34125e15a6550aac902416a87dc908d623b47269a4fb65d438dfbb7c359b2e03

Sharing

Copy URL Twitter E-mail

General

Target

34125e15a6550aac902416a87dc908d623b47269a4fb65d438dfbb7c359b2e03
Size

6.7MB
MD5

2420bd2339fa7d822f0077282a366a9d
SHA1

6c787fcaf0966f679825bbede0ab92a02339ee23
SHA256

34125e15a6550aac902416a87dc908d623b47269a4fb65d438dfbb7c359b2e03
SHA512

3aa30401df66f72c8c83ec17e0fb09863c748780dcf83e2e6cf673bebc139d385a23c2fe1e88e8186fb0d1a1cacb90a40171319539fcd612a97ceba74fef6a84
SSDEEP

196608:1CPgkp9E3WdeWZ330HpGV956XkguYzpiwH74rl8fOz9wXbGfY9JsRL/nsdz3eGwi:1CrCmdeWpCbGfY9JsF/nsdz3eGw2e7il

Score

10^/10

macro

Malware Config

Extracted

Language

ps1

Deobfuscated

URLs

exe.dropper

https://r1-download.jdrsoftwaredesign.ltd/memo.ps1

Signatures

Suspicious Office macro 1 IoCs

Office document equipped with macros.

macro

resource
static1/unpack002/example.xlsm

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/INetC.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack002/$PLUGINSDIR/InstallOptions.dll
unpack002/$PLUGINSDIR/System.dll

Files

34125e15a6550aac902416a87dc908d623b47269a4fb65d438dfbb7c359b2e03
.exe windows:4 windows x86 arch:x86

f4639a0b3116c2cfc71144b88a929cfd

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:c5:dc:c1:4b:51:78:09:c1:72:b4:4b:7e:97:84:f7
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

10/08/2016, 20:47

Not After

10/08/2017, 07:43

Subject

CN=Open Source Developer\, Robin Krom,O=Open Source Developer,C=DE,1.2.840.113549.1.9.1=#0c16676574677265656e73686f7440676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29/10/2015, 11:30

Not After

09/06/2027, 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:c5:dc:c1:4b:51:78:09:c1:72:b4:4b:7e:97:84:f7
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

10/08/2016, 20:47

Not After

10/08/2017, 07:43

Subject

CN=Open Source Developer\, Robin Krom,O=Open Source Developer,C=DE,1.2.840.113549.1.9.1=#0c16676574677265656e73686f7440676d61696c2e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

08/03/2016, 13:10

Not After

30/05/2027, 13:10

Subject

CN=Certum EV TSA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:6e:be:48:e6:eb:1f:2e:7d:a6:1c:bf:31:4b:d0:93:6a:69:a8:2c:56:85:05:b9:2c:c5:e0:01:3f:67:cb:d4
Signer

Actual PE Digest

61:6e:be:48:e6:eb:1f:2e:7d:a6:1c:bf:31:4b:d0:93:6a:69:a8:2c:56:85:05:b9:2c:c5:e0:01:3f:67:cb:d4

Digest Algorithm

sha256

PE Digest Matches

false

88:33:f9:1a:e9:e0:60:56:1f:67:05:52:4b:9a:b2:5e:55:55:57:9b
Signer

Actual PE Digest

88:33:f9:1a:e9:e0:60:56:1f:67:05:52:4b:9a:b2:5e:55:55:57:9b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
WriteFile
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
SetEnvironmentVariableW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 170KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/gpg/gpg.exe
.exe windows:4 windows x86 arch:x86

f07a03c646cdbfdadff70ac29f2113b2

Code Sign

4f:73:82:a3:9e:57:a3:4e:16:7c:f9:12
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/04/2022, 08:26

Not After

02/07/2025, 12:12

Subject

CN=g10 Code GmbH,O=g10 Code GmbH,L=Erkrath,ST=Nordrhein-Westfalen,C=DE,1.2.840.113549.1.9.1=#0c10636f646540673130636f64652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b3:44:dd:f5:6a:a1:68:b4:9e:1b:8b:94:7b:3c:0b:df:74:ab:c0:3a:96:67:8f:14:61:66:49:be:51:7b:d3:51
Signer

Actual PE Digest

b3:44:dd:f5:6a:a1:68:b4:9e:1b:8b:94:7b:3c:0b:df:74:ab:c0:3a:96:67:8f:14:61:66:49:be:51:7b:d3:51

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

libassuan-0

__assuan_close
__assuan_connect
__assuan_pipe
__assuan_read
__assuan_recvmsg
__assuan_sendmsg
__assuan_socket
__assuan_socketpair
__assuan_spawn
__assuan_usleep
__assuan_waitpid
__assuan_write
assuan_begin_confidential
assuan_end_confidential
assuan_inquire
assuan_new
assuan_release
assuan_send_data
assuan_sendfd
assuan_set_gpg_err_source
assuan_set_log_cb
assuan_set_malloc_hooks
assuan_set_system_hooks
assuan_socket_connect
assuan_transact

libgcrypt-20

_gcry_mpi_get_const
gcry_calloc
gcry_calloc_secure
gcry_check_version
gcry_cipher_algo_info
gcry_cipher_algo_name
gcry_cipher_authenticate
gcry_cipher_checktag
gcry_cipher_close
gcry_cipher_ctl
gcry_cipher_decrypt
gcry_cipher_encrypt
gcry_cipher_get_algo_blklen
gcry_cipher_get_algo_keylen
gcry_cipher_gettag
gcry_cipher_map_name
gcry_cipher_open
gcry_cipher_setiv
gcry_cipher_setkey
gcry_control
gcry_create_nonce
gcry_free
gcry_get_config
gcry_is_secure
gcry_kdf_derive
gcry_malloc
gcry_malloc_secure
gcry_md_algo_info
gcry_md_algo_name
gcry_md_close
gcry_md_copy
gcry_md_ctl
gcry_md_debug
gcry_md_enable
gcry_md_get_algo
gcry_md_get_algo_dlen
gcry_md_hash_buffer
gcry_md_is_enabled
gcry_md_is_secure
gcry_md_map_name
gcry_md_open
gcry_md_read
gcry_md_reset
gcry_md_write
gcry_mpi_add
gcry_mpi_add_ui
gcry_mpi_aprint
gcry_mpi_cmp
gcry_mpi_cmp_ui
gcry_mpi_copy
gcry_mpi_dump
gcry_mpi_get_flag
gcry_mpi_get_nbits
gcry_mpi_get_opaque
gcry_mpi_mod
gcry_mpi_mul
gcry_mpi_new
gcry_mpi_powm
gcry_mpi_print
gcry_mpi_randomize
gcry_mpi_release
gcry_mpi_rshift
gcry_mpi_scan
gcry_mpi_set_flag
gcry_mpi_set_opaque
gcry_mpi_set_opaque_copy
gcry_mpi_set_ui
gcry_mpi_snew
gcry_mpi_sub
gcry_mpi_test_bit
gcry_pk_algo_info
gcry_pk_algo_name
gcry_pk_ctl
gcry_pk_encrypt
gcry_pk_get_curve
gcry_pk_get_keygrip
gcry_pk_get_nbits
gcry_pk_get_param
gcry_pk_map_name
gcry_pk_testkey
gcry_pk_verify
gcry_random_bytes
gcry_random_bytes_secure
gcry_randomize
gcry_realloc
gcry_set_fatalerror_handler
gcry_set_log_handler
gcry_set_outofcore_handler
gcry_set_progress_handler
gcry_sexp_build
gcry_sexp_build_array
gcry_sexp_cadr
gcry_sexp_canon_len
gcry_sexp_extract_param
gcry_sexp_find_token
gcry_sexp_length
gcry_sexp_new
gcry_sexp_nth
gcry_sexp_nth_buffer
gcry_sexp_nth_data
gcry_sexp_nth_mpi
gcry_sexp_nth_string
gcry_sexp_release
gcry_sexp_sprint
gcry_sexp_sscan
gcry_strdup
gcry_xcalloc
gcry_xcalloc_secure
gcry_xmalloc
gcry_xmalloc_secure
gcry_xrealloc
gcry_xstrdup

libgpg-error-0

_gpg_w32_bindtextdomain
_gpg_w32_dngettext
_gpg_w32_gettext
_gpg_w32_gettext_localename
_gpg_w32_gettext_use_utf8
_gpg_w32_textdomain
_gpgrt_get_std_stream
_gpgrt_log_assert
gpg_err_code_from_errno
gpg_err_code_from_syserror
gpg_err_code_to_errno
gpg_err_init
gpg_err_set_errno
gpg_strerror
gpg_strsource
gpgrt_access
gpgrt_argparse
gpgrt_argparser
gpgrt_asprintf
gpgrt_bsprintf
gpgrt_chdir
gpgrt_clearerr
gpgrt_fclose
gpgrt_fclose_snatch
gpgrt_fdopen
gpgrt_fdopen_nc
gpgrt_feof
gpgrt_ferror
gpgrt_fflush
gpgrt_fgetc
gpgrt_fgets
gpgrt_fileno
gpgrt_fname_to_wchar
gpgrt_fopen
gpgrt_fopenmem
gpgrt_fprintf
gpgrt_fputc
gpgrt_fputs
gpgrt_fread
gpgrt_free
gpgrt_fseek
gpgrt_fseeko
gpgrt_ftello
gpgrt_fwrite
gpgrt_get_errorcount
gpgrt_getcwd
gpgrt_inc_errorcount
gpgrt_log
gpgrt_log_bug
gpgrt_log_clock
gpgrt_log_debug
gpgrt_log_error
gpgrt_log_fatal
gpgrt_log_flush
gpgrt_log_get_prefix
gpgrt_log_get_stream
gpgrt_log_info
gpgrt_log_printf
gpgrt_log_printhex
gpgrt_log_set_prefix
gpgrt_log_set_sink
gpgrt_log_set_socket_dir_cb
gpgrt_log_string
gpgrt_logv
gpgrt_mkdir
gpgrt_opaque_get
gpgrt_opaque_set
gpgrt_printf
gpgrt_read
gpgrt_reallocarray
gpgrt_rewind
gpgrt_set_alloc_func
gpgrt_set_binary
gpgrt_set_confdir
gpgrt_set_fixed_string_mapper
gpgrt_set_strusage
gpgrt_set_syscall_clamp
gpgrt_set_usage_outfnc
gpgrt_setbuf
gpgrt_setvbuf
gpgrt_snprintf
gpgrt_strusage
gpgrt_sysopen
gpgrt_vasprintf
gpgrt_vbsprintf
gpgrt_vfprintf
gpgrt_w32_iconv
gpgrt_w32_iconv_close
gpgrt_w32_iconv_open
gpgrt_w32_reg_query_string
gpgrt_write
gpgrt_write_hexstring
gpgrt_write_sanitized

libnpth-0

npth_attr_destroy
npth_attr_init
npth_attr_setdetachstate
npth_cond_destroy
npth_cond_init
npth_cond_signal
npth_cond_wait
npth_create
npth_init
npth_mutex_destroy
npth_mutex_init
npth_mutex_lock
npth_mutex_unlock
npth_protect
npth_sleep
npth_unprotect
npth_usleep

libsqlite3-0

sqlite3_bind_blob
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_parameter_count
sqlite3_bind_text
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_close
sqlite3_column_count
sqlite3_column_name
sqlite3_column_text
sqlite3_column_type
sqlite3_db_handle
sqlite3_errmsg
sqlite3_errstr
sqlite3_exec
sqlite3_finalize
sqlite3_free
sqlite3_malloc
sqlite3_open
sqlite3_prepare_v2
sqlite3_reset
sqlite3_step
sqlite3_vmprintf

zlib1

deflate
deflateEnd
deflateInit2_
deflateInit_
inflate
inflateEnd
inflateInit2_
inflateInit_

advapi32

CopySid
GetLengthSid
GetTokenInformation
IsValidSid
OpenProcessToken

kernel32

CloseHandle
CreateDirectoryA
CreateFileA
CreateFileW
CreatePipe
CreateProcessW
DeleteCriticalSection
DeleteFileW
EnterCriticalSection
FindClose
FindFirstFileW
FindNextFileW
FormatMessageA
FreeLibrary
GetACP
GetCommandLineW
GetConsoleOutputCP
GetCurrentProcess
GetCurrentProcessId
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesW
GetFileInformationByHandle
GetFileSizeEx
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPriorityClass
GetProcAddress
GetProcessDEPPolicy
GetStartupInfoA
GetStdHandle
GetSystemDEPPolicy
GetSystemDirectoryA
GetTempPathA
GetTickCount
GetVersionExA
InitializeCriticalSection
IsDBCSLeadByte
IsDBCSLeadByteEx
IsProcessInJob
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LockFileEx
MultiByteToWideChar
OpenProcess
QueryInformationJobObject
ReadConsoleW
ReadFile
RemoveDirectoryW
ResumeThread
SetConsoleCP
SetConsoleMode
SetConsoleOutputCP
SetEnvironmentVariableA
SetFilePointer
SetHandleInformation
SetProcessDEPPolicy
SetUnhandledExceptionFilter
Sleep
SystemTimeToFileTime
TerminateProcess
TlsGetValue
UnlockFileEx
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteConsoleA
WriteConsoleW
WriteFile

msvcrt

__getmainargs
__initenv
__lconv_init
__mb_cur_max
__p__acmdln
__p__commode
__p__fmode
__set_app_type
__setusermatherr
_amsg_exit
_assert
_cexit
_errno
_findclose
_fstati64
_get_osfhandle
_initterm
_iob
_lock
_lseeki64
_onexit
_open_osfhandle
_unlock
_wfullpath
_wopen
_wrename
abort
atoi
bsearch
calloc
exit
fclose
ferror
fflush
fgetc
fgets
fopen
fprintf
fputc
fputs
fread
free
fwrite
getc
getenv
isalnum
iscntrl
isgraph
islower
isprint
isspace
isupper
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
mktime
localtime
gmtime
difftime
putc
qsort
raise
realloc
rename
setlocale
signal
strcat
strchr
strcmp
strcpy
strcspn
strerror
strftime
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtok
strtol
strtoul
tolower
toupper
ungetc
vfprintf
time
_stricmp
_strnicmp
wcscat
wcscpy
wcslen
_wstat
_wfindnext
_wfindfirst
_stati64
_write
_unlink
_umask
_stricmp
_strdup
_setmode
_rmdir
_read
_putenv
_open
_memicmp
_isatty
_fileno
_fdopen
_dup
_close
_access

shell32

ShellExecuteExW

user32

AllowSetForegroundWindow

ws2_32

WSAGetLastError
WSAStartup
closesocket
recv
send

Sections

.text
Size: 956KB - Virtual size: 956KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 194KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 11KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$APPDATA/gpg/libassuan-0.dll
.dll windows:4 windows x86 arch:x86

7bdfdd0df2c55f89cf77d329b7f0fc5c

Code Sign

4f:73:82:a3:9e:57:a3:4e:16:7c:f9:12
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/04/2022, 08:26

Not After

02/07/2025, 12:12

Subject

CN=g10 Code GmbH,O=g10 Code GmbH,L=Erkrath,ST=Nordrhein-Westfalen,C=DE,1.2.840.113549.1.9.1=#0c10636f646540673130636f64652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

35:0e:e7:f4:d6:f1:ce:48:2d:3a:fd:bc:6a:fd:f9:c1:9f:8c:f0:13:ae:2f:9b:33:98:8b:c9:bd:0b:a8:24:1a
Signer

Actual PE Digest

35:0e:e7:f4:d6:f1:ce:48:2d:3a:fd:bc:6a:fd:f9:c1:9f:8c:f0:13:ae:2f:9b:33:98:8b:c9:bd:0b:a8:24:1a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libgpg-error-0

gpg_err_code_from_syserror
gpg_err_set_errno
gpg_strerror
gpg_strerror_r
gpg_strsource
gpgrt_asprintf
gpgrt_fclose
gpgrt_fopen
gpgrt_fread
gpgrt_free
gpgrt_malloc
gpgrt_vasprintf

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext

kernel32

CloseHandle
CreateFileW
CreatePipe
CreateProcessW
DeleteCriticalSection
DeleteFileW
DuplicateHandle
EnterCriticalSection
FormatMessageA
FreeLibrary
GetCurrentProcess
GetFileType
GetLastError
GetModuleHandleA
GetModuleHandleW
GetNamedPipeInfo
GetPriorityClass
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
ReadFile
ResumeThread
SetLastError
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte
WriteFile

msvcrt

__mb_cur_max
_amsg_exit
_assert
_environ
_errno
_get_osfhandle
_initterm
_iob
_lock
_unlock
abort
atoi
calloc
fclose
fflush
fputc
free
fwrite
getc
getenv
iscntrl
islower
isprint
isspace
isupper
isxdigit
localeconv
malloc
memchr
memcmp
memcpy
memset
putc
realloc
setlocale
strcat
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strpbrk
strtol
strtoul
tolower
ungetc
vfprintf
wcslen
_getpid
_fileno

ws2_32

WSACleanup
WSAGetLastError
WSAStartup
accept
bind
closesocket
connect
getsockname
htonl
htons
inet_addr
ntohs
recv
recvfrom
select
send
sendto
socket

Exports

Exports

__assuan_close
__assuan_connect
__assuan_pipe
__assuan_read
__assuan_recvmsg
__assuan_sendmsg
__assuan_socket
__assuan_socketpair
__assuan_spawn
__assuan_usleep
__assuan_waitpid
__assuan_write
_assuan_w32ce_create_pipe
_assuan_w32ce_finish_pipe
_assuan_w32ce_prepare_pipe
assuan_accept
assuan_begin_confidential
assuan_check_version
assuan_client_parse_response
assuan_client_read_response
assuan_close_input_fd
assuan_close_output_fd
assuan_command_parse_fd
assuan_ctx_set_system_hooks
assuan_end_confidential
assuan_fdopen
assuan_free
assuan_get_active_fds
assuan_get_assuan_log_prefix
assuan_get_command_name
assuan_get_data_fp
assuan_get_flag
assuan_get_gpg_err_source
assuan_get_input_fd
assuan_get_log_cb
assuan_get_malloc_hooks
assuan_get_output_fd
assuan_get_peercred
assuan_get_pid
assuan_get_pointer
assuan_init_pipe_server
assuan_init_socket_server
assuan_inquire
assuan_inquire_ext
assuan_new
assuan_new_ext
assuan_pending_line
assuan_pipe_connect
assuan_process
assuan_process_done
assuan_process_next
assuan_read_line
assuan_receivefd
assuan_register_bye_notify
assuan_register_cancel_notify
assuan_register_command
assuan_register_input_notify
assuan_register_option_handler
assuan_register_output_notify
assuan_register_post_cmd_notify
assuan_register_pre_cmd_notify
assuan_register_reset_notify
assuan_release
assuan_send_data
assuan_sendfd
assuan_set_assuan_log_prefix
assuan_set_assuan_log_stream
assuan_set_error
assuan_set_flag
assuan_set_gpg_err_source
assuan_set_hello_line
assuan_set_io_monitor
assuan_set_log_cb
assuan_set_log_stream
assuan_set_malloc_hooks
assuan_set_okay_line
assuan_set_pointer
assuan_set_sock_nonce
assuan_set_system_hooks
assuan_sock_bind
assuan_sock_check_nonce
assuan_sock_close
assuan_sock_connect
assuan_sock_connect_byname
assuan_sock_deinit
assuan_sock_get_flag
assuan_sock_get_nonce
assuan_sock_init
assuan_sock_new
assuan_sock_set_flag
assuan_sock_set_sockaddr_un
assuan_sock_set_system_hooks
assuan_socket_connect
assuan_socket_connect_fd
assuan_transact
assuan_write_line
assuan_write_status

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/gpg/libgcrypt-20.dll
.dll windows:4 windows x86 arch:x86

26aeadb16f703d57b96d1916f071ead3

Code Sign

4f:73:82:a3:9e:57:a3:4e:16:7c:f9:12
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/04/2022, 08:26

Not After

02/07/2025, 12:12

Subject

CN=g10 Code GmbH,O=g10 Code GmbH,L=Erkrath,ST=Nordrhein-Westfalen,C=DE,1.2.840.113549.1.9.1=#0c10636f646540673130636f64652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9e:09:09:67:15:eb:3a:71:13:9b:6a:f8:34:4a:35:43:d8:ba:78:97:01:80:9e:6a:7b:a2:6f:a8:70:9b:1e:e9
Signer

Actual PE Digest

9e:09:09:67:15:eb:3a:71:13:9b:6a:f8:34:4a:35:43:d8:ba:78:97:01:80:9e:6a:7b:a2:6f:a8:70:9b:1e:e9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libgpg-error-0

gpg_err_code_from_errno
gpg_err_code_from_syserror
gpg_err_code_to_errno
gpg_err_set_errno
gpg_strerror
gpg_strsource
gpgrt_b64dec_finish
gpgrt_b64dec_proc
gpgrt_b64dec_start
gpgrt_fclose
gpgrt_fclose_snatch
gpgrt_ferror
gpgrt_fopenmem
gpgrt_fprintf
gpgrt_fwrite
gpgrt_get_syscall_clamp
gpgrt_lock_destroy
gpgrt_lock_init
gpgrt_lock_lock
gpgrt_lock_unlock
gpgrt_rewind

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateFileA
DeleteCriticalSection
DeviceIoControl
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetProcessHeap
GetProcessTimes
GetProcessWorkingSetSize
GetStartupInfoA
GetSystemTimeAsFileTime
GetThreadTimes
GetTickCount
GetTimeZoneInformation
GetVersionExA
GlobalMemoryStatus
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MapViewOfFile
MultiByteToWideChar
OpenFileMappingA
QueryPerformanceCounter
Sleep
TlsGetValue
UnmapViewOfFile
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__mb_cur_max
_amsg_exit
_assert
_errno
_initterm
_iob
_lock
_unlock
_wopen
abort
atoi
bsearch
calloc
clock
fclose
feof
fflush
fgets
fopen
fputc
fputs
free
fwrite
getenv
iscntrl
isspace
isxdigit
localeconv
malloc
memcmp
memcpy
memmove
memset
realloc
setlocale
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strpbrk
strstr
strtol
strtoul
vfprintf
time
wcslen
_fstat
_write
_stricmp
_read
_open
_getpid
_close
_access

user32

GetActiveWindow
GetCapture
GetCaretPos
GetClipboardOwner
GetClipboardViewer
GetCursorPos
GetDesktopWindow
GetFocus
GetInputState
GetMessagePos
GetMessageTime
GetOpenClipboardWindow
GetProcessWindowStation

Exports

Exports

_gcry_mpi_get_const
gcry_calloc
gcry_calloc_secure
gcry_check_version
gcry_cipher_algo_info
gcry_cipher_algo_name
gcry_cipher_authenticate
gcry_cipher_checktag
gcry_cipher_close
gcry_cipher_ctl
gcry_cipher_decrypt
gcry_cipher_encrypt
gcry_cipher_get_algo_blklen
gcry_cipher_get_algo_keylen
gcry_cipher_gettag
gcry_cipher_info
gcry_cipher_map_name
gcry_cipher_mode_from_oid
gcry_cipher_open
gcry_cipher_setctr
gcry_cipher_setiv
gcry_cipher_setkey
gcry_control
gcry_create_nonce
gcry_ctx_release
gcry_ecc_get_algo_keylen
gcry_ecc_mul_point
gcry_err_code_from_errno
gcry_err_code_to_errno
gcry_err_make_from_errno
gcry_error_from_errno
gcry_free
gcry_get_config
gcry_is_secure
gcry_kdf_close
gcry_kdf_compute
gcry_kdf_derive
gcry_kdf_final
gcry_kdf_open
gcry_log_debug
gcry_log_debughex
gcry_log_debugmpi
gcry_log_debugpnt
gcry_log_debugsxp
gcry_mac_algo_info
gcry_mac_algo_name
gcry_mac_close
gcry_mac_ctl
gcry_mac_get_algo
gcry_mac_get_algo_keylen
gcry_mac_get_algo_maclen
gcry_mac_map_name
gcry_mac_open
gcry_mac_read
gcry_mac_setiv
gcry_mac_setkey
gcry_mac_verify
gcry_mac_write
gcry_malloc
gcry_malloc_secure
gcry_md_algo_info
gcry_md_algo_name
gcry_md_close
gcry_md_copy
gcry_md_ctl
gcry_md_debug
gcry_md_enable
gcry_md_extract
gcry_md_get_algo
gcry_md_get_algo_dlen
gcry_md_hash_buffer
gcry_md_hash_buffers
gcry_md_info
gcry_md_is_enabled
gcry_md_is_secure
gcry_md_map_name
gcry_md_open
gcry_md_read
gcry_md_reset
gcry_md_setkey
gcry_md_write
gcry_mpi_abs
gcry_mpi_add
gcry_mpi_add_ui
gcry_mpi_addm
gcry_mpi_aprint
gcry_mpi_clear_bit
gcry_mpi_clear_flag
gcry_mpi_clear_highbit
gcry_mpi_cmp
gcry_mpi_cmp_ui
gcry_mpi_copy
gcry_mpi_div
gcry_mpi_dump
gcry_mpi_ec_add
gcry_mpi_ec_curve_point
gcry_mpi_ec_decode_point
gcry_mpi_ec_dup
gcry_mpi_ec_get_affine
gcry_mpi_ec_get_mpi
gcry_mpi_ec_get_point
gcry_mpi_ec_mul
gcry_mpi_ec_new
gcry_mpi_ec_set_mpi
gcry_mpi_ec_set_point
gcry_mpi_ec_sub
gcry_mpi_gcd
gcry_mpi_get_flag
gcry_mpi_get_nbits
gcry_mpi_get_opaque
gcry_mpi_get_ui
gcry_mpi_invm
gcry_mpi_is_neg
gcry_mpi_lshift
gcry_mpi_mod
gcry_mpi_mul
gcry_mpi_mul_2exp
gcry_mpi_mul_ui
gcry_mpi_mulm
gcry_mpi_neg
gcry_mpi_new
gcry_mpi_point_copy
gcry_mpi_point_get
gcry_mpi_point_new
gcry_mpi_point_release
gcry_mpi_point_set
gcry_mpi_point_snatch_get
gcry_mpi_point_snatch_set
gcry_mpi_powm
gcry_mpi_print
gcry_mpi_randomize
gcry_mpi_release
gcry_mpi_rshift
gcry_mpi_scan
gcry_mpi_set
gcry_mpi_set_bit
gcry_mpi_set_flag
gcry_mpi_set_highbit
gcry_mpi_set_opaque
gcry_mpi_set_opaque_copy
gcry_mpi_set_ui
gcry_mpi_snatch
gcry_mpi_snew
gcry_mpi_sub
gcry_mpi_sub_ui
gcry_mpi_subm
gcry_mpi_swap
gcry_mpi_test_bit
gcry_pk_algo_info
gcry_pk_algo_name
gcry_pk_ctl
gcry_pk_decrypt
gcry_pk_encrypt
gcry_pk_genkey
gcry_pk_get_curve
gcry_pk_get_keygrip
gcry_pk_get_nbits
gcry_pk_get_param
gcry_pk_hash_sign
gcry_pk_hash_verify
gcry_pk_map_name
gcry_pk_random_override_new
gcry_pk_sign
gcry_pk_testkey
gcry_pk_verify
gcry_prime_check
gcry_prime_generate
gcry_prime_group_generator
gcry_prime_release_factors
gcry_pubkey_get_sexp
gcry_random_add_bytes
gcry_random_bytes
gcry_random_bytes_secure
gcry_randomize
gcry_realloc
gcry_set_allocation_handler
gcry_set_fatalerror_handler
gcry_set_gettext_handler
gcry_set_log_handler
gcry_set_outofcore_handler
gcry_set_progress_handler
gcry_sexp_alist
gcry_sexp_append
gcry_sexp_build
gcry_sexp_build_array
gcry_sexp_cadr
gcry_sexp_canon_len
gcry_sexp_car
gcry_sexp_cdr
gcry_sexp_cons
gcry_sexp_create
gcry_sexp_dump
gcry_sexp_extract_param
gcry_sexp_find_token
gcry_sexp_length
gcry_sexp_new
gcry_sexp_nth
gcry_sexp_nth_buffer
gcry_sexp_nth_data
gcry_sexp_nth_mpi
gcry_sexp_nth_string
gcry_sexp_prepend
gcry_sexp_release
gcry_sexp_sprint
gcry_sexp_sscan
gcry_sexp_vlist
gcry_strdup
gcry_strerror
gcry_strsource
gcry_xcalloc
gcry_xcalloc_secure
gcry_xmalloc
gcry_xmalloc_secure
gcry_xrealloc
gcry_xstrdup

Sections

.text
Size: 961KB - Virtual size: 960KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 190KB - Virtual size: 190KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/gpg/libgpg-error-0.dll
.dll windows:4 windows x86 arch:x86

1c7d1b81698af10088bad1658179b308

Code Sign

4f:73:82:a3:9e:57:a3:4e:16:7c:f9:12
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/04/2022, 08:26

Not After

02/07/2025, 12:12

Subject

CN=g10 Code GmbH,O=g10 Code GmbH,L=Erkrath,ST=Nordrhein-Westfalen,C=DE,1.2.840.113549.1.9.1=#0c10636f646540673130636f64652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c1:2c:19:9c:b1:80:48:89:ac:b4:12:fe:42:d5:47:de:d6:aa:22:ac:49:7f:71:b1:9d:b4:b0:0e:28:3b:c1:e1
Signer

Actual PE Digest

c1:2c:19:9c:b1:80:48:89:ac:b4:12:fe:42:d5:47:de:d6:aa:22:ac:49:7f:71:b1:9d:b4:b0:0e:28:3b:c1:e1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

GetUserNameW
RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileW
CreatePipe
CreateProcessA
CreateThread
DeleteCriticalSection
EnterCriticalSection
ExpandEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetConsoleOutputCP
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesW
GetFileSize
GetFileType
GetFullPathNameW
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPriorityClass
GetProcAddress
GetStdHandle
GetTempPathA
GetThreadLocale
GetTickCount
InitializeCriticalSection
IsDBCSLeadByteEx
IsValidCodePage
LeaveCriticalSection
LoadLibraryA
LocalAlloc
LocalFree
MultiByteToWideChar
ReadFile
ResetEvent
ResumeThread
SetCurrentDirectoryW
SetEnvironmentVariableA
SetEvent
SetFilePointerEx
SetHandleInformation
Sleep
TerminateProcess
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
TryEnterCriticalSection
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__mb_cur_max
_amsg_exit
_errno
_get_osfhandle
_initterm
_iob
_lock
_lseeki64
_open_osfhandle
_unlock
_wopen
abort
atoi
calloc
exit
fclose
ferror
fflush
fopen
fputc
fread
free
fseek
ftell
fwrite
getenv
isalnum
isalpha
isspace
localeconv
malloc
memchr
memcpy
memmove
memset
localtime
qsort
realloc
setlocale
strchr
strcmp
strcpy
strcspn
strerror
strlen
strncmp
strncpy
strpbrk
strrchr
strspn
strstr
strtol
strtoul
vfprintf
time
_stricmp
_strnicmp
wcscpy
wcslen
_write
_setmode
_read
_putenv
_open
_isatty
_getpid
_fileno
_dup
_close

user32

AllowSetForegroundWindow

ws2_32

closesocket
connect
htons
inet_addr
ioctlsocket
recv
send
socket

Exports

Exports

_gpg_w32_bindtextdomain
_gpg_w32_dgettext
_gpg_w32_dngettext
_gpg_w32_gettext
_gpg_w32_gettext_localename
_gpg_w32_gettext_use_utf8
_gpg_w32_textdomain
_gpgrt_get_std_stream
_gpgrt_getc_underflow
_gpgrt_log_assert
_gpgrt_pending
_gpgrt_pending_unlocked
_gpgrt_putc_overflow
_gpgrt_set_std_fd
gpg_err_code_from_errno
gpg_err_code_from_syserror
gpg_err_code_to_errno
gpg_err_deinit
gpg_err_init
gpg_err_set_errno
gpg_error_check_version
gpg_strerror
gpg_strerror_r
gpg_strsource
gpgrt_abort
gpgrt_absfnameconcat
gpgrt_access
gpgrt_add_emergency_cleanup
gpgrt_argparse
gpgrt_argparser
gpgrt_asprintf
gpgrt_b64dec_finish
gpgrt_b64dec_proc
gpgrt_b64dec_start
gpgrt_b64enc_finish
gpgrt_b64enc_start
gpgrt_b64enc_write
gpgrt_bsprintf
gpgrt_calloc
gpgrt_chdir
gpgrt_check_version
gpgrt_clearerr
gpgrt_clearerr_unlocked
gpgrt_cmp_version
gpgrt_fcancel
gpgrt_fclose
gpgrt_fclose_snatch
gpgrt_fdopen
gpgrt_fdopen_nc
gpgrt_feof
gpgrt_feof_unlocked
gpgrt_ferror
gpgrt_ferror_unlocked
gpgrt_fflush
gpgrt_fgetc
gpgrt_fgets
gpgrt_fileno
gpgrt_fileno_unlocked
gpgrt_flockfile
gpgrt_fname_get
gpgrt_fname_set
gpgrt_fname_to_wchar
gpgrt_fnameconcat
gpgrt_fopen
gpgrt_fopencookie
gpgrt_fopenmem
gpgrt_fopenmem_init
gpgrt_fpopen
gpgrt_fpopen_nc
gpgrt_fprintf
gpgrt_fprintf_sf
gpgrt_fprintf_sf_unlocked
gpgrt_fprintf_unlocked
gpgrt_fputc
gpgrt_fputs
gpgrt_fputs_unlocked
gpgrt_fread
gpgrt_free
gpgrt_free_wchar
gpgrt_freopen
gpgrt_fseek
gpgrt_fseeko
gpgrt_ftell
gpgrt_ftello
gpgrt_ftruncate
gpgrt_ftrylockfile
gpgrt_funlockfile
gpgrt_fwrite
gpgrt_get_errorcount
gpgrt_get_nonblock
gpgrt_get_syscall_clamp
gpgrt_getcwd
gpgrt_getenv
gpgrt_getline
gpgrt_inc_errorcount
gpgrt_lock_destroy
gpgrt_lock_init
gpgrt_lock_lock
gpgrt_lock_trylock
gpgrt_lock_unlock
gpgrt_log
gpgrt_log_bug
gpgrt_log_clock
gpgrt_log_debug
gpgrt_log_debug_string
gpgrt_log_error
gpgrt_log_fatal
gpgrt_log_flush
gpgrt_log_get_fd
gpgrt_log_get_prefix
gpgrt_log_get_stream
gpgrt_log_info
gpgrt_log_printf
gpgrt_log_printhex
gpgrt_log_set_pid_suffix_cb
gpgrt_log_set_prefix
gpgrt_log_set_sink
gpgrt_log_set_socket_dir_cb
gpgrt_log_string
gpgrt_log_test_fd
gpgrt_logv
gpgrt_logv_prefix
gpgrt_malloc
gpgrt_mkdir
gpgrt_mopen
gpgrt_onclose
gpgrt_opaque_get
gpgrt_opaque_set
gpgrt_poll
gpgrt_printf
gpgrt_printf_unlocked
gpgrt_read
gpgrt_read_line
gpgrt_realloc
gpgrt_reallocarray
gpgrt_rewind
gpgrt_set_alloc_func
gpgrt_set_binary
gpgrt_set_confdir
gpgrt_set_fixed_string_mapper
gpgrt_set_nonblock
gpgrt_set_strusage
gpgrt_set_syscall_clamp
gpgrt_set_usage_outfnc
gpgrt_setbuf
gpgrt_setenv
gpgrt_setvbuf
gpgrt_snprintf
gpgrt_strconcat
gpgrt_strdup
gpgrt_strusage
gpgrt_syshd
gpgrt_syshd_unlocked
gpgrt_sysopen
gpgrt_sysopen_nc
gpgrt_tmpfile
gpgrt_ungetc
gpgrt_usage
gpgrt_utf8_to_wchar
gpgrt_vasprintf
gpgrt_vbsprintf
gpgrt_vfprintf
gpgrt_vfprintf_unlocked
gpgrt_vsnprintf
gpgrt_w32_iconv
gpgrt_w32_iconv_close
gpgrt_w32_iconv_open
gpgrt_w32_override_locale
gpgrt_w32_reg_query_string
gpgrt_wchar_to_utf8
gpgrt_write
gpgrt_write_hexstring
gpgrt_write_sanitized
gpgrt_yield

Sections

.text
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 528B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/gpg/libgpgme-11.dll
.dll windows:4 windows x86 arch:x86

8578a0a7d4ceef1cb4bbf12b87200ac9

Code Sign

4f:73:82:a3:9e:57:a3:4e:16:7c:f9:12
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/04/2022, 08:26

Not After

02/07/2025, 12:12

Subject

CN=g10 Code GmbH,O=g10 Code GmbH,L=Erkrath,ST=Nordrhein-Westfalen,C=DE,1.2.840.113549.1.9.1=#0c10636f646540673130636f64652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:18:d6:f9:fb:4d:c4:5e:ef:7d:f7:28:9b:25:c4:60:62:7e:9c:f6:68:02:a2:2b:6d:7c:d3:f5:0b:00:2a:c7
Signer

Actual PE Digest

77:18:d6:f9:fb:4d:c4:5e:ef:7d:f7:28:9b:25:c4:60:62:7e:9c:f6:68:02:a2:2b:6d:7c:d3:f5:0b:00:2a:c7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libassuan-0

assuan_ctx_set_system_hooks
assuan_get_active_fds
assuan_new_ext
assuan_pending_line
assuan_pipe_connect
assuan_read_line
assuan_release
assuan_send_data
assuan_set_flag
assuan_socket_connect
assuan_transact
assuan_write_line

libgpg-error-0

_gpg_w32_gettext_use_utf8
gpg_err_code_from_errno
gpg_err_code_from_syserror
gpg_err_code_to_errno
gpg_err_set_errno
gpg_strerror
gpg_strerror_r
gpg_strsource
gpgrt_asprintf
gpgrt_bsprintf
gpgrt_fclose
gpgrt_ferror
gpgrt_fflush
gpgrt_fileno
gpgrt_fopen
gpgrt_fread
gpgrt_free
gpgrt_fseeko
gpgrt_ftello
gpgrt_fwrite
gpgrt_lock_destroy
gpgrt_lock_lock
gpgrt_lock_unlock
gpgrt_log
gpgrt_log_get_prefix
gpgrt_log_set_pid_suffix_cb
gpgrt_log_set_prefix
gpgrt_log_set_sink
gpgrt_snprintf
gpgrt_vasprintf
gpgrt_vbsprintf

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExA

kernel32

CloseHandle
CreateEventA
CreatePipe
CreateProcessW
CreateSemaphoreW
CreateThread
DeleteCriticalSection
DeleteFileA
DuplicateHandle
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentThreadId
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetPriorityClass
GetProcAddress
GetSystemTimeAsFileTime
GetTempPathA
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
ReadFile
ReleaseSemaphore
ResetEvent
ResumeThread
SetEvent
SetLastError
SetThreadPriority
Sleep
SystemTimeToFileTime
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject
WideCharToMultiByte
WriteFile

msvcrt

__mb_cur_max
_amsg_exit
_assert
_environ
_errno
_filelengthi64
_fileno
_initterm
_iob
_lock
_lseeki64
_unlock
_waccess
abort
atoi
bsearch
calloc
fclose
ferror
fflush
fgetpos
fopen
fputc
fread
free
fsetpos
fwrite
getenv
isprint
isspace
localeconv
malloc
memchr
memcmp
memcpy
memmove
memset
qsort
realloc
setlocale
strcat
strchr
strcmp
strcpy
strerror
strlen
strncmp
strncpy
strrchr
strstr
strtol
strtoul
vfprintf
_stricmp
wcslen
_stati64
_write
_strdup
_read
_open
_isatty
_fileno
_close

shell32

SHGetSpecialFolderPathW

user32

MessageBoxA

ws2_32

WSAGetLastError
WSAStartup
closesocket
connect
recv
send
shutdown
socket

Exports

Exports

gpgme_addrspec_from_uid
gpgme_cancel
gpgme_cancel_async
gpgme_check_version
gpgme_check_version_internal
gpgme_conf_arg_new
gpgme_conf_arg_release
gpgme_conf_opt_change
gpgme_conf_release
gpgme_ctx_get_engine_info
gpgme_ctx_set_engine_info
gpgme_data_get_encoding
gpgme_data_get_file_name
gpgme_data_identify
gpgme_data_new
gpgme_data_new_from_cbs
gpgme_data_new_from_estream
gpgme_data_new_from_fd
gpgme_data_new_from_file
gpgme_data_new_from_filepart
gpgme_data_new_from_mem
gpgme_data_new_from_stream
gpgme_data_new_with_read_cb
gpgme_data_read
gpgme_data_release
gpgme_data_release_and_get_mem
gpgme_data_rewind
gpgme_data_seek
gpgme_data_set_encoding
gpgme_data_set_file_name
gpgme_data_set_flag
gpgme_data_write
gpgme_engine_check_version
gpgme_err_code_from_errno
gpgme_err_code_from_syserror
gpgme_err_code_to_errno
gpgme_err_make_from_errno
gpgme_err_set_errno
gpgme_error_from_errno
gpgme_free
gpgme_get_armor
gpgme_get_ctx_flag
gpgme_get_dirinfo
gpgme_get_engine_info
gpgme_get_fdptr
gpgme_get_giochannel
gpgme_get_include_certs
gpgme_get_io_cbs
gpgme_get_key
gpgme_get_keylist_mode
gpgme_get_offline
gpgme_get_passphrase_cb
gpgme_get_pinentry_mode
gpgme_get_progress_cb
gpgme_get_protocol
gpgme_get_protocol_name
gpgme_get_sender
gpgme_get_sig_key
gpgme_get_sig_status
gpgme_get_sig_string_attr
gpgme_get_sig_ulong_attr
gpgme_get_status_cb
gpgme_get_sub_protocol
gpgme_get_textmode
gpgme_hash_algo_name
gpgme_io_read
gpgme_io_write
gpgme_io_writen
gpgme_key_from_uid
gpgme_key_get_string_attr
gpgme_key_get_ulong_attr
gpgme_key_ref
gpgme_key_release
gpgme_key_sig_get_string_attr
gpgme_key_sig_get_ulong_attr
gpgme_key_unref
gpgme_new
gpgme_op_adduid
gpgme_op_adduid_start
gpgme_op_assuan_result
gpgme_op_assuan_transact
gpgme_op_assuan_transact_ext
gpgme_op_assuan_transact_start
gpgme_op_card_edit
gpgme_op_card_edit_start
gpgme_op_conf_dir
gpgme_op_conf_load
gpgme_op_conf_save
gpgme_op_createkey
gpgme_op_createkey_start
gpgme_op_createsubkey
gpgme_op_createsubkey_start
gpgme_op_decrypt
gpgme_op_decrypt_ext
gpgme_op_decrypt_ext_start
gpgme_op_decrypt_result
gpgme_op_decrypt_start
gpgme_op_decrypt_verify
gpgme_op_decrypt_verify_start
gpgme_op_delete
gpgme_op_delete_ext
gpgme_op_delete_ext_start
gpgme_op_delete_start
gpgme_op_edit
gpgme_op_edit_start
gpgme_op_encrypt
gpgme_op_encrypt_ext
gpgme_op_encrypt_ext_start
gpgme_op_encrypt_result
gpgme_op_encrypt_sign
gpgme_op_encrypt_sign_ext
gpgme_op_encrypt_sign_ext_start
gpgme_op_encrypt_sign_start
gpgme_op_encrypt_start
gpgme_op_export
gpgme_op_export_ext
gpgme_op_export_ext_start
gpgme_op_export_keys
gpgme_op_export_keys_start
gpgme_op_export_start
gpgme_op_genkey
gpgme_op_genkey_result
gpgme_op_genkey_start
gpgme_op_getauditlog
gpgme_op_getauditlog_start
gpgme_op_import
gpgme_op_import_ext
gpgme_op_import_keys
gpgme_op_import_keys_start
gpgme_op_import_result
gpgme_op_import_start
gpgme_op_interact
gpgme_op_interact_start
gpgme_op_keylist_end
gpgme_op_keylist_ext_start
gpgme_op_keylist_from_data_start
gpgme_op_keylist_next
gpgme_op_keylist_result
gpgme_op_keylist_start
gpgme_op_keysign
gpgme_op_keysign_start
gpgme_op_passwd
gpgme_op_passwd_start
gpgme_op_query_swdb
gpgme_op_query_swdb_result
gpgme_op_receive_keys
gpgme_op_receive_keys_start
gpgme_op_revsig
gpgme_op_revsig_start
gpgme_op_revuid
gpgme_op_revuid_start
gpgme_op_set_uid_flag
gpgme_op_set_uid_flag_start
gpgme_op_setexpire
gpgme_op_setexpire_start
gpgme_op_sign
gpgme_op_sign_result
gpgme_op_sign_start
gpgme_op_spawn
gpgme_op_spawn_start
gpgme_op_tofu_policy
gpgme_op_tofu_policy_start
gpgme_op_trustlist_end
gpgme_op_trustlist_next
gpgme_op_trustlist_start
gpgme_op_verify
gpgme_op_verify_ext
gpgme_op_verify_ext_start
gpgme_op_verify_result
gpgme_op_verify_start
gpgme_op_vfs_create
gpgme_op_vfs_mount
gpgme_op_vfs_mount_result
gpgme_pubkey_algo_name
gpgme_pubkey_algo_string
gpgme_release
gpgme_result_ref
gpgme_result_unref
gpgme_set_armor
gpgme_set_ctx_flag
gpgme_set_engine_info
gpgme_set_global_flag
gpgme_set_include_certs
gpgme_set_io_cbs
gpgme_set_keylist_mode
gpgme_set_locale
gpgme_set_offline
gpgme_set_passphrase_cb
gpgme_set_pinentry_mode
gpgme_set_progress_cb
gpgme_set_protocol
gpgme_set_sender
gpgme_set_status_cb
gpgme_set_sub_protocol
gpgme_set_textmode
gpgme_sig_notation_add
gpgme_sig_notation_clear
gpgme_sig_notation_get
gpgme_signers_add
gpgme_signers_clear
gpgme_signers_count
gpgme_signers_enum
gpgme_strerror
gpgme_strerror_r
gpgme_strsource
gpgme_trust_item_get_int_attr
gpgme_trust_item_get_string_attr
gpgme_trust_item_ref
gpgme_trust_item_release
gpgme_trust_item_unref
gpgme_wait
gpgme_wait_ext

Sections

.text
Size: 282KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 18KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/gpg/libksba-8.dll
.dll windows:4 windows x86 arch:x86

12e824eab712f56923d4a763ed687e59

Code Sign

4f:73:82:a3:9e:57:a3:4e:16:7c:f9:12
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/04/2022, 08:26

Not After

02/07/2025, 12:12

Subject

CN=g10 Code GmbH,O=g10 Code GmbH,L=Erkrath,ST=Nordrhein-Westfalen,C=DE,1.2.840.113549.1.9.1=#0c10636f646540673130636f64652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9b:5f:e7:a9:85:82:6a:36:1d:1c:27:ad:92:f6:65:4d:87:42:ec:1c:67:9b:aa:44:1f:a2:59:64:28:11:d9:ec
Signer

Actual PE Digest

9b:5f:e7:a9:85:82:6a:36:1d:1c:27:ad:92:f6:65:4d:87:42:ec:1c:67:9b:aa:44:1f:a2:59:64:28:11:d9:ec

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

libgpg-error-0

gpg_err_code_from_errno
gpg_err_code_from_syserror
gpg_err_set_errno
gpg_strerror

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__mb_cur_max
_amsg_exit
_assert
_errno
_initterm
_iob
_lock
_unlock
abort
atoi
calloc
exit
fclose
ferror
fgetc
fopen
fputc
fputs
fread
free
fwrite
getenv
localeconv
malloc
memcmp
memcpy
memmove
memset
gmtime
putc
qsort
realloc
setlocale
strcat
strchr
strcmp
strcpy
strerror
strlen
strncmp
strtol
strtoul
ungetc
vfprintf
time
wcslen
_read

Exports

Exports

ksba_asn_create_tree
ksba_asn_delete_structure
ksba_asn_parse_file
ksba_asn_tree_dump
ksba_asn_tree_release
ksba_calloc
ksba_cert_get_auth_key_id
ksba_cert_get_authority_info_access
ksba_cert_get_cert_policies
ksba_cert_get_crl_dist_point
ksba_cert_get_digest_algo
ksba_cert_get_ext_key_usages
ksba_cert_get_extension
ksba_cert_get_image
ksba_cert_get_issuer
ksba_cert_get_key_usage
ksba_cert_get_public_key
ksba_cert_get_serial
ksba_cert_get_sig_val
ksba_cert_get_subj_key_id
ksba_cert_get_subject
ksba_cert_get_subject_info_access
ksba_cert_get_user_data
ksba_cert_get_validity
ksba_cert_hash
ksba_cert_init_from_mem
ksba_cert_is_ca
ksba_cert_new
ksba_cert_read_der
ksba_cert_ref
ksba_cert_release
ksba_cert_set_user_data
ksba_certreq_add_extension
ksba_certreq_add_subject
ksba_certreq_build
ksba_certreq_new
ksba_certreq_release
ksba_certreq_set_hash_function
ksba_certreq_set_issuer
ksba_certreq_set_public_key
ksba_certreq_set_serial
ksba_certreq_set_sig_val
ksba_certreq_set_siginfo
ksba_certreq_set_validity
ksba_certreq_set_writer
ksba_check_version
ksba_cms_add_cert
ksba_cms_add_digest_algo
ksba_cms_add_recipient
ksba_cms_add_signer
ksba_cms_add_smime_capability
ksba_cms_build
ksba_cms_get_cert
ksba_cms_get_content_enc_iv
ksba_cms_get_content_oid
ksba_cms_get_content_type
ksba_cms_get_digest_algo
ksba_cms_get_digest_algo_list
ksba_cms_get_enc_val
ksba_cms_get_issuer_serial
ksba_cms_get_message_digest
ksba_cms_get_sig_val
ksba_cms_get_sigattr_oids
ksba_cms_get_signing_time
ksba_cms_hash_signed_attrs
ksba_cms_identify
ksba_cms_new
ksba_cms_parse
ksba_cms_release
ksba_cms_set_content_enc_algo
ksba_cms_set_content_type
ksba_cms_set_enc_val
ksba_cms_set_hash_function
ksba_cms_set_message_digest
ksba_cms_set_reader_writer
ksba_cms_set_sig_val
ksba_cms_set_signing_time
ksba_crl_get_auth_key_id
ksba_crl_get_crl_number
ksba_crl_get_digest_algo
ksba_crl_get_extension
ksba_crl_get_issuer
ksba_crl_get_item
ksba_crl_get_sig_val
ksba_crl_get_update_times
ksba_crl_new
ksba_crl_parse
ksba_crl_release
ksba_crl_set_hash_function
ksba_crl_set_reader
ksba_der_add_bts
ksba_der_add_der
ksba_der_add_end
ksba_der_add_int
ksba_der_add_oid
ksba_der_add_ptr
ksba_der_add_tag
ksba_der_add_val
ksba_der_builder_get
ksba_der_builder_new
ksba_der_builder_reset
ksba_der_release
ksba_dn_der2str
ksba_dn_str2der
ksba_dn_teststr
ksba_free
ksba_malloc
ksba_name_enum
ksba_name_get_uri
ksba_name_new
ksba_name_ref
ksba_name_release
ksba_ocsp_add_cert
ksba_ocsp_add_target
ksba_ocsp_build_request
ksba_ocsp_get_cert
ksba_ocsp_get_digest_algo
ksba_ocsp_get_extension
ksba_ocsp_get_responder_id
ksba_ocsp_get_sig_val
ksba_ocsp_get_status
ksba_ocsp_hash_request
ksba_ocsp_hash_response
ksba_ocsp_new
ksba_ocsp_parse_response
ksba_ocsp_prepare_request
ksba_ocsp_release
ksba_ocsp_set_digest_algo
ksba_ocsp_set_nonce
ksba_ocsp_set_requestor
ksba_ocsp_set_sig_val
ksba_oid_from_str
ksba_oid_to_str
ksba_reader_clear
ksba_reader_error
ksba_reader_new
ksba_reader_read
ksba_reader_release
ksba_reader_set_cb
ksba_reader_set_fd
ksba_reader_set_file
ksba_reader_set_mem
ksba_reader_set_release_notify
ksba_reader_tell
ksba_reader_unread
ksba_realloc
ksba_set_hash_buffer_function
ksba_set_malloc_hooks
ksba_strdup
ksba_writer_error
ksba_writer_get_mem
ksba_writer_new
ksba_writer_release
ksba_writer_set_cb
ksba_writer_set_fd
ksba_writer_set_file
ksba_writer_set_filter
ksba_writer_set_mem
ksba_writer_set_release_notify
ksba_writer_snatch_mem
ksba_writer_tell
ksba_writer_write
ksba_writer_write_octet_string

Sections

.text
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/gpg/libnpth-0.dll
.dll windows:4 windows x86 arch:x86

1db359b31e510c137fe3f504b3507f01

Code Sign

4f:73:82:a3:9e:57:a3:4e:16:7c:f9:12
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/04/2022, 08:26

Not After

02/07/2025, 12:12

Subject

CN=g10 Code GmbH,O=g10 Code GmbH,L=Erkrath,ST=Nordrhein-Westfalen,C=DE,1.2.840.113549.1.9.1=#0c10636f646540673130636f64652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

d1:db:a2:a6:b9:fa:03:57:72:a1:25:f6:bf:af:47:aa:44:c1:a4:70:44:a2:df:b0:59:fc:51:a1:8f:95:e4:1d
Signer

Actual PE Digest

d1:db:a2:a6:b9:fa:03:57:72:a1:25:f6:bf:af:47:aa:44:c1:a4:70:44:a2:df:b0:59:fc:51:a1:8f:95:e4:1d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateEventA
CreateMutexA
CreateThread
DeleteCriticalSection
DuplicateHandle
EnterCriticalSection
ExitThread
FreeLibrary
GetCurrentProcess
GetCurrentThread
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
ReleaseMutex
ResetEvent
ResumeThread
SetEvent
Sleep
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForSingleObject

msvcrt

_amsg_exit
_errno
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
malloc
memset
realloc
strcpy
strlen
strncmp
system
vfprintf
_write
_read

ws2_32

WSACloseEvent
WSACreateEvent
WSAEnumNetworkEvents
WSAEventSelect
WSAGetLastError
accept
connect
select

Exports

Exports

npth_accept
npth_attr_destroy
npth_attr_getdetachstate
npth_attr_init
npth_attr_setdetachstate
npth_clock_gettime
npth_cond_broadcast
npth_cond_destroy
npth_cond_init
npth_cond_signal
npth_cond_timedwait
npth_cond_wait
npth_connect
npth_create
npth_detach
npth_eselect
npth_exit
npth_getname_np
npth_getspecific
npth_init
npth_is_protected
npth_join
npth_key_create
npth_key_delete
npth_mutex_destroy
npth_mutex_init
npth_mutex_lock
npth_mutex_timedlock
npth_mutex_trylock
npth_mutex_unlock
npth_mutexattr_destroy
npth_mutexattr_gettype
npth_mutexattr_init
npth_mutexattr_settype
npth_protect
npth_read
npth_recvmsg
npth_rwlock_destroy
npth_rwlock_init
npth_rwlock_rdlock
npth_rwlock_timedrdlock
npth_rwlock_timedwrlock
npth_rwlock_tryrdlock
npth_rwlock_trywrlock
npth_rwlock_unlock
npth_rwlock_wrlock
npth_rwlockattr_destroy
npth_rwlockattr_gettype_np
npth_rwlockattr_init
npth_rwlockattr_settype_np
npth_select
npth_self
npth_sendmsg
npth_setname_np
npth_setspecific
npth_sleep
npth_system
npth_unprotect
npth_usleep
npth_waitpid
npth_write

Sections

.text
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/gpg/libsqlite3-0.dll
.dll windows:4 windows x86 arch:x86

76148d486431600193f388eb2c2a41f3

Code Sign

4f:73:82:a3:9e:57:a3:4e:16:7c:f9:12
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/04/2022, 08:26

Not After

02/07/2025, 12:12

Subject

CN=g10 Code GmbH,O=g10 Code GmbH,L=Erkrath,ST=Nordrhein-Westfalen,C=DE,1.2.840.113549.1.9.1=#0c10636f646540673130636f64652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ff:8e:ba:e8:2b:39:ef:f6:d0:84:3e:e8:5a:5c:a8:7c:74:21:68:8b:0d:e6:96:96:1f:bb:d8:c7:ca:9e:16:dd
Signer

Actual PE Digest

ff:8e:ba:e8:2b:39:ef:f6:d0:84:3e:e8:5a:5c:a8:7c:74:21:68:8b:0d:e6:96:96:1f:bb:d8:c7:ca:9e:16:dd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

AreFileApisANSI
CloseHandle
CreateFileA
CreateFileMappingA
CreateFileMappingW
CreateFileW
CreateMutexW
DeleteCriticalSection
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
FlushViewOfFile
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetCurrentThreadId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesExW
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetModuleHandleA
GetProcAddress
GetProcessHeap
GetSystemInfo
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
HeapAlloc
HeapCompact
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
HeapValidate
InitializeCriticalSection
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
OutputDebugStringA
OutputDebugStringW
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
SystemTimeToFileTime
TlsGetValue
TryEnterCriticalSection
UnlockFile
UnlockFileEx
UnmapViewOfFile
VirtualProtect
VirtualQuery
WaitForSingleObject
WaitForSingleObjectEx
WideCharToMultiByte
WriteFile

msvcrt

__setusermatherr
_amsg_exit
_beginthreadex
_endthreadex
_errno
_initterm
_iob
_lock
_unlock
abort
calloc
free
fwrite
malloc
memcmp
memcpy
memmove
memset
localtime
qsort
realloc
strcmp
strcspn
strlen
strncmp
strrchr
vfprintf

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_blob64
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_pointer
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_text64
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_bind_zeroblob64
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_cancel_auto_extension
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_create_window_function
sqlite3_data_count
sqlite3_data_directory
sqlite3_db_cacheflush
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expanded_sql
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_fts3_may_be_corrupt
sqlite3_fts5_may_be_corrupt
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_keyword_check
sqlite3_keyword_count
sqlite3_keyword_name
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_malloc64
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_msize
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare16_v3
sqlite3_prepare_v2
sqlite3_prepare_v3
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_realloc64
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_blob64
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_pointer
sqlite3_result_subtype
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_text64
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_result_zeroblob64
sqlite3_rollback_hook
sqlite3_rtree_geometry_callback
sqlite3_rtree_query_callback
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_set_last_insert_rowid
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_status64
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_isexplain
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_str_append
sqlite3_str_appendall
sqlite3_str_appendchar
sqlite3_str_appendf
sqlite3_str_errcode
sqlite3_str_finish
sqlite3_str_length
sqlite3_str_new
sqlite3_str_reset
sqlite3_str_value
sqlite3_str_vappendf
sqlite3_strglob
sqlite3_stricmp
sqlite3_strlike
sqlite3_strnicmp
sqlite3_system_errno
sqlite3_table_column_metadata
sqlite3_temp_directory
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_trace_v2
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_dup
sqlite3_value_free
sqlite3_value_frombind
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_nochange
sqlite3_value_numeric_type
sqlite3_value_pointer
sqlite3_value_subtype
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_collation
sqlite3_vtab_config
sqlite3_vtab_nochange
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_is_nt
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_mbcs_to_utf8_v2
sqlite3_win32_set_directory
sqlite3_win32_set_directory16
sqlite3_win32_set_directory8
sqlite3_win32_sleep
sqlite3_win32_unicode_to_utf8
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_utf8_to_mbcs_v2
sqlite3_win32_utf8_to_unicode
sqlite3_win32_write_debug

Sections

.text
Size: 948KB - Virtual size: 948KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/gpg/zlib1.dll
.dll windows:4 windows x86 arch:x86

18858a72c4fcbf2c467cbe7584002c67

Code Sign

4f:73:82:a3:9e:57:a3:4e:16:7c:f9:12
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/04/2022, 08:26

Not After

02/07/2025, 12:12

Subject

CN=g10 Code GmbH,O=g10 Code GmbH,L=Erkrath,ST=Nordrhein-Westfalen,C=DE,1.2.840.113549.1.9.1=#0c10636f646540673130636f64652e636f6d

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

17:dd:79:3a:13:fc:90:37:cd:bc:02:06:0f:41:15:33:ca:1a:05:bc:25:77:a6:6a:49:b0:ba:98:1d:7a:a4:b5
Signer

Actual PE Digest

17:dd:79:3a:13:fc:90:37:cd:bc:02:06:0f:41:15:33:ca:1a:05:bc:25:77:a6:6a:49:b0:ba:98:1d:7a:a4:b5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetLastError
GetModuleHandleA
GetModuleHandleW
GetProcAddress
InitializeCriticalSection
IsDBCSLeadByteEx
LeaveCriticalSection
LoadLibraryA
MultiByteToWideChar
Sleep
TlsGetValue
VirtualProtect
VirtualQuery
WideCharToMultiByte

msvcrt

__mb_cur_max
_amsg_exit
_errno
_initterm
_iob
_lock
_lseeki64
_unlock
_wopen
abort
atoi
calloc
fputc
free
fwrite
localeconv
malloc
memchr
memcpy
memmove
memset
realloc
setlocale
strchr
strerror
strlen
strncmp
vfprintf
wcslen
wcstombs
_write
_read
_open
_close

Exports

Exports

adler32
adler32_combine
adler32_combine64
adler32_z
compress
compress2
compressBound
crc32
crc32_combine
crc32_combine64
crc32_combine_gen
crc32_combine_gen64
crc32_combine_op
crc32_z
deflate
deflateBound
deflateCopy
deflateEnd
deflateGetDictionary
deflateInit2_
deflateInit_
deflateParams
deflatePending
deflatePrime
deflateReset
deflateResetKeep
deflateSetDictionary
deflateSetHeader
deflateTune
get_crc_table
gzbuffer
gzclearerr
gzclose
gzclose_r
gzclose_w
gzdirect
gzdopen
gzeof
gzerror
gzflush
gzfread
gzfwrite
gzgetc
gzgetc_
gzgets
gzoffset
gzoffset64
gzopen
gzopen64
gzopen_w
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzseek64
gzsetparams
gztell
gztell64
gzungetc
gzvprintf
gzwrite
inflate
inflateBack
inflateBackEnd
inflateBackInit_
inflateCodesUsed
inflateCopy
inflateEnd
inflateGetDictionary
inflateGetHeader
inflateInit2_
inflateInit_
inflateMark
inflatePrime
inflateReset
inflateReset2
inflateResetKeep
inflateSetDictionary
inflateSync
inflateSyncPoint
inflateUndermine
inflateValidate
uncompress
uncompress2
zError
zlibCompileFlags
zlibVersion

Sections

.text
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

/4
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/INetC.dll
.dll windows:4 windows x86 arch:x86

163fdad7b5f915e3a0ca7ad1d08b4ff8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
CreateThread
LocalAlloc
lstrcpynW
SleepEx
MulDiv
GetModuleHandleW
GetTickCount
ReadFile
CreateFileA
CreateFileW
GetFileSize
lstrcmpiW
lstrcatW
LoadLibraryA
lstrcmpW
lstrlenA
MultiByteToWideChar
WriteFile
lstrlenW
CloseHandle
GetLastError
DeleteFileW
GetProcAddress
WideCharToMultiByte
LocalFree
TerminateThread
GlobalAlloc
GlobalFree
SetFilePointer
WaitForSingleObject

user32

wsprintfA
FindWindowExW
GetWindowLongW
IsWindow
CreateDialogParamW
ShowWindow
GetParent
DispatchMessageW
LoadIconW
KillTimer
PostMessageW
IsDialogMessageW
SetWindowPos
SetWindowTextW
GetMessageW
SendDlgItemMessageW
TranslateMessage
EnableWindow
RedrawWindow
UpdateWindow
GetWindowRect
SendMessageW
SetTimer
SetWindowLongW
wsprintfW
SetDlgItemTextW
GetDlgItem
IsWindowVisible
MessageBoxW
GetClientRect
DestroyWindow
SystemParametersInfoW
GetWindowTextW

comctl32

ord17

wininet

HttpSendRequestExW
InternetErrorDlg
InternetWriteFile
HttpSendRequestW
InternetSetFilePointer
HttpAddRequestHeadersA
FtpCreateDirectoryW
InternetCrackUrlW
FtpOpenFileW
InternetSetOptionW
InternetOpenW
InternetGetLastResponseInfoW
HttpEndRequestW
InternetReadFile
HttpAddRequestHeadersW
HttpQueryInfoW
InternetCloseHandle
InternetConnectW
InternetQueryOptionW
HttpOpenRequestW

Exports

Exports

get
head
post
put

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

68b7023f8923dd087549802f8fa631c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

CharNextExA
CharNextW
CharPrevW
FindWindowExW
wsprintfW
SendMessageW

kernel32

GetCommandLineW
lstrcpynW
ExitProcess
GetCurrentProcess
GetModuleHandleA
GetProcAddress
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreatePipe
GetVersion
DeleteFileW
lstrcmpiW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ModbusSlaveSetup64Bit.exe
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:3d:12:58:a1:23:bf:d1:52:98:4b:22:e0:75:94:9a
Certificate

Issuer

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

27/01/2023, 12:57

Not After

26/01/2025, 12:57

Subject

SERIALNUMBER=29277311,CN=Witte Software,O=Witte Software,ST=Central Denmark Region,C=DK,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#1302444b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0b:58:ad:50:17:ad:a7:80:e5:59:9f:f0:f9:32:c7:5a:bc:e1:43:8a
Signer

Actual PE Digest

0b:58:ad:50:17:ad:a7:80:e5:59:9f:f0:f9:32:c7:5a:bc:e1:43:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

4b45b7e00344a87332fbd12653854d1a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
SetCurrentDirectoryW
GetPrivateProfileStringW
GetPrivateProfileIntW
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
WriteFile
SetFilePointer

user32

LoadCursorW
SetWindowRgn
GetDlgCtrlID
CloseClipboard
DrawFocusRect
OpenClipboard
DrawTextW
SetCursor
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
GetClientRect
ShowWindow
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
GetWindowLongW
EnableMenuItem
PtInRect
MapWindowPoints
GetClipboardData

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectW

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW
SHBrowseForFolderW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
ReadMe.txt
example.xlsm
.xlsm office2007

Sheet1

Sheet2

Sheet3

ThisWorkbook
images/mbslave-address-in-cell.png
.png
images/mbslave-cell-colors.png
.png
images/mbslave-chart-link.png
.png
images/mbslave-chart.png
.png
images/mbslave-communication-traffic.png
.png
images/mbslave-connection-setup.png
.png
images/mbslave-definition-button.png
.png
images/mbslave-definition.png
.png
images/mbslave-excel-developer-tab.png
.png
images/mbslave-font-selection.png
.png
images/mbslave-new-window.png
.png
images/mbslave-plc-address.png
.png
images/mbslave-save-copy-series.png
.png
images/mbslave-scaling.png
.png
images/mbslave-series-settings.png
.png
images/mbslave-write-single-register.png
.png
images/mbslave.png
.png
license.txt
mbslave-user-manual.html
.html
mbslave.chm
.chm
mbslave.exe
.exe windows:6 windows x64 arch:x64

88b592f754fec6d6b0653a7abfbb8ac4

Code Sign

1b:b5:8f:25:2a:df:23:00:49:28:c9:ae:3d:7e:ed:27
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

31/05/2021, 06:43

Not After

17/09/2029, 06:43

Subject

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

09:c5:cc:f8:bb:66:7d:71:37:aa:c1:59:80:06:cb:31
Certificate

Issuer

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

02/11/2023, 08:32

Not After

30/10/2034, 08:32

Subject

CN=Certum Timestamp 2023,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e7:ff:69:c7:3b:35:ce:4b:91:26:d8:74:7c:68:a5:87
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Timestamping 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:3d:12:58:a1:23:bf:d1:52:98:4b:22:e0:75:94:9a
Certificate

Issuer

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

27/01/2023, 12:57

Not After

26/01/2025, 12:57

Subject

SERIALNUMBER=29277311,CN=Witte Software,O=Witte Software,ST=Central Denmark Region,C=DK,2.5.4.15=#130f427573696e65737320456e74697479,1.3.6.1.4.1.311.60.2.1.3=#1302444b

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bb:f0:cc:b5:b7:b8:31:fd:21:ae:32:77:8a:e4:0c:89
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19/05/2021, 05:32

Not After

18/05/2036, 05:32

Subject

CN=Certum Extended Validation Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a2:f4:6f:90:45:a0:ce:16:83:a9:3a:d9:2d:27:de:f6:81:34:bc
Signer

Actual PE Digest

71:a2:f4:6f:90:45:a0:ce:16:83:a9:3a:d9:2d:27:de:f6:81:34:bc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Brian Witte\Documents\vc\slavetrunk\x64\release\mbslave.pdb

Imports

winmm

timeGetTime

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiOpenDevRegKey
SetupDiGetClassDevsW
SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
SetupDiClassGuidsFromNameW

kernel32

SetFileAttributesW
SystemTimeToTzSpecificLocalTime
SetErrorMode
GetCurrentDirectoryW
FindResourceExW
GetProfileIntW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WakeAllConditionVariable
SleepConditionVariableSRW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
FindFirstFileExW
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetFileSizeEx
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
ExitProcess
GetStdHandle
HeapQueryInformation
GetCommandLineW
GetCommandLineA
GetFileType
SetStdHandle
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualAlloc
GetSystemInfo
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
GetCPInfo
CompareStringEx
LCMapStringEx
GetLocaleInfoEx
InitializeCriticalSectionEx
GetStringTypeW
FormatMessageA
RaiseException
OutputDebugStringW
GetFileAttributesExW
FileTimeToLocalFileTime
VirtualProtect
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
GlobalFlags
FileTimeToSystemTime
GetAtomNameW
LocalReAlloc
LocalAlloc
GlobalHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetUserDefaultLCID
SystemTimeToFileTime
ReplaceFileW
LocalFileTimeToFileTime
SetFileTime
GetTempFileNameW
GetFileTime
GetFileAttributesW
GetDiskFreeSpaceW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
GetCurrentThread
ResumeThread
SuspendThread
CreateEventW
SetEvent
GetThreadLocale
GetStringTypeExW
MoveFileW
lstrcmpiW
GetCurrentProcess
DuplicateHandle
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
DeleteFileW
GetTickCount64
GlobalGetAtomNameW
GetVersionExW
GetCurrentProcessId
lstrcmpA
CompareStringW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetProcAddress
GetModuleHandleW
GetSystemDirectoryW
GetCurrentThreadId
EncodePointer
CopyFileW
FormatMessageW
LocalFree
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GetModuleHandleExW
SetLastError
OutputDebugStringA
GetACP
WideCharToMultiByte
SetThreadPriority
WaitForSingleObject
InitializeCriticalSection
LoadLibraryW
FreeLibrary
GetWindowsDirectoryW
DeleteCriticalSection
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
DecodePointer
Sleep
GetModuleFileNameW
GetTickCount
GlobalSize
GlobalReAlloc
GlobalFree
GlobalLock
GlobalUnlock
GlobalAlloc
GetLocalTime
SetCommTimeouts
SetCommState
PurgeComm
GetCommState
SetupComm
ClearCommError
CloseHandle
WriteFile
ReadFile
CreateFileW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
GetLastError
MulDiv
QueryPerformanceFrequency
QueryPerformanceCounter
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
FindNextFileW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
RtlUnwind
SetConsoleCtrlHandler
WriteConsoleW
GetDateFormatW

user32

CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetLastActivePopup
GetTopWindow
GetClassNameW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
EqualRect
MessageBoxW
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
SetScrollRange
ScrollWindow
RedrawWindow
ValidateRect
EndPaint
BeginPaint
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
TrackPopupMenu
SetMenu
GetMenu
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
CallWindowProcW
GetMessageTime
PeekMessageW
DispatchMessageW
RegisterWindowMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
GetWindow
LoadIconW
GetWindowTextW
ScrollWindowEx
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringW
UnregisterClassA
SendDlgItemMessageA
GetDlgCtrlID
CopyIcon
LoadImageW
UnregisterClassW
GetWindowThreadProcessId
EnableMenuItem
CheckMenuItem
LoadMenuW
SetWindowLongW
GetWindowLongW
IsZoomed
IsIconic
WindowFromPoint
ClientToScreen
GetWindowDC
BringWindowToTop
SetWindowTextW
IsDialogMessageW
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
IsWindowVisible
GetDoubleClickTime
GetParent
IntersectRect
InvertRect
ClipCursor
ScreenToClient
GetCursorPos
TabbedTextOutW
GrayStringW
DrawTextExW
GetSystemMetrics
KillTimer
GetCapture
GetKeyState
SetScrollInfo
GetScrollInfo
WinHelpW
MonitorFromWindow
GetMonitorInfoW
ShowWindow
MoveWindow
SetDlgItemInt
GetFocus
IsClipboardFormatAvailable
IsWindow
PostMessageW
GetDlgItemInt
SetDlgItemTextW
GetDlgItemTextW
CheckDlgButton
CheckRadioButton
IsDlgButtonChecked
SendDlgItemMessageW
GetWindowTextLengthW
IsWindowEnabled
LoadAcceleratorsW
TranslateAcceleratorW
CreatePopupMenu
DestroyMenu
InsertMenuItemW
DestroyIcon
GetMenuBarInfo
UnpackDDElParam
ReuseDDElParam
GetActiveWindow
DrawMenuBar
SetFocus
DefFrameProcW
EnableWindow
InvalidateRect
GetClientRect
MapWindowPoints
SendMessageW
GetWindowRect
PtInRect
FillRect
InflateRect
OffsetRect
SetRect
DrawEdge
DefWindowProcW
RegisterClassW
GetClassInfoW
SetCapture
ReleaseCapture
UpdateWindow
ReleaseDC
SetCursor
ChildWindowFromPoint
GetSysColor
CopyRect
IsRectEmpty
LoadCursorW
SetRectEmpty
SetScrollPos
GetScrollPos
GetScrollRange
wsprintfW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
SetTimer
GetDC
SystemParametersInfoW
DrawTextW
FrameRect
GetMessagePos
DefMDIChildProcW
TranslateMDISysAccel
SendNotifyMessageW
CreateMenu
GetDesktopWindow
CopyAcceleratorTableW
WindowFromDC
InSendMessage
GetTabbedTextExtentW
SetWindowRgn
DrawIcon
LockWindowUpdate
GetDCEx
PostThreadMessageW
UnionRect
MapVirtualKeyW
GetKeyNameTextW
GetDialogBaseUnits
MapDialogRect
GetAsyncKeyState
CopyImage
RealChildWindowFromPoint
GetSysColorBrush
DestroyCursor
GetMenuItemInfoW
ShowOwnedPopups
PostQuitMessage
CharUpperW
SetParent
DeleteMenu
GetSystemMenu
WaitMessage
TranslateMessage
GetMessageW
GetSubMenu
RegisterClipboardFormatW

gdi32

GetObjectW
ExtCreatePen
Polyline
PolyBezier
Ellipse
Polygon
CreateHatchBrush
CreateFontIndirectW
GetCurrentObject
Escape
GetBkColor
PtVisible
RectVisible
TextOutW
PatBlt
GetTextMetricsW
CopyMetaFileW
CreateDCW
CreateBitmap
SetBkColor
SetTextColor
CreateDIBPatternBrushPt
CreatePatternBrush
CreateRectRgn
ExcludeClipRect
GetClipBox
GetClipRgn
GetCurrentPositionEx
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
OffsetClipRgn
PlayMetaFile
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkMode
SetMapperFlags
SetGraphicsMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
AbortDoc
SetStretchBltMode
SetTextCharacterExtra
SetTextAlign
SetTextJustification
PlayMetaFileRecord
EnumMetaFile
SetWorldTransform
ModifyWorldTransform
SetColorAdjustment
ArcTo
PolyDraw
SelectClipPath
SetArcDirection
MoveToEx
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateRectRgnIndirect
GetMapMode
SetRectRgn
DPtoLP
SetAbortProc
GetCharWidthW
StretchDIBits
GetViewportOrgEx
CreateEllipticRgn
LPtoDP
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextColor
GetWindowOrgEx
GetTextFaceW
EnumFontFamiliesExW
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
EndPage
StartPage
EndDoc
StartDocW
CreateDIBSection
SelectObject
GetStockObject
GetDeviceCaps
DeleteDC
CreateFontW
CreateCompatibleDC
CreateCompatibleBitmap
BitBlt
Rectangle
CreateSolidBrush
DeleteObject
ExtTextOutW
SetROP2
CreatePen
GetTextExtentPoint32W

msimg32

GradientFill

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW
GetJobW

advapi32

RegDeleteKeyW
RegQueryValueExW
RegCreateKeyExW
RegEnumKeyExW
SetFileSecurityW
GetFileSecurityW
RegDeleteValueW
RegQueryValueW
RegEnumKeyW
RegCloseKey
RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW

shell32

ShellExecuteW
DragQueryFileW
DragFinish
SHGetFileInfoW
ExtractIconW
SHAddToRecentDocs
DragAcceptFiles

comctl32

ImageList_GetImageInfo
InitCommonControlsEx
ImageList_Draw

shlwapi

StrToIntW
PathRemoveFileSpecW
SHDeleteKeyW
PathFindFileNameW
PathRemoveExtensionW
PathIsUNCW
PathStripToRootW
PathFindExtensionW

uxtheme

IsAppThemed
GetThemePartSize
CloseThemeData
OpenThemeData
DrawThemeText
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground

ole32

StgCreateDocfileOnILockBytes
WriteClassStm
CreateDataAdviseHolder
CreateOleAdviseHolder
CoLockObjectExternal
CreateItemMoniker
GetRunningObjectTable
OleIsRunning
CoGetMalloc
GetHGlobalFromILockBytes
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSetContainedObject
OleLockRunning
OleGetIconOfClass
CoTaskMemAlloc
OleSetMenuDescriptor
CreateGenericComposite
CreateFileMoniker
CreateILockBytesOnHGlobal
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
StgCreateDocfile
OleRun
CLSIDFromProgID
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleRegEnumVerbs
OleRegGetMiscStatus
CreateStreamOnHGlobal
CoRegisterMessageFilter
CoGetClassObject
CLSIDFromString
CoDisconnectObject
StringFromGUID2
PropVariantCopy
CoInitialize
CoCreateGuid
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
OleGetClipboard
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateInstance
CoInitializeEx
CoUninitialize
CoRevokeClassObject
CoRegisterClassObject
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
CreateBindCtx
CoTreatAsClass
WriteClassStg
ReadClassStg
CoTaskMemFree
StringFromCLSID
DoDragDrop
OleQueryLinkFromData
OleQueryCreateFromData
OleSaveToStream

oleaut32

SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayLock
SafeArrayUnlock
SafeArrayAllocData
SafeArrayUnaccessData
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SysAllocStringLen
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
SafeArrayAllocDescriptor
SysReAllocStringLen
LoadTypeLi
SafeArrayAccessData
RegisterTypeLi
SystemTimeToVariantTime
VarUdateFromDate
SysAllocString
SysFreeString
SysStringByteLen
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
VariantCopy
SysStringLen
SafeArrayPtrOfIndex
LoadRegTypeLi
VariantTimeToSystemTime

oledlg

OleUIBusyW

gdiplus

GdiplusStartup
GdipGetImageEncodersSize
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromScan0
GdipSaveImageToFile
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageEncoders
GdiplusShutdown
GdipCloneImage

ws2_32

WSACleanup
WSAStartup
socket
sendto
send
freeaddrinfo
recvfrom
recv
listen
ioctlsocket
closesocket
bind
accept
__WSAFDIsSet
WSAGetLastError
select
getaddrinfo

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 547KB - Virtual size: 547KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 2.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

memcpy_
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
mbslave.tlb
uninstall.exe.nsis
launchobfc.ps1
.ps1

Sharing

General

Malware Config

Extracted

Signatures

Files

f4639a0b3116c2cfc71144b88a929cfd

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

66:c5:dc:c1:4b:51:78:09:c1:72:b4:4b:7e:97:84:f7Certificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2Certificate

Extended Key Usages

Key Usages

66:c5:dc:c1:4b:51:78:09:c1:72:b4:4b:7e:97:84:f7Certificate

Extended Key Usages

Key Usages

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70Certificate

Extended Key Usages

Key Usages

61:6e:be:48:e6:eb:1f:2e:7d:a6:1c:bf:31:4b:d0:93:6a:69:a8:2c:56:85:05:b9:2c:c5:e0:01:3f:67:cb:d4Signer

88:33:f9:1a:e9:e0:60:56:1f:67:05:52:4b:9a:b2:5e:55:55:57:9bSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 170KB

.ndata Size: - Virtual size: 64KB

.rsrc Size: 3KB - Virtual size: 3KB

f07a03c646cdbfdadff70ac29f2113b2

Code Sign

4f:73:82:a3:9e:57:a3:4e:16:7c:f9:12Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1dCertificate

Extended Key Usages

Key Usages

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74Certificate

Key Usages

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fcCertificate

Key Usages

04:00:00:00:00:01:21:58:53:08:a2Certificate

Key Usages

b3:44:dd:f5:6a:a1:68:b4:9e:1b:8b:94:7b:3c:0b:df:74:ab:c0:3a:96:67:8f:14:61:66:49:be:51:7b:d3:51Signer

Headers

File Characteristics

Imports

libassuan-0

libgcrypt-20

libgpg-error-0

libnpth-0

libsqlite3-0

zlib1

advapi32

kernel32

msvcrt

shell32

user32

ws2_32

Sections

.text Size: 956KB - Virtual size: 956KB

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

66:c5:dc:c1:4b:51:78:09:c1:72:b4:4b:7e:97:84:f7
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

66:c5:dc:c1:4b:51:78:09:c1:72:b4:4b:7e:97:84:f7
Certificate

fe:67:e4:f1:5a:24:e3:c6:0d:54:7c:a0:20:c2:76:70
Certificate

61:6e:be:48:e6:eb:1f:2e:7d:a6:1c:bf:31:4b:d0:93:6a:69:a8:2c:56:85:05:b9:2c:c5:e0:01:3f:67:cb:d4
Signer

88:33:f9:1a:e9:e0:60:56:1f:67:05:52:4b:9a:b2:5e:55:55:57:9b
Signer

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 170KB

.ndata
Size: - Virtual size: 64KB

.rsrc
Size: 3KB - Virtual size: 3KB

4f:73:82:a3:9e:57:a3:4e:16:7c:f9:12
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

b3:44:dd:f5:6a:a1:68:b4:9e:1b:8b:94:7b:3c:0b:df:74:ab:c0:3a:96:67:8f:14:61:66:49:be:51:7b:d3:51
Signer

.text
Size: 956KB - Virtual size: 956KB

.data
Size: 13KB - Virtual size: 12KB

.rdata
Size: 194KB - Virtual size: 194KB

/4
Size: 96KB - Virtual size: 96KB

.bss
Size: - Virtual size: 11KB

.idata
Size: 15KB - Virtual size: 14KB

.CRT
Size: 512B - Virtual size: 52B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 13KB - Virtual size: 12KB

4f:73:82:a3:9e:57:a3:4e:16:7c:f9:12
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

35:0e:e7:f4:d6:f1:ce:48:2d:3a:fd:bc:6a:fd:f9:c1:9f:8c:f0:13:ae:2f:9b:33:98:8b:c9:bd:0b:a8:24:1a
Signer

.text
Size: 104KB - Virtual size: 104KB

.data
Size: 512B - Virtual size: 444B

.rdata
Size: 10KB - Virtual size: 10KB

/4
Size: 9KB - Virtual size: 9KB

.bss
Size: - Virtual size: 3KB

.edata
Size: 3KB - Virtual size: 3KB

.idata
Size: 3KB - Virtual size: 3KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 8B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB

4f:73:82:a3:9e:57:a3:4e:16:7c:f9:12
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

04:00:00:00:00:01:21:58:53:08:a2
Certificate

9e:09:09:67:15:eb:3a:71:13:9b:6a:f8:34:4a:35:43:d8:ba:78:97:01:80:9e:6a:7b:a2:6f:a8:70:9b:1e:e9
Signer