter

comdlg32

ChooseFontA
ReplaceTextA
FindTextA
GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA

Sections

.text
Size: 396KB - Virtual size: 394KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/4399Update.exe
.exe windows:4 windows x86 arch:x86

19acf308ab9587362243b200c41b6baa

Code Sign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:3d:e0:0d:e3:ec:d4:3f:60:5e:6b:6a:f5:c7:2e:c2
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19-05-2011 00:00

Not After

18-05-2013 23:59

Subject

CN=厦门游家网络有限公司,OU=WoSign Class 3 Code Signing,O=厦门游家网络有限公司,L=厦门,ST=福建,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

eb:e1:f5:7f:9b:af:57:ec:ee:2a:e4:e5:aa:20:b0:c4:06:6d:04:3c
Signer

Actual PE Digest

eb:e1:f5:7f:9b:af:57:ec:ee:2a:e4:e5:aa:20:b0:c4:06:6d:04:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord5714
ord2614
ord665
ord2764
ord1979
ord6010
ord6385
ord5442
ord3318
ord353
ord6283
ord6282
ord6877
ord4277
ord941
ord4129
ord5683
ord1168
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord1576
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord2818
ord535
ord924
ord858
ord540
ord823
ord860
ord800
ord537
ord815
ord825

msvcrt

__set_app_type
_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_onexit
__dllonexit
sprintf
strcat
malloc
free
atoi
strstr
strncmp
strncpy
atol
_except_handler3
_snprintf
strlen
_beginthreadex
__CxxFrameHandler
memset
_setmbcp
strcmp

kernel32

WaitForSingleObject
Sleep
WaitForMultipleObjects
ResetEvent
CreateEventA
GetPrivateProfileStringA
DeleteFileA
CreateFileA
GetCommandLineA
GetFileAttributesA
CreateDirectoryA
GetModuleFileNameA
ReleaseMutex
GetLastError
CreateMutexA
GetModuleHandleA
GetStartupInfoA
GetTickCount
WriteFile
CreateThread
CloseHandle
SetEvent

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

shell32

ShellExecuteA

ole32

CoInitialize

urlmon

URLDownloadToFileA

wininet

HttpSendRequestA
HttpQueryInfoA
InternetSetStatusCallback
InternetCloseHandle
InternetOpenA
InternetReadFile
HttpOpenRequestA
InternetConnectA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/7z.dll
.dll windows:4 windows x86 arch:x86

71fc45db7a81ce236f432a828a4e8fcd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocString
VariantClear
VariantCopy
SysFreeString
SysAllocStringByteLen

user32

CharLowerW
CharUpperA
CharNextA
CharPrevExA
CharUpperW
CharLowerA

msvcrt

_adjust_fdiv
_initterm
?terminate@@YAXXZ
_onexit
__dllonexit
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
memset
strcmp
realloc
memcmp
_purecall
strlen
free
malloc
memmove
_CxxThrowException
memcpy
__CxxFrameHandler

kernel32

InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
ResetEvent
SetEvent
CreateEventA
WaitForSingleObject
VirtualFree
VirtualAlloc
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
FileTimeToLocalFileTime
DeleteCriticalSection
LocalFileTimeToFileTime
GetVersionExA
WaitForMultipleObjects
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
SystemTimeToFileTime
FileTimeToDosDateTime
DosDateTimeToFileTime
GetModuleHandleA
GetProcAddress
GetSystemInfo
CompareFileTime
WriteFile
ReadFile
MultiByteToWideChar
WideCharToMultiByte
GetLastError
CloseHandle
SetFileAttributesA
DeleteFileA
GetTempPathA
GetTempFileNameA
CreateFileA

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethods
SetLargePageMode

Sections

.text
Size: 654KB - Virtual size: 654KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Box/7zMgr.dll
.dll windows:4 windows x86 arch:x86

b5ac4f2d78cc76c49707c6b3ddad3d22

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateEventA
WaitForSingleObject
Sleep
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
TerminateThread
SetEvent
LeaveCriticalSection
EnterCriticalSection
ResetEvent
GetDiskFreeSpaceExA
WideCharToMultiByte
GetProcAddress
GetVersionExA
GetLastError
ReadFile
GetStdHandle
WriteFile
MultiByteToWideChar
FreeLibrary
LoadLibraryA
AreFileApisANSI
GetModuleFileNameA
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
SetFileAttributesW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
FindClose
FindFirstFileA
FindFirstFileW
CreateFileA
GetFileSize
SetFilePointer
SetEndOfFile
SetStdHandle
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
FlushFileBuffers
RtlUnwind
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
RaiseException
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
TlsAlloc
TlsFree
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
InterlockedDecrement
InterlockedIncrement
GetCPInfo
GetACP
GetOEMCP

shell32

SHFileOperationW

oleaut32

VariantClear
SysAllocString

Exports

Exports

CancelDeCompress
ExtractFile

Sections

.text
Size: 52KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Box/BugCollector.exe
.exe windows:4 windows x86 arch:x86

0a0d803c7e6a0ad7234a8958a98cbf81

Code Sign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25-04-2007 00:00

Not After

09-07-2019 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:3d:e0:0d:e3:ec:d4:3f:60:5e:6b:6a:f5:c7:2e:c2
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19-05-2011 00:00

Not After

18-05-2013 23:59

Subject

CN=厦门游家网络有限公司,OU=WoSign Class 3 Code Signing,O=厦门游家网络有限公司,L=厦门,ST=福建,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

82:27:56:ca:90:56:9f:92:d5:52:c4:17:e1:55:b6:49:e2:24:51:47
Signer

Actual PE Digest

82:27:56:ca:90:56:9f:92:d5:52:c4:17:e1:55:b6:49:e2:24:51:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4424
ord3738
ord800
ord815
ord540
ord561
ord825
ord641
ord609
ord2514
ord2621
ord1134
ord858
ord4278
ord4277
ord2614
ord860
ord617
ord2764
ord537
ord2818
ord2915
ord5214
ord296
ord5265
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord4622
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord3574
ord1146
ord1168
ord567
ord2302
ord6199
ord5953
ord4160
ord2863
ord2379
ord3571
ord3626
ord3663
ord2414
ord686
ord2096
ord384
ord1641
ord755
ord470
ord2642
ord3092
ord941
ord939
ord535
ord3089
ord4476
ord823
ord4080
ord1576
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord5065
ord4673

msvcrt

__set_app_type
_except_handler3
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
__p__fmode
calloc
_strnicmp
strncpy
strtoul
sprintf
_CxxThrowException
??0exception@@QAE@ABV0@@Z
wcscpy
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_setmbcp
_stricmp
__p__commode
_adjust_fdiv
__CxxFrameHandler
_beginthreadex
_mbsnicmp
_vsnprintf
wcslen
malloc
free
_vsnwprintf
_mbscmp

kernel32

GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
GetFileSize
SetFilePointer
ReadFile
IsDBCSLeadByteEx
GetStartupInfoA
GetLastError
WaitForSingleObject
CloseHandle
OutputDebugStringA
GetModuleFileNameA
GetCommandLineA
TerminateProcess
OpenProcess

user32

SendMessageA
AppendMenuA
GetSystemMetrics
IsIconic
GetClientRect
PostMessageA
EnableWindow
LoadIconA
GetSystemMenu
DrawIcon
LoadBitmapA

gdi32

GetObjectA

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey

shell32

ShellExecuteA

comctl32

ImageList_Draw
ImageList_AddMasked

ole32

CoTaskMemFree
CoCreateGuid

urlmon

FindMimeFromData

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

wininet

InternetSetOptionA
InternetGetConnectedState
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
HttpQueryInfoA
InternetOpenA
InternetReadFile

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/DSGame.exe
.exe windows:4 windows x86 arch:x86

16215183eac29438f1a2fd4ddb2e02ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord825
ord815
ord3579
ord641
ord693
ord800
ord803
ord2506
ord2613
ord1131
ord2810
ord540
ord823
ord5261
ord4370
ord4847
ord4992
ord4704
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5276
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord2977
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord3592
ord324
ord4229
ord2574
ord6051
ord1768
ord4396
ord5286
ord3365
ord3635
ord1143
ord1165
ord543
ord567
ord2294
ord861
ord535
ord2606
ord3991
ord940
ord537
ord1197
ord858
ord4124
ord5679
ord4155
ord2858
ord2371
ord755
ord470
ord3296
ord3281
ord6451
ord6003
ord2910
ord925
ord6898
ord3993
ord4273
ord5706
ord6654
ord538
ord5568
ord539
ord922
ord927
ord942
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord1720
ord4667
ord1569

msvcrt

_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__dllonexit
memmove
_wcsnicmp
wcsstr
strncpy
wcstol
wcsncmp
wcslen
wcschr
wcsncpy
wcscpy
fwrite
__CxxFrameHandler
wcscmp
_wcsicmp
fclose
swprintf
fread
ftell
fseek
_wfopen
_onexit

kernel32

GetModuleHandleW
GetLastError
WideCharToMultiByte
FormatMessageW
GetModuleFileNameW
InitializeCriticalSection
MultiByteToWideChar
LeaveCriticalSection
GetStartupInfoW
DeleteCriticalSection
EnterCriticalSection

user32

EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuW
SendMessageW
LoadIconW
PostMessageW
FindWindowW

advapi32

RegQueryValueExW
RegOpenKeyW
RegCloseKey

4399down

RemoveTask
UninitDownTaskCtrl
InitDownTaskCtrl
AddTask

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/LocalPage/catalog/allcat.xml
.xml
Box/LocalPage/catalog/catalogess.html
.html .js polyglot
Box/LocalPage/catalog/catalogflash.html
.js
Box/LocalPage/catalog/catalogmygame.html
.js
Box/LocalPage/catalog/catalogonline.html
.html .js polyglot
Box/LocalPage/catalog/catalogselected.gif
.gif
Box/LocalPage/catalog/catalogselected_mygame.gif
.gif
Box/LocalPage/catalog/catalogwebgame.html
.html .js polyglot
Box/LocalPage/catalog/ginfor_cz.gif
.gif
Box/LocalPage/catalog/ginfor_gl.gif
.gif
Box/LocalPage/catalog/hot.gif
.gif
Box/LocalPage/catalog/jquery.query-2.1.7.js
.js
Box/LocalPage/catalog/menu_arrow.gif
.gif
Box/LocalPage/catalog/menu_mygame.gif
.gif
Box/LocalPage/catalog/menu_scroll.gif
.gif
Box/LocalPage/catalog/new.gif
.gif
Box/LocalPage/catalog/playflash.html
.js
Box/LocalPage/check/ad.xml
Box/LocalPage/check/check_img_bd.jpg
.jpg
Box/LocalPage/check/index.html
.html .js polyglot
Box/LocalPage/check/loading.swf
Box/LocalPage/check/popup.html
.html
Box/LocalPage/check/popup.jpg
.jpg
Box/LocalPage/check/win.html
.html .js polyglot
Box/LocalPage/common/images/catalogselected.gif
.gif
Box/LocalPage/common/images/check.gif
.gif
Box/LocalPage/common/images/check.swf
Box/LocalPage/common/images/g_ico.gif
.gif
Box/LocalPage/common/images/game_loading.gif
.gif
Box/LocalPage/common/images/gamesearch01.gif
.gif
Box/LocalPage/common/images/ginfor_cz.gif
.gif
Box/LocalPage/common/images/ginfor_gl.gif
.gif
Box/LocalPage/common/images/head_bg.gif
.gif
Box/LocalPage/common/images/ico_check.gif
.gif
Box/LocalPage/common/images/ico_chinese.gif
.gif
Box/LocalPage/common/images/ico_del.gif
.gif
Box/LocalPage/common/images/ico_dot.gif
.gif
Box/LocalPage/common/images/ico_flash.gif
.gif
Box/LocalPage/common/images/ico_online.gif
.gif
Box/LocalPage/common/images/ico_prompt.gif
.gif
Box/LocalPage/common/images/ico_star.gif
.gif
Box/LocalPage/common/images/menu_arrow.gif
.gif
Box/LocalPage/common/images/menu_scroll.gif
.gif
Box/LocalPage/common/images/mygame.gif
.gif
Box/LocalPage/common/images/mygame_bg.gif
.gif
Box/LocalPage/common/images/nocheck.swf
Box/LocalPage/common/images/option_btn.gif
.gif
Box/LocalPage/common/images/option_set.gif
.gif
Box/LocalPage/common/images/option_txt.gif
.gif
Box/LocalPage/common/images/webgame_btn.gif
.gif
Box/LocalPage/common/images/win_bkg.gif
.gif
Box/LocalPage/common/js/common.js
.js
Box/LocalPage/common/js/jquery-1.2.6.pack.js
.js
Box/LocalPage/common/js/jquery.query-2.1.7.js
.js
Box/LocalPage/common/js/page.js
Box/LocalPage/management/localflash.html
.html .js polyglot
Box/LocalPage/management/mygame.html
.js
Box/LocalPage/management/network.html
.js
Box/LocalPage/option/custom.html
.js
Box/LocalPage/option/index.html
.js
Box/SafeMode/4399Safe.exe
.exe windows:4 windows x86 arch:x86

a788aefd6f52aeeded2454fa55aac752

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord5265
ord4376
ord4853
ord6375
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1168
ord2379
ord755
ord470
ord4274
ord4998
ord4673
ord1576

msvcrt

_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_onexit
__dllonexit
__CxxFrameHandler
_setmbcp
_exit

kernel32

GetModuleHandleA
GetStartupInfoA

user32

DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
EnableWindow
SendMessageA

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/SafeMode/Install/4399sandbox.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

95:34:a5:2d:63:be:57:62:9a:f6:e7:30:ac:28:87:e9:cc:67:ed:5d
Signer

Actual PE Digest

95:34:a5:2d:63:be:57:62:9a:f6:e7:30:ac:28:87:e9:cc:67:ed:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallType.ini
$PLUGINSDIR/KmdUtil.exe
.exe windows:5 windows x86 arch:x86

312f0dc2e58fdfdb86d144b0679baa25

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ac:80:46:36:f3:4f:8c:bf:91:8b:20:14:99:b9:f2:95:42:b4:12:2a
Signer

Actual PE Digest

ac:80:46:36:f3:4f:8c:bf:91:8b:20:14:99:b9:f2:95:42:b4:12:2a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\kmdutil\obj\i386\KmdUtil.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
exit
_cexit
_XcptFilter
_exit
_c_exit
memset
wcslen
_wcsicmp
_wcsnicmp
wcscpy
_acmdln
wcscat
swprintf

advapi32

StartServiceW
RegSetValueExW
CreateServiceW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
OpenServiceW
DeleteService
ControlService
OpenSCManagerW
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
RegCreateKeyExW

kernel32

GetCommandLineW
Sleep
FormatMessageW
CloseHandle
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetLastError
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA

user32

MessageBoxW

ntdll

NtClose
NtUnloadDriver
NtDeviceIoControlFile
RtlInitUnicodeString
NtOpenFile

shell32

CommandLineToArgvW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Warning.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
LICENSE.TXT
SandboxieBITS.exe
.exe windows:5 windows x86 arch:x86

4a0846323fde3c7a4fcf9b9218bf0c8c

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:56:dc:01:29:e9:13:20:42:29:1d:58:37:13:43:ef:e5:5b:e7:8f
Signer

Actual PE Digest

99:56:dc:01:29:e9:13:20:42:29:1d:58:37:13:43:ef:e5:5b:e7:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\bits\obj\i386\SandboxieBITS.pdb

Imports

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_except_handler3
_cexit
_XcptFilter
_exit
_c_exit
_controlfp
_wcsicmp
swprintf
wcscpy
wcslen
exit

advapi32

AccessCheckByType
DuplicateTokenEx
SetThreadToken
StartServiceCtrlDispatcherW

kernel32

ExitProcess
LoadLibraryW
TerminateProcess
CreateThread
SetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
HeapAlloc
GetProcessHeap
GetCurrentProcess
SetEvent
OpenEventW
GetProcAddress
CloseHandle
OpenProcess
Sleep

user32

wsprintfW
MessageBoxW

ole32

CoImpersonateClient

wtsapi32

WTSQueryUserToken

sbiedll

_SbieApi_EnumProcessEx@16
_SbieDll_Hook@12
_SbieApi_QueryConf@20
_SbieApi_QueryProcess@20

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieCrypto.exe
.exe windows:5 windows x86 arch:x86

4b8c9b37f6da2ffd863704179986d92f

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:39:9b:85:f1:1c:56:95:72:b8:15:20:a3:29:86:f3:40:f3:42:d9
Signer

Actual PE Digest

00:39:9b:85:f1:1c:56:95:72:b8:15:20:a3:29:86:f3:40:f3:42:d9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\crypto\obj\i386\SandboxieCrypto.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_initterm
_wcsicmp
swprintf
wcslen
wcscpy

advapi32

AccessCheckByType
StartServiceCtrlDispatcherW

kernel32

TerminateProcess
ExitProcess
GetProcAddress
CreateThread
SetLastError
QueryPerformanceCounter
CloseHandle
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
HeapAlloc
GetProcessHeap
GetCurrentProcess
SetEvent
OpenEventW
LoadLibraryW
OpenProcess
Sleep

user32

MessageBoxW
wsprintfW

sbiedll

_SbieApi_EnumProcessEx@16
_SbieDll_Hook@12
_SbieApi_QueryConf@20
_SbieApi_QueryProcess@20

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieDcomLaunch.exe
.exe windows:5 windows x86 arch:x86

d14e09a640f15cbab22fa9a80c180352

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:cb:c7:51:6e:d3:b1:fa:4e:a6:4b:82:f8:f4:c6:d2:65:bd:1c:04
Signer

Actual PE Digest

1e:cb:c7:51:6e:d3:b1:fa:4e:a6:4b:82:f8:f4:c6:d2:65:bd:1c:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\dcomlaunch\obj\i386\SandboxieDcomLaunch.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_initterm
_wcsicmp
swprintf
wcslen
wcscpy
wcscmp

advapi32

GetTokenInformation
SetServiceStatus
RegisterServiceCtrlHandlerW
RegisterServiceCtrlHandlerExW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
StartServiceW
ControlService
StartServiceCtrlDispatcherW
QueryServiceStatusEx
OpenProcessToken
ConvertSidToStringSidW

kernel32

SuspendThread
GetCurrentThread
TerminateProcess
ExitProcess
CreateFileMappingW
GetProcAddress
CreateThread
SetLastError
QueryPerformanceCounter
CloseHandle
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
HeapAlloc
GetProcessHeap
GetCurrentProcess
SetEvent
OpenEventW
LoadLibraryW
OpenProcess
LocalFree
HeapFree
GetLastError
Sleep

user32

MessageBoxW
wsprintfW

ntdll

NtSetInformationProcess
RtlAdjustPrivilege

sbiedll

_SbieApi_EnumProcessEx@16
_SbieDll_IsBoxedService@4
_SbieDll_Hook@12
_SbieApi_QueryConf@20
_SbieApi_QueryProcess@20

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieEventSys.exe
.exe windows:5 windows x86 arch:x86

4b8c9b37f6da2ffd863704179986d92f

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

86:ac:4e:31:0f:4f:3d:0d:ac:17:39:7b:dd:3d:b6:a8:0f:f2:db:27
Signer

Actual PE Digest

86:ac:4e:31:0f:4f:3d:0d:ac:17:39:7b:dd:3d:b6:a8:0f:f2:db:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\eventsys\obj\i386\SandboxieEventSys.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_initterm
_wcsicmp
swprintf
wcslen
wcscpy

advapi32

AccessCheckByType
StartServiceCtrlDispatcherW

kernel32

TerminateProcess
ExitProcess
GetProcAddress
CreateThread
SetLastError
QueryPerformanceCounter
CloseHandle
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
HeapAlloc
GetProcessHeap
GetCurrentProcess
SetEvent
OpenEventW
LoadLibraryW
OpenProcess
Sleep

user32

MessageBoxW
wsprintfW

sbiedll

_SbieApi_EnumProcessEx@16
_SbieDll_Hook@12
_SbieApi_QueryConf@20
_SbieApi_QueryProcess@20

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieRpcSs.exe
.exe windows:5 windows x86 arch:x86

be520d1f80f3efb9dd14c287f83e5eef

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ec:c0:70:bc:72:6f:de:16:f4:56:62:a4:3f:6b:31:fa:fe:48:7e:ab
Signer

Actual PE Digest

ec:c0:70:bc:72:6f:de:16:f4:56:62:a4:3f:6b:31:fa:fe:48:7e:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\rpcss\obj\i386\SandboxieRpcSs.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
__p__fmode
_cexit
_XcptFilter
_exit
_c_exit
__set_app_type
_except_handler3
_controlfp
_wcsicmp
swprintf
exit
wcslen
wcscpy
wcscmp

advapi32

GetTokenInformation
SetServiceStatus
RegisterServiceCtrlHandlerW
RegisterServiceCtrlHandlerExW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
StartServiceW
ControlService
StartServiceCtrlDispatcherW
QueryServiceStatusEx
OpenProcessToken
ConvertSidToStringSidW

kernel32

SuspendThread
GetCurrentThread
TerminateProcess
ExitProcess
CreateFileMappingW
GetProcAddress
CreateThread
SetLastError
QueryPerformanceCounter
HeapFree
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
HeapAlloc
GetProcessHeap
GetCurrentProcess
SetEvent
OpenEventW
LoadLibraryW
CloseHandle
LocalFree
OpenProcess
GetLastError
Sleep

user32

wsprintfW
MessageBoxW

ntdll

NtSetInformationProcess
RtlAdjustPrivilege

ws2_32

listen
bind
WSAStartup

sbiedll

_SbieApi_EnumProcessEx@16
_SbieDll_IsBoxedService@4
_SbieDll_Hook@12
_SbieApi_QueryConf@20
_SbieApi_QueryProcess@20

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieWUAU.exe
.exe windows:5 windows x86 arch:x86

8d791d3feb0c687c8d8698d0c7aac411

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:5d:5a:22:ec:64:d8:08:1c:af:d4:98:f6:1e:4d:97:f2:b3:cd:ff
Signer

Actual PE Digest

29:5d:5a:22:ec:64:d8:08:1c:af:d4:98:f6:1e:4d:97:f2:b3:cd:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\wuau\obj\i386\SandboxieWUAU.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_initterm
_wcsicmp
swprintf
wcslen
wcscpy

advapi32

AccessCheckByType
StartServiceCtrlDispatcherW

kernel32

TerminateProcess
GetVersionExW
LoadLibraryW
GetProcAddress
CreateThread
QueryPerformanceCounter
CloseHandle
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
GetProcessHeap
GetCurrentProcess
SetEvent
OpenEventW
Sleep
ExitProcess
HeapAlloc
OpenProcess
SetLastError

user32

MessageBoxW
wsprintfW

sbiedll

_SbieApi_EnumProcessEx@16
_SbieDll_Hook@12
_SbieApi_QueryConf@20
_SbieApi_QueryProcess@20

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SbieCtrl.exe
.exe windows:5 windows x86 arch:x86

54c96abb3789325a7397e9bfcf30a97a

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9d:cf:6d:82:65:8d:3f:9f:60:6a:b3:75:f9:d2:b7:e0:50:68:d9:32
Signer

Actual PE Digest

9d:cf:6d:82:65:8d:3f:9f:60:6a:b3:75:f9:d2:b7:e0:50:68:d9:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\control\obj\i386\SbieCtrl.pdb

Imports

mfc42u

ord6024
ord2756
ord926
ord2634
ord3312
ord5426
ord4704
ord5977
ord1165
ord1662
ord2644
ord5949
ord6563
ord5945
ord6193
ord3356
ord5947
ord3090
ord3658
ord3621
ord2406
ord3566
ord1634
ord1633
ord5781
ord4215
ord2576
ord3649
ord2430
ord2858
ord1637
ord1143
ord2854
ord2371
ord6051
ord1768
ord5286
ord3393
ord4418
ord3728
ord567
ord810
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6168
ord5869
ord5785
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord640
ord6190
ord6017
ord323
ord4266
ord4532
ord2115
ord3282
ord3291
ord6266
ord3909
ord1084
ord4688
ord3749
ord5142
ord3016
ord4847
ord6376
ord2078
ord326
ord4270
ord3737
ord818
ord2144
ord5856
ord773
ord772
ord5603
ord5602
ord500
ord5677
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord3396
ord4616
ord3733
ord561
ord815
ord2613
ord5568
ord2910
ord4237
ord4718
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5278
ord2641
ord1658
ord4430
ord5248
ord4421
ord3618
ord674
ord3865
ord2455
ord538
ord4219
ord2447
ord2550
ord366
ord1105
ord291
ord910
ord2574
ord4396
ord3635
ord693
ord2857
ord4238
ord697
ord395
ord4181
ord6896
ord3281
ord3905
ord6688
ord686
ord3991
ord2445
ord2088
ord384
ord491
ord5625
ord3431
ord2855
ord3397
ord3716
ord795
ord2567
ord4390
ord3569
ord609
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord6316
ord2769
ord3084
ord5639
ord2070
ord2091
ord2108
ord4282
ord4279
ord1644
ord6238
ord913
ord700
ord398
ord6279
ord6278
ord3434
ord2776
ord909
ord3638
ord696
ord3930
ord394
ord5586
ord3430
ord4180
ord1172
ord5706
ord860
ord283
ord5871
ord4128
ord4292
ord2746
ord2836
ord2099
ord4199
ord5446
ord6390
ord5436
ord6379
ord613
ord3490
ord4078
ord1834
ord289
ord3688
ord3568
ord3614
ord2705
ord3995
ord6004
ord2579
ord4400
ord3389
ord3724
ord804
ord6777
ord4254
ord1900
ord1683
ord2520
ord5284
ord4433
ord2046
ord4425
ord771
ord497
ord2400
ord6868
ord2606
ord6655
ord4120
ord3470
ord3285
ord3298
ord5845
ord2876
ord6451
ord2877
ord6437
ord2111
ord1761
ord1258
ord4709
ord2629
ord1230
ord5784
ord472
ord755
ord470
ord2036
ord2440
ord1569
ord537
ord800
ord942
ord861
ord858
ord641
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4370
ord5261
ord4229
ord2859
ord3133
ord768
ord4253
ord414
ord3979
ord713
ord3657
ord5817
ord5600
ord5855
ord924
ord5617
ord4124
ord6654
ord539
ord501
ord1083
ord536
ord4273
ord941
ord715
ord415
ord5597
ord5616
ord1081
ord1008
ord925
ord1085
ord2757
ord6565
ord5605
ord2010
ord3694
ord4829
ord5283
ord4371
ord4352
ord4942
ord4970
ord4899
ord5154
ord5156
ord5155
ord823
ord3798
ord5679
ord4272
ord2755
ord4197
ord542
ord5618
ord802
ord3087
ord927
ord6195
ord540
ord2810
ord535
ord6211
ord3871
ord922
ord940
ord825
ord2637
ord2092
ord324
ord1135
ord4294
ord5830

msvcrt

wcscmp
__CxxFrameHandler
_wcsnicmp
_wcsicmp
wcschr
free
malloc
wcsrchr
_wtoi64
wcscat
wcslen
time
wcscpy
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
exit
_wtoi
wcsstr
wcsncpy
towlower
memmove
atof
strchr
toupper
_purecall
__RTDynamicCast
_c_exit
_exit
_XcptFilter
_cexit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ

advapi32

RegEnumValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyW
RegCloseKey
OpenEventLogW
ReadEventLogW
CloseEventLog
RegOpenKeyExW
RegQueryValueExW

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
FreeLibrary
LoadLibraryW
GetProcessTimes
GetProcAddress
CreateProcessW
GetTempPathW
WriteFile
CreateDirectoryW
RemoveDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
DeleteFileW
GetModuleFileNameW
GetDriveTypeW
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
OpenProcess
TerminateProcess
WaitForSingleObject
GetCommandLineW
OpenMutexW
CreateMutexW
GetVersionExW
HeapAlloc
ProcessIdToSessionId
CreateThread
GetCurrentProcessId
CreateFileW
GetLastError
GetFileTime
CloseHandle
GetProcessHeap
HeapFree
LocalFree
LocalAlloc
InitializeCriticalSection
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
FindResourceW
SizeofResource
LoadResource
LockResource
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
Sleep
GetStartupInfoW

gdi32

LPtoDP
PatBlt
PtVisible
RectVisible
TextOutW
DPtoLP
Escape
BitBlt
Ellipse
GetStockObject
CreatePatternBrush
Rectangle
GetPixel
SetPixel
GetTextMetricsW
CreatePen
GetObjectW
CreateSolidBrush
CreateFontIndirectW
GetClipBox
SetTextColor
GetCurrentObject
GetTextColor
GetWindowExtEx
GetViewportExtEx
GetMapMode
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
ExtTextOutW
GetTextExtentPoint32W
DeleteObject

user32

SendMessageW
UnhookWindowsHookEx
SetCursor
ReleaseCapture
GetParent
PostMessageW
CallNextHookEx
IsWindowVisible
PtInRect
EnumChildWindows
WindowFromPoint
SetWindowsHookExW
SetCapture
CallWindowProcW
SetWindowLongW
SetWindowPos
MoveWindow
GetDC
CreateWindowExW
SetFocus
ScreenToClient
GetDlgItem
SetWindowTextW
ShowWindow
GetDlgCtrlID
GetWindow
SendDlgItemMessageW
GetWindowLongW
EnableWindow
SetTimer
CopyRect
EnableMenuItem
GetSubMenu
LoadMenuW
DestroyCursor
EndPaint
UpdateWindow
InvalidateRect
TabbedTextOutW
DrawTextW
GrayStringW
GetMessagePos
GetWindowThreadProcessId
KillTimer
SetForegroundWindow
DispatchMessageW
GetMessageW
TranslateMessage
LoadIconW
MsgWaitForMultipleObjects
PeekMessageW
RegisterWindowMessageW
RegisterClassExW
DefWindowProcW
SystemParametersInfoW
FindWindowW
CreatePopupMenu
DeleteMenu
AppendMenuW
SetMenuDefaultItem
GetMenuItemCount
GetMenuItemID
GetMenuStringW
InsertMenuW
ModifyMenuW
GetMenu
PostQuitMessage
GetCursorPos
wsprintfW
GetSystemMetrics
GetKeyState
FindWindowExW
DestroyIcon
EnumWindows
DrawStateW
GetSysColor
GetMenuItemInfoW
GetMenuItemRect
GetClassNameW
SetMenuItemInfoW
IsMenu
IsRectEmpty
GetDesktopWindow
IsWindow
GetSysColorBrush
GetIconInfo
LoadBitmapW
LoadCursorW
GetWindowRect
GetClientRect
ClientToScreen
OffsetRect
GetWindowDC
SetRect
InvertRect
ReleaseDC
BeginPaint
MessageBoxW

ntdll

NtCreateFile
NtQueryDirectoryFile

psapi

GetModuleFileNameExW

shell32

DragQueryFileW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
Shell_NotifyIconW
ShellExecuteW
ord165
SHGetFolderPathW
ExtractIconExW
SHFileOperationW

comctl32

ImageList_GetImageCount
ImageList_GetIcon
ImageList_Draw
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Remove
ImageList_GetImageInfo

comdlg32

GetOpenFileNameW

gdiplus

GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdiplusStartup

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoInitialize
CoCreateInstance

sbiedll

_SbieApi_FreeReply@4
_SbieApi_GetVersion@4
_SbieDll_StartSbieDrv@4
_SbieDll_FormatMessage0@4
_SbieDll_FormatMessage1@8
_SbieApi_KillProcess@4
_SbieApi_EnumBoxes@8
_SbieApi_ReloadConf@4
_SbieApi_QueryBoxPath@28
_SbieApi_QueryConf@20
_SbieDll_TranslateNtToDosPath@4
_SbieDll_GetAllUsersPath@0
_SbieDll_GetUserPath@0
_SbieDll_GetDrivePath@4
_SbieApi_EnumProcessEx@16
_SbieApi_QueryProcess@20
_SbieDll_GetBoxFilePath@8
_SbieApi_CallServer@4
_SbieApi_SetLicense@8
_SbieApi_GetLicense@4
_SbieDll_FormatMessage@8
_SbieDll_FormatMessage2@12
_SbieDll_CanElevateOnVista@0
_SbieDll_DeviceChange@8
_SbieApi_DisableForceProcess@8
_SbieDll_RunFromHome@16
_SbieDll_GetLanguage@4
_SbieApi_GetWork@12
_SbieDll_StartSbieSvc@4

Sections

.text
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SbieDll.dll
.dll windows:5 windows x86 arch:x86

3af8894d3b1faeb3fb96435d79712bc0

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:76:f1:20:45:ac:d7:34:43:5e:bd:ac:56:b4:92:8c:68:da:e0:a3
Signer

Actual PE Digest

3a:76:f1:20:45:ac:d7:34:43:5e:bd:ac:56:b4:92:8c:68:da:e0:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\core\dll\obj\i386\SbieDll.pdb

Imports

ntdll

RtlFreeAnsiString
NtAssignProcessToJobObject
LdrGetProcedureAddress
RtlCreateProcessParameters
NtDeviceIoControlFile
_vsnprintf
NtRegisterThreadTerminatePort
NtRequestWaitReplyPort
NtAdjustPrivilegesToken
LdrLoadDll
NtQuerySecurityObject
NtDuplicateObject
NtOpenThread
NtOpenProcess
NtQuerySystemInformation
RtlUnwind
NtQueryVirtualMemory
NtLoadDriver
LdrUnloadDll
NtDeleteKey
NtEnumerateKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtNotifyChangeKey
NtNotifyChangeMultipleKeys
NtSaveKey
NtSetInformationKey
NtCreatePort
NtConnectPort
NtCreateEvent
NtOpenEvent
NtCreateMutant
NtOpenMutant
NtCreateSemaphore
NtOpenSemaphore
NtCreateSection
NtOpenSection
RtlInitString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
strchr
sprintf
_stricmp
RtlUnicodeStringToAnsiString
strncmp
wcsncmp
_wtoi
NtQueryAttributesFile
NtSetInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
RtlGetCurrentDirectory_U
RtlGetFullPathName_U
NtDeleteFile
towlower
NtReadFile
NtWriteFile
NtQueryInformationToken
RtlConvertSidToUnicodeString
NtQueryObject
RtlCompareUnicodeString
NtQueryInformationFile
NtCreateFile
NtQueryFullAttributesFile
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
memmove
RtlQueryRegistryValues
NtOpenDirectoryObject
NtSetInformationProcess
NtOpenFile
_wcsicmp
NtQueryDirectoryFile
wcscmp
wcsncpy
RtlCompareMemory
wcschr
_wcslwr
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtProtectVirtualMemory
wcsrchr
wcsstr
NtDeleteValueKey
NtQueryValueKey
NtQueryKey
NtOpenKey
wcscpy
wcscat
RtlInitUnicodeString
NtCreateKey
swprintf
NtSetValueKey
wcslen
NtOpenProcessToken
NtPrivilegeCheck
NtClose
NtSetSecurityObject
_wcsnicmp

kernel32

CreateMutexW
CreateFileMappingW
ReleaseMutex
GetWindowsDirectoryW
HeapDestroy
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
OpenProcess
CreateFileA
FindResourceExW
FormatMessageW
QueueUserWorkItem
GetLongPathNameW
GetFullPathNameW
OpenFileMappingW
MapViewOfFile
CreateThread
GetSystemWindowsDirectoryW
WinExec
CreateProcessA
GetCurrentDirectoryW
GetEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
GetTickCount
Sleep
CreateEventW
OpenEventW
HeapFree
GetProcessHeap
HeapAlloc
OutputDebugStringW
VirtualFree
RaiseException
SleepEx
GetCommandLineW
LoadLibraryW
FreeLibrary
FindResourceW
FindResourceA
LoadResource
LockResource
OpenThread
GetThreadTimes
GlobalAddAtomW
WideCharToMultiByte
GetModuleFileNameW
SetConsoleTitleA
SetConsoleTitleW
GetCurrentThread
QueueUserAPC
CreateFileW
GetSystemTimeAsFileTime
GetCurrentThreadId
InterlockedExchange
SetEvent
InterlockedCompareExchange
TlsGetValue
TlsSetValue
TlsAlloc
InitializeCriticalSection
DisableThreadLibraryCalls
GetCurrentProcessId
GetCurrentProcess
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
VirtualProtect
ExitProcess
GetModuleHandleW
ExpandEnvironmentStringsW
CreateProcessW
WaitForSingleObject
CloseHandle
SetLastError
LocalAlloc
LocalFree
GetProcAddress
GetLastError
HeapCreate

Exports

Exports

SbieApi_Log
SbieApi_LogEx
_SbieApi_CallServer@4
_SbieApi_CallZero@4
_SbieApi_CreateDirOrLink@8
_SbieApi_DisableForceProcess@8
_SbieApi_DuplicateObject@20
_SbieApi_EnumBoxes@8
_SbieApi_EnumProcessEx@16
_SbieApi_FreeReply@4
_SbieApi_GetInjectSaveArea@12
_SbieApi_GetLicense@4
_SbieApi_GetSetDeviceMap@4
_SbieApi_GetVersion@4
_SbieApi_GetWork@12
_SbieApi_HookTramp@8
_SbieApi_KillProcess@4
_SbieApi_PortName@0
_SbieApi_QueryBoxPath@28
_SbieApi_QueryConf@20
_SbieApi_QueryPathList@12
_SbieApi_QueryProcess@20
_SbieApi_QueryProcessPath@28
_SbieApi_ReloadConf@4
_SbieApi_RenameFile@16
_SbieApi_SetLicense@8
_SbieApi_SetUserName@8
_SbieApi_StartProcess@16
_SbieDll_AssocQueryCommand@4
_SbieDll_AssocQueryProgram@4
_SbieDll_CanElevateOnVista@0
_SbieDll_DeviceChange@8
_SbieDll_FormatMessage0@4
_SbieDll_FormatMessage1@8
_SbieDll_FormatMessage2@12
_SbieDll_FormatMessage@8
_SbieDll_GetAllUsersPath@0
_SbieDll_GetBoxFilePath@8
_SbieDll_GetDrivePath@4
_SbieDll_GetHandlePath@12
_SbieDll_GetLanguage@4
_SbieDll_GetUserPath@0
_SbieDll_Hook@12
_SbieDll_InitPStore@0
_SbieDll_InitProcess@0
_SbieDll_IsBoxedService@4
_SbieDll_IsDirectory@4
_SbieDll_IsWow64@0
_SbieDll_RunFromHome@16
_SbieDll_StartCOM@0
_SbieDll_StartSbieDrv@4
_SbieDll_StartSbieSvc@4
_SbieDll_TranslateNtToDosPath@4

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieDllX.dll
.dll windows:5 windows x86 arch:x86

3af8894d3b1faeb3fb96435d79712bc0

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:76:f1:20:45:ac:d7:34:43:5e:bd:ac:56:b4:92:8c:68:da:e0:a3
Signer

Actual PE Digest

3a:76:f1:20:45:ac:d7:34:43:5e:bd:ac:56:b4:92:8c:68:da:e0:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\core\dll\obj\i386\SbieDll.pdb

Imports

ntdll

RtlFreeAnsiString
NtAssignProcessToJobObject
LdrGetProcedureAddress
RtlCreateProcessParameters
NtDeviceIoControlFile
_vsnprintf
NtRegisterThreadTerminatePort
NtRequestWaitReplyPort
NtAdjustPrivilegesToken
LdrLoadDll
NtQuerySecurityObject
NtDuplicateObject
NtOpenThread
NtOpenProcess
NtQuerySystemInformation
RtlUnwind
NtQueryVirtualMemory
NtLoadDriver
LdrUnloadDll
NtDeleteKey
NtEnumerateKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtNotifyChangeKey
NtNotifyChangeMultipleKeys
NtSaveKey
NtSetInformationKey
NtCreatePort
NtConnectPort
NtCreateEvent
NtOpenEvent
NtCreateMutant
NtOpenMutant
NtCreateSemaphore
NtOpenSemaphore
NtCreateSection
NtOpenSection
RtlInitString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
strchr
sprintf
_stricmp
RtlUnicodeStringToAnsiString
strncmp
wcsncmp
_wtoi
NtQueryAttributesFile
NtSetInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
RtlGetCurrentDirectory_U
RtlGetFullPathName_U
NtDeleteFile
towlower
NtReadFile
NtWriteFile
NtQueryInformationToken
RtlConvertSidToUnicodeString
NtQueryObject
RtlCompareUnicodeString
NtQueryInformationFile
NtCreateFile
NtQueryFullAttributesFile
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
memmove
RtlQueryRegistryValues
NtOpenDirectoryObject
NtSetInformationProcess
NtOpenFile
_wcsicmp
NtQueryDirectoryFile
wcscmp
wcsncpy
RtlCompareMemory
wcschr
_wcslwr
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtProtectVirtualMemory
wcsrchr
wcsstr
NtDeleteValueKey
NtQueryValueKey
NtQueryKey
NtOpenKey
wcscpy
wcscat
RtlInitUnicodeString
NtCreateKey
swprintf
NtSetValueKey
wcslen
NtOpenProcessToken
NtPrivilegeCheck
NtClose
NtSetSecurityObject
_wcsnicmp

kernel32

CreateMutexW
CreateFileMappingW
ReleaseMutex
GetWindowsDirectoryW
HeapDestroy
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
OpenProcess
CreateFileA
FindResourceExW
FormatMessageW
QueueUserWorkItem
GetLongPathNameW
GetFullPathNameW
OpenFileMappingW
MapViewOfFile
CreateThread
GetSystemWindowsDirectoryW
WinExec
CreateProcessA
GetCurrentDirectoryW
GetEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
GetTickCount
Sleep
CreateEventW
OpenEventW
HeapFree
GetProcessHeap
HeapAlloc
OutputDebugStringW
VirtualFree
RaiseException
SleepEx
GetCommandLineW
LoadLibraryW
FreeLibrary
FindResourceW
FindResourceA
LoadResource
LockResource
OpenThread
GetThreadTimes
GlobalAddAtomW
WideCharToMultiByte
GetModuleFileNameW
SetConsoleTitleA
SetConsoleTitleW
GetCurrentThread
QueueUserAPC
CreateFileW
GetSystemTimeAsFileTime
GetCurrentThreadId
InterlockedExchange
SetEvent
InterlockedCompareExchange
TlsGetValue
TlsSetValue
TlsAlloc
InitializeCriticalSection
DisableThreadLibraryCalls
GetCurrentProcessId
GetCurrentProcess
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
VirtualProtect
ExitProcess
GetModuleHandleW
ExpandEnvironmentStringsW
CreateProcessW
WaitForSingleObject
CloseHandle
SetLastError
LocalAlloc
LocalFree
GetProcAddress
GetLastError
HeapCreate

Exports

Exports

SbieApi_Log
SbieApi_LogEx
_SbieApi_CallServer@4
_SbieApi_CallZero@4
_SbieApi_CreateDirOrLink@8
_SbieApi_DisableForceProcess@8
_SbieApi_DuplicateObject@20
_SbieApi_EnumBoxes@8
_SbieApi_EnumProcessEx@16
_SbieApi_FreeReply@4
_SbieApi_GetInjectSaveArea@12
_SbieApi_GetLicense@4
_SbieApi_GetSetDeviceMap@4
_SbieApi_GetVersion@4
_SbieApi_GetWork@12
_SbieApi_HookTramp@8
_SbieApi_KillProcess@4
_SbieApi_PortName@0
_SbieApi_QueryBoxPath@28
_SbieApi_QueryConf@20
_SbieApi_QueryPathList@12
_SbieApi_QueryProcess@20
_SbieApi_QueryProcessPath@28
_SbieApi_ReloadConf@4
_SbieApi_RenameFile@16
_SbieApi_SetLicense@8
_SbieApi_SetUserName@8
_SbieApi_StartProcess@16
_SbieDll_AssocQueryCommand@4
_SbieDll_AssocQueryProgram@4
_SbieDll_CanElevateOnVista@0
_SbieDll_DeviceChange@8
_SbieDll_FormatMessage0@4
_SbieDll_FormatMessage1@8
_SbieDll_FormatMessage2@12
_SbieDll_FormatMessage@8
_SbieDll_GetAllUsersPath@0
_SbieDll_GetBoxFilePath@8
_SbieDll_GetDrivePath@4
_SbieDll_GetHandlePath@12
_SbieDll_GetLanguage@4
_SbieDll_GetUserPath@0
_SbieDll_Hook@12
_SbieDll_InitPStore@0
_SbieDll_InitProcess@0
_SbieDll_IsBoxedService@4
_SbieDll_IsDirectory@4
_SbieDll_IsWow64@0
_SbieDll_RunFromHome@16
_SbieDll_StartCOM@0
_SbieDll_StartSbieDrv@4
_SbieDll_StartSbieSvc@4
_SbieDll_TranslateNtToDosPath@4

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieDrv.sys
.sys windows:5 windows x86 arch:x86

941583abe4e5e1c967bb33cb486b15b3

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:1f:c0:31:b8:d7:2f:6a:79:a2:38:49:68:e0:28:a4:fa:45:19:cf
Signer

Actual PE Digest

6b:1f:c0:31:b8:d7:2f:6a:79:a2:38:49:68:e0:28:a4:fa:45:19:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\core\drv\obj\i386\SbieDrv.pdb

Imports

ntoskrnl.exe

_except_handler3
ProbeForWrite
wcslen
ZwClose
ZwSetEvent
ZwOpenEvent
RtlInitUnicodeString
wcsncpy
ExRaiseStatus
IoCreateDevice
IoDeleteDevice
wcscpy
RtlFreeUnicodeString
memmove
wcschr
wcscat
_wcsicmp
KeDelayExecutionThread
RtlQueryRegistryValues
_itow
_wcsnicmp
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlUnicodeStringToInteger
swprintf
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
PsGetVersion
ObfDereferenceObject
ObReferenceObjectByHandle
wcsrchr
ZwQueryValueKey
ZwOpenKey
ZwAdjustPrivilegesToken
ZwDuplicateToken
ZwOpenProcessToken
ZwOpenProcess
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwSetInformationFile
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
MmGetSystemRoutineAddress
KeGetCurrentThread
PsLookupThreadByThreadId
ZwQuerySystemInformation
ZwOpenThread
ZwAllocateVirtualMemory
PsGetCurrentProcessId
ExGetPreviousMode
KeSetTargetProcessorDpc
KeSetImportanceDpc
KeInitializeDpc
KeQueryActiveProcessors
PsGetCurrentThreadId
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
MmBuildMdlForNonPagedPool
KeServiceDescriptorTable
ZwYieldExecution
ZwAccessCheckAndAuditAlarm
RtlCompareMemory
wcstombs
IoCreateFile
ZwReadFile
wcsstr
_wcslwr
ZwCreateDirectoryObject
ZwQueryInformationProcess
ZwCreateSymbolicLinkObject
wcscmp
ZwLoadKey
ZwUnloadKey
ZwSetValueKey
KeQuerySystemTime
ZwCreateKey
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
DbgPrint
ObOpenObjectByName
ObQueryNameString
RtlCaptureStackBackTrace
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
RtlIntegerToUnicodeString
PsLookupProcessByProcessId
_alldiv
SeTokenIsAdmin
PsReferencePrimaryToken
IoGetCurrentProcess
wcsncmp
ZwQueryInformationToken
ZwFreeVirtualMemory
IoGetRequestorProcessId
ZwSetInformationProcess
NtDuplicateObject
SeSinglePrivilegeCheck
IoThreadToProcess
RtlConvertSidToUnicodeString
ZwOpenThreadToken
ProbeForRead
KeBugCheckEx
KeInsertQueueDpc
IofCompleteRequest

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieMsg.dll
.dll windows:5 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:23:b2:8f:1d:77:93:ea:28:4b:19:19:9b:aa:a0:58:ed:2f:15:9a
Signer

Actual PE Digest

8d:23:b2:8f:1d:77:93:ea:28:4b:19:19:9b:aa:a0:58:ed:2f:15:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\core\msg\obj\i386\SbieMsg.pdb

Sections

.text
Size: 512B - Virtual size: 151B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieSvc.exe
.exe windows:5 windows x86 arch:x86

0c6b81b6daa1551cb48cbee2821bf7a2

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:cd:62:ce:36:35:3a:56:79:ca:65:99:03:af:1b:bb:bf:0c:65:1d
Signer

Actual PE Digest

67:cd:62:ce:36:35:3a:56:79:ca:65:99:03:af:1b:bb:bf:0c:65:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\core\svc\obj\i386\SbieSvc.pdb

Imports

msvcrt

memset
wcslen
??2@YAPAXI@Z
??3@YAXPAX@Z
wcscpy
_except_handler3
wcscmp
towlower
_wcsnicmp
_wcslwr
_wcsicmp
wcschr
wcscat
wcsrchr
memcmp
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
memcpy

advapi32

CreateProcessAsUserW
EnumServicesStatusW
QueryServiceConfigW
QueryServiceConfig2W
QueryServiceStatusEx
StartServiceW
CloseServiceHandle
CheckTokenMembership
FreeSid
OpenThreadToken
ConvertStringSidToSidW
LookupAccountSidW
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetEntriesInAclW
SetSecurityDescriptorDacl
OpenSCManagerW
OpenServiceW
ControlService
ReportEventW
OpenEventLogW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW

kernel32

GetFileTime
LeaveCriticalSection
FlushFileBuffers
EnterCriticalSection
TerminateProcess
OpenProcess
GetSystemTimeAsFileTime
LocalFree
ProcessIdToSessionId
HeapReAlloc
DeleteFileW
SetEndOfFile
GetStartupInfoA
GetVersionExW
WriteFile
CopyFileW
SetFileAttributesW
GetFileAttributesW
GetTickCount
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
CancelIo
GetProcAddress
LoadLibraryW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetCurrentThread
SetUnhandledExceptionFilter
SleepEx
InterlockedCompareExchange
VirtualAlloc
ExitProcess
RaiseException
VirtualFree
OutputDebugStringW
GetLastError
QueueUserWorkItem
Sleep
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
GetCurrentProcess
HeapDestroy
HeapCreate
SetLastError
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
CreateEventW
WaitForMultipleObjects
TerminateThread
WaitForSingleObject
SetEvent
InterlockedExchange
CreateThread
InterlockedIncrement
SetThreadPriority
GetTempPathW
InitializeCriticalSection
CreateFileW
UnhandledExceptionFilter

user32

wsprintfW

ntdll

NtOpenThreadToken
NtOpenProcessToken
NtQueryInformationToken
NtFilterToken
NtDuplicateToken
NtSetInformationThread
NtQueryDirectoryFile
NtQueryInformationFile
NtReadFile
NtWriteFile
NtClose
NtCreatePort
NtQueryFullAttributesFile
NtCreateFile
NtSetInformationFile
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtLoadDriver
NtImpersonateClientOfPort
NtAcceptConnectPort
NtCompleteConnectPort
NtReplyWaitReceivePort
RtlInitUnicodeString

setupapi

SetupDiClassNameFromGuidExW
SetupDiBuildClassInfoList
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList
CM_Get_Device_Interface_ListA
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeA
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_Alias_ExW

crypt32

CryptProtectData
CryptUnprotectData

wintrust

CryptCATAdminCalcHashFromFileHandle

ole32

CoTaskMemFree

sbiedll

_SbieApi_PortName@0
SbieApi_Log
_SbieApi_CallZero@4
_SbieApi_GetVersion@4
_SbieApi_GetWork@12
SbieApi_LogEx
_SbieApi_EnumProcessEx@16
_SbieApi_SetUserName@8
_SbieApi_QueryProcess@20
_SbieApi_QueryConf@20
_SbieApi_ReloadConf@4
_SbieDll_RunFromHome@16
_SbieApi_QueryProcessPath@28

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Start.exe
.exe windows:5 windows x86 arch:x86

c607003a46e17e5ab247ad5b9ac6460a

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f9:16:65:a8:72:99:f8:51:81:de:22:0e:f2:c2:25:5a:eb:7d:eb:cf
Signer

Actual PE Digest

f9:16:65:a8:72:99:f8:51:81:de:22:0e:f2:c2:25:5a:eb:7d:eb:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\start\obj\i386\Start.pdb

Imports

advapi32

SetThreadToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CreateProcessAsUserW

kernel32

ExpandEnvironmentStringsW
HeapAlloc
GetProcessHeap
ExitProcess
GetCommandLineW
MapViewOfFile
FindClose
FindNextFileW
FindFirstFileW
HeapDestroy
HeapCreate
HeapFree
GetSystemWindowsDirectoryW
GetFullPathNameW
GetSystemTimeAsFileTime
GetExitCodeProcess
WaitForSingleObject
GetModuleFileNameW
RemoveDirectoryW
CreateProcessW
GetModuleHandleW
OpenMutexW
CloseHandle
Sleep
GetStdHandle
WriteFile
SetLastError
GetLastError
LocalFree
FormatMessageW

gdi32

SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
GetObjectW
CreateFontIndirectW
SetBkColor
SetTextColor

user32

SetMenuInfo
EndDialog
SetFocus
KillTimer
ShowWindow
SendDlgItemMessageW
SetTimer
EnableWindow
GetDlgItem
SendMessageW
SetWindowPos
DialogBoxParamW
LoadImageW
CreateWindowExW
GetWindowInfo
GetWindowRect
SetWindowTextW
GetWindowTextW
GetClientRect
GetDesktopWindow
DestroyIcon
DrawIconEx
GetDC
CreateMenu
InsertMenuItemW
GetSysColorBrush
wsprintfW
MessageBoxW
GetMenuItemCount
CreatePopupMenu
TrackPopupMenu
DestroyWindow
DestroyMenu
GetSysColor

ntdll

RtlUnwind
NtQueryVirtualMemory
NtTerminateProcess
NtQueryInformationFile
NtCreateFile
NtSetInformationFile
RtlNtStatusToDosError
wcscmp
wcscat
iswctype
_wcsicmp
wcsncmp
_wtoi
wcsrchr
memmove
wcslen
wcsncpy
RtlInitUnicodeString
NtOpenDirectoryObject
NtQueryObject
NtClose
towlower
sprintf
_wcsnicmp
_chkstk
wcscpy
NtTerminateThread

shlwapi

SHAutoComplete
AssocQueryStringW

shell32

SHGetFolderPathW
ExtractIconExW
ShellExecuteExW

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize

comdlg32

GetOpenFileNameW

comctl32

InitCommonControlsEx

sbiedll

_SbieDll_StartCOM@0
SbieApi_Log
_SbieApi_GetSetDeviceMap@4
_SbieApi_StartProcess@16
_SbieDll_InitProcess@0
_SbieApi_QueryProcess@20
_SbieDll_RunFromHome@16
_SbieDll_FormatMessage0@4
_SbieApi_CallServer@4
_SbieDll_StartSbieSvc@4
_SbieDll_StartSbieDrv@4
_SbieApi_QueryConf@20
_SbieApi_FreeReply@4
_SbieApi_EnumProcessEx@16
_SbieApi_SetLicense@8
_SbieDll_FormatMessage@8
_SbieDll_GetLanguage@4
_SbieDll_CanElevateOnVista@0
_SbieApi_KillProcess@4
_SbieApi_ReloadConf@4
_SbieDll_FormatMessage1@8
_SbieDll_InitPStore@0
_SbieDll_IsDirectory@4
_SbieDll_GetBoxFilePath@8
_SbieApi_EnumBoxes@8

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/SafeMode/Install/4399sandbox_win7.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

98:96:df:b4:60:1c:f1:d8:57:b4:bb:be:3b:e5:c2:19:20:6e:6f:c4
Signer

Actual PE Digest

98:96:df:b4:60:1c:f1:d8:57:b4:bb:be:3b:e5:c2:19:20:6e:6f:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallType.ini
$PLUGINSDIR/KmdUtil.exe
.exe windows:5 windows x86 arch:x86

611d917a938d9ceec280707166252976

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:49:ef:1b:0c:c4:cf:e2:b3:ff:7d:f5:8b:86:d5:5c:bb:b9:9f:39
Signer

Actual PE Digest

45:49:ef:1b:0c:c4:cf:e2:b3:ff:7d:f5:8b:86:d5:5c:bb:b9:9f:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\install\kmdutil\obj\i386\KmdUtil.pdb

Imports

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_controlfp
exit
_XcptFilter
_exit
_c_exit
wcscat
_wtoi
_wcsicmp
_wcsnicmp
_acmdln
swprintf
wcscpy
wcsrchr
_cexit
wcslen

advapi32

OpenProcessToken
AdjustTokenPrivileges
OpenSCManagerW
ControlService
StartServiceW
RegCreateKeyExW
RegSetValueExW
CreateServiceW
RegCloseKey
RegDeleteKeyW
OpenServiceW
DeleteService
RegOpenKeyExW
LookupPrivilegeValueW

kernel32

GetProcessHeap
HeapAlloc
OpenProcess
ProcessIdToSessionId
HeapFree
GetCurrentProcessId
CloseHandle
Sleep
GetCommandLineW
GetLastError
GetModuleFileNameW
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
SetLastError
LocalAlloc
FormatMessageW
GetCurrentProcess
LoadLibraryW

user32

MessageBoxW

ntdll

NtClose
RtlInitUnicodeString
NtOpenFile
NtDeviceIoControlFile
NtUnloadDriver

shell32

CommandLineToArgvW

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SbieMsg.dll
.dll windows:5 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:42:46:d5:87:52:22:8c:e4:e1:f9:8b:7b:8f:77:0a:80:52:c0:93
Signer

Actual PE Digest

7c:42:46:d5:87:52:22:8c:e4:e1:f9:8b:7b:8f:77:0a:80:52:c0:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\msgs\obj\i386\SbieMsg.pdb

Sections

.text
Size: 512B - Virtual size: 147B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Warning.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
LICENSE.TXT
SandboxieBITS.exe
.exe windows:5 windows x86 arch:x86

fc5c6a259e801b01205c65961ee7657a

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:22:5b:7c:6d:0e:e6:b8:93:44:1c:36:c6:6c:9d:ed:a3:5c:a3:e2
Signer

Actual PE Digest

bb:22:5b:7c:6d:0e:e6:b8:93:44:1c:36:c6:6c:9d:ed:a3:5c:a3:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\bits\obj\i386\SandboxieBITS.pdb

Imports

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_except_handler3
_acmdln
exit
_cexit
_XcptFilter
_controlfp
swprintf
__getmainargs
_exit
_c_exit
wcscpy
wcscat

advapi32

StartServiceCtrlDispatcherW
AccessCheckByType
LogonUserW
DuplicateTokenEx
SetThreadToken
OpenProcessToken

kernel32

QueryPerformanceCounter
SuspendThread
GetTickCount
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
GetProcessHeap
SetEvent
CreateEventW
OpenEventW
Sleep
SetLastError
GetCurrentThread
LoadLibraryW
CloseHandle
HeapAlloc
CreateThread

user32

wsprintfW
MessageBoxW

ole32

CoImpersonateClient

wtsapi32

WTSQueryUserToken

sbiedll

SbieApi_Log
_SbieDll_Hook@12

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieCrypto.exe
.exe windows:5 windows x86 arch:x86

efa0a04887011a5d8a2dee30998b3df9

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:59:5f:b5:17:66:86:4d:26:12:e2:72:09:dc:72:62:ab:91:1f:c0
Signer

Actual PE Digest

10:59:5f:b5:17:66:86:4d:26:12:e2:72:09:dc:72:62:ab:91:1f:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\crypto\obj\i386\SandboxieCrypto.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
__setusermatherr
_exit
_c_exit
wcscpy
wcscat
swprintf

advapi32

DuplicateToken
AccessCheckByType
SetThreadToken
StartServiceCtrlDispatcherW
OpenProcessToken
GetTokenInformation

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
SuspendThread
GetCurrentThread
TlsAlloc
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
Sleep
SetLastError
CreateThread
GetProcAddress
GetModuleHandleW
TlsSetValue
DuplicateHandle
LoadLibraryW
CloseHandle
OpenEventW
GetLastError
HeapAlloc
GetProcessHeap
SetEvent
CreateEventW
TlsGetValue

user32

MessageBoxW
wsprintfW

sbiedll

SbieApi_Log
_SbieDll_Hook@12

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieDcomLaunch.exe
.exe windows:5 windows x86 arch:x86

d6b96f8a15114c1f38edc9f081763301

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:66:85:dc:5b:f4:67:8f:bf:0a:a1:10:9f:ed:60:89:e1:0c:39:60
Signer

Actual PE Digest

8c:66:85:dc:5b:f4:67:8f:bf:0a:a1:10:9f:ed:60:89:e1:0c:39:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\dcomlaunch\obj\i386\SandboxieDcomLaunch.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
__setusermatherr
_wcsicmp
swprintf
wcscat
_exit
_c_exit
wcscpy
wcscmp

advapi32

DuplicateToken
SetServiceStatus
OpenServiceW
CloseServiceHandle
QueryServiceStatus
StartServiceW
ControlService
AccessCheckByType
SetThreadToken
StartServiceCtrlDispatcherW
QueryServiceStatusEx
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SuspendThread
GetCurrentProcessId
CreateFileMappingW
TlsAlloc
TlsGetValue
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
GetStartupInfoA
OpenEventW
Sleep
SetLastError
CreateThread
GetProcAddress
GetModuleHandleW
GetCurrentThread
LoadLibraryW
GetVersionExW
CloseHandle
LocalFree
CreateEventW
GetLastError
OpenProcess
HeapAlloc
GetProcessHeap
SetEvent
TlsSetValue

user32

MessageBoxW
wsprintfW

ntdll

NtSetInformationProcess
RtlAdjustPrivilege

sbiedll

_SbieApi_EnumProcessEx@16
_SbieDll_IsBoxedService@4
_SbieDll_StartBoxedService@8
SbieApi_Log
_SbieDll_Hook@12
_SbieApi_QueryProcess@20

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieRpcSs.exe
.exe windows:5 windows x86 arch:x86

b0a7a7dd5407869426a7a8266044c280

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c4:cf:eb:ed:52:e6:31:3d:67:6f:e9:9a:b5:f2:50:04:2b:8b:0f:48
Signer

Actual PE Digest

c4:cf:eb:ed:52:e6:31:3d:67:6f:e9:9a:b5:f2:50:04:2b:8b:0f:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\rpcss\obj\i386\SandboxieRpcSs.pdb

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_wcsicmp
swprintf
wcscmp
_except_handler3
_controlfp
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
wcslen
wcscpy
wcscat

advapi32

OpenThreadToken
SetServiceStatus
OpenServiceW
CloseServiceHandle
QueryServiceStatus
StartServiceW
ControlService
RegOpenKeyExW
RegQueryValueExW
AccessCheckByType
SetThreadToken
DuplicateToken
StartServiceCtrlDispatcherW
QueryServiceStatusEx
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
ExitProcess
CreateFileMappingW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
Sleep
SetLastError
GetProcessHeap
CreateThread
GetProcAddress
GetModuleHandleW
TlsSetValue
TlsGetValue
TlsAlloc
WaitForSingleObject
CreateMutexW
GetCurrentProcessId
LoadLibraryW
GetVersionExW
CloseHandle
LocalFree
HeapFree
GetLastError
OpenProcess
HeapAlloc
OpenEventW
SetEvent
CreateEventW
OpenMutexW

user32

wsprintfW
MessageBoxW

ntdll

NtSetInformationProcess
RtlAdjustPrivilege

ws2_32

WSASetLastError
WSASocketW
listen
bind
WSAStartup

sbiedll

_SbieApi_QueryProcess@20
_SbieApi_EnumProcessEx@16
_SbieDll_IsBoxedService@4
_SbieDll_StartBoxedService@8
SbieApi_Log
_SbieDll_Hook@12
_SbieDll_IsOpenCOM@0
_SbieDll_KillOne@4
_SbieDll_ExpandAndRunProgram@4
_SbieApi_QueryConf@20

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieWUAU.exe
.exe windows:5 windows x86 arch:x86

5592dfcfc9f7d9b79b28c03dbd5f5412

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bf:75:20:b4:52:4a:0a:56:ed:e7:5c:33:b7:25:93:7f:58:1a:62:95
Signer

Actual PE Digest

bf:75:20:b4:52:4a:0a:56:ed:e7:5c:33:b7:25:93:7f:58:1a:62:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\wuau\obj\i386\SandboxieWUAU.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_initterm
wcschr
_wcsnicmp
wcscpy
wcscat
swprintf
_wcsicmp
wcscmp

advapi32

GetTokenInformation
AccessCheckByType
StartServiceCtrlDispatcherW
OpenProcessToken
ConvertSidToStringSidW

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
TerminateProcess
SuspendThread
GetCurrentThread
GetModuleHandleW
GetProcAddress
CreateThread
GetCurrentProcess
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
HeapAlloc
GetProcessHeap
SetEvent
CreateEventW
OpenEventW
Sleep
CreateProcessW
LoadLibraryW
GetVersionExW
OpenProcess
LocalFree
HeapFree
GetLastError
SetLastError

user32

MessageBoxW
wsprintfW

sbiedll

_SbieApi_EnumProcessEx@16
SbieApi_Log
_SbieDll_Hook@12
_SbieApi_QueryProcess@20

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SbieCtrl.exe
.exe windows:5 windows x86 arch:x86

ef4d19b91d885ebf5ab257f2e4098b67

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:43:d1:e1:3d:af:d3:85:f3:d8:b5:51:08:20:01:8e:a0:58:86:6d
Signer

Actual PE Digest

44:43:d1:e1:3d:af:d3:85:f3:d8:b5:51:08:20:01:8e:a0:58:86:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\control\obj\i386\SbieCtrl.pdb

Imports

mfc42u

ord491
ord5426
ord6193
ord5856
ord1165
ord772
ord5602
ord500
ord5977
ord1662
ord2644
ord5949
ord6563
ord5945
ord3356
ord3090
ord5947
ord3658
ord3621
ord2406
ord3566
ord1634
ord1633
ord5781
ord2858
ord2371
ord6051
ord1768
ord5286
ord3393
ord4418
ord3728
ord567
ord810
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6168
ord5869
ord5785
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord640
ord6190
ord6017
ord323
ord4266
ord4532
ord2115
ord3282
ord3291
ord6266
ord3909
ord1084
ord4688
ord3749
ord5142
ord3016
ord4847
ord6376
ord2078
ord326
ord4270
ord3737
ord818
ord2144
ord773
ord6373
ord5603
ord3614
ord4215
ord2576
ord3649
ord1637
ord1143
ord5677
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord3396
ord4616
ord3733
ord561
ord815
ord2430
ord2613
ord5568
ord2910
ord4237
ord4718
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5278
ord2641
ord1658
ord4430
ord5248
ord4421
ord3618
ord674
ord3865
ord2455
ord1135
ord2447
ord2550
ord366
ord1105
ord6278
ord291
ord2757
ord910
ord2574
ord4396
ord3635
ord693
ord2857
ord4238
ord697
ord395
ord4181
ord6896
ord3281
ord3905
ord6688
ord686
ord3991
ord2445
ord2088
ord384
ord2092
ord5625
ord3431
ord4118
ord2855
ord3397
ord3716
ord795
ord2567
ord4390
ord3569
ord609
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord6316
ord3084
ord5639
ord2070
ord2091
ord2108
ord4282
ord4279
ord6867
ord6865
ord6238
ord1644
ord5597
ord913
ord1172
ord700
ord398
ord3434
ord2776
ord912
ord699
ord397
ord3433
ord5589
ord4192
ord909
ord3638
ord696
ord3930
ord394
ord5586
ord3430
ord4180
ord3568
ord5706
ord283
ord5871
ord4128
ord4292
ord2746
ord2836
ord2099
ord4199
ord5446
ord6390
ord5436
ord6379
ord613
ord3490
ord4078
ord1834
ord289
ord3688
ord2705
ord3995
ord6004
ord2579
ord4400
ord3389
ord3724
ord804
ord6777
ord4254
ord1900
ord1683
ord2520
ord5284
ord4433
ord2046
ord4425
ord771
ord497
ord2400
ord6868
ord2606
ord6655
ord4120
ord3470
ord3285
ord3298
ord5845
ord2876
ord6451
ord2877
ord6437
ord1258
ord2111
ord1761
ord4709
ord2629
ord1230
ord5784
ord472
ord755
ord470
ord2036
ord2440
ord1569
ord6279
ord2634
ord926
ord860
ord6024
ord768
ord4253
ord2854
ord414
ord3979
ord713
ord3657
ord5817
ord5600
ord5855
ord5617
ord859
ord927
ord6654
ord539
ord501
ord1083
ord536
ord4273
ord941
ord715
ord415
ord1085
ord1081
ord1008
ord3312
ord6565
ord4124
ord5616
ord924
ord6211
ord3871
ord2756
ord5605
ord2769
ord2010
ord3694
ord4829
ord5283
ord4371
ord4352
ord4942
ord4970
ord4899
ord5154
ord5156
ord5155
ord823
ord5618
ord542
ord3798
ord802
ord5679
ord4272
ord2755
ord942
ord4197
ord3087
ord6195
ord535
ord540
ord2810
ord537
ord922
ord940
ord925
ord825
ord2637
ord324
ord538
ord861
ord858
ord800
ord641
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4370
ord5261
ord4229
ord2859
ord3133
ord4219
ord4294
ord5830

msvcrt

towupper
memcmp
_wcsicmp
_wcsnicmp
wcscmp
wcscpy
wcscat
wcstol
towlower
free
malloc
__setusermatherr
_adjust_fdiv
__p__fmode
__p__commode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
__CxxFrameHandler
memset
memcpy
wcslen
_controlfp
?terminate@@YAXXZ
_onexit
_initterm
swprintf
wcsrchr
_wtoi64
wcsncpy
exit
_wtoi
wcsncmp
wcschr
time
wcsstr
memmove
_wcslwr
atof
strchr
toupper
_purecall
__RTDynamicCast
_c_exit
_exit
_XcptFilter
_cexit
_wcmdln
__wgetmainargs
__dllonexit

advapi32

LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
RegDeleteKeyW
CloseEventLog
ReadEventLogW
OpenEventLogW
RegCloseKey
RegEnumValueW
RegOpenKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW

kernel32

GetLastError
RemoveDirectoryW
MoveFileW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
ExpandEnvironmentStringsW
GetProcAddress
LoadLibraryW
CreateFileW
GetDriveTypeW
GetModuleFileNameW
DeleteFileW
CopyFileW
UnmapViewOfFile
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetTickCount
GetSystemTimeAsFileTime
OpenEventW
Sleep
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
LockResource
LoadResource
SizeofResource
FindResourceW
LocalAlloc
GetCurrentThreadId
LocalFree
GetFileAttributesW
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
GetFileTime
GetWindowsDirectoryW
GetCurrentProcessId
CreateThread
GetShortPathNameW
ProcessIdToSessionId
GetVersionExW
CreateMutexW
OpenMutexW
GetCommandLineW
GetSystemWindowsDirectoryW
WaitForSingleObject
MapViewOfFile
CreateFileMappingW
WriteFile
GetTempPathW
GetProcessTimes
OpenProcess
FreeLibrary
TerminateProcess
QueryPerformanceCounter

gdi32

GetCurrentObject
SetTextColor
GetClipBox
CreateFontIndirectW
GetObjectW
CreatePen
GetTextMetricsW
GetPixel
Rectangle
CreatePatternBrush
GetStockObject
Ellipse
BitBlt
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
PatBlt
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
CreateSolidBrush
CreatePolygonRgn
CreateCompatibleDC
CreateCompatibleBitmap
SetPixel
DeleteDC
SelectObject
GetTextExtentPoint32W
DeleteObject
GetTextColor

user32

LoadBitmapW
DestroyCursor
GetWindowLongW
SendMessageW
UnhookWindowsHookEx
SetCursor
ReleaseCapture
GetParent
CallNextHookEx
PostMessageW
IsWindowVisible
PtInRect
EnumChildWindows
WindowFromPoint
CallWindowProcW
SetWindowsHookExW
SetCapture
SetWindowLongW
SetWindowPos
MoveWindow
GetDC
CreateWindowExW
SetFocus
ScreenToClient
GetDlgItem
SetWindowTextW
ShowWindow
GetDlgCtrlID
GetWindow
SendDlgItemMessageW
MessageBoxW
LoadCursorW
GetWindowRect
SetWindowRgn
SetClassLongW
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
GetAsyncKeyState
GetWindowThreadProcessId
GetForegroundWindow
KillTimer
SetTimer
SetLayeredWindowAttributes
RegisterClassExW
LoadIconW
DefWindowProcW
CopyRect
EnableMenuItem
GetSubMenu
BeginPaint
EndPaint
UpdateWindow
InvalidateRect
TabbedTextOutW
DrawTextW
GrayStringW
GetMessagePos
SetForegroundWindow
DispatchMessageW
TranslateMessage
GetMessageW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetMenuItemCount
LoadMenuW
MsgWaitForMultipleObjects
PeekMessageW
SetMenuItemInfoW
GetMenuItemInfoW
RegisterWindowMessageW
SystemParametersInfoW
FindWindowW
CreatePopupMenu
DeleteMenu
AppendMenuW
SetMenuDefaultItem
GetMenuItemID
GetMenuStringW
InsertMenuW
ModifyMenuW
GetMenu
SetMenu
PostQuitMessage
wsprintfW
GetSystemMetrics
GetKeyState
FindWindowExW
GetClassNameW
EnumWindows
DestroyIcon
DrawStateW
GetSysColor
GetMenuItemRect
IsMenu
IsRectEmpty
GetDesktopWindow
IsWindow
GetSysColorBrush
GetIconInfo
GetClientRect
ClientToScreen
OffsetRect
GetWindowDC
SetRect
InvertRect
ReleaseDC
DestroyWindow
EnableWindow

ntdll

NtQueryDirectoryFile
NtCreateFile
NtClose
NtQueryDirectoryObject
NtOpenDirectoryObject
RtlInitUnicodeString
NtOpenKey

psapi

GetModuleFileNameExW

shell32

SHFileOperationW
ShellExecuteExW
DragQueryFileW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
ord165
SHGetFolderPathW
ExtractIconExW
ShellExecuteW

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Draw
ImageList_GetIcon
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Remove

comdlg32

ChooseColorW
GetOpenFileNameW

gdiplus

GdiplusStartup
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream

wininet

InternetOpenUrlW
InternetReadFile
InternetCloseHandle
InternetOpenW

ole32

CoInitialize
CreateClassMoniker
GetRunningObjectTable
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance

sbiedll

_SbieApi_GetWork@12
_SbieDll_GetStartError@0
_SbieDll_StartSbieSvc@4
_SbieApi_CallServer@4
_SbieApi_FreeReply@4
_SbieApi_GetVersion@4
_SbieDll_StartSbieDrv@4
_SbieDll_FormatMessage0@4
_SbieDll_FormatMessage1@8
_SbieApi_EnumBoxes@8
_SbieApi_MonitorControl@8
_SbieDll_KillAll@8
_SbieApi_QueryConf@20
_SbieApi_QueryBoxPath@28
_SbieDll_TranslateNtToDosPath@4
_SbieDll_GetAllUsersPath@0
_SbieDll_GetUserPath@0
_SbieDll_GetDrivePath@4
_SbieApi_EnumProcessEx@16
_SbieApi_QueryProcess@20
_SbieApi_DisableForceProcess@8
SbieApi_Log
_SbieApi_MonitorGet@8
_SbieDll_GetLanguage@4
_SbieDll_RunFromHome@16
_SbieApi_CallZero@4
_SbieDll_DeviceChange@8
_SbieDll_GetTokenElevationType@0
_SbieDll_KillOne@4
_SbieDll_FormatMessage2@12
_SbieDll_FormatMessage@8
_SbieApi_ReloadConf@4
_SbieApi_GetLicense@4
_SbieApi_SetLicense@8

Sections

.text
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SbieDll.dll
.dll windows:5 windows x86 arch:x86

229356de0d1de4c184c5815a36180332

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:19:4e:a3:a0:f4:76:48:64:6b:da:cd:51:b7:6c:03:80:e7:88:98
Signer

Actual PE Digest

7a:19:4e:a3:a0:f4:76:48:64:6b:da:cd:51:b7:6c:03:80:e7:88:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\core\dll\obj\i386\SbieDll.pdb

Imports

ntdll

NtQueryInformationProcess
RtlConvertSidToUnicodeString
NtSetInformationProcess
_strnicmp
NtOpenProcess
wcscmp
RtlUnwind
NtQueryVirtualMemory
NtOpenThread
NtDuplicateObject
NtQuerySecurityObject
NtSetSecurityObject
NtSetInformationToken
NtAdjustPrivilegesToken
NtRequestWaitReplyPort
NtRegisterThreadTerminatePort
sprintf
_vsnprintf
RtlCreateProcessParameters
LdrGetProcedureAddress
RtlFreeAnsiString
LdrLoadDll
LdrUnloadDll
NtLoadDriver
NtMapViewOfSection
NtFlushInstructionCache
LdrQueryProcessModuleInformation
NtRaiseHardError
NtProtectVirtualMemory
NtDeleteKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtNotifyChangeKey
NtNotifyChangeMultipleKeys
NtSaveKey
NtLoadKey
NtSetInformationKey
NtCreatePort
NtConnectPort
NtImpersonateClientOfPort
NtCreateEvent
NtOpenEvent
NtCreateMutant
NtOpenMutant
NtCreateSemaphore
NtOpenSemaphore
NtCreateSection
NtOpenSection
NtOpenThreadToken
NtSetInformationThread
NtOpenProcessToken
NtDuplicateToken
NtQueryInformationToken
NtOpenDirectoryObject
RtlUnicodeStringToAnsiString
RtlInitString
RtlAnsiStringToUnicodeString
strncmp
strchr
NtQueryAttributesFile
NtQueryInformationFile
NtSetInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
RtlGetCurrentDirectory_U
RtlSetCurrentDirectory_U
RtlGetFullPathName_U
NtQueryVolumeInformationFile
NtDeleteFile
NtQuerySystemInformation
NtReadFile
NtWriteFile
RtlQueryRegistryValues
NtDeviceIoControlFile
NtCreateFile
NtQueryFullAttributesFile
NtQueryObject
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
_wtoi
NtOpenFile
NtQueryDirectoryFile
RtlCompareUnicodeString
wcsncpy
_wcslwr
RtlFreeUnicodeString
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
_wcsicmp
wcsstr
wcsrchr
iswctype
NtEnumerateKey
NtDeleteValueKey
NtQueryKey
NtOpenKey
NtCreateKey
NtClose
NtSetValueKey
towlower
wcsncmp
wcscat
wcschr
swprintf
_itow
wcscpy
wcslen
memmove
RtlInitUnicodeString
NtQueryValueKey
isspace
_wcsnicmp

kernel32

CreateMutexW
ReleaseMutex
GetWindowsDirectoryW
HeapDestroy
GlobalSize
GetTempPathW
CreateDirectoryW
GlobalFree
WriteFile
GlobalAlloc
GlobalLock
GlobalUnlock
SearchPathW
CreateFileA
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
ReadFile
GetVersionExW
FormatMessageW
SetLocaleInfoW
SetLocaleInfoA
OpenProcess
GetLongPathNameW
GetFileAttributesW
MapViewOfFile
OpenFileMappingW
WinExec
CreateProcessA
GetCurrentDirectoryW
GetEnvironmentStringsW
LoadLibraryA
InterlockedExchange
GetSystemInfo
SetThreadPriority
ResumeThread
OpenEventW
HeapFree
GetProcessHeap
HeapAlloc
VirtualFree
VirtualAlloc
GetConsoleWindow
SetConsoleTitleA
SetConsoleTitleW
GetConsoleTitleA
GetConsoleTitleW
CreateEventW
CreateThread
WaitForMultipleObjects
FindResourceW
FindResourceA
LoadResource
LockResource
GetCurrentThreadId
OpenThread
GetThreadTimes
GlobalAddAtomW
WideCharToMultiByte
WaitNamedPipeW
MoveFileWithProgressW
TryEnterCriticalSection
CreateFileW
GetCurrentThread
QueueUserAPC
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
InitializeCriticalSection
GetTickCount
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
InterlockedCompareExchange
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
TlsAlloc
GetCurrentProcessId
VirtualProtect
GetCurrentProcess
GetCommandLineW
Sleep
ExitProcess
GetModuleFileNameW
SetCurrentDirectoryW
GetFullPathNameW
GetPrivateProfileStringW
CreateProcessW
WaitForSingleObject
CloseHandle
LocalAlloc
LocalFree
InterlockedDecrement
InterlockedIncrement
ExpandEnvironmentStringsW
RaiseException
FreeLibrary
OutputDebugStringW
GetModuleHandleW
GetProcAddress
LoadLibraryW
SetLastError
GetLastError
HeapCreate

Exports

Exports

SbieApi_CheckInternetAccess
SbieApi_DisableForceProcess
SbieApi_EnumBoxes
SbieApi_EnumProcessEx
SbieApi_GetFileName
SbieApi_GetVersion
SbieApi_Log
SbieApi_LogEx
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryPathList
SbieApi_QueryProcess
SbieApi_QueryProcessPath
SbieApi_ReloadConf
SbieDll_Hook
SbieDll_KillAll
SbieDll_KillOne
SbieDll_RegisterDllCallback
SbieDll_StartBoxedService
_SbieApi_CallServer@4
_SbieApi_CallZero@4
_SbieApi_CheckInternetAccess@12
_SbieApi_DisableForceProcess@8
_SbieApi_EnumBoxes@8
_SbieApi_EnumProcessEx@16
_SbieApi_FreeReply@4
_SbieApi_GetFileName@12
_SbieApi_GetLicense@4
_SbieApi_GetUnmountHive@4
_SbieApi_GetVersion@4
_SbieApi_GetWork@12
_SbieApi_HookTramp@8
_SbieApi_MonitorControl@8
_SbieApi_MonitorGet@8
_SbieApi_MonitorPut@8
_SbieApi_PortName@0
_SbieApi_QueryBoxPath@28
_SbieApi_QueryConf@20
_SbieApi_QueryPathList@12
_SbieApi_QueryProcess@20
_SbieApi_QueryProcessPath@28
_SbieApi_ReloadConf@4
_SbieApi_SetLicense@8
_SbieApi_SetLsaAuthPkg@8
_SbieApi_SetUserName@8
_SbieApi_StartProcess@8
_SbieDll_AssocQueryCommand@4
_SbieDll_AssocQueryProgram@4
_SbieDll_ComCreateProxy@16
_SbieDll_ComCreateStub@16
_SbieDll_DeviceChange@8
_SbieDll_DisableElevationHook@0
_SbieDll_ExpandAndRunProgram@4
_SbieDll_FormatMessage0@4
_SbieDll_FormatMessage1@8
_SbieDll_FormatMessage2@12
_SbieDll_FormatMessage@8
_SbieDll_GetAllUsersPath@0
_SbieDll_GetDrivePath@4
_SbieDll_GetHandlePath@12
_SbieDll_GetLanguage@4
_SbieDll_GetServiceRegistryValue@12
_SbieDll_GetSetDeviceMap@4
_SbieDll_GetStartError@0
_SbieDll_GetTokenElevationType@0
_SbieDll_GetUserPath@0
_SbieDll_Hook@12
_SbieDll_InitPStore@0
_SbieDll_InitProcess@0
_SbieDll_IsBoxedService@4
_SbieDll_IsDirectory@4
_SbieDll_IsOpenCOM@0
_SbieDll_IsOpenClsid@12
_SbieDll_KillAll@8
_SbieDll_KillOne@4
_SbieDll_RegisterDllCallback@4
_SbieDll_RunFromHome@16
_SbieDll_StartBoxedService@8
_SbieDll_StartCOM@4
_SbieDll_StartSbieDrv@4
_SbieDll_StartSbieSvc@4
_SbieDll_TranslateNtToDosPath@4

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieDrv.sys
.sys windows:5 windows x86 arch:x86

ff025646436c8f969c9f4531229f5615

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9b:5f:32:69:5b:55:a5:18:e0:dc:86:12:f7:4f:14:e6:ba:9d:d2:a6
Signer

Actual PE Digest

9b:5f:32:69:5b:55:a5:18:e0:dc:86:12:f7:4f:14:e6:ba:9d:d2:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\core\drv\obj\i386\SbieDrv.pdb

Imports

ntoskrnl.exe

_except_handler3
ProbeForWrite
wcslen
ZwClose
ZwSetEvent
ZwOpenEvent
RtlInitUnicodeString
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
wcsncpy
ExRaiseStatus
IoCreateDevice
IoDeleteDevice
wcsncmp
wcscpy
RtlFreeUnicodeString
memmove
RtlCompareUnicodeString
wcschr
wcscat
_wcsicmp
_wcsnicmp
ExAcquireResourceSharedLite
KeDelayExecutionThread
RtlQueryRegistryValues
swprintf
_itow
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlUnicodeStringToInteger
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
PsGetVersion
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlCreateAcl
ObfDereferenceObject
ObReferenceObjectByHandle
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
wcsrchr
ZwQueryValueKey
ZwOpenKey
MmGetSystemRoutineAddress
ZwWriteFile
ZwSetInformationFile
sprintf
IoFileObjectType
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
KeGetCurrentThread
PsLookupThreadByThreadId
ZwQuerySystemInformation
PsGetCurrentProcessId
ZwOpenThread
ZwAllocateVirtualMemory
KeInsertQueueDpc
ExGetPreviousMode
KeSetImportanceDpc
KeInitializeDpc
KeQueryActiveProcessors
PsGetCurrentThreadId
MmUnlockPages
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
MmMapLockedPagesSpecifyCache
KeServiceDescriptorTable
ZwYieldExecution
ZwAlertThread
ZwAccessCheckAndAuditAlarm
RtlCompareMemory
wcstombs
ExInitializeResourceLite
ExDeleteResourceLite
IoCreateFile
ZwReadFile
wcsstr
_wcslwr
wcscmp
ZwCreateDirectoryObject
ZwOpenProcess
ZwQueryInformationProcess
ZwCreateSymbolicLinkObject
LpcPortObjectType
KeWaitForSingleObject
ZwLoadKey
RtlTimeToTimeFields
KeQuerySystemTime
ZwSetValueKey
ZwCreateKey
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
DbgPrint
ObQueryNameString
ObOpenObjectByName
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
RtlIntegerToUnicodeString
PsLookupProcessByProcessId
strncmp
IoGetRequestorProcessId
ZwSetSecurityObject
ZwQueryInformationToken
SeQueryInformationToken
RtlAddAccessAllowedAce
ZwSetInformationProcess
IoGetCurrentProcess
ZwOpenProcessToken
IoThreadToProcess
NtDuplicateObject
SeSinglePrivilegeCheck
SeTokenIsAdmin
PsReferencePrimaryToken
_alldiv
ZwOpenThreadToken
RtlConvertSidToUnicodeString
ProbeForRead
KeBugCheckEx
KeSetTargetProcessorDpc
IofCompleteRequest

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieMsg.dll
.dll windows:5 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:42:46:d5:87:52:22:8c:e4:e1:f9:8b:7b:8f:77:0a:80:52:c0:93
Signer

Actual PE Digest

7c:42:46:d5:87:52:22:8c:e4:e1:f9:8b:7b:8f:77:0a:80:52:c0:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\msgs\obj\i386\SbieMsg.pdb

Sections

.text
Size: 512B - Virtual size: 147B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieSvc.exe
.exe windows:5 windows x86 arch:x86

acdc9b52c9735bf46877c7e42a2b5a4a

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:12:a2:1c:e2:37:6e:1e:a1:16:52:f6:32:e2:e3:6b:84:f9:a0:58
Signer

Actual PE Digest

57:12:a2:1c:e2:37:6e:1e:a1:16:52:f6:32:e2:e3:6b:84:f9:a0:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\core\svc\obj\i386\SbieSvc.pdb

Imports

msvcrt

_except_handler3
wcscmp
_wcsicmp
wcschr
_wcslwr
towlower
_wcsnicmp
wcscpy
strtol
wcstol
isspace
_strnicmp
strchr
_stricmp
memmove
sprintf
_itow
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
wcscat
wcsstr
wcslen
??3@YAXPAX@Z
wcsrchr
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
??2@YAPAXI@Z

advapi32

ReportEventW
SetThreadToken
DuplicateToken
DuplicateTokenEx
CreateProcessAsUserW
GetLengthSid
AddAccessAllowedAce
SetTokenInformation
EnumServicesStatusW
QueryServiceConfigW
QueryServiceConfig2W
QueryServiceStatusEx
CloseServiceHandle
StartServiceW
OpenThreadToken
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CheckTokenMembership
FreeSid
ConvertStringSidToSidW
LookupAccountSidW
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetEntriesInAclW
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
OpenSCManagerW
OpenServiceW
OpenEventLogW
ControlService

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
ReadProcessMemory
WriteProcessMemory
DeleteCriticalSection
DuplicateHandle
TryEnterCriticalSection
CreateMutexW
OpenEventW
OpenMutexW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
CreateProcessW
MulDiv
LoadLibraryW
CancelIo
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
UnmapViewOfFile
HeapReAlloc
SetEndOfFile
VirtualAlloc
ExitProcess
RaiseException
VirtualFree
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
OutputDebugStringW
EnterCriticalSection
GetLastError
QueueUserWorkItem
Sleep
ProcessIdToSessionId
GetCommandLineW
CloseHandle
HeapAlloc
GetProcessHeap
GetCurrentProcess
HeapFree
SetLastError
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
HeapDestroy
HeapCreate
WaitForMultipleObjects
TerminateThread
WaitForSingleObject
SetEvent
InterlockedExchange
GetProcessTimes
OpenProcess
OpenThread
GetProcAddress
GetModuleHandleW
CreateEventW
SetThreadPriority
GetCurrentThread
InterlockedIncrement
CreateThread
GetVersionExW
LocalFree
WriteFile
SetFilePointer
CreateFileW
GetLocalTime
LocalAlloc
TerminateProcess
InitializeCriticalSection
GetTickCount
GetWindowsDirectoryW
DeleteFileW
GetFileAttributesW
CopyFileW
SetFileAttributesW

gdi32

SetBkColor
CreateFontW
TextOutW
CreateSolidBrush
GetDeviceCaps
SetTextColor
SelectObject

user32

ShowWindow
DispatchMessageW
RegisterClassW
DefWindowProcW
BeginPaint
CreateWindowExW
GetMessageW
EndPaint
wsprintfW

ntdll

RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtQueryFullAttributesFile
NtSetInformationFile
NtQueryDirectoryFile
NtQueryInformationFile
NtClose
NtSetInformationThread
NtDuplicateToken
NtFilterToken
NtQueryInformationToken
NtOpenProcessToken
NtOpenThreadToken
NtCompleteConnectPort
NtAcceptConnectPort
NtImpersonateClientOfPort
NtReplyWaitReceivePort
NtCreatePort
NtReadFile
NtWriteFile
NtCreateFile
NtLoadKey
NtUnloadKey
NtOpenKey
NtLoadDriver
RtlInitString
RtlInitUnicodeString

secur32

LsaDeregisterLogonProcess
LsaConnectUntrusted
LsaLookupAuthenticationPackage

setupapi

SetupDiClassNameFromGuidExW
SetupDiBuildClassInfoList
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_Interface_ListA
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeA
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_Alias_ExW
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInterfaceW
CM_Get_DevNode_Status
CM_Locate_DevNodeW

crypt32

CryptUnprotectData
CryptProtectData

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoMarshalInterface
CoCopyProxy
CoSetProxyBlanket
CoQueryProxyBlanket
CreateStreamOnHGlobal
CoUnmarshalInterface
CoGetClassObject
CoTaskMemFree

sbiedll

SbieApi_Log
_SbieApi_PortName@0
_SbieApi_SetLsaAuthPkg@8
_SbieApi_CallZero@4
_SbieApi_GetVersion@4
SbieApi_LogEx
_SbieApi_GetUnmountHive@4
_SbieApi_EnumProcessEx@16
_SbieApi_SetUserName@8
_SbieDll_FormatMessage2@12
_SbieDll_GetServiceRegistryValue@12
_SbieApi_QueryProcess@20
_SbieApi_GetWork@12
_SbieApi_QueryConf@20
_SbieDll_RunFromHome@16
_SbieApi_ReloadConf@4
_SbieApi_QueryProcessPath@28
_SbieDll_FormatMessage0@4
_SbieDll_ComCreateStub@16
_SbieDll_IsOpenClsid@12
_SbieApi_CheckInternetAccess@12

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Start.exe
.exe windows:5 windows x86 arch:x86

93da542db79851c169c2e8f3eef4bd3c

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a7:f9:a6:81:d1:9b:c8:d4:18:90:97:35:30:de:0c:fc:fd:3c:d8:79
Signer

Actual PE Digest

a7:f9:a6:81:d1:9b:c8:d4:18:90:97:35:30:de:0c:fc:fd:3c:d8:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\start\obj\i386\Start.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW

kernel32

OpenMutexW
GetModuleHandleW
CreateProcessW
ExpandEnvironmentStringsW
GetModuleFileNameW
ExitProcess
GetCommandLineW
GetCurrentProcessId
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapReAlloc
HeapDestroy
HeapCreate
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetFullPathNameW
GetExitCodeProcess
WaitForSingleObject
GetSystemTimeAsFileTime
RemoveDirectoryW
CreateEventW
ProcessIdToSessionId
CloseHandle
Sleep
GetStdHandle
WriteFile
SetLastError
GetProcessHeap
HeapAlloc
GetSystemWindowsDirectoryW
GetLastError
LocalFree
FormatMessageW

gdi32

SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
SetBkColor
SetTextColor
GetObjectW
CreateFontIndirectW

user32

RegisterClassW
CreatePopupMenu
MessageBoxW
wsprintfW
GetAsyncKeyState
SetTimer
SendMessageW
SetWindowPos
EndDialog
SetFocus
ShowWindow
SendDlgItemMessageW
KillTimer
EnableWindow
GetSysColorBrush
GetSysColor
GetDlgItem
DialogBoxParamW
LoadImageW
CreateWindowExW
GetWindowInfo
GetWindowRect
SetWindowTextW
ScreenToClient
MoveWindow
SetDlgItemTextW
GetWindowTextW
GetClientRect
GetDesktopWindow
DestroyIcon
DrawIconEx
GetDC
CreateMenu
GetMenuItemCount
TrackPopupMenu
DestroyWindow
DestroyMenu
DefWindowProcW
GetMenuInfo
SetMenuInfo
InsertMenuItemW

ntdll

wcscpy
_chkstk
NtTerminateProcess
NtTerminateThread
RtlUnwind
NtQueryInformationFile
NtSetInformationFile
NtCreateFile
RtlNtStatusToDosError
RtlInitUnicodeString
NtOpenKey
NtClose
memmove
wcscmp
wcsncmp
iswctype
_wtoi
wcschr
wcslen
memcpy
wcsncpy
strcmp
towlower
sprintf
strlen
_wcsnicmp
wcsrchr
_wcsicmp
memset
wcscat
NtQueryVirtualMemory

shlwapi

AssocQueryStringW
SHAutoComplete

shell32

SHGetFolderPathW
ShellExecuteExW
ShellExecuteW
ExtractIconExW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance

comdlg32

GetOpenFileNameW

comctl32

InitCommonControlsEx

sbiedll

_SbieApi_DisableForceProcess@8
_SbieDll_StartCOM@4
_SbieDll_FormatMessage1@8
_SbieApi_StartProcess@8
_SbieDll_GetSetDeviceMap@4
_SbieDll_InitProcess@0
_SbieApi_QueryProcess@20
_SbieDll_RunFromHome@16
_SbieApi_CallServer@4
_SbieDll_StartSbieSvc@4
_SbieDll_StartSbieDrv@4
_SbieApi_QueryConf@20
_SbieApi_FreeReply@4
_SbieApi_EnumProcessEx@16
_SbieApi_SetLicense@8
_SbieDll_FormatMessage@8
_SbieDll_FormatMessage0@4
_SbieDll_GetLanguage@4
_SbieDll_KillAll@8
_SbieApi_ReloadConf@4
_SbieDll_DisableElevationHook@0
_SbieDll_InitPStore@0
_SbieDll_GetTokenElevationType@0
_SbieApi_EnumBoxes@8
_SbieApi_QueryBoxPath@28
_SbieDll_IsDirectory@4
_SbieDll_TranslateNtToDosPath@4

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Templates.ini
Box/SafeMode/Reg32.dat
.exe windows:5 windows x86 arch:x86

c607003a46e17e5ab247ad5b9ac6460a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\start\obj\i386\Start.pdb

Imports

advapi32

SetThreadToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CreateProcessAsUserW

kernel32

ExpandEnvironmentStringsW
HeapAlloc
GetProcessHeap
ExitProcess
GetCommandLineW
MapViewOfFile
FindClose
FindNextFileW
FindFirstFileW
HeapDestroy
HeapCreate
HeapFree
GetSystemWindowsDirectoryW
GetFullPathNameW
GetSystemTimeAsFileTime
GetExitCodeProcess
WaitForSingleObject
GetModuleFileNameW
RemoveDirectoryW
CreateProcessW
GetModuleHandleW
OpenMutexW
CloseHandle
Sleep
GetStdHandle
WriteFile
SetLastError
GetLastError
LocalFree
FormatMessageW

gdi32

SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
GetObjectW
CreateFontIndirectW
SetBkColor
SetTextColor

user32

SetMenuInfo
EndDialog
SetFocus
KillTimer
ShowWindow
SendDlgItemMessageW
SetTimer
EnableWindow
GetDlgItem
SendMessageW
SetWindowPos
DialogBoxParamW
LoadImageW
CreateWindowExW
GetWindowInfo
GetWindowRect
SetWindowTextW
GetWindowTextW
GetClientRect
GetDesktopWindow
DestroyIcon
DrawIconEx
GetDC
CreateMenu
InsertMenuItemW
GetSysColorBrush
wsprintfW
MessageBoxW
GetMenuItemCount
CreatePopupMenu
TrackPopupMenu
DestroyWindow
DestroyMenu
GetSysColor

ntdll

RtlUnwind
NtQueryVirtualMemory
NtTerminateProcess
NtQueryInformationFile
NtCreateFile
NtSetInformationFile
RtlNtStatusToDosError
wcscmp
wcscat
iswctype
_wcsicmp
wcsncmp
_wtoi
wcsrchr
memmove
wcslen
wcsncpy
RtlInitUnicodeString
NtOpenDirectoryObject
NtQueryObject
NtClose
towlower
sprintf
_wcsnicmp
_chkstk
wcscpy
NtTerminateThread

shlwapi

SHAutoComplete
AssocQueryStringW

shell32

SHGetFolderPathW
ExtractIconExW
ShellExecuteExW

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize

comdlg32

GetOpenFileNameW

comctl32

InitCommonControlsEx

sbiedll

_SbieDll_StartCOM@0
SbieApi_Log
_SbieApi_GetSetDeviceMap@4
_SbieApi_StartProcess@16
_SbieDll_InitProcess@0
_SbieApi_QueryProcess@20
_SbieDll_RunFromHome@16
_SbieDll_FormatMessage0@4
_SbieApi_CallServer@4
_SbieDll_StartSbieSvc@4
_SbieDll_StartSbieDrv@4
_SbieApi_QueryConf@20
_SbieApi_FreeReply@4
_SbieApi_EnumProcessEx@16
_SbieApi_SetLicense@8
_SbieDll_FormatMessage@8
_SbieDll_GetLanguage@4
_SbieDll_CanElevateOnVista@0
_SbieApi_KillProcess@4
_SbieApi_ReloadConf@4
_SbieDll_FormatMessage1@8
_SbieDll_InitPStore@0
_SbieDll_IsDirectory@4
_SbieDll_GetBoxFilePath@8
_SbieApi_EnumBoxes@8

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/SafeMode/Reg32_win7.dat
.exe windows:5 windows x86 arch:x86

93da542db79851c169c2e8f3eef4bd3c

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ac:62:8c:0b:04:f4:af:a5:9a:bb:55:92:a9:26:86:8f:e8:ff:63:06
Signer

Actual PE Digest

ac:62:8c:0b:04:f4:af:a5:9a:bb:55:92:a9:26:86:8f:e8:ff:63:06

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\start\obj\i386\Start.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW

kernel32

OpenMutexW
GetModuleHandleW
CreateProcessW
ExpandEnvironmentStringsW
GetModuleFileNameW
ExitProcess
GetCommandLineW
GetCurrentProcessId
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapReAlloc
HeapDestroy
HeapCreate
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetFullPathNameW
GetExitCodeProcess
WaitForSingleObject
GetSystemTimeAsFileTime
RemoveDirectoryW
CreateEventW
ProcessIdToSessionId
CloseHandle
Sleep
GetStdHandle
WriteFile
SetLastError
GetProcessHeap
HeapAlloc
GetSystemWindowsDirectoryW
GetLastError
LocalFree
FormatMessageW

gdi32

SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
SetBkColor
SetTextColor
GetObjectW
CreateFontIndirectW

user32

RegisterClassW
CreatePopupMenu
MessageBoxW
wsprintfW
GetAsyncKeyState
SetTimer
SendMessageW
SetWindowPos
EndDialog
SetFocus
ShowWindow
SendDlgItemMessageW
KillTimer
EnableWindow
GetSysColorBrush
GetSysColor
GetDlgItem
DialogBoxParamW
LoadImageW
CreateWindowExW
GetWindowInfo
GetWindowRect
SetWindowTextW
ScreenToClient
MoveWindow
SetDlgItemTextW
GetWindowTextW
GetClientRect
GetDesktopWindow
DestroyIcon
DrawIconEx
GetDC
CreateMenu
GetMenuItemCount
TrackPopupMenu
DestroyWindow
DestroyMenu
DefWindowProcW
GetMenuInfo
SetMenuInfo
InsertMenuItemW

ntdll

wcscpy
_chkstk
NtTerminateProcess
NtTerminateThread
RtlUnwind
NtQueryInformationFile
NtSetInformationFile
NtCreateFile
RtlNtStatusToDosError
RtlInitUnicodeString
NtOpenKey
NtClose
memmove
wcscmp
wcsncmp
iswctype
_wtoi
wcschr
wcslen
memcpy
wcsncpy
strcmp
towlower
sprintf
strlen
_wcsnicmp
wcsrchr
_wcsicmp
memset
wcscat
NtQueryVirtualMemory

shlwapi

AssocQueryStringW
SHAutoComplete

shell32

SHGetFolderPathW
ShellExecuteExW
ShellExecuteW
ExtractIconExW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance

comdlg32

GetOpenFileNameW

comctl32

InitCommonControlsEx

sbiedll

_SbieApi_DisableForceProcess@8
_SbieDll_StartCOM@4
_SbieDll_FormatMessage1@8
_SbieApi_StartProcess@8
_SbieDll_GetSetDeviceMap@4
_SbieDll_InitProcess@0
_SbieApi_QueryProcess@20
_SbieDll_RunFromHome@16
_SbieApi_CallServer@4
_SbieDll_StartSbieSvc@4
_SbieDll_StartSbieDrv@4
_SbieApi_QueryConf@20
_SbieApi_FreeReply@4
_SbieApi_EnumProcessEx@16
_SbieApi_SetLicense@8
_SbieDll_FormatMessage@8
_SbieDll_FormatMessage0@4
_SbieDll_GetLanguage@4
_SbieDll_KillAll@8
_SbieApi_ReloadConf@4
_SbieDll_DisableElevationHook@0
_SbieDll_InitPStore@0
_SbieDll_GetTokenElevationType@0
_SbieApi_EnumBoxes@8
_SbieApi_QueryBoxPath@28
_SbieDll_IsDirectory@4
_SbieDll_TranslateNtToDosPath@4

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/SafeMode/Reg64.dat
.exe windows:5 windows x64 arch:x64

df23a9bc7e5d4481e47b214e6b4c8754

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28-01-1999 13:00

Not After

27-01-2017 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18-03-2009 11:00

Not After

28-01-2028 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21-12-2009 09:32

Not After

22-12-2020 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04-01-2010 15:10

Not After

05-01-2011 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22-01-2004 10:00

Not After

27-01-2017 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:fb:80:88:70:5f:9f:f4:12:e3:76:53:85:cc:bc:e5:c2:30:e0:35
Signer

Actual PE Digest

12:fb:80:88:70:5f:9f:f4:12:e3:76:53:85:cc:bc:e5:c2:30:e0:35

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\work\sbie\apps\start\obj\amd64\Start.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW

kernel32

CloseHandle
OpenMutexW
GetModuleHandleW
CreateProcessW
ExpandEnvironmentStringsW
ExitProcess
GetCommandLineW
GetCurrentProcessId
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapReAlloc
HeapDestroy
HeapCreate
Sleep
LocalFree
OpenFileMappingW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetFullPathNameW
GetExitCodeProcess
WaitForSingleObject
GetModuleFileNameW
GetSystemTimeAsFileTime
RemoveDirectoryW
CreateEventW
ProcessIdToSessionId
__C_specific_handler
GetStdHandle
WriteFile
SetLastError
GetProcessHeap
HeapAlloc
GetSystemWindowsDirectoryW
GetLastError
UnmapViewOfFile
FormatMessageW
MapViewOfFile

ntdll

__chkstk
wcscpy
NtTerminateProcess
NtTerminateThread
NtQueryInformationFile
NtSetInformationFile
NtCreateFile
RtlNtStatusToDosError
RtlInitUnicodeString
NtOpenKey
NtClose
memmove
wcscmp
iswctype
_wtoi
wcschr
wcsncmp
wcslen
memcpy
wcsncpy
strcmp
towlower
sprintf
strlen
_wcsnicmp
wcsrchr
_wcsicmp
memset
wcscat

gdi32

SelectObject
CreateCompatibleBitmap
PatBlt
SetBkColor
SetTextColor
GetObjectW
CreateFontIndirectW
CreateCompatibleDC

user32

ShowWindow
SendDlgItemMessageW
KillTimer
EnableWindow
GetSysColorBrush
GetSysColor
GetDlgItem
DialogBoxParamW
LoadImageW
CreateWindowExW
GetWindowInfo
GetWindowRect
SetWindowTextW
ScreenToClient
MoveWindow
SetDlgItemTextW
GetWindowTextW
GetClientRect
GetDesktopWindow
DestroyIcon
DrawIconEx
GetDC
CreateMenu
InsertMenuItemW
GetMenuItemCount
SetMenuInfo
DefWindowProcW
GetMenuInfo
DestroyMenu
DestroyWindow
TrackPopupMenu
RegisterClassW
CreatePopupMenu
SetFocus
EndDialog
SetWindowPos
SendMessageW
SetTimer
GetAsyncKeyState
wsprintfW
MessageBoxW

shlwapi

AssocQueryStringW
SHAutoComplete

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
ExtractIconExW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance

comdlg32

GetOpenFileNameW

comctl32

InitCommonControlsEx

sbiedll

SbieDll_StartSbieDrv
SbieApi_QueryConf
SbieApi_FreeReply
SbieApi_EnumProcessEx
SbieApi_SetLicense
SbieDll_FormatMessage
SbieDll_FormatMessage0
SbieDll_GetLanguage
SbieDll_StartSbieSvc
SbieApi_CallServer
SbieDll_RunFromHome
SbieApi_QueryProcess
SbieDll_InitProcess
SbieApi_StartProcess
SbieDll_GetSetDeviceMap
SbieDll_FormatMessage1
SbieApi_DisableForceProcess
SbieDll_KillAll
SbieApi_ReloadConf
SbieDll_DisableElevationHook
SbieDll_InitPStore
SbieDll_GetTokenElevationType
SbieApi_EnumBoxes
SbieApi_QueryBoxPath
SbieDll_IsDirectory
SbieDll_TranslateNtToDosPath

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/brun.dll
.dll windows:4 windows x86 arch:x86

0291ee5250c5721e66b01304fc69a5b0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\zfz\4399Pro\4399_svn\DownCore\Build\btcore.pdb

Imports

ws2_32

sendto
inet_addr
recvfrom
htonl
setsockopt
ioctlsocket
ntohl
htons
bind
ntohs
socket
closesocket
WSAGetLastError
inet_ntoa
WSACleanup
WSAStartup
WSASetLastError
accept
listen
getsockname
connect
recv
send
gethostname
gethostbyname
select

rpcrt4

UuidCreate

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

wininet

InternetGetCookieA

iphlpapi

GetBestInterface
GetIfEntry
GetAdaptersInfo

kernel32

GetACP
SetEnvironmentVariableA
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
IsBadCodePtr
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
SetHandleCount
GetFileType
SetStdHandle
UnhandledExceptionFilter
VirtualFree
HeapCreate
HeapDestroy
GetTimeZoneInformation
LCMapStringW
LCMapStringA
GetCPInfo
HeapSize
GetCurrentProcess
TerminateProcess
HeapReAlloc
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCurrentProcessId
QueryPerformanceCounter
GetCommandLineA
GetDateFormatA
GetTimeFormatA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetFileAttributesA
GetModuleFileNameA
IsBadWritePtr
IsBadReadPtr
GetTickCount
GlobalMemoryStatus
GetVolumeInformationA
GetDiskFreeSpaceExA
Sleep
CopyFileA
OutputDebugStringA
WaitForSingleObject
GetCurrentThread
ReleaseMutex
CreateMutexA
CloseHandle
GetCurrentThreadId
GetLastError
CreateDirectoryA
DeleteFileA
SetFilePointer
ReadFile
WriteFile
FlushFileBuffers
CreateFileA
SetEndOfFile
GetFileSize
GetOverlappedResult
DeviceIoControl
SetFileAttributesA
MoveFileA
GetFileTime
CreateEventA
ResetEvent
CompareFileTime
TerminateThread
SetEvent
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLangID
GetOEMCP
GetVersionExA
RemoveDirectoryA
InterlockedIncrement
InterlockedDecrement
FindClose
FindNextFileA
FindFirstFileA
GetDiskFreeSpaceA
CreateThread
WaitForMultipleObjects
InterlockedExchange
GetLocaleInfoW
GetLocaleInfoA
GetThreadLocale
RaiseException
lstrlenW
CreateSemaphoreA
ResumeThread
SetThreadPriority
CompareStringA
CompareStringW
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
HeapAlloc
ExitThread
HeapFree
GetSystemTimeAsFileTime
RtlUnwind
ExitProcess

user32

EnumThreadWindows
PostMessageA
MessageBoxA
GetDlgItem
GetWindowTextA
GetClassNameA
KillTimer
SendMessageA
IsWindow
SetTimer

shell32

SHFileOperationA
SHGetSpecialFolderPathA

ole32

CoTaskMemFree
CoInitialize
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoTaskMemAlloc

oleaut32

VariantInit
SysFreeString
VariantClear

hmgr

?fgGetITaskManage@@YAPAVITaskManage@@XZ

shlwapi

PathStripPathA
PathFileExistsA

Exports

Exports

?BOX_SetLogDevice@@YGXP6AXKPBD@ZP6AXKG0@Z@Z
BOX_ClearMakeThreads
BOX_CreateConfiguration
BOX_DeleteDownload
BOX_FreeBuffer
BOX_FreeHandle
BOX_FreeString
BOX_GetDefaultProfile
BOX_GetDownloadInfo
BOX_GetDownloadUploadSpeed
BOX_GetFileStatus
BOX_GetFinishedBitField
BOX_GetJobProfile
BOX_GetMemoryUsage
BOX_GetPeerStatus
BOX_GetPreferrence
BOX_GetRunning
BOX_GetStatusDescription
BOX_GetTorrentInfo
BOX_GetTrackerStatus
BOX_Initialize
BOX_IsJobActive
BOX_MakeTorrent
BOX_PackMemoryPool
BOX_ParseTorrent
BOX_ParseTorrentFile
BOX_RegisterCallback
BOX_SetBitTorrentId
BOX_SetDefaultProfile
BOX_SetDownloadFlags
BOX_SetDownloadPath
BOX_SetFileSelection
BOX_SetJobProfile
BOX_SetJobTrackers
BOX_SetPreferrence
BOX_StartDownload
BOX_StartDownloadByHandle
BOX_StartDownloadByTorrent
BOX_StopDownload
BOX_Uninitialize
_BOX_AddProxy@4
_BOX_CoreInfo@4
_BOX_FindProxyByName@8
_BOX_GapDump@4
_BOX_GetGapList@12
_BOX_GetPeerCount@16
_BOX_GetPeerInfo@16
_BOX_SetHttpNumPerTask@8
_BOX_SetProxyActive@8
_BOX_UpdateProxy@8
_BOX_WriteFile@32

Sections

.text
Size: 612KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Box/hmgr.dll
.dll windows:4 windows x86 arch:x86

25fd634bb6879931af9b04aa61f5a4cd

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\zfz\4399Pro\4399_svn\DownCore\build\p2spmgr.pdb

Imports

kernel32

GetThreadLocale
GetVersionExA
RaiseException
InitializeCriticalSection
DeleteCriticalSection
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
LeaveCriticalSection
EnterCriticalSection
FormatMessageA
GetLastError
WideCharToMultiByte
FreeLibrary
GetModuleFileNameA
GetProcAddress
LoadLibraryA
GetPrivateProfileSectionA
IsBadWritePtr
IsBadReadPtr
MultiByteToWideChar
CompareStringA
CompareStringW
GetTickCount
GetLocaleInfoA
OutputDebugStringA
ReadFile
SetFilePointer
WriteFile
CreateDirectoryA
GetFileAttributesA
CreateFileA
CloseHandle
FlushFileBuffers
DeleteFileA
TerminateThread
WaitForSingleObject
GetExitCodeThread
CreateEventA
ResetEvent
SetEvent
GetModuleHandleA
CreateThread
MoveFileA
IsBadCodePtr
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetStdHandle
SetHandleCount
GetFileType
SetStdHandle
GetACP
DisableThreadLibraryCalls
InterlockedExchange
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
GetCurrentProcess
TerminateProcess
VirtualFree
HeapCreate
SetEnvironmentVariableA
SetUnhandledExceptionFilter
GetCurrentProcessId
QueryPerformanceCounter
LCMapStringW
LCMapStringA
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCPInfo
GetOEMCP
GetCommandLineA
GetCurrentThreadId
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
RtlUnwind
ExitProcess
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy

user32

SetTimer
GetWindowLongA
TranslateMessage
GetMessageA
SetWindowLongA
CreateWindowExA
RegisterClassExA
SendMessageTimeoutA
DefWindowProcA
DispatchMessageA
KillTimer
PostMessageA

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor

ole32

CoInitialize
CoUninitialize

oleaut32

SafeArrayGetLBound
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetElement
SysAllocStringLen

netio

?CloseLogger@CP4SPLogger@@QAEXXZ
?IsTransmitComplete@CP2SPSocket@@QAE_NXZ
??1CP4SPLogger@@UAE@XZ
??1CP4SPClient@@UAE@XZ
??0CP4SPLogger@@QAE@XZ
??0CP4SPClient@@QAE@XZ
??0CMD5Checksum@@QAE@XZ
?SetProxy@CP2SPSocket@@QAEXHPBDH00@Z
?SetObj@CP4SPClient@@QAEXPAUHWND__@@K@Z
?fileSize@CP4SPClient@@QBE_KXZ
?fullHash@CP4SPClient@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?fgid@CP4SPClient@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?ConnectRate@CP4SPClient@@QAEKXZ
?SearchRate@CP4SPClient@@QAEKXZ
?SearchWithFgid@CP4SPClient@@QAEIPBD_K@Z
?SearchURL@CP4SPClient@@QAEIPBD_K@Z
?IsConnectError@CP2SPSocket@@QAE_NXZ
?urls@CP4SPClient@@QBEABV?$vector@VURL@fg@@V?$allocator@VURL@fg@@@std@@@std@@XZ
?UpdateFailedLog@CP4SPLogger@@QAEIIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0PBD@Z
?Final@CMD5Checksum@@QAE?AV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@XZ
??1CMD5Checksum@@UAE@XZ
?Update@CMD5Checksum@@QAEXPAEK@Z
?CloseSearch@CP4SPClient@@QAEXXZ

shlwapi

PathFileExistsA
PathFindExtensionA

wsock32

ntohl
htonl

Exports

Exports

?fgGetITaskManage@@YAPAVITaskManage@@XZ

Sections

.text
Size: 160KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Box/htask.dll
.dll windows:4 windows x86 arch:x86

ed9524984aa3e4e8155d368e95938e50

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\zfz\4399Pro\4399_svn\DownCore\build\p2sprot.pdb

Imports

kernel32

GetThreadLocale
GetVersionExA
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
WideCharToMultiByte
MultiByteToWideChar
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
lstrlenA
CompareStringA
CompareStringW
GetLocaleInfoA
LeaveCriticalSection
EnterCriticalSection
GetTickCount
LocalFree
FormatMessageA
ReadFile
CloseHandle
CreateFileA
FindClose
FindNextFileA
FindFirstFileA
FlushFileBuffers
SetStdHandle
GetACP
InterlockedExchange
DisableThreadLibraryCalls
SetFilePointer
LoadLibraryA
IsBadCodePtr
IsBadReadPtr
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetStringTypeW
GetStringTypeA
GetTimeZoneInformation
GetCurrentProcess
TerminateProcess
IsBadWritePtr
VirtualFree
HeapCreate
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
GetCPInfo
GetOEMCP
GetModuleFileNameA
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
GetProcAddress
SetEnvironmentVariableA
TlsGetValue
TlsSetValue
TlsFree
SetLastError
TlsAlloc
GetCommandLineA
GetCurrentThreadId
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
VirtualQuery
GetSystemInfo
VirtualAlloc
VirtualProtect
ExitProcess
RtlUnwind
GetProcessHeap
HeapSize
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc

user32

PostMessageA

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyExA

shlwapi

PathFindExtensionA
PathIsDirectoryA
PathFindFileNameA

netio

?AddLayer@CAsyncSocketEx@@QAEHPAVCAsyncSocketExLayer@@@Z
?Create@CAsyncSocketEx@@QAEHIHJPBD@Z
?AsyncSelect@CAsyncSocketEx@@QAEHJ@Z
?OnAccept@CAsyncSocketExLayer@@UAEXH@Z
?OnConnect@CAsyncProxySocketLayer@@MAEXH@Z
?OnReceive@CAsyncProxySocketLayer@@MAEXH@Z
?OnSend@CAsyncSocketExLayer@@UAEXH@Z
?Accept@CAsyncProxySocketLayer@@MAEHAAVCAsyncSocketEx@@PAUsockaddr@@PAH@Z
?Close@CAsyncProxySocketLayer@@UAEXXZ
?Connect@CAsyncProxySocketLayer@@UAEHPBUsockaddr@@H@Z
?Connect@CAsyncProxySocketLayer@@UAEHPBDI@Z
?Create@CAsyncSocketExLayer@@UAEHIHJPBD@Z
?GetPeerName@CAsyncProxySocketLayer@@UAEHPAUsockaddr@@PAH@Z
?Listen@CAsyncProxySocketLayer@@UAEHH@Z
?Receive@CAsyncProxySocketLayer@@MAEHPAXHH@Z
?SetProxy@CAsyncProxySocketLayer@@QAEXHPBDH@Z
?ShutDown@CAsyncSocketExLayer@@UAEHH@Z
??0CAsyncSocketEx@@QAE@XZ
??1CAsyncSocketEx@@UAE@XZ
?Accept@CAsyncSocketEx@@UAEHAAV1@PAUsockaddr@@PAH@Z
?Close@CAsyncSocketEx@@UAEXXZ
?Connect@CAsyncSocketEx@@UAEHPBUsockaddr@@H@Z
?Connect@CAsyncSocketEx@@UAEHPBDI@Z
?Receive@CAsyncSocketEx@@UAEHPAXHH@Z
?Send@CAsyncSocketEx@@UAEHPBXHH@Z
?OnAccept@CAsyncSocketEx@@UAEXH@Z
?OnSend@CAsyncSocketEx@@UAEXH@Z
?GetPeerName@CAsyncSocketEx@@QAEHPAUsockaddr@@PAH@Z
?GetLastError@CAsyncSocketEx@@SAHXZ
?GetSocketHandle@CAsyncSocketEx@@QAEIXZ
?ShutDown@CAsyncSocketEx@@QAEHH@Z
?RemoveAllLayers@CAsyncSocketEx@@QAEXXZ
?SetProxy@CAsyncProxySocketLayer@@QAEXHPBDH00@Z
??0CAsyncProxySocketLayer@@QAE@XZ
??1CAsyncProxySocketLayer@@UAE@XZ
?GetLayerState@CAsyncSocketExLayer@@QAEHXZ
?GetProxyType@CAsyncProxySocketLayer@@QBEHXZ
?OnLayerCallback@CAsyncSocketEx@@MAEHPBVCAsyncSocketExLayer@@HHH@Z
?OnClose@CAsyncSocketEx@@UAEXH@Z
?GetSockName@CAsyncSocketEx@@QAEHPAUsockaddr@@PAH@Z
?OnConnect@CAsyncSocketEx@@UAEXH@Z
?Listen@CAsyncSocketEx@@QAEHH@Z
?OnReceive@CAsyncSocketEx@@UAEXH@Z
?Send@CAsyncProxySocketLayer@@MAEHPBXHH@Z
?OnClose@CAsyncSocketExLayer@@UAEXH@Z

wininet

InternetGetCookieA

Exports

Exports

Export_PlugHead
Export_PlugNumber

Sections

.text
Size: 100KB - Virtual size: 98KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Box/netio.dll
.dll windows:4 windows x86 arch:x86

200f57125283dc3ec291df018013dc9f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\zfz\4399Pro\4399_svn\DownCore\Build\p2snetio.pdb

Imports

kernel32

DisableThreadLibraryCalls
InterlockedExchange
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
MultiByteToWideChar
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSection
DeleteCriticalSection
GetTickCount
SizeofResource
LockResource
LoadResource
FindResourceA
FindResourceExA
CloseHandle
ReadFile
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleA
GetCurrentThreadId
FreeLibrary
GetProcAddress
LoadLibraryA
SetLastError
FlushFileBuffers
SetStdHandle
GetLocaleInfoW
SetFilePointer
IsBadCodePtr
IsBadReadPtr
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
WriteFile
UnhandledExceptionFilter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
GetOEMCP
HeapSize
GetCurrentProcess
TerminateProcess
IsBadWritePtr
HeapReAlloc
VirtualFree
GetProcessHeap
HeapCreate
HeapDestroy
SetUnhandledExceptionFilter
TlsGetValue
TlsSetValue
TlsFree
TlsAlloc
GetModuleFileNameA
GetCurrentProcessId
InterlockedDecrement
InterlockedIncrement
ExitProcess
RtlUnwind
HeapFree
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetCommandLineA
LCMapStringA
LCMapStringW
GetCPInfo
QueryPerformanceCounter

user32

MessageBoxA
PostMessageA
DefWindowProcA
GetWindowLongA
SetWindowLongA
CreateWindowExA
RegisterClassExA
SendMessageTimeoutA
DestroyWindow

wsock32

recv
bind
ntohs
ioctlsocket
gethostbyname
send
WSASetLastError
WSAGetLastError
ntohl
htonl
WSAStartup
WSACleanup
connect
getpeername
getsockname
shutdown
listen
inet_ntoa
setsockopt
WSACancelAsyncRequest
closesocket
WSAAsyncGetHostByName
WSAAsyncSelect
accept
socket
htons
getsockopt

wininet

InternetCrackUrlA

Exports

Exports

??0CAsyncProxySocketLayer@@QAE@ABV0@@Z
??0CAsyncProxySocketLayer@@QAE@XZ
??0CAsyncSocketEx@@QAE@ABV0@@Z
??0CAsyncSocketEx@@QAE@XZ
??0CAsyncSocketExLayer@@QAE@ABV0@@Z
??0CAsyncSocketExLayer@@QAE@XZ
??0CAsyncSslSocketLayer@@QAE@ABV0@@Z
??0CAsyncSslSocketLayer@@QAE@XZ
??0CBase64Coding@@AAE@ABV0@@Z
??0CBase64Coding@@QAE@XZ
??0CCriticalSectionWrapper@@QAE@XZ
??0CMD5Checksum@@QAE@ABV0@@Z
??0CMD5Checksum@@QAE@XZ
??0CP2SPSocket@@QAE@XZ
??0CP4SPClient@@QAE@PAUHWND__@@K@Z
??0CP4SPClient@@QAE@XZ
??0CP4SPLogger@@QAE@XZ
??1CAsyncProxySocketLayer@@UAE@XZ
??1CAsyncSocketEx@@UAE@XZ
??1CAsyncSocketExLayer@@UAE@XZ
??1CAsyncSslSocketLayer@@UAE@XZ
??1CBase64Coding@@UAE@XZ
??1CCriticalSectionWrapper@@QAE@XZ
??1CMD5Checksum@@UAE@XZ
??1CP2SPSocket@@UAE@XZ
??1CP4SPClient@@UAE@XZ
??1CP4SPLogger@@UAE@XZ
??4CAsyncProxySocketLayer@@QAEAAV0@ABV0@@Z
??4CAsyncSocketEx@@QAEAAV0@ABV0@@Z
??4CAsyncSocketExLayer@@QAEAAV0@ABV0@@Z
??4CAsyncSslSocketLayer@@QAEAAV0@ABV0@@Z
??4CBase64Coding@@AAEAAV0@ABV0@@Z
??4CCriticalSectionWrapper@@QAEAAV0@ABV0@@Z
??4CMD5Checksum@@QAEAAV0@ABV0@@Z
??_7CAsyncProxySocketLayer@@6B@
??_7CAsyncSocketEx@@6B@
??_7CAsyncSocketExLayer@@6B@
??_7CAsyncSslSocketLayer@@6B@
??_7CBase64Coding@@6B@
??_7CMD5Checksum@@6B@
??_7CP2SPSocket@@6B@
??_7CP4SPClient@@6B@
??_7CP4SPLogger@@6B@
?Accept@CAsyncProxySocketLayer@@MAEHAAVCAsyncSocketEx@@PAUsockaddr@@PAH@Z
?Accept@CAsyncSocketEx@@UAEHAAV1@PAUsockaddr@@PAH@Z
?Accept@CAsyncSocketExLayer@@UAEHAAVCAsyncSocketEx@@PAUsockaddr@@PAH@Z
?AcceptNext@CAsyncSocketExLayer@@QAEHAAVCAsyncSocketEx@@PAUsockaddr@@PAH@Z
?AddField@CP2SPSocket@@QAEHV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@0@Z
?AddLayer@CAsyncSocketEx@@QAEHPAVCAsyncSocketExLayer@@@Z
?AddLayer@CAsyncSocketExLayer@@AAEPAV1@PAV1@PAVCAsyncSocketEx@@@Z
?AsyncSelect@CAsyncSocketEx@@QAEHJ@Z
?Attach@CAsyncSocketEx@@QAEHIJ@Z
?AttachHandle@CAsyncSocketEx@@IAEXI@Z
?Bind@CAsyncSocketEx@@QAEHIPBD@Z
?Bind@CAsyncSocketEx@@QAEHPBUsockaddr@@H@Z
?ByteToDWord@CMD5Checksum@@QAEXPAKPAEI@Z
?CallEvent@CAsyncSocketExLayer@@AAEXHH@Z
?ClearBuffer@CAsyncProxySocketLayer@@AAEXXZ
?Close@CAsyncProxySocketLayer@@UAEXXZ
?Close@CAsyncSocketEx@@UAEXXZ
?Close@CAsyncSocketExLayer@@UAEXXZ
?Close@CAsyncSslSocketLayer@@EAEXXZ
?CloseLogger@CP4SPLogger@@QAEXXZ
?CloseNext@CAsyncSocketExLayer@@QAEXXZ
?CloseSearch@CP4SPClient@@QAEXXZ
?Connect@CAsyncProxySocketLayer@@UAEHPBDI@Z
?Connect@CAsyncProxySocketLayer@@UAEHPBUsockaddr@@H@Z
?Connect@CAsyncSocketEx@@UAEHPBDI@Z
?Connect@CAsyncSocketEx@@UAEHPBUsockaddr@@H@Z
?Connect@CAsyncSocketExLayer@@UAEHPBDI@Z
?Connect@CAsyncSocketExLayer@@UAEHPBUsockaddr@@H@Z
?Connect@CAsyncSslSocketLayer@@EAEHPBDI@Z
?Connect@CAsyncSslSocketLayer@@EAEHPBUsockaddr@@H@Z
?ConnectNext@CAsyncSocketExLayer@@QAEHPBDI@Z
?ConnectNext@CAsyncSocketExLayer@@QAEHPBUsockaddr@@H@Z
?ConnectRate@CP4SPClient@@QAEKXZ
?Create@CAsyncSocketEx@@QAEHIHJPBD@Z
?Create@CAsyncSocketExLayer@@UAEHIHJPBD@Z
?CreateNext@CAsyncSocketExLayer@@QAEHIHJPBD@Z
?DWordToByte@CMD5Checksum@@QAEXPAEPAKI@Z
?DataAnalyse@CP2SPSocket@@MAEXPAE_J@Z
?DataAnalyse@CP4SPClient@@MAEXPAE_J@Z
?DelField@CP2SPSocket@@QAEHV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@0@Z
?Detach@CAsyncSocketEx@@QAEIXZ
?DetachHandle@CAsyncSocketEx@@IAEXI@Z
?DoLayerCallback@CAsyncSocketExLayer@@QAEHHHH@Z
?Encode@CBase64Coding@@UAEHPBDHPAD@Z
?FF@CMD5Checksum@@QAEXAAKKKKKKK@Z
?Final@CMD5Checksum@@QAE?AV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@XZ
?Final@CMD5Checksum@@QAEXPAEI@Z
?FreeAsyncSocketExInstance@CAsyncSocketEx@@IAEXXZ
?GG@CMD5Checksum@@QAEXAAKKKKKKK@Z
?GetCurrentStatus@CP2SPSocket@@QBEIXZ
?GetHelperWindowHandle@CAsyncSocketEx@@IAEPAUHWND__@@XZ
?GetLastError@CAsyncSocketEx@@SAHXZ
?GetLayerState@CAsyncSocketExLayer@@QAEHXZ
?GetMD5@CMD5Checksum@@QAEXPAEI0@Z
?GetMD5@CMD5Checksum@@SA?AV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@PAEI@Z
?GetMD5@CMD5Checksum@@SA?AV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@PAX@Z
?GetPeerCertificateData@CAsyncSslSocketLayer@@QAEHAAUt_SslCertData@@@Z
?GetPeerName@CAsyncProxySocketLayer@@UAEHPAUsockaddr@@PAH@Z
?GetPeerName@CAsyncSocketEx@@QAEHPAUsockaddr@@PAH@Z
?GetPeerName@CAsyncSocketExLayer@@UAEHPAUsockaddr@@PAH@Z
?GetPeerNameNext@CAsyncSocketExLayer@@QAEHPAUsockaddr@@PAH@Z
?GetProxyType@CAsyncProxySocketLayer@@QBEHXZ
?GetShadowDomains@CP4SPClient@@QAEII@Z
?GetSockName@CAsyncSocketEx@@QAEHPAUsockaddr@@PAH@Z
?GetSockOpt@CAsyncSocketEx@@QAEHHPAXPAHH@Z
?GetSocketHandle@CAsyncSocketEx@@QAEIXZ
?HH@CMD5Checksum@@QAEXAAKKKKKKK@Z
?II@CMD5Checksum@@QAEXAAKKKKKKK@Z
?IOCtl@CAsyncSocketEx@@QAEHJPAK@Z
?Init@CAsyncSocketExLayer@@AAEXPAV1@PAVCAsyncSocketEx@@@Z
?InitAsyncSocketExInstance@CAsyncSocketEx@@IAEHXZ
?InitClientSSL@CAsyncSslSocketLayer@@QAE_NXZ
?InitSSL@CAsyncSslSocketLayer@@AAE_NXZ
?IsConnectError@CP2SPSocket@@QAE_NXZ
?IsTransmitComplete@CP2SPSocket@@QAE_NXZ
?IsUsingSSL@CAsyncSslSocketLayer@@QAE_NXZ
?Listen@CAsyncProxySocketLayer@@UAEHH@Z
?Listen@CAsyncSocketEx@@QAEHH@Z
?Listen@CAsyncSocketExLayer@@UAEHH@Z
?ListenNext@CAsyncSocketExLayer@@QAEHH@Z
?Lock@CCriticalSectionWrapper@@QAEXXZ
?OnAccept@CAsyncSocketEx@@UAEXH@Z
?OnAccept@CAsyncSocketExLayer@@UAEXH@Z
?OnClose@CAsyncSocketEx@@UAEXH@Z
?OnClose@CAsyncSocketExLayer@@UAEXH@Z
?OnClose@CP2SPSocket@@UAEXH@Z
?OnComplete@CP4SPClient@@EAEXH@Z
?OnConnect@CAsyncProxySocketLayer@@MAEXH@Z
?OnConnect@CAsyncSocketEx@@UAEXH@Z
?OnConnect@CAsyncSocketExLayer@@UAEXH@Z
?OnConnect@CP2SPSocket@@UAEXH@Z
?OnLayerCallback@CAsyncSocketEx@@MAEHPBVCAsyncSocketExLayer@@HHH@Z
?OnReceive@CAsyncProxySocketLayer@@MAEXH@Z
?OnReceive@CAsyncSocketEx@@UAEXH@Z
?OnReceive@CAsyncSocketExLayer@@UAEXH@Z
?OnReceive@CAsyncSslSocketLayer@@EAEXH@Z
?OnReceive@CP2SPSocket@@UAEXH@Z
?OnSend@CAsyncSocketEx@@UAEXH@Z
?OnSend@CAsyncSocketExLayer@@UAEXH@Z
?OnSend@CAsyncSslSocketLayer@@EAEXH@Z
?OnSend@CP2SPSocket@@UAEXH@Z
?OnTime@CP2SPSocket@@QAEXXZ
?PrepareListen@CAsyncProxySocketLayer@@QAEHK@Z
?PrintSessionInfo@CAsyncSslSocketLayer@@AAEXXZ
?Receive@CAsyncProxySocketLayer@@MAEHPAXHH@Z
?Receive@CAsyncSocketEx@@UAEHPAXHH@Z
?Receive@CAsyncSocketExLayer@@UAEHPAXHH@Z
?Receive@CAsyncSslSocketLayer@@EAEHPAXHH@Z
?ReceiveNext@CAsyncSocketExLayer@@QAEHPAXHH@Z
?RemoveAllLayers@CAsyncSocketEx@@QAEXXZ
?Reset@CAsyncProxySocketLayer@@AAEXXZ
?ResetAll@CP4SPClient@@QAEXXZ
?ResetBuff@CP2SPSocket@@AAEXXZ
?ResetSslSession@CAsyncSslSocketLayer@@AAEXXZ
?RotateLeft@CMD5Checksum@@QAEKKH@Z
?SearchRate@CP4SPClient@@QAEKXZ
?SearchURL@CP4SPClient@@QAEIPBD_K@Z
?SearchWithFgid@CP4SPClient@@QAEIPBD_K@Z
?SearchWithWfid@CP4SPClient@@QAEIPBD_K@Z
?Send@CAsyncProxySocketLayer@@MAEHPBXHH@Z
?Send@CAsyncSocketEx@@UAEHPBXHH@Z
?Send@CAsyncSocketExLayer@@UAEHPBXHH@Z
?Send@CAsyncSslSocketLayer@@EAEHPBXHH@Z
?SendHttpRequest@CP2SPSocket@@QAEHV?$CStringT@DV?$StrTraitATL@DV?$ChTraitsCRT@D@ATL@@@ATL@@@ATL@@00PAEI@Z
?SendNext@CAsyncSocketExLayer@@QAEHPBXHH@Z
?SetFileInfo@CP4SPClient@@QAEXPBD0_K@Z
?SetHashInfo@CP4SPClient@@QAEXPBD000@Z
?SetLayerState@CAsyncSocketExLayer@@AAEXH@Z
?SetNotifyReply@CAsyncSslSocketLayer@@QAEXHHH@Z
?SetObj@CP4SPClient@@QAEXPAUHWND__@@K@Z
?SetProxy@CAsyncProxySocketLayer@@QAEXH@Z
?SetProxy@CAsyncProxySocketLayer@@QAEXHPBDH00@Z
?SetProxy@CAsyncProxySocketLayer@@QAEXHPBDH@Z
?SetProxy@CP2SPSocket@@QAEXHPBDH00@Z
?SetSockOpt@CAsyncSocketEx@@QAEHHPBXHH@Z
?SetUrl@CP4SPClient@@QAEXABVURL@fg@@@Z
?ShutDown@CAsyncSocketEx@@QAEHH@Z
?ShutDown@CAsyncSocketExLayer@@UAEHH@Z
?ShutDown@CAsyncSslSocketLayer@@EAEHH@Z
?ShutDownComplete@CAsyncSslSocketLayer@@AAEHXZ
?ShutDownNext@CAsyncSocketExLayer@@QAEHH@Z
?Transform@CMD5Checksum@@QAEXQAE@Z
?TriggerEvent@CAsyncSocketEx@@QAEHJ@Z
?TriggerEvent@CAsyncSocketExLayer@@QAEHJHH@Z
?UnloadSSL@CAsyncSslSocketLayer@@AAEXXZ
?Unlock@CCriticalSectionWrapper@@QAEXXZ
?UpDataP4SPInfo@CP4SPClient@@QAEIXZ
?Update@CMD5Checksum@@QAEXPAEK@Z
?UpdateFailedLog@CP4SPLogger@@QAEIIABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0PBD@Z
?UpdateLog@CP4SPLogger@@QAEIABVFileInfo@fg@@ABVDownInfo@ClientSyslog@3@11PBD@Z
?apps_ssl_info_callback@CAsyncSslSocketLayer@@CAXPAUssl_st@@HH@Z
?binTohex@CP4SPClient@@SAXPBEIPAE@Z
?btHash@CP4SPClient@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?downCounts@CP4SPClient@@QBEIXZ
?eD2KHash@CP4SPClient@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?fgid@CP4SPClient@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?fileSize@CP4SPClient@@QBE_KXZ
?fileTime@CP4SPClient@@QBE_KXZ
?fullHash@CP4SPClient@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?getFileInfo@CP4SPClient@@QAEABVFileInfo@fg@@XZ
?m_hSslDll1@CAsyncSslSocketLayer@@0PAUHINSTANCE__@@A
?m_hSslDll2@CAsyncSslSocketLayer@@0PAUHINSTANCE__@@A
?m_nSslRefCount@CAsyncSslSocketLayer@@0HA
?m_pSslLayerList@CAsyncSslSocketLayer@@0PAUt_SslLayerList@1@A
?m_sCriticalSection@CAsyncSslSocketLayer@@0VCCriticalSectionWrapper@@A
?m_sGlobalCriticalSection@CAsyncSocketEx@@1VCCriticalSection@ATL@@A
?m_spAsyncSocketExThreadDataList@CAsyncSocketEx@@1PAUt_AsyncSocketExThreadDataList@1@A
?m_ssl_ctx@CAsyncSslSocketLayer@@0PAUssl_ctx_st@@A
?setBtHash@CP4SPClient@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setDownCounts@CP4SPClient@@AAEXI@Z
?setED2KHash@CP4SPClient@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setFgid@CP4SPClient@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setFileSize@CP4SPClient@@AAEX_K@Z
?setFileTime@CP4SPClient@@AAEX_K@Z
?setFullHash@CP4SPClient@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setUrls@CP4SPClient@@AAEXABV?$vector@VURL@fg@@V?$allocator@VURL@fg@@@std@@@std@@@Z
?setWfid@CP4SPClient@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?setXunleiHash@CP4SPClient@@AAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?shadowDomains@CP4SPClient@@QBEABV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@std@@XZ
?urls@CP4SPClient@@QBEABV?$vector@VURL@fg@@V?$allocator@VURL@fg@@@std@@@std@@XZ
?xunleiHash@CP4SPClient@@QBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

Sections

.text
Size: 148KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Box/np4399Plugin.dll
.dll regsvr32 windows:4 windows x86 arch:x86

4e962eaa5842d124f4bee28ebd0f38be

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InitializeCriticalSection
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
lstrcpyA
lstrcatA
WideCharToMultiByte
FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
OutputDebugStringA
InterlockedDecrement
InterlockedIncrement
WinExec
MultiByteToWideChar
GetModuleFileNameA
GetModuleHandleA
GetShortPathNameA
lstrlenA
LoadLibraryA
lstrlenW
SetEndOfFile
CreateFileA
LCMapStringW
LCMapStringA
DebugBreak
GetStdHandle
WriteFile
RtlUnwind
GetCommandLineA
GetVersion
ExitProcess
IsBadWritePtr
IsBadReadPtr
HeapValidate
TerminateProcess
GetCurrentProcess
GetLastError
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
CloseHandle
GetCPInfo
GetACP
GetOEMCP
ReadFile
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetVersionExA
HeapCreate
HeapFree
VirtualFree
HeapAlloc
HeapReAlloc
VirtualAlloc
SetUnhandledExceptionFilter
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
FlushFileBuffers
RaiseException

user32

SetWindowLongA
CharNextA

advapi32

RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegDeleteKeyA

ole32

CoCreateInstance

oleaut32

SysStringLen
LoadRegTypeLi
LoadTypeLi
SysAllocString
RegisterTypeLi
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: 108KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Box/skins/Default/AddMoney.png
.png
Box/skins/Default/DLFinish.wav
Box/skins/Default/GameHome.png
.png
Box/skins/Default/StatusBtnBG.png
.png
Box/skins/Default/StatusIcon.png
.png
Box/skins/Default/Tab.png
.png
Box/skins/Default/TipBG.png
.png
Box/skins/Default/TipClose.png
.png
Box/skins/Default/TipLogo.png
.png
Box/skins/Default/about.png
.png
Box/skins/Default/ask.png
.png
Box/skins/Default/askbtn.png
.png
Box/skins/Default/askcheckbox.png
.png
Box/skins/Default/askradio.png
.png
Box/skins/Default/bicon.png
.png
Box/skins/Default/button2.png
.png
Box/skins/Default/caption.ico
Box/skins/Default/close.png
.png
Box/skins/Default/download_game.png
.png
Box/skins/Default/error.png
.png
Box/skins/Default/favorites_game.png
.png
Box/skins/Default/feedback.png
.png
Box/skins/Default/flashgame_bg.png
.png
Box/skins/Default/fullscreen.png
.png
Box/skins/Default/line.png
.png
Box/skins/Default/max.png
.png
Box/skins/Default/menubtn.png
.png
Box/skins/Default/menuitem.png
.png
Box/skins/Default/min.png
.png
Box/skins/Default/ok.png
.png
Box/skins/Default/pgbg.png
.png
Box/skins/Default/pgface.png
.png
Box/skins/Default/refresh.png
.png
Box/skins/Default/restore.png
.png
Box/skins/Default/restorewindow.png
.png
Box/skins/Default/sandbox.png
.png
Box/skins/Default/skins.ini
Box/skins/Default/statusbg.png
.png
Box/skins/Default/tabmyclose.png
.png
Box/skins/Default/tipbackground.png
.png
Box/skins/Default/tipcheck.png
.png
Box/skins/Default/tipclose2.png
.png
Box/skins/Default/tiplogo2.png
.png
Box/skins/Default/tiprungame.png
.png
Box/skins/Default/titlebg.png
.png
Box/skins/Default/trayicon.png
.png
Box/skins/Default/ym_button.png
.png
Box/skins/Default/ym_toolbarbg.png
.png
Box/uninst.exe.nsis
Box/zlib.dll
.dll windows:4 windows x86 arch:x86

e5c5650f0b0c0414d7e983aacdedc6c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crtdll

fwrite
fread
_errno
fclose
free
vsprintf
fflush
fseek
rewind
fputc
malloc
ftell
fprintf
_fdopen
fopen
sprintf
calloc
_initterm

kernel32

GlobalAlloc
GetVersion
GlobalFree

Exports

Exports

adler32
compress
compress2
crc32
deflate
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflateReset
deflateSetDictionary
get_crc_table
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzwrite
inflate
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGetGlobalComment
unzGetGlobalInfo
unzGetLocalExtrafield
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen
unzOpen2
unzOpenCurrentFile
unzOpenCurrentFile2
unzReadCurrentFile
unzStringFileNameCompare
unzeof
unztell
zError
zipClose
zipCloseFileInZip
zipCloseFileInZipRaw
zipOpen
zipOpenNewFileInZip
zipOpenNewFileInZip2
zipWriteInFileInZip
zlibVersion

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
新云软件.url
.url

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

04:00:00:00:00:01:20:19:c1:90:66Certificate

Key Usages

01:00:00:00:00:01:25:b0:b4:cc:01Certificate

Extended Key Usages

Key Usages

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

bb:3d:e0:0d:e3:ec:d4:3f:60:5e:6b:6a:f5:c7:2e:c2Certificate

Extended Key Usages

Key Usages

be:f6:37:81:4c:83:2e:fc:6c:f5:0a:6d:f5:b8:a7:29:ee:fc:d4:6fSigner

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 21KB - Virtual size: 20KB

295fc8c35dee88b924b0f6bafc807c6c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 172B

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 25KB

.reloc Size: 1024B - Virtual size: 838B

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

bb:3d:e0:0d:e3:ec:d4:3f:60:5e:6b:6a:f5:c7:2e:c2
Certificate

be:f6:37:81:4c:83:2e:fc:6c:f5:0a:6d:f5:b8:a7:29:ee:fc:d4:6f
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 21KB - Virtual size: 20KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 838B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 512B - Virtual size: 470B

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

bb:3d:e0:0d:e3:ec:d4:3f:60:5e:6b:6a:f5:c7:2e:c2
Certificate

fb:22:70:e7:bd:78:f0:78:1a:b6:24:66:8f:82:40:74:ef:be:9d:64
Signer

.text
Size: 1.9MB - Virtual size: 1.9MB

.rdata
Size: 316KB - Virtual size: 316KB

.data
Size: 116KB - Virtual size: 133KB

.rsrc
Size: 34KB - Virtual size: 34KB

04:00:00:00:00:01:20:19:c1:90:66
Certificate

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate