kontur[.]plugin[.]admin[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

kontur.plugin.admin.exe
Size

6.8MB
MD5

46737af4e83641478d92673b628f9c1d
SHA1

fc430ccc59ad619f9515e698539d17d0204fb9d3
SHA256

3c5af1a894a355a2f50206ac5923d084166e3debc6e1cf417f3393b46480b39c
SHA512

c60409832f63693cf61616a3865098a9efdf2affba662baf7c1b620e1b2529efc7a5124db2f9d147507cdfb36691b92c2f92cfcc17353ad12ead8a7327a250cf
SSDEEP

196608:J6S778UHVROrhCIjXXoKkqYbGXZKk3POHdM:J86rOrbHoK7iEKc+m

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/LockedList.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack002/$PLUGINSDIR/LockedList.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UserInfo.dll
unpack002/$PLUGINSDIR/nsDialogs.dll

Files

kontur.plugin.admin.exe
.exe windows:4 windows x86 arch:x86

14b0fecbed4a918c9c5c5d940cc1045e

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18-04-2022 14:35

Not After

15-07-2025 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18-04-2022 14:35

Not After

15-07-2025 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:a2:a6:b2:57:b6:45:a7:23:cb:f6:2d:12:a5:81:76:f3:24:e6:67:ad:82:fb:20:13:5e:97:cd:06:47:41:64
Signer

Actual PE Digest

56:a2:a6:b2:57:b6:45:a7:23:cb:f6:2d:12:a5:81:76:f3:24:e6:67:ad:82:fb:20:13:5e:97:cd:06:47:41:64

Digest Algorithm

sha256

PE Digest Matches

true

56:fc:ad:14:13:70:da:25:83:e9:ea:e9:60:ce:95:ec:08:d8:bc:44
Signer

Actual PE Digest

56:fc:ad:14:13:70:da:25:83:e9:ea:e9:60:ce:95:ec:08:d8:bc:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

DispatchMessageW
wsprintfA
IsWindowVisible
PeekMessageW
wvsprintfW
MessageBoxIndirectW
CharNextA
CharPrevW
GetSystemMetrics
GetDlgItemTextW
SetDlgItemTextW
TrackPopupMenu
CreatePopupMenu
FillRect
CloseClipboard
OpenClipboard
EndPaint
IsDlgButtonChecked
CallWindowProcW
GetMessagePos
LoadCursorW
GetAsyncKeyState
CheckDlgButton
SetWindowPos
SetCursor
GetSysColor
SetClassLongW
GetWindowLongW
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassW
ScreenToClient
EndDialog
GetClassInfoW
SystemParametersInfoW
CreateWindowExW
ExitWindowsEx
DialogBoxParamW
CharNextW
SetTimer
DestroyWindow
CreateDialogParamW
SetForegroundWindow
SetWindowTextW
PostQuitMessage
SendMessageTimeoutW
ShowWindow
wsprintfW
GetDlgItem
FindWindowExW
IsWindow
GetDC
SetWindowLongW
LoadImageW
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageW
DefWindowProcW
GetClientRect
DrawTextW
SetClipboardData
EmptyClipboard
AppendMenuW

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
MoveFileExW
GetTempFileNameW
lstrcmpiA
WriteFile
CreateProcessW
CreateDirectoryW
RemoveDirectoryW
GlobalLock
GlobalUnlock
CreateThread
WideCharToMultiByte
lstrcpynW
GetDiskFreeSpaceW
SetErrorMode
GetVersionExW
lstrlenW
GetTempPathW
GetWindowsDirectoryW
GetCommandLineW
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetModuleFileNameW
GetFileSize
GetCurrentProcess
GetTickCount
Sleep
CreateFileW
GetFileAttributesW
SetCurrentDirectoryW
SetFileAttributesW
MoveFileW
GetFullPathNameW
GetLastError
SearchPathW
CompareFileTime
GetShortPathNameW
CloseHandle
lstrcmpiW
SetFileTime
ExpandEnvironmentStringsW
GlobalFree
lstrcmpW
GetModuleHandleW
LoadLibraryExW
GlobalAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
FreeLibrary
lstrcpyA
lstrcatW
ReadFile
MultiByteToWideChar
lstrlenA
FindClose
FindNextFileW
SetFilePointer
DeleteFileW
MulDiv
FindFirstFileW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 140KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LockedList.dll
.dll windows:5 windows x86 arch:x86

e68e7ec0ca04b3c03f32af2b2809bbc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\tools\locked-list\Plugins\x86-unicode\LockedList.pdb

Imports

comctl32

ImageList_Create
ImageList_ReplaceIcon

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFileExistsW

kernel32

SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetCurrentProcess
lstrlenW
TerminateProcess
GetModuleFileNameW
WaitForMultipleObjects
WaitForSingleObject
LocalAlloc
CreateFileW
OpenProcess
GetExitCodeThread
Sleep
GetLastError
lstrcatW
GlobalAlloc
GlobalFree
CloseHandle
CreateThread
LocalFree
GetCurrentProcessId
GetModuleHandleW
lstrcpyW
lstrcmpiW
lstrcmpW
lstrcpynW
MultiByteToWideChar
WideCharToMultiByte
QueryDosDeviceW
DuplicateHandle
GetVersion
CreateEventW
SetEvent
TerminateThread
LoadLibraryW
ResetEvent
GetProcAddress
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
HeapFree
HeapAlloc
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
DecodePointer
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetLastError
WriteConsoleW
GetStringTypeW
InterlockedFlushSList
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind

user32

GetMessageW
CreateDialogParamW
CharLowerW
PostMessageW
GetWindowRect
SendMessageTimeoutW
DestroyWindow
SetWindowPos
MessageBoxW
SetActiveWindow
CreateWindowExW
ScreenToClient
SendMessageW
GetSystemMetrics
SetWindowTextW
CreatePopupMenu
MsgWaitForMultipleObjects
TrackPopupMenu
ShowWindow
IsWindow
GetWindow
DispatchMessageW
IsDialogMessageW
DestroyIcon
CloseClipboard
EmptyClipboard
PeekMessageW
MapWindowPoints
MoveWindow
DestroyMenu
TranslateMessage
GetClassNameW
SetClipboardData
SetCursor
wsprintfW
SetWindowLongW
GetClientRect
GetDlgItem
AppendMenuW
LoadImageW
SetCursorPos
GetCursorPos
EnableWindow
GetWindowTextW
GetWindowThreadProcessId
EnumWindows
GetWindowLongW
OpenClipboard
CallWindowProcW

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ShellExecuteExW
ExtractIconExW

Exports

Exports

AddApplications
AddCaption
AddClass
AddCustom
AddFile
AddFolder
AddModule
CloseProcess
Dialog
EnumProcesses
FindProcess
InitDialog
IsFileLocked
Show
SilentPercentComplete
SilentSearch
SilentWait

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

5e62e8e248e7364886b604bd1fcf4c13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
GetUserNameW

kernel32

GlobalFree
GetVersion
GlobalAlloc
CloseHandle
GetModuleHandleA
GetLastError
GetCurrentProcess
GetCurrentThread
GetProcAddress
lstrcpynW

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 705B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

c1c7505e1e6e929ebb6b9100e55b050a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

wsprintfW
CharNextExA
SendMessageW
FindWindowExW
CharNextW
CharPrevW

kernel32

CreatePipe
DeleteFileW
lstrcmpiW
GetCommandLineW
ExitProcess
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreateFileMappingW
GetVersion
GetCurrentProcess
lstrcpynW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
GlobalFree
CreateFileW
CopyFileW
GetTempFileNameW
GlobalAlloc
GetModuleFileNameW
GetProcAddress
GetModuleHandleA

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/SkbKontur/Plugin/4.2.2.488/Kontur.Plugin.IE.dll
.dll regsvr32 windows:5 windows x86 arch:x86

da58b13cd7b94c3017e12f235c2ea1fd

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18-04-2022 14:35

Not After

15-07-2025 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18-04-2022 14:35

Not After

15-07-2025 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4e:54:39:cb:5c:f4:c0:88:68:08:2c:2e:04:7d:fc:ef:0d:39:48:33:02:ed:8d:6e:fb:d3:49:0b:98:f5:ec:0f
Signer

Actual PE Digest

4e:54:39:cb:5c:f4:c0:88:68:08:2c:2e:04:7d:fc:ef:0d:39:48:33:02:ed:8d:6e:fb:d3:49:0b:98:f5:ec:0f

Digest Algorithm

sha256

PE Digest Matches

true

ea:5f:19:a6:05:3d:12:65:82:9f:e8:10:ff:cb:9a:9e:30:7d:34:39
Signer

Actual PE Digest

ea:5f:19:a6:05:3d:12:65:82:9f:e8:10:ff:cb:9a:9e:30:7d:34:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\gitlab-runner\builds\wU4BcDzV\0\cpp.studio\plugin\build\bin\Release\Kontur.Plugin.IE.pdb

Imports

ws2_32

freeaddrinfo
getaddrinfo
__WSAFDIsSet
ioctlsocket
listen
htonl
select
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
send
recv
closesocket
WSAGetLastError
accept

winhttp

WinHttpGetDefaultProxyConfiguration
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wintrust

WinVerifyTrust

kernel32

SetEvent
WaitForSingleObject
WaitForMultipleObjects
WriteFile
ReadFile
CloseHandle
ConnectNamedPipe
CreateEventA
CreateProcessW
CreateNamedPipeA
GetCurrentProcess
GetCurrentThreadId
GetFileSizeEx
SetFilePointerEx
GetSystemTime
LoadLibraryA
CreateFileW
FreeResource
LockResource
MulDiv
FindResourceExA
GetACP
IsValidCodePage
GetCPInfo
IsDBCSLeadByteEx
WideCharToMultiByte
GlobalFree
FlushFileBuffers
SetEndOfFile
lstrlenW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GetTimeZoneInformation
GetModuleHandleA
GetShortPathNameW
GetFileAttributesExW
DeleteFileW
ReplaceFileW
GetProcessTimes
GetCommandLineW
GetOverlappedResult
SetLastError
InitializeCriticalSection
SleepEx
GetSystemDirectoryA
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
Sleep
MoveFileExA
GetEnvironmentVariableA
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
LoadResource
ReadConsoleW
GetConsoleMode
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
GetFileType
SetStdHandle
VirtualQuery
VirtualProtect
VirtualAlloc
GetSystemInfo
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TerminateProcess
GetCurrentProcessId
InterlockedDecrement
InterlockedIncrement
FormatMessageA
LocalFree
SetThreadLocale
GetThreadLocale
MultiByteToWideChar
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
GetVersionExW
SizeofResource
TlsAlloc
CreateEventW
GetNativeSystemInfo
GetExitCodeThread
VerifyVersionInfoW
LoadLibraryW
WaitForMultipleObjectsEx
UnregisterWaitEx
QueryDepthSList
InterlockedPopEntrySList
ReleaseSemaphore
SetProcessAffinityMask
GetCurrentThread
SwitchToThread
WaitForSingleObjectEx
DuplicateHandle
CreateHardLinkW
MoveFileExW
CopyFileW
CreateDirectoryExW
DeviceIoControl
AreFileApisANSI
GetTempPathW
SetFileTime
SetFileAttributesW
RemoveDirectoryW
GetFullPathNameW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
RaiseException
GetProcAddress
FreeLibrary
DecodePointer
EncodePointer
HeapFree
HeapAlloc
HeapSize
HeapReAlloc
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
GetFullPathNameA
FindFirstFileExA
FindNextFileA
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
SetConsoleCtrlHandler
WriteConsoleW
OutputDebugStringA
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
GetConsoleCP
RtlCaptureStackBackTrace
IsDebuggerPresent
OutputDebugStringW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead
TryEnterCriticalSection
FormatMessageW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileExW
FindNextFileW
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileInformationByHandle
VirtualFree

user32

GetUserObjectInformationA
GetProcessWindowStation
GetWindowTextA
ReleaseDC
GetWindowDC
GetDC
DialogBoxIndirectParamA
GetWindowRect
GetClientRect
SetWindowTextA
GetSystemMetrics
EndPaint
BeginPaint
GetForegroundWindow
GetDlgItem
EndDialog
SetWindowPos
MoveWindow
SendMessageA
wsprintfW
LoadStringW
PostMessageW
DestroyWindow
InvalidateRect
RegisterClassExW
DefWindowProcW
CharNextW
UnregisterClassW
CreateWindowExW

gdi32

GetObjectA
GetTextExtentPoint32A
GetDeviceCaps
CreateFontA
CreateDIBitmap
SetTextColor
SelectObject
Rectangle
GetStockObject
DeleteObject
DeleteDC
CreateSolidBrush
CreatePen
CreateCompatibleDC
BitBlt

shell32

SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
StringFromGUID2
CoCreateInstance
ProgIDFromCLSID

oleaut32

SetErrorInfo
LoadRegTypeLi
SysAllocStringLen
VariantClear
VariantInit
CreateErrorInfo
RegisterTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
SysFreeString
SysAllocString
UnRegisterTypeLi

advapi32

ConvertSidToStringSidW
RegOverridePredefKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
DuplicateToken
AccessCheck
OpenProcessToken
MapGenericMask
GetFileSecurityW
RegEnumKeyW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextA
RegCloseKey
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
IsValidSid
GetTokenInformation
RegQueryValueExW
RegEnumValueW

crypt32

CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 314KB - Virtual size: 314KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 37KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/SkbKontur/Plugin/4.2.2.488/addons/kontur.plugin.service.control.exe
.exe windows:5 windows x86 arch:x86

ce8ad06a94b042ab77b573f2584831c0

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18-04-2022 14:35

Not After

15-07-2025 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18-04-2022 14:35

Not After

15-07-2025 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:6c:d8:e4:6b:54:d8:11:b7:a1:eb:6a:93:db:c0:a9:36:62:4e:7f:cf:4b:b3:7a:0f:dc:a0:65:30:c3:36:40
Signer

Actual PE Digest

42:6c:d8:e4:6b:54:d8:11:b7:a1:eb:6a:93:db:c0:a9:36:62:4e:7f:cf:4b:b3:7a:0f:dc:a0:65:30:c3:36:40

Digest Algorithm

sha256

PE Digest Matches

true

ae:f7:42:6c:bc:15:3f:84:04:b6:31:59:3d:be:cd:de:d8:11:cf:e4
Signer

Actual PE Digest

ae:f7:42:6c:bc:15:3f:84:04:b6:31:59:3d:be:cd:de:d8:11:cf:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\gitlab-runner\builds\wU4BcDzV\0\cpp.studio\plugin\build\bin\Release\kontur.plugin.service.control.pdb

Imports

kernel32

GetEnvironmentVariableW
GetFileAttributesExW
GetCurrentProcessId
GetModuleFileNameW
GetCommandLineW
lstrlenW
FlushFileBuffers
SetEndOfFile
SetFilePointerEx
CreateFileW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
FindNextFileA
FindFirstFileExA
HeapReAlloc
GetModuleHandleA
GetCurrentProcess
WideCharToMultiByte
MultiByteToWideChar
IsDBCSLeadByteEx
GetCPInfo
GetACP
IsValidCodePage
LoadLibraryA
GetProcAddress
GetTickCount
Sleep
CreateFileA
FormatMessageA
CloseHandle
ReadFile
WriteFile
SetStdHandle
GetLastError
LocalFree
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
HeapSize
GetVersionExW
GetFileInformationByHandle
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
GetCurrentThreadId
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
FormatMessageW
CreateDirectoryW
FindClose
FindFirstFileExW
GetFileAttributesW
GetTempPathW
AreFileApisANSI
SetLastError
GetModuleHandleW
QueryPerformanceCounter
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
TerminateProcess
InitializeSListHead
CreateTimerQueue
SetEvent
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibrary
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
LoadLibraryW
RaiseException
RtlUnwind
GetFileType
ExitThread
GetModuleHandleExW
ExitProcess
GetModuleFileNameA
GetStdHandle
GetCommandLineA
HeapAlloc
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
ReadConsoleW

shell32

SHGetFolderPathW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
GetFileSecurityW
MapGenericMask
OpenProcessToken
AccessCheck
DuplicateToken
StartServiceA
QueryServiceStatusEx
OpenServiceW
OpenSCManagerA
ControlService
CloseServiceHandle

Sections

.text
Size: 369KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/SkbKontur/Plugin/4.2.2.488/kontur.plugin.firefox.dll
.dll windows:5 windows x86 arch:x86

9ef216408bf5031ba09fc65f8bf2b3a8

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18-04-2022 14:35

Not After

15-07-2025 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18-04-2022 14:35

Not After

15-07-2025 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

20:99:b9:1d:ff:62:9a:92:45:14:5b:fa:b8:14:70:47:be:81:19:f7:c3:31:8f:1c:49:8c:c6:bb:09:3a:7f:2b
Signer

Actual PE Digest

20:99:b9:1d:ff:62:9a:92:45:14:5b:fa:b8:14:70:47:be:81:19:f7:c3:31:8f:1c:49:8c:c6:bb:09:3a:7f:2b

Digest Algorithm

sha256

PE Digest Matches

true

2b:34:af:95:0b:33:70:64:ef:ff:f4:d7:46:d9:e3:52:c1:66:d8:1a
Signer

Actual PE Digest

2b:34:af:95:0b:33:70:64:ef:ff:f4:d7:46:d9:e3:52:c1:66:d8:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\gitlab-runner\builds\wU4BcDzV\0\cpp.studio\plugin\build\bin\Release\kontur.plugin.firefox.pdb

Imports

ws2_32

WSAGetLastError
freeaddrinfo
getaddrinfo
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
WSASetLastError
socket
setsockopt
ntohs
htons
getsockopt
getsockname
getpeername
connect
bind
send
recv
closesocket
select

crypt32

CertFindCertificateInStore
CertFreeCertificateContext
CryptStringToBinaryA
PFXImportCertStore
CryptDecodeObjectEx
CertAddCertificateContextToStore
CertFindExtension
CryptQueryObject
CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertCloseStore
CertOpenStore
CertEnumCertificatesInStore

winhttp

WinHttpOpen
WinHttpGetDefaultProxyConfiguration
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

GetModuleHandleExW
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileType
GetDriveTypeW
DisableThreadLibraryCalls
LocalFree
GetCurrentProcessId
TerminateProcess
GetLastError
GetOverlappedResult
SetEvent
WaitForSingleObject
WaitForMultipleObjects
WriteFile
ReadFile
CloseHandle
FormatMessageA
ConnectNamedPipe
CreateEventA
CreateProcessW
CreateNamedPipeA
FreeLibrary
GetProcAddress
GetCurrentProcess
GetCurrentThreadId
GetFileSizeEx
SetFilePointerEx
GetSystemTime
LoadLibraryA
CreateFileW
GlobalFree
ExitProcess
GetModuleFileNameA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SleepEx
GetModuleHandleA
GetSystemDirectoryA
QueryPerformanceFrequency
GetTickCount
QueryPerformanceCounter
Sleep
MultiByteToWideChar
WideCharToMultiByte
MoveFileExA
GetEnvironmentVariableA
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
lstrlenW
GetEnvironmentVariableW
GetSystemDirectoryW
GetTimeZoneInformation
GetFileAttributesExW
DeleteFileW
GetSystemInfo
VerifyVersionInfoW
GetProcessTimes
GetModuleFileNameW
GetCommandLineW
GetVersionExW
FlushFileBuffers
SetEndOfFile
GetACP
IsValidCodePage
GetCPInfo
IsDBCSLeadByteEx
RtlUnwind
LoadLibraryW
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
ReleaseSemaphore
SetStdHandle
InitializeCriticalSection
GetConsoleMode
ReadConsoleW
GetConsoleCP
HeapFree
HeapAlloc
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStdHandle
HeapReAlloc
FindFirstFileExA
FindNextFileA
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
HeapSize
SetLastError
FormatMessageW
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
GetCurrentDirectoryW
CreateDirectoryW
FindClose
FindFirstFileExW
GetFileAttributesW
GetFileInformationByHandle
GetFullPathNameW
GetTempPathW
AreFileApisANSI
GetModuleHandleW
TryEnterCriticalSection
EncodePointer
DecodePointer
RaiseException
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree

user32

GetSystemMetrics
wsprintfW

shell32

SHGetFolderPathW
ShellExecuteExW

advapi32

CryptGetHashParam
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
GetFileSecurityW
MapGenericMask
OpenProcessToken
AccessCheck
DuplicateToken

Exports

Exports

SendCommand

Sections

.text
Size: 697KB - Virtual size: 697KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/SkbKontur/Plugin/4.2.2.488/kontur.plugin.host.exe
.exe windows:5 windows x86 arch:x86

fb72188314d3e3eeb8b2fa5cdb6bbf39

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18-04-2022 14:35

Not After

15-07-2025 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18-04-2022 14:35

Not After

15-07-2025 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7c:12:04:e8:01:f3:36:aa:ee:bd:1e:62:03:b1:fc:bd:96:11:2e:e2:f3:31:c0:96:27:9f:ee:2e:1f:e2:28:ee
Signer

Actual PE Digest

7c:12:04:e8:01:f3:36:aa:ee:bd:1e:62:03:b1:fc:bd:96:11:2e:e2:f3:31:c0:96:27:9f:ee:2e:1f:e2:28:ee

Digest Algorithm

sha256

PE Digest Matches

true

8a:fd:c0:c7:b9:a8:60:9b:f1:2b:91:e7:73:44:c1:5c:28:22:f9:a3
Signer

Actual PE Digest

8a:fd:c0:c7:b9:a8:60:9b:f1:2b:91:e7:73:44:c1:5c:28:22:f9:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\gitlab-runner\builds\wU4BcDzV\0\cpp.studio\plugin\build\bin\Release\kontur.plugin.host.pdb

Imports

cryptui

CryptUIDlgViewCertificateA
CryptUIDlgSelectCertificateFromStore

ws2_32

connect
htons
getsockopt
getsockname
bind
send
recv
freeaddrinfo
getpeername
closesocket
WSAGetLastError
select
ntohs
setsockopt
WSASetLastError
getaddrinfo
__WSAFDIsSet
ioctlsocket
listen
htonl
accept
WSACleanup
WSAStartup
WSAIoctl
socket

crypt32

CertCreateCertificateChainEngine
CertFreeCertificateChainEngine
CertOpenStore
CryptDecodeObjectEx
PFXImportCertStore
CryptStringToBinaryA
CertVerifyCertificateChainPolicy
CryptVerifyMessageSignature
CryptQueryObject
CryptImportPublicKeyInfo
CryptMsgGetParam
CryptMsgClose
CertAlgIdToOID
CryptExportPublicKeyInfo
CryptDecodeObject
CryptEncodeObject
CertDeleteCertificateFromStore
CertGetCertificateContextProperty
CertSetCertificateContextProperty
CertCreateCertificateContext
CertFreeCertificateChain
CertFreeCertificateContext
CertDuplicateCertificateContext
CertCloseStore
CertGetCertificateChain
CertAddCertificateContextToStore
CertFindCertificateInStore
CertEnumCertificatesInStore
CertFindExtension
CryptSignAndEncodeCertificate

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpOpen
WinHttpGetDefaultProxyConfiguration

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

wintrust

WinVerifyTrust

winscard

g_rgSCardT1Pci
SCardEstablishContext
SCardReleaseContext
SCardConnectA
SCardDisconnect
SCardTransmit
g_rgSCardT0Pci

mpr

WNetGetUniversalNameW
WNetAddConnection3W

kernel32

GetProcAddress
GetCurrentProcess
GetCurrentThreadId
GetFileSizeEx
SetFilePointerEx
GetSystemTime
LoadLibraryA
CreateFileW
MultiByteToWideChar
Sleep
GetTickCount
GetACP
GetLogicalDriveStringsW
GetDriveTypeW
GetVolumeInformationW
FreeResource
LockResource
LoadResource
MulDiv
FindResourceExA
LocalAlloc
LoadLibraryW
GlobalFree
SetLastError
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SleepEx
GetSystemDirectoryA
QueryPerformanceFrequency
QueryPerformanceCounter
WideCharToMultiByte
MoveFileExA
GetEnvironmentVariableA
VerSetConditionMask
VerifyVersionInfoA
CreateFileA
GetTimeZoneInformation
GetSystemInfo
VerifyVersionInfoW
FormatMessageA
GetEnvironmentVariableW
GetSystemDirectoryW
GetProcessTimes
GetModuleFileNameW
GetCommandLineW
GetVersionExW
FreeLibrary
GetFileAttributesExW
DeleteFileW
FlushFileBuffers
SetEndOfFile
IsValidCodePage
GetCPInfo
IsDBCSLeadByteEx
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
CreateThread
SignalObjectAndWait
CreateTimerQueue
InitializeSListHead
GetStartupInfoW
UnhandledExceptionFilter
OutputDebugStringW
IsDebuggerPresent
GetStringTypeW
GetLocaleInfoW
LCMapStringW
CompareStringW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateEventW
IsProcessorFeaturePresent
GetModuleHandleExW
QueueUserWorkItem
EncodePointer
CopyFileW
GetModuleHandleW
SetErrorMode
CreateNamedPipeA
CreateProcessW
CreateEventA
ConnectNamedPipe
CloseHandle
ReadFile
WriteFile
WaitForMultipleObjects
WaitForSingleObject
SetEvent
GetOverlappedResult
TerminateProcess
GetCurrentProcessId
SetUnhandledExceptionFilter
GetShortPathNameW
AreFileApisANSI
GetTempPathW
RemoveDirectoryW
GetFullPathNameW
GetFileInformationByHandle
GetFileAttributesW
GetDiskFreeSpaceExW
FindNextFileW
FindFirstFileExW
FindClose
CreateDirectoryW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetStdHandle
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
LocalFree
DecodePointer
GetThreadTimes
FreeLibraryAndExitThread
LoadLibraryExW
VirtualAlloc
VirtualProtect
VirtualFree
ReleaseSemaphore
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
GetConsoleMode
ReadConsoleW
GetConsoleCP
VirtualQuery
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
ExitProcess
GetModuleFileNameA
GetStdHandle
GetCommandLineA
HeapAlloc
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WriteConsoleW
HeapReAlloc
HeapSize
FindFirstFileExA
FindNextFileA
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetProcessHeap
GetModuleHandleA
lstrlenW
FormatMessageW
DuplicateHandle
WaitForSingleObjectEx
SwitchToThread
GetCurrentThread
GetExitCodeThread
TryEnterCriticalSection

user32

GetMessageW
TranslateMessage
GetSystemMetrics
SendMessageW
GetWindowTextA
ReleaseDC
GetWindowDC
GetDC
DialogBoxIndirectParamA
SetWindowTextA
ScreenToClient
GetWindowRect
GetClientRect
InvalidateRect
EndPaint
BeginPaint
IsWindowEnabled
EnableWindow
GetKeyState
SetFocus
GetDlgItem
EndDialog
SetWindowPos
MoveWindow
ShowWindow
SendMessageA
wsprintfW
SetForegroundWindow
GetForegroundWindow
CreateWindowExW
UnregisterClassW
RegisterClassW
PostQuitMessage
DefWindowProcW
PostMessageW
DispatchMessageW

gdi32

GetObjectA
GetTextExtentPoint32A
GetDeviceCaps
CreateFontA
CreateDIBitmap
SetTextColor
SelectObject
Rectangle
GetStockObject
DeleteObject
DeleteDC
CreateSolidBrush
CreatePen
CreateCompatibleDC
BitBlt

shell32

ShellExecuteExW
SHGetFolderPathW
SHGetPathFromIDListW
SHBrowseForFolderW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CLSIDFromProgID
CoUninitialize

oleaut32

SysAllocString
VariantClear

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetOpenFileNameW

advapi32

CryptCreateHash
CryptSetHashParam
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegEnumValueW
RegEnumKeyW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey
ConvertSidToStringSidW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
IsValidSid
GetTokenInformation
CryptGenRandom
CryptEncrypt
CryptDuplicateKey
CryptDecrypt
CryptExportKey
CryptSetKeyParam
CryptVerifySignatureA
CryptSignHashA
CryptAcquireContextA
CryptHashData
CryptGetHashParam
CryptContextAddRef
CloseServiceHandle
ControlService
OpenSCManagerA
OpenServiceW
QueryServiceStatusEx
StartServiceA
DuplicateToken
AccessCheck
OpenProcessToken
MapGenericMask
GetFileSecurityW
CryptAcquireContextW
CryptSetProvParam
CryptGetProvParam
CryptDestroyHash
CryptEnumProvidersW
CryptGenKey
CryptGetKeyParam
CryptGetUserKey
CryptImportKey
CryptReleaseContext
CryptDestroyKey

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 630KB - Virtual size: 630KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 119KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 321KB - Virtual size: 320KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/SkbKontur/Plugin/4.2.2.488/pkcs11/jcPKCS11-2.dll
.dll windows:6 windows x86 arch:x86

b6730858f815d573d70f97477243d50a

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:55:34:7e:d5:63:79:5e:23:de:db:ab
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

20-11-2020 13:22

Not After

21-11-2023 13:22

Subject

SERIALNUMBER=1027739490415,CN=ALADDIN R.D. AO,O=ALADDIN R.D. AO,STREET=Dokukina street\, 16 / building 1 floor/room/room 7/1/22,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:44

Not After

08-05-2033 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20-02-2019 00:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18-03-2009 10:00

Not After

18-03-2029 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:d9:d5:21:74:e5:03:97:9b:01:95:e5:80:9c:d5:e4:f1:b7:e8:2f:b1:51:82:d1:9d:7d:01:6d:14:17:ef:eb
Signer

Actual PE Digest

31:d9:d5:21:74:e5:03:97:9b:01:95:e5:80:9c:d5:e4:f1:b7:e8:2f:b1:51:82:d1:9d:7d:01:6d:14:17:ef:eb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\home\jenkins\agent\workspace\common_common_jcPKCS11_2.8.0\_bin\x86\RelWithDebInfo\jcPKCS11-2.pdb

Imports

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

ws2_32

htonl
htons
ntohs
recv
send
WSASetLastError
WSAGetLastError
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getservbyport
getservbyname
ioctlsocket
getsockopt
select
ntohl
WSAStartup
WSACleanup
shutdown
socket
setsockopt
connect
closesocket

winscard

SCardControl
SCardReconnect
SCardBeginTransaction
SCardStatusA
SCardTransmit
SCardGetAttrib
g_rgSCardT0Pci
g_rgSCardT1Pci
SCardEstablishContext
SCardReleaseContext
SCardIsValidContext
SCardGetStatusChangeA
SCardCancel
SCardConnectA
SCardDisconnect
SCardListReadersA
SCardAccessStartedEvent
SCardReleaseStartedEvent
SCardEndTransaction

kernel32

GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFullPathNameW
GetCurrentDirectoryW
HeapSize
HeapReAlloc
HeapAlloc
HeapFree
GetModuleFileNameW
SetConsoleCtrlHandler
ExitProcess
QueryPerformanceFrequency
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
LoadLibraryExW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetLastError
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryA
OutputDebugStringA
FreeResource
GetModuleFileNameA
GetModuleHandleExA
LoadResource
LockResource
SizeofResource
FindResourceA
CreateFileA
DeleteFileA
FlushFileBuffers
LockFileEx
ReadFile
SetFilePointer
UnlockFile
SetStdHandle
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
SetEvent
ResetEvent
CreateEventA
WaitForMultipleObjects
GetCurrentThreadId
TerminateThread
FormatMessageA
GetWindowsDirectoryA
GetFullPathNameA
GetTempPathA
GetLocalTime
SetLastError
GetSystemTime
SystemTimeToFileTime
GetStdHandle
GetFileType
GetModuleHandleW
MultiByteToWideChar
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
VirtualFree
SwitchToFiber
DeleteFiber
CreateFiberEx
FindClose
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetSystemDirectoryA
GetEnvironmentVariableW
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP
ConvertFiberToThread
ConvertThreadToFiberEx
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
RaiseException
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetConsoleCP
SetFilePointerEx
GetTimeZoneInformation
GetFileAttributesExW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetEndOfFile
EnumSystemLocalesW
WriteFile
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
CompareStringW
LCMapStringW
GetLocaleInfoW
WriteConsoleW

user32

IsWindowVisible
GetUserObjectInformationW
GetParent
EnumWindows
MessageBoxW
GetProcessWindowStation
GetWindowThreadProcessId

shell32

SHGetFolderPathA

advapi32

CryptDecrypt
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
DeregisterEventSource
CryptExportKey
CryptGetUserKey
CryptGetProvParam

version

VerQueryValueA

bcrypt

BCryptGenRandom

Exports

Exports

C_CancelFunction
C_CloseAllSessions
C_CloseSession
C_CopyObject
C_CreateObject
C_Decrypt
C_DecryptDigestUpdate
C_DecryptFinal
C_DecryptInit
C_DecryptUpdate
C_DecryptVerifyUpdate
C_DeriveKey
C_DestroyObject
C_Digest
C_DigestEncryptUpdate
C_DigestFinal
C_DigestInit
C_DigestKey
C_DigestUpdate
C_Encrypt
C_EncryptFinal
C_EncryptInit
C_EncryptUpdate
C_Finalize
C_FindObjects
C_FindObjectsFinal
C_FindObjectsInit
C_GenerateKey
C_GenerateKeyPair
C_GenerateRandom
C_GetAttributeValue
C_GetFunctionList
C_GetFunctionStatus
C_GetInfo
C_GetMechanismInfo
C_GetMechanismList
C_GetObjectSize
C_GetOperationState
C_GetSessionInfo
C_GetSlotInfo
C_GetSlotList
C_GetTokenInfo
C_InitPIN
C_InitToken
C_Initialize
C_Login
C_Logout
C_OpenSession
C_SeedRandom
C_SetAttributeValue
C_SetOperationState
C_SetPIN
C_Sign
C_SignEncryptUpdate
C_SignFinal
C_SignInit
C_SignRecover
C_SignRecoverInit
C_SignUpdate
C_UnwrapKey
C_Verify
C_VerifyFinal
C_VerifyInit
C_VerifyRecover
C_VerifyRecoverInit
C_VerifyUpdate
C_WaitForSlotEvent
C_WrapKey
C_jcCtrl
JC_AFT_EnterAndReadPin
JC_AFT_EnterLocalPin
JC_AFT_GetProperties
JC_AFT_GetPublicKey
JC_AFT_GetReaderVersion
JC_AFT_GetSerialNumber
JC_AFT_InitCard
JC_AFT_InitUserPin
JC_AFT_IsCardlessSupported
JC_AFT_ModifyPin
JC_AFT_Personalize
JC_AFT_VerifyPin
JC_AFT_WriteLocalPin
JC_ALO_GetFunctionList
JC_Antifraud
JC_CSPContainerExists
JC_CT1_DoTests
JC_CT1_InitPrng
JC_CT1_ReadPinCounters
JC_CT1_SE_GetCounter2
JC_CT1_SE_SignCheque
JC_CT1_SetAttributeValue
JC_CT1_UpgradeVascoFW
JC_CT2_CalcCheckSum
JC_CT2_ChangeSignaturePIN
JC_CT2_IsPersonalized
JC_CT2_ReadExtInfo
JC_CT2_SetPINPolicy
JC_CT2_SetPUK
JC_CT2_SetSignaturePIN
JC_CheckContainer
JC_Compose_CMS
JC_CreateCertificateRenewal
JC_CreateCertificateRenewal2
JC_CreateCertificateRequest
JC_DSS_Sign
JC_DS_ChangeUserPINByPUK
JC_DS_ReadPinCounters
JC_Decompose_CMS
JC_F2_ChangeSoKey
JC_F2_ClearLog
JC_F2_CreateInitResponse
JC_F2_CreateInitResponse_V2
JC_F2_CreateMountResponse
JC_F2_CreateMountResponseSW
JC_F2_CreateMountResponse_V2
JC_F2_CreateOfflineMountResponse
JC_F2_Deinit
JC_F2_EnableISORewrite
JC_F2_Format
JC_F2_GetDescription
JC_F2_GetExtendedInfo
JC_F2_GetInitChallenge
JC_F2_GetInitChallenge_V2
JC_F2_GetLogSizes
JC_F2_GetLoggingInfo
JC_F2_GetMountChallenge
JC_F2_GetMountChallenge_V2
JC_F2_GetOfflineMountChallenge
JC_F2_GetOwnerInfo
JC_F2_GetSerialNumber
JC_F2_InitAdminToken
JC_F2_InitPartitionKey
JC_F2_InitUserToken
JC_F2_InitUserToken_V2
JC_F2_MountPrivateDisks
JC_F2_ParseBinarySecureLog
JC_F2_ParseSecureLog
JC_F2_ReadCCIDLog
JC_F2_ReadNSDLog
JC_F2_ReadSecureLog
JC_F2_RestoreState
JC_F2_SetAuthorizationKey
JC_F2_SetDescription
JC_F2_SetISOSizes
JC_F2_SetLifeCycle
JC_F2_SetOwnerInfo
JC_F2_SetPINPolicy
JC_F2_SetPUK
JC_F2_StartLogging
JC_F2_StopLogging
JC_F2_UmountPrivateDisks
JC_F2_UnlockHiddenPartition
JC_F2_UpdateFirmwareFinal
JC_F2_UpdateFirmwareInit
JC_F2_UpdateFirmwareWrite
JC_F2_WriteISOAdmin
JC_F2_WriteISOUser
JC_F2_WriteISOUser_V2
JC_F2_WriteLogMessage
JC_F2_WriteSecureLog
JC_Finalize
JC_GetFunctionList
JC_GetISD
JC_GetReaderProperties
JC_GetReaderPropertiesEx
JC_GetTokenInfo
JC_GetVersionInfo
JC_JC3_AppManagerGetSystemInfo
JC_JC3_GetConfigAppletData
JC_JC3_GetConfigAppletParam
JC_JC3_GetConfigAppletSettings
JC_JC3_SetConfigAppletSettings
JC_JCR_GetReaderProperties
JC_JCR_GetReaderPropertiesEx
JC_KT2_CalcCheckSum
JC_KT2_ChangeSignaturePIN
JC_KT2_CreateUnlockChallenge
JC_KT2_CreateUnlockResponse
JC_KT2_GetTimeoutUnlockInfo
JC_KT2_InitToken
JC_KT2_IsPersonalized
JC_KT2_ReadExtInfo
JC_KT2_SetSignaturePIN
JC_KT2_SetTimeoutUnlockInfo
JC_KT2_UnlockWithResponse
JC_KT2_UnlockWithTimeout
JC_KeyParametersFromCert
JC_PJ_ChangeAppletKey
JC_PJ_GetCapabilities
JC_PJ_GetInitParams
JC_PJ_GetPinCounters
JC_PJ_GetUserPinPolicy
JC_PJ_InitPIN
JC_PJ_InitToken
JC_PJ_IsPinObsolete
JC_PJ_SetUserPinPolicy
JC_PJ_SetUserPinToBeChanged
JC_PJ_Unlock
JC_PJ_UnlockInit
JC_PKI_BIO_DeleteFinger
JC_PKI_BIO_EnrollPinWithResponse
JC_PKI_BIO_GetBioTicket
JC_PKI_BIO_GetFingerIndexes
JC_PKI_BIO_GetFingerPublicData
JC_PKI_BIO_GetSupported
JC_PKI_BIO_GetSupportedEx
JC_PKI_BIO_SetFingerData
JC_PKI_BIO_SetLibrary
JC_PKI_GetChallenge
JC_PKI_GetComplexity
JC_PKI_GetPINInfo
JC_PKI_GetPinPolicy
JC_PKI_ReadPinCounters
JC_PKI_SetComplexity
JC_PKI_SetPinPolicy
JC_PKI_SetUserPinToBeChanged
JC_PKI_SetUserPinWithResponse
JC_PKI_UnlockUserPIN
JC_PKI_UnlockUserPinWithResponse
JC_PKI_WipeCard
JC_SD_GetMountPoint
JC_SD_SetMountPoint
JC_SL_ReadPassword
JC_SL_WritePassword
JC_SWYX_Display
JC_SWYX_Start
JC_SWYX_StartEx
JC_SWYX_Stop
JC_SW_Digest
JC_SW_DigestFinal
JC_SW_DigestInit
JC_SW_DigestUpdate
JC_SW_EncryptDecrypt
JC_SW_EncryptDecryptFinal
JC_SW_EncryptDecryptInit
JC_SW_EncryptDecryptUpdate
JC_SetLabel
JC_SetLog
JC_SetNotificationCallback
JC_VT_IsVirtual
JC_VT_LoadContainer
JC_VT_UnloadContainer
JC_WP_ReadExtInfo
JC_WP_ReadProductionInfo
JC_WP_ReadValue
JC_WaitForSlotEvent
JC_deprecated_0
JC_deprecated_1
JC_deprecated_6
JC_iOS_GetDevFirmwareHardware
JC_iOS_GetLibVersion
TLSCloseConnection
TLSDecodeData
TLSEncodeData
TLSEstablishConnectionBegin
TLSEstablishConnectionContinue
TLSGetPeerCertificate
TLSGetPeerPublicKeyValue
cadesBesCoSign
cadesBesParse
cadesBesSign
cadesBesSignEx
certVerify
checkCertSignature
createCSR
createCSREx
freeBuffer
genCert
genCertEx
getCertificateAttribute
getCertificateInfo
getCertificateInfoEx
lmChangeKey
lmCheckLicensingAppletPresence
lmCreateLicense
lmDeleteLicense
lmFreeBuffer
lmGetProductList
lmGetVendorList
lmLock
lmReadLicense
lmWriteKey
pkcs7Parse
pkcs7ParseEx
pkcs7Sign
pkcs7SignEx
pkcs7TrustedVerifyHW
pkcs7Verify
pkcs7VerifyHW
useHardwareHash
verifyReq
verifyReqEx

Sections

.text
Size: 4.3MB - Virtual size: 4.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 224KB - Virtual size: 224KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/SkbKontur/Plugin/4.2.2.488/pkcs11/jckt2.dll
.dll windows:6 windows x86 arch:x86

f034c3dcd75ef43277f327d8f146a993

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:55:34:7e:d5:63:79:5e:23:de:db:ab
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

20-11-2020 13:22

Not After

21-11-2023 13:22

Subject

SERIALNUMBER=1027739490415,CN=ALADDIN R.D. AO,O=ALADDIN R.D. AO,STREET=Dokukina street\, 16 / building 1 floor/room/room 7/1/22,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

53:29:b0:f3:74:2e:52:99:90:09:bc:c9:d9:5f:80:d9:62:58:ae:85:f8:7b:7e:cc:1a:f5:5f:b3:03:a9:f6:ec
Signer

Actual PE Digest

53:29:b0:f3:74:2e:52:99:90:09:bc:c9:d9:5f:80:d9:62:58:ae:85:f8:7b:7e:cc:1a:f5:5f:b3:03:a9:f6:ec

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
VirtualQuery
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetLastError
GetModuleFileNameW
InterlockedFlushSList
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
SetLastError
ExitProcess
GetModuleHandleExW
HeapFree
HeapAlloc
MultiByteToWideChar
WideCharToMultiByte
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
GetCommandLineA
GetCommandLineW
LCMapStringW
GetProcessHeap
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
DecodePointer
RaiseException
InitializeCriticalSection

advapi32

SystemFunction036
CryptAcquireContextW
CryptGenRandom
CryptReleaseContext

Exports

Exports

KT2Process

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/SkbKontur/Plugin/4.2.2.488/pkcs11/jckt2.txt
$PROGRAMFILES/SkbKontur/Plugin/4.2.2.488/pkcs11/jcverify.exe
.exe windows:5 windows x86 arch:x86

970d5ebbcd67741137da9a69b83d0296

Code Sign

48:1b:6a:07:a9:42:4c:1e:aa:fe:f3:cd:f1:0f
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15-06-2016 00:00

Not After

15-06-2024 00:00

Subject

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

27:55:34:7e:d5:63:79:5e:23:de:db:ab
Certificate

Issuer

CN=GlobalSign Extended Validation CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

20-11-2020 13:22

Not After

21-11-2023 13:22

Subject

SERIALNUMBER=1027739490415,CN=ALADDIN R.D. AO,O=ALADDIN R.D. AO,STREET=Dokukina street\, 16 / building 1 floor/room/room 7/1/22,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:b2:8b:d4:cf:ee:ee:0d:be:d0:b3:0d:9b:f8:43:6a
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06-04-2022 07:45

Not After

08-05-2033 07:45

Subject

CN=Globalsign TSA for CodeSign1 - R6,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20-06-2018 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:e6:bb:03:83:33:c3:85:65:48:e6:ff:45:51
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

10-12-2014 00:00

Not After

10-12-2034 00:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:76:22:79:5c:5b:66:29:ac:78:bb:c1:9b:35:6a:f8:3f:53:a9:ab:6f:fd:f6:cc:d0:d9:93:95:23:5b:98:ad
Signer

Actual PE Digest

5f:76:22:79:5c:5b:66:29:ac:78:bb:c1:9b:35:6a:f8:3f:53:a9:ab:6f:fd:f6:cc:d0:d9:93:95:23:5b:98:ad

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

winscard

g_rgSCardT1Pci
g_rgSCardT0Pci
SCardTransmit
SCardDisconnect
SCardConnectA
SCardListReadersA
SCardReleaseContext
SCardEstablishContext

advapi32

SystemFunction036
CryptGenRandom
CryptReleaseContext
CryptAcquireContextW

kernel32

SetEndOfFile
CreateFileW
FlushFileBuffers
WriteConsoleW
EncodePointer
DecodePointer
HeapSize
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
GetModuleHandleExW
GetLastError
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RtlUnwind
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
WriteFile
ExitProcess
RaiseException
GetCommandLineA
GetCommandLineW
HeapFree
HeapAlloc
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
CloseHandle
ReadFile
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
GetFileSizeEx
GetTimeZoneInformation
MultiByteToWideChar
WideCharToMultiByte
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap

Sections

.text
Size: 175KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES/SkbKontur/Plugin/4.2.2.488/pkcs11/jcverify.txt
$PROGRAMFILES/SkbKontur/Plugin/4.2.2.488/pkcs11/plugin.rtpkcs11ecp.dll
.dll windows:6 windows x86 arch:x86

bbae123f5125a04c95d8ca2d6aa44304

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:e2:c3:50:6b:60:19:36:fc:8f:d3:fa
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14-06-2022 07:33

Not After

17-11-2024 09:34

Subject

SERIALNUMBER=1037700094541,CN=Aktiv-Soft Joint-Stock Company,O=Aktiv-Soft Joint-Stock Company,STREET=Sharikopodshipnikovskaya st.\, 1 floor 4 room IX room 11,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:e2:c3:50:6b:60:19:36:fc:8f:d3:fa
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14-06-2022 07:33

Not After

17-11-2024 09:34

Subject

SERIALNUMBER=1037700094541,CN=Aktiv-Soft Joint-Stock Company,O=Aktiv-Soft Joint-Stock Company,STREET=Sharikopodshipnikovskaya st.\, 1 floor 4 room IX room 11,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21-09-2022 00:00

Not After

21-11-2033 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:3a:f5:08:6e:72:04:c9:ad:e0:aa:da:fb:e0:48:7e:e4:f8:c0:e2:32:ea:38:74:74:f9:04:3f:56:fa:cd:77
Signer

Actual PE Digest

75:3a:f5:08:6e:72:04:c9:ad:e0:aa:da:fb:e0:48:7e:e4:f8:c0:e2:32:ea:38:74:74:f9:04:3f:56:fa:cd:77

Digest Algorithm

sha256

PE Digest Matches

true

fd:15:1e:91:9f:e6:3e:c7:fb:c5:e9:c6:b6:24:c5:f1:82:f4:18:81
Signer

Actual PE Digest

fd:15:1e:91:9f:e6:3e:c7:fb:c5:e9:c6:b6:24:c5:f1:82:f4:18:81

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winscard

g_rgSCardT0Pci
SCardEndTransaction
g_rgSCardRawPci
SCardTransmit
SCardStatusW
SCardGetStatusChangeW
SCardReconnect
SCardBeginTransaction
SCardDisconnect
SCardConnectW
SCardListReadersW
SCardReleaseContext
SCardEstablishContext
g_rgSCardT1Pci

crypt32

CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptUnprotectData
CertOpenStore
CertCloseStore
CryptProtectData
CertEnumCertificatesInStore

kernel32

DuplicateHandle
CloseHandle
OpenMutexW
OpenFileMappingW
WaitForSingleObject
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
InitializeCriticalSectionEx
GetLastError
DecodePointer
DeleteCriticalSection
LocalFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
GetCurrentProcess
VirtualFree
MultiByteToWideChar
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentVariableW
GetACP
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
SetConsoleMode
ReadConsoleA
ReadConsoleW
LoadLibraryA
FreeLibrary
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
SetEndOfFile
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
GetStringTypeW
EncodePointer
LCMapStringEx
GetCPInfo
OutputDebugStringW
RaiseException
SetStdHandle
GetFileSizeEx
SetFilePointerEx
GetConsoleCP
FlushFileBuffers
WideCharToMultiByte
Sleep
GetCurrentThread
GetCurrentDirectoryW
GetFullPathNameW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
IsProcessorFeaturePresent
EnumSystemLocalesW
GetUserDefaultLCID
RtlUnwind
InterlockedFlushSList
LoadLibraryExW
ExitProcess
GetModuleHandleExW
SetConsoleCtrlHandler
ReadFile
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
QueryPerformanceFrequency
GetModuleFileNameW
HeapFree
HeapAlloc
HeapReAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
IsTextUnicode
GetTokenInformation
OpenProcessToken
OpenThreadToken

bcrypt

BCryptGenRandom

Exports

Exports

C_CancelFunction
C_CloseAllSessions
C_CloseSession
C_CopyObject
C_CreateObject
C_Decrypt
C_DecryptDigestUpdate
C_DecryptFinal
C_DecryptInit
C_DecryptUpdate
C_DecryptVerifyUpdate
C_DeriveKey
C_DestroyObject
C_Digest
C_DigestEncryptUpdate
C_DigestFinal
C_DigestInit
C_DigestKey
C_DigestUpdate
C_EX_ChangeVolumeAttributes
C_EX_CreateCSR
C_EX_FormatDrive
C_EX_FreeBuffer
C_EX_GenerateActivationPassword
C_EX_GetCertificateInfoText
C_EX_GetDriveSize
C_EX_GetFunctionListExtended
C_EX_GetJournal
C_EX_GetLicense
C_EX_GetTokenInfoExtended
C_EX_GetTokenName
C_EX_GetVolumesInfo
C_EX_InitToken
C_EX_LoadActivationKey
C_EX_PKCS7Sign
C_EX_PKCS7Verify
C_EX_PKCS7VerifyFinal
C_EX_PKCS7VerifyInit
C_EX_PKCS7VerifyUpdate
C_EX_SetActivationPassword
C_EX_SetLicense
C_EX_SetLocalPIN
C_EX_SetTokenName
C_EX_SignInvisible
C_EX_SignInvisibleInit
C_EX_SlotManage
C_EX_Stub
C_EX_TokenManage
C_EX_UnblockUserPIN
C_EX_UnwrapKey
C_EX_WrapKey
C_Encrypt
C_EncryptFinal
C_EncryptInit
C_EncryptUpdate
C_Finalize
C_FindObjects
C_FindObjectsFinal
C_FindObjectsInit
C_GenerateKey
C_GenerateKeyPair
C_GenerateRandom
C_GetAttributeValue
C_GetFunctionList
C_GetFunctionStatus
C_GetInfo
C_GetMechanismInfo
C_GetMechanismList
C_GetObjectSize
C_GetOperationState
C_GetSessionInfo
C_GetSlotInfo
C_GetSlotList
C_GetTokenInfo
C_InitPIN
C_InitToken
C_Initialize
C_Login
C_Logout
C_OpenSession
C_SeedRandom
C_SetAttributeValue
C_SetOperationState
C_SetPIN
C_Sign
C_SignEncryptUpdate
C_SignFinal
C_SignInit
C_SignRecover
C_SignRecoverInit
C_SignUpdate
C_UnwrapKey
C_Verify
C_VerifyFinal
C_VerifyInit
C_VerifyRecover
C_VerifyRecoverInit
C_VerifyUpdate
C_WaitForSlotEvent
C_WrapKey

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 870KB - Virtual size: 869KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/SkbKontur/Plugin/ff_manifest.json
$PROGRAMFILES/SkbKontur/Plugin/manifest.json
icon.ico
uninstaller.exe
.exe windows:4 windows x86 arch:x86

14b0fecbed4a918c9c5c5d940cc1045e

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18-04-2022 14:35

Not After

15-07-2025 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18-04-2022 14:35

Not After

15-07-2025 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23-12-2017 00:00

Not After

22-03-2029 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d2:e3:94:89:19:13:18:0a:99:34:69:ca:85:73:55:ad:9e:e5:8c:65:56:e5:e9:59:c8:6e:54:28:68:8d:36:63
Signer

Actual PE Digest

d2:e3:94:89:19:13:18:0a:99:34:69:ca:85:73:55:ad:9e:e5:8c:65:56:e5:e9:59:c8:6e:54:28:68:8d:36:63

Digest Algorithm

sha256

PE Digest Matches

true

c2:23:e0:00:a2:1b:6e:8a:06:96:92:93:fd:cf:c5:6e:96:45:79:39
Signer

Actual PE Digest

c2:23:e0:00:a2:1b:6e:8a:06:96:92:93:fd:cf:c5:6e:96:45:79:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

DispatchMessageW
wsprintfA
IsWindowVisible
PeekMessageW
wvsprintfW
MessageBoxIndirectW
CharNextA
CharPrevW
GetSystemMetrics
GetDlgItemTextW
SetDlgItemTextW
TrackPopupMenu
CreatePopupMenu
FillRect
CloseClipboard
OpenClipboard
EndPaint
IsDlgButtonChecked
CallWindowProcW
GetMessagePos
LoadCursorW
GetAsyncKeyState
CheckDlgButton
SetWindowPos
SetCursor
GetSysColor
SetClassLongW
GetWindowLongW
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassW
ScreenToClient
EndDialog
GetClassInfoW
SystemParametersInfoW
CreateWindowExW
ExitWindowsEx
DialogBoxParamW
CharNextW
SetTimer
DestroyWindow
CreateDialogParamW
SetForegroundWindow
SetWindowTextW
PostQuitMessage
SendMessageTimeoutW
ShowWindow
wsprintfW
GetDlgItem
FindWindowExW
IsWindow
GetDC
SetWindowLongW
LoadImageW
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageW
DefWindowProcW
GetClientRect
DrawTextW
SetClipboardData
EmptyClipboard
AppendMenuW

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
MoveFileExW
GetTempFileNameW
lstrcmpiA
WriteFile
CreateProcessW
CreateDirectoryW
RemoveDirectoryW
GlobalLock
GlobalUnlock
CreateThread
WideCharToMultiByte
lstrcpynW
GetDiskFreeSpaceW
SetErrorMode
GetVersionExW
lstrlenW
GetTempPathW
GetWindowsDirectoryW
GetCommandLineW
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetModuleFileNameW
GetFileSize
GetCurrentProcess
GetTickCount
Sleep
CreateFileW
GetFileAttributesW
SetCurrentDirectoryW
SetFileAttributesW
MoveFileW
GetFullPathNameW
GetLastError
SearchPathW
CompareFileTime
GetShortPathNameW
CloseHandle
lstrcmpiW
SetFileTime
ExpandEnvironmentStringsW
GlobalFree
lstrcmpW
GetModuleHandleW
LoadLibraryExW
GlobalAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
FreeLibrary
lstrcpyA
lstrcatW
ReadFile
MultiByteToWideChar
lstrlenA
FindClose
FindNextFileW
SetFilePointer
DeleteFileW
MulDiv
FindFirstFileW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 112KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LockedList.dll
.dll windows:5 windows x86 arch:x86

e68e7ec0ca04b3c03f32af2b2809bbc9

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\tools\locked-list\Plugins\x86-unicode\LockedList.pdb

Imports

comctl32

ImageList_Create
ImageList_ReplaceIcon

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

shlwapi

PathAppendW
PathRemoveFileSpecW
PathFileExistsW

kernel32

SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetCurrentProcess
lstrlenW
TerminateProcess
GetModuleFileNameW
WaitForMultipleObjects
WaitForSingleObject
LocalAlloc
CreateFileW
OpenProcess
GetExitCodeThread
Sleep
GetLastError
lstrcatW
GlobalAlloc
GlobalFree
CloseHandle
CreateThread
LocalFree
GetCurrentProcessId
GetModuleHandleW
lstrcpyW
lstrcmpiW
lstrcmpW
lstrcpynW
MultiByteToWideChar
WideCharToMultiByte
QueryDosDeviceW
DuplicateHandle
GetVersion
CreateEventW
SetEvent
TerminateThread
LoadLibraryW
ResetEvent
GetProcAddress
WriteFile
SetStdHandle
HeapReAlloc
HeapSize
GetFileType
GetStdHandle
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileA
FindFirstFileExA
FindClose
LCMapStringW
HeapFree
HeapAlloc
GetModuleFileNameA
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
DecodePointer
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
SetLastError
WriteConsoleW
GetStringTypeW
InterlockedFlushSList
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RtlUnwind

user32

GetMessageW
CreateDialogParamW
CharLowerW
PostMessageW
GetWindowRect
SendMessageTimeoutW
DestroyWindow
SetWindowPos
MessageBoxW
SetActiveWindow
CreateWindowExW
ScreenToClient
SendMessageW
GetSystemMetrics
SetWindowTextW
CreatePopupMenu
MsgWaitForMultipleObjects
TrackPopupMenu
ShowWindow
IsWindow
GetWindow
DispatchMessageW
IsDialogMessageW
DestroyIcon
CloseClipboard
EmptyClipboard
PeekMessageW
MapWindowPoints
MoveWindow
DestroyMenu
TranslateMessage
GetClassNameW
SetClipboardData
SetCursor
wsprintfW
SetWindowLongW
GetClientRect
GetDlgItem
AppendMenuW
LoadImageW
SetCursorPos
GetCursorPos
EnableWindow
GetWindowTextW
GetWindowThreadProcessId
EnumWindows
GetWindowLongW
OpenClipboard
CallWindowProcW

advapi32

OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

shell32

ShellExecuteExW
ExtractIconExW

Exports

Exports

AddApplications
AddCaption
AddClass
AddCustom
AddFile
AddFolder
AddModule
CloseProcess
Dialog
EnumProcesses
FindProcess
InitDialog
IsFileLocked
Show
SilentPercentComplete
SilentSearch
SilentWait

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

5e62e8e248e7364886b604bd1fcf4c13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
GetUserNameW

kernel32

GlobalFree
GetVersion
GlobalAlloc
CloseHandle
GetModuleHandleA
GetLastError
GetCurrentProcess
GetCurrentThread
GetProcAddress
lstrcpynW

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 705B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

14b0fecbed4a918c9c5c5d940cc1045e

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ceCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ceCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

56:a2:a6:b2:57:b6:45:a7:23:cb:f6:2d:12:a5:81:76:f3:24:e6:67:ad:82:fb:20:13:5e:97:cd:06:47:41:64Signer

56:fc:ad:14:13:70:da:25:83:e9:ea:e9:60:ce:95:ec:08:d8:bc:44Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 6KB - Virtual size: 139KB

.ndata Size: - Virtual size: 140KB

.rsrc Size: 23KB - Virtual size: 23KB

e68e7ec0ca04b3c03f32af2b2809bbc9

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

version

shlwapi

kernel32

user32

advapi32

shell32

Exports

Exports

Sections

.text Size: 64KB - Virtual size: 63KB

.rdata Size: 29KB - Virtual size: 28KB

.data Size: 2KB - Virtual size: 12KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 6KB - Virtual size: 5KB

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

56:a2:a6:b2:57:b6:45:a7:23:cb:f6:2d:12:a5:81:76:f3:24:e6:67:ad:82:fb:20:13:5e:97:cd:06:47:41:64
Signer

56:fc:ad:14:13:70:da:25:83:e9:ea:e9:60:ce:95:ec:08:d8:bc:44
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 6KB - Virtual size: 139KB

.ndata
Size: - Virtual size: 140KB

.rsrc
Size: 23KB - Virtual size: 23KB

.text
Size: 64KB - Virtual size: 63KB

.rdata
Size: 29KB - Virtual size: 28KB

.data
Size: 2KB - Virtual size: 12KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

.text
Size: 1024B - Virtual size: 714B

.rdata
Size: 1024B - Virtual size: 705B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 512B - Virtual size: 240B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 8KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 638B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 420B

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate