f5595bfd9f4c3e7bf0a9c8dec40ab839c98e5dafb583f62c0e266569b5a87e51

Sharing

Copy URL

Twitter E-mail

General

Target

f5595bfd9f4c3e7bf0a9c8dec40ab839c98e5dafb583f62c0e266569b5a87e51
Size

4.7MB
MD5

837d3ce5cb8ae707eb64a0f6533a1fe7
SHA1

7a0322fdcfc5e4bad02df5a3543558f12e9c4883
SHA256

f5595bfd9f4c3e7bf0a9c8dec40ab839c98e5dafb583f62c0e266569b5a87e51
SHA512

cf0a75834f8307b3bcab93798cd75f00c6de6af4461d1d4bcb5a693dc96b8dd3fedfeb8ff7a1ea71fc0cfe4e47c6f9221245a87ea58e1872cc28dfbf502f1cd6
SSDEEP

98304:oeI4KYSgR4U22Q2sIR9AefAC9Ru+fmtMXSl47XzUvs6i3YE/:oeIp44H2QvIR5fAi0+kMXS+j4vs6if/

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/IDMan.exe
unpack001/oldjsproxy.dll

Files

f5595bfd9f4c3e7bf0a9c8dec40ab839c98e5dafb583f62c0e266569b5a87e51
.zip
!)卸载.bat
!)绿化.bat
.bat .vbs
IDMFType.dat
IDMGCExt59.crx
.zip
_locales/ar/messages.json
_locales/de/messages.json
_locales/en/messages.json
_locales/es/messages.json
_locales/fa/messages.json
_locales/fr/messages.json
_locales/he/messages.json
_locales/it/messages.json
_locales/nl/messages.json
_locales/pl/messages.json
_locales/pt/messages.json
_locales/ru/messages.json
_locales/th/messages.json
_locales/tr/messages.json
_locales/vn/messages.json
_locales/zh_cn/messages.json
_locales/zh_tw/messages.json
background.js
.js
captured.html
.js
content.js
.js
debug.js
.js
document.js
.js
images/headBkgd.gif
.gif
images/headTitle.gif
.gif
images/logo128.png
.png
images/logo16.png
.png
images/logo16x.png
.png
images/logo32.png
.png
images/logo32x.png
.png
images/logo48.png
.png
images/logoTonec.gif
.gif
manifest.json
welcome.html
welcome.js
.js
IDMGrHlp.exe
.exe windows:5 windows x86 arch:x86

055720b1d71187bd221e80b79d690573

Code Sign

06:c5:07:8a:a5:28:bb:d3:b8:66:8a:b1:0b:03:5f:94
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/07/2019, 00:00

Not After

03/08/2022, 12:00

Subject

CN=Tonec Inc.,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:96:cb:38:36:ac:ef:b7:37:c2:12:d1:55:41:7e:f1
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/07/2019, 00:00

Not After

03/08/2022, 12:00

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:0e:f0:0e:37:c6:23:ea:65:d0:23:dc:2a:a7:58:c8:9a:d1:4f:e1:64:11:ab:ca:ad:15:c3:93:e8:35:32:9b
Signer

Actual PE Digest

4e:0e:f0:0e:37:c6:23:ea:65:d0:23:dc:2a:a7:58:c8:9a:d1:4f:e1:64:11:ab:ca:ad:15:c3:93:e8:35:32:9b

Digest Algorithm

sha256

PE Digest Matches

false

73:fc:de:da:11:03:3e:62:a7:cd:56:df:0c:27:04:e2:aa:93:47:cf
Signer

Actual PE Digest

73:fc:de:da:11:03:3e:62:a7:cd:56:df:0c:27:04:e2:aa:93:47:cf

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\IDM_projects\IDMGrHlp3_VS9\Release\IDMGrHlp.pdb

Imports

wininet

InternetCombineUrlA

shell32

ShellExecuteA

kernel32

GetFileAttributesA
GetFileSizeEx
GetFileTime
HeapFree
RtlUnwind
RaiseException
HeapAlloc
GetCommandLineA
GetStartupInfoA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapReAlloc
Sleep
HeapSize
HeapCreate
VirtualFree
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
GetACP
FileTimeToLocalFileTime
LCMapStringA
LCMapStringW
GetStdHandle
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
SetEnvironmentVariableA
GetTickCount
SetErrorMode
CreateFileA
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
GetOEMCP
GetCPInfo
GlobalFlags
WritePrivateProfileStringA
FileTimeToSystemTime
GetModuleHandleW
TlsFree
DeleteCriticalSection
LocalReAlloc
TlsSetValue
TlsAlloc
InitializeCriticalSection
GlobalHandle
GlobalReAlloc
EnterCriticalSection
TlsGetValue
LeaveCriticalSection
LocalAlloc
GetCurrentProcessId
GetModuleFileNameW
GetThreadLocale
InterlockedIncrement
FreeResource
GlobalGetAtomNameA
GlobalAddAtomA
GetProcessHeap
GlobalFindAtomA
lstrcmpW
GlobalDeleteAtom
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
GetModuleFileNameA
GetLocaleInfoA
CompareStringA
InterlockedExchange
FreeLibrary
lstrcmpA
FormatMessageA
MulDiv
lstrlenA
SetLastError
LocalFree
LoadLibraryA
GetProcAddress
InterlockedDecrement
GetVersionExA
GetModuleHandleA
CreateThread
SleepEx
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
SizeofResource
SetUnhandledExceptionFilter
GetCurrentThreadId
ExitProcess
CreateFileW
GetFileSize
WriteFile
SetFilePointer
GlobalAlloc
GlobalLock
ReadFile
GlobalUnlock
CloseHandle
GetLastError
GlobalFree
MultiByteToWideChar
lstrlenW
IsValidCodePage

user32

InvalidateRgn
InvalidateRect
SetRect
IsRectEmpty
CopyAcceleratorTableA
DestroyMenu
GetSysColorBrush
SetWindowContextHelpId
MapDialogRect
GetWindowThreadProcessId
SetCursor
GetCursorPos
ValidateRect
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
GrayStringA
DrawTextExA
DrawTextA
TabbedTextOutA
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
CharNextA
IsWindowEnabled
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
SetMenuItemBitmaps
LoadBitmapA
ModifyMenuA
EnableMenuItem
CheckMenuItem
RegisterWindowMessageA
SendDlgItemMessageA
WinHelpA
IsChild
GetCapture
GetClassLongA
SetPropA
GetPropA
RemovePropA
GetFocus
GetForegroundWindow
GetLastActivePopup
SetActiveWindow
GetDlgItem
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
PeekMessageA
MapWindowPoints
GetKeyState
SetMenu
SetForegroundWindow
IsWindowVisible
GetClassInfoExA
GetClassInfoA
GetSysColor
AdjustWindowRectEx
GetParent
ScreenToClient
EqualRect
CopyRect
PtInRect
GetDlgCtrlID
CallWindowProcA
GetMenu
GetWindowLongA
SetWindowLongA
SetWindowPos
OffsetRect
IntersectRect
RegisterClipboardFormatA
MessageBeep
GetNextDlgGroupItem
GetMenuCheckMarkDimensions
CharUpperA
ReleaseCapture
SystemParametersInfoA
GetWindowPlacement
GetWindow
GetMenuState
GetMenuItemID
GetMenuItemCount
GetSubMenu
KillTimer
SetTimer
IsWindow
UnregisterClassA
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
MessageBoxA
PostQuitMessage
GetDesktopWindow
SetWindowsHookExA
GetClassNameA
GetWindowTextA
PostMessageA
CallNextHookEx
GetSystemMetrics
LoadIconA
EnableWindow
UpdateWindow
GetClientRect
GetWindowRect
IsIconic
SendMessageA
DrawIcon
PostThreadMessageA
UnhookWindowsHookEx
SetCapture
SetFocus

gdi32

ExtTextOutA
ExtSelectClipRgn
DeleteDC
CreateRectRgnIndirect
GetRgnBox
GetMapMode
ScaleWindowExtEx
TextOutA
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
GetDeviceCaps
GetStockObject
RectVisible
PtVisible
GetWindowExtEx
GetViewportExtEx
DeleteObject
SetMapMode
RestoreDC
SaveDC
GetTextColor
GetBkColor
CreateBitmap
GetObjectA
SetBkColor
SetTextColor
GetClipBox
Escape

comdlg32

GetFileTitleA

winspool.drv

ClosePrinter
DocumentPropertiesA
OpenPrinterA

advapi32

RegSetValueExA
RegQueryValueA
RegOpenKeyA
RegEnumKeyA
RegDeleteKeyA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
RegCreateKeyExA

shlwapi

PathIsUNCA
PathStripToRootA
PathFindFileNameA
PathFindExtensionA

oledlg

ord8

ole32

OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CLSIDFromString
CLSIDFromProgID
CoRevokeClassObject
CoTaskMemAlloc
CreateBindCtx
CoInitialize
CoUninitialize
CoTaskMemFree
CreateStreamOnHGlobal
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter

oleaut32

SysStringByteLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
VariantCopy
OleCreateFontIndirect
VariantChangeType
VariantClear
VariantInit
SysStringLen
SysFreeString
SysAllocStringLen
VarBstrCmp
SysAllocString
SysAllocStringByteLen

urlmon

CoInternetGetSession
CreateURLMoniker

Sections

.text
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDMIntegrator64.exe
.exe windows:5 windows x64 arch:x64

686f67c6bb9e40fa1405ff4a6eeebeb4

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:59:29:2a:8c:f6:59:10:78:c9:29:d5:ba:55:a7:f6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/07/2022, 00:00

Not After

06/08/2025, 23:59

Subject

CN=Tonec Inc.,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:52:b0:c3:74:b8:a1:79:30:85:13:15:53:07:44:08:04:a6:3d:00:8f:b4:29:65:c8:d8:c3:fd:a9:b3:1c:2f
Signer

Actual PE Digest

59:52:b0:c3:74:b8:a1:79:30:85:13:15:53:07:44:08:04:a6:3d:00:8f:b4:29:65:c8:d8:c3:fd:a9:b3:1c:2f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

X:\Projects\IDMIntegrator\Release_x64\IDMIntegrator64.pdb

Imports

msvcrt

_fmode
__set_app_type
_initterm
_wcmdln
_commode
exit
_cexit
_exit
_XcptFilter
__wgetmainargs
__C_specific_handler
wcsstr
_wcslwr
_errno
__CxxFrameHandler
_fstat
__setusermatherr
_amsg_exit
_wstat
_stat
__iob_func
?terminate@@YAXXZ

kernel32

VirtualProtect
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
OutputDebugStringA
FreeLibrary
GetModuleHandleW
GetProcAddress
ResetEvent
LoadLibraryW
CloseHandle
GetLastError
CreateEventW
GetVersionExW
GetFileAttributesW
WaitForSingleObject
CreateMutexW
WaitForMultipleObjects
GetModuleFileNameW
GetCurrentProcess
Sleep

user32

wsprintfW
GetForegroundWindow

advapi32

RegNotifyChangeKeyValue
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteExW

Exports

Exports

__acrt_iob_func
_fstat64i32
_stat64i32
_wstat64i32

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDMOpExt.nex
.zip
_locales/ar/messages.json
_locales/de/messages.json
_locales/en/messages.json
_locales/es/messages.json
_locales/fa/messages.json
_locales/fr/messages.json
_locales/he/messages.json
_locales/it/messages.json
_locales/nl/messages.json
_locales/pl/messages.json
_locales/pt/messages.json
_locales/ru/messages.json
_locales/th/messages.json
_locales/tr/messages.json
_locales/vn/messages.json
_locales/zh_cn/messages.json
_locales/zh_tw/messages.json
background.js
.js
captured.html
.js
content.js
.js
debug.js
.js
document.js
.js
images/headBkgd.gif
.gif
images/headTitle.gif
.gif
images/logo128.png
.png
images/logo16.png
.png
images/logo16x.png
.png
images/logo32.png
.png
images/logo32x.png
.png
images/logo48.png
.png
images/logoTonec.gif
.gif
manifest.json
welcome.html
welcome.js
.js
IDMVMPrs64.dll
.dll windows:6 windows x64 arch:x64

e3a157708823e1f02f49eddabcf625e2

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:59:29:2a:8c:f6:59:10:78:c9:29:d5:ba:55:a7:f6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/07/2022, 00:00

Not After

06/08/2025, 23:59

Subject

CN=Tonec Inc.,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bc:9d:fa:c3:93:b6:4c:30:30:38:0a:cb:6c:3a:96:be:0e:33:c9:17:ad:90:00:89:e4:44:46:62:1f:f7:76:8d
Signer

Actual PE Digest

bc:9d:fa:c3:93:b6:4c:30:30:38:0a:cb:6c:3a:96:be:0e:33:c9:17:ad:90:00:89:e4:44:46:62:1f:f7:76:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

X:\Projects\IDMVMPrs\Release_x64\IDMVMPrs64.pdb

Imports

msvcrt

fclose
fwrite
fprintf
fopen
_wfopen
fread
toupper
getenv
_strnicmp
_read
_getcwd
_close
memcpy
memset
memmove
__C_specific_handler
vfprintf
_XcptFilter
_initterm
_amsg_exit
fflush
realloc
sscanf
vsprintf
isdigit
atoi
_snprintf
strncpy
strchr
strcspn
strncmp
malloc
free
_errno
_fstat
_wstat
_stat
__iob_func
_vsnprintf
strcmp

kernel32

GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
DeleteCriticalSection
CloseHandle
ReleaseMutex
GetCurrentThreadId
WaitForSingleObject
CreateMutexA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
lstrlenA
Sleep
GetCurrentProcessId

Exports

Exports

GetMPDParserInfo
Parse1
UTF8ToHtml
__acrt_iob_func
__htmlDefaultSAXHandler
__oldXMLWDcompatibility
__xmlBufferAllocScheme
__xmlDefaultBufferSize
__xmlDefaultSAXLocator
__xmlDeregisterNodeDefaultValue
__xmlDoValidityCheckingDefaultValue
__xmlErrEncoding
__xmlGenericError
__xmlGenericErrorContext
__xmlGetWarningsDefaultValue
__xmlIndentTreeOutput
__xmlKeepBlanksDefaultValue
__xmlLastError
__xmlLineNumbersDefaultValue
__xmlLoadExtDtdDefaultValue
__xmlOutputBufferCreateFilenameValue
__xmlParserDebugEntities
__xmlParserInputBufferCreateFilenameValue
__xmlParserVersion
__xmlPedanticParserDefaultValue
__xmlRaiseError
__xmlRegisterNodeDefaultValue
__xmlSaveNoEmptyTags
__xmlSimpleError
__xmlStructuredError
__xmlStructuredErrorContext
__xmlSubstituteEntitiesDefaultValue
__xmlTreeIndentString
_fstat64i32
_stat64i32
_wstat64i32
htmlAttrAllowed
htmlAutoCloseTag
htmlCreateFileParserCtxt
htmlCreateMemoryParserCtxt
htmlCtxtReadDoc
htmlCtxtReadFd
htmlCtxtReadFile
htmlCtxtReadIO
htmlCtxtReadMemory
htmlCtxtReset
htmlCtxtUseOptions
htmlDefaultSAXHandlerInit
htmlElementAllowedHere
htmlElementStatusHere
htmlEncodeEntities
htmlEntityLookup
htmlEntityValueLookup
htmlFreeParserCtxt
htmlGetMetaEncoding
htmlHandleOmittedElem
htmlInitAutoClose
htmlIsAutoClosed
htmlIsBooleanAttr
htmlIsScriptAttribute
htmlNewDoc
htmlNewDocNoDtD
htmlNewParserCtxt
htmlNodeStatus
htmlParseCharRef
htmlParseDoc
htmlParseDocument
htmlParseElement
htmlParseEntityRef
htmlParseFile
htmlReadDoc
htmlReadFd
htmlReadFile
htmlReadIO
htmlReadMemory
htmlSAXParseDoc
htmlSAXParseFile
htmlSetMetaEncoding
htmlTagLookup
initGenericErrorDefaultFunc
inputPop
inputPush
isolat1ToUTF8
namePop
namePush
nodePop
nodePush
xmlAddAttributeDecl
xmlAddChild
xmlAddChildList
xmlAddDocEntity
xmlAddDtdEntity
xmlAddElementDecl
xmlAddEncodingAlias
xmlAddID
xmlAddNextSibling
xmlAddNotationDecl
xmlAddPrevSibling
xmlAddRef
xmlAddSibling
xmlAllocParserInputBuffer
xmlBufContent
xmlBufEnd
xmlBufGetNodeContent
xmlBufShrink
xmlBufUse
xmlBufferAdd
xmlBufferAddHead
xmlBufferCCat
xmlBufferCat
xmlBufferContent
xmlBufferCreate
xmlBufferCreateSize
xmlBufferCreateStatic
xmlBufferDetach
xmlBufferDump
xmlBufferEmpty
xmlBufferFree
xmlBufferGrow
xmlBufferLength
xmlBufferResize
xmlBufferSetAllocationScheme
xmlBufferShrink
xmlBufferWriteCHAR
xmlBufferWriteChar
xmlBufferWriteQuotedString
xmlBuildQName
xmlBuildRelativeURI
xmlBuildURI
xmlByteConsumed
xmlCanonicPath
xmlCharEncCloseFunc
xmlCharEncFirstLine
xmlCharEncInFunc
xmlCharEncOutFunc
xmlCharInRange
xmlCharStrdup
xmlCharStrndup
xmlCheckFilename
xmlCheckHTTPInput
xmlCheckLanguageID
xmlCheckUTF8
xmlCheckVersion
xmlCleanupCharEncodingHandlers
xmlCleanupEncodingAliases
xmlCleanupGlobals
xmlCleanupInputCallbacks
xmlCleanupMemory
xmlCleanupParser
xmlCleanupThreads
xmlClearNodeInfoSeq
xmlClearParserCtxt
xmlCopyChar
xmlCopyCharMultiByte
xmlCopyDocElementContent
xmlCopyElementContent
xmlCopyError
xmlCopyNamespace
xmlCopyNamespaceList
xmlCopyNode
xmlCopyNodeList
xmlCopyProp
xmlCopyPropList
xmlCreateDocParserCtxt
xmlCreateEntitiesTable
xmlCreateEntityParserCtxt
xmlCreateEnumeration
xmlCreateFileParserCtxt
xmlCreateIOParserCtxt
xmlCreateIntSubset
xmlCreateMemoryParserCtxt
xmlCreateURI
xmlCreateURLParserCtxt
xmlCtxtGetLastError
xmlCtxtReadDoc
xmlCtxtReadFd
xmlCtxtReadFile
xmlCtxtReadIO
xmlCtxtReadMemory
xmlCtxtReset
xmlCtxtResetLastError
xmlCtxtResetPush
xmlCtxtUseOptions
xmlCurrentChar
xmlDOMWrapAdoptNode
xmlDOMWrapCloneNode
xmlDOMWrapFreeCtxt
xmlDOMWrapNewCtxt
xmlDOMWrapReconcileNamespaces
xmlDOMWrapRemoveNode
xmlDefaultSAXHandlerInit
xmlDelEncodingAlias
xmlDeregisterNodeDefault
xmlDetectCharEncoding
xmlDictCleanup
xmlDictCreate
xmlDictCreateSub
xmlDictExists
xmlDictFree
xmlDictGetUsage
xmlDictLookup
xmlDictOwns
xmlDictQLookup
xmlDictReference
xmlDictSetLimit
xmlDictSize
xmlDocCopyNode
xmlDocCopyNodeList
xmlDocGetRootElement
xmlEncodeEntitiesReentrant
xmlEncodeSpecialChars
xmlErrMemory
xmlEscapeFormatString
xmlFileClose
xmlFileMatch
xmlFileOpen
xmlFileRead
xmlFindCharEncodingHandler
xmlFree
xmlFreeAttributeTable
xmlFreeDoc
xmlFreeDocElementContent
xmlFreeDtd
xmlFreeElementContent
xmlFreeElementTable
xmlFreeEntitiesTable
xmlFreeEnumeration
xmlFreeIDTable
xmlFreeInputStream
xmlFreeMutex
xmlFreeNode
xmlFreeNodeList
xmlFreeNotationTable
xmlFreeNs
xmlFreeNsList
xmlFreeParserCtxt
xmlFreeParserInputBuffer
xmlFreeProp
xmlFreePropList
xmlFreeRMutex
xmlFreeRefTable
xmlFreeURI
xmlGcMemGet
xmlGcMemSetup
xmlGetBufferAllocationScheme
xmlGetCharEncodingHandler
xmlGetCharEncodingName
xmlGetCompressMode
xmlGetDocCompressMode
xmlGetDocEntity
xmlGetDtdAttrDesc
xmlGetDtdElementDesc
xmlGetDtdEntity
xmlGetDtdNotationDesc
xmlGetDtdQAttrDesc
xmlGetDtdQElementDesc
xmlGetEncodingAlias
xmlGetExternalEntityLoader
xmlGetGlobalState
xmlGetID
xmlGetIntSubset
xmlGetLastChild
xmlGetLastError
xmlGetLineNo
xmlGetNoNsProp
xmlGetNsProp
xmlGetParameterEntity
xmlGetPredefinedEntity
xmlGetProp
xmlGetRefs
xmlGetThreadId
xmlGetUTF8Char
xmlHasFeature
xmlHasNsProp
xmlHasProp
xmlHashAddEntry
xmlHashAddEntry2
xmlHashAddEntry3
xmlHashCopy
xmlHashCreate
xmlHashCreateDict
xmlHashDefaultDeallocator
xmlHashFree
xmlHashLookup
xmlHashLookup2
xmlHashLookup3
xmlHashQLookup
xmlHashQLookup2
xmlHashQLookup3
xmlHashRemoveEntry
xmlHashRemoveEntry2
xmlHashRemoveEntry3
xmlHashScan
xmlHashScan3
xmlHashScanFull
xmlHashScanFull3
xmlHashSize
xmlHashUpdateEntry
xmlHashUpdateEntry2
xmlHashUpdateEntry3
xmlInitCharEncodingHandlers
xmlInitGlobals
xmlInitMemory
xmlInitNodeInfoSeq
xmlInitParser
xmlInitParserCtxt
xmlInitThreads
xmlInitializeDict
xmlInitializeGlobalState
xmlIsBaseChar
xmlIsBaseCharGroup
xmlIsBlank
xmlIsBlankNode
xmlIsChar
xmlIsCharGroup
xmlIsCombining
xmlIsCombiningGroup
xmlIsDigit
xmlIsDigitGroup
xmlIsExtender
xmlIsExtenderGroup
xmlIsID
xmlIsIdeographic
xmlIsIdeographicGroup
xmlIsLetter
xmlIsMainThread
xmlIsMixedElement
xmlIsPubidChar
xmlIsPubidChar_tab
xmlIsRef
xmlKeepBlanksDefault
xmlLineNumbersDefault
xmlLinkGetData
xmlListAppend
xmlListClear
xmlListCopy
xmlListCreate
xmlListDelete
xmlListDup
xmlListEmpty
xmlListEnd
xmlListFront
xmlListInsert
xmlListMerge
xmlListPopBack
xmlListPopFront
xmlListPushBack
xmlListPushFront
xmlListRemoveAll
xmlListRemoveFirst
xmlListRemoveLast
xmlListReverse
xmlListReverseSearch
xmlListReverseWalk
xmlListSearch
xmlListSize
xmlListSort
xmlListWalk
xmlLoadExternalEntity
xmlLockLibrary
xmlMalloc
xmlMallocAtomic
xmlMallocAtomicLoc
xmlMallocLoc
xmlMemBlocks
xmlMemDisplay
xmlMemDisplayLast
xmlMemFree
xmlMemGet
xmlMemMalloc
xmlMemRealloc
xmlMemSetup
xmlMemShow
xmlMemStrdup
xmlMemStrdupLoc
xmlMemUsed
xmlMemoryDump
xmlMemoryStrdup
xmlMutexLock
xmlMutexUnlock
xmlNewCDataBlock
xmlNewCharEncodingHandler
xmlNewCharRef
xmlNewComment
xmlNewDoc
xmlNewDocComment
xmlNewDocElementContent
xmlNewDocNode
xmlNewDocNodeEatName
xmlNewDocPI
xmlNewDocProp
xmlNewDocText
xmlNewDocTextLen
xmlNewDtd
xmlNewElementContent
xmlNewEntity
xmlNewEntityInputStream
xmlNewIOInputStream
xmlNewInputFromFile
xmlNewInputStream
xmlNewMutex
xmlNewNode
xmlNewNodeEatName
xmlNewNs
xmlNewNsProp
xmlNewNsPropEatName
xmlNewPI
xmlNewParserCtxt
xmlNewProp
xmlNewRMutex
xmlNewReference
xmlNewStringInputStream
xmlNewText
xmlNewTextLen
xmlNextChar
xmlNoNetExternalEntityLoader
xmlNodeAddContent
xmlNodeAddContentLen
xmlNodeBufGetContent
xmlNodeGetBase
xmlNodeGetContent
xmlNodeGetLang
xmlNodeGetSpacePreserve
xmlNodeIsText
xmlNodeListGetString
xmlNodeSetContent
xmlNormalizeURIPath
xmlNormalizeWindowsPath
xmlOutputBufferCreateFilenameDefault
xmlParseAttValue
xmlParseAttributeListDecl
xmlParseAttributeType
xmlParseCDSect
xmlParseCharData
xmlParseCharEncoding
xmlParseCharRef
xmlParseComment
xmlParseContent
xmlParseCtxtExternalEntity
xmlParseDefaultDecl
xmlParseDocTypeDecl
xmlParseDocument
xmlParseElement
xmlParseElementChildrenContentDecl
xmlParseElementContentDecl
xmlParseElementDecl
xmlParseElementMixedContentDecl
xmlParseEncName
xmlParseEncodingDecl
xmlParseEntityDecl
xmlParseEntityRef
xmlParseEntityValue
xmlParseEnumeratedType
xmlParseEnumerationType
xmlParseExtParsedEnt
xmlParseExternalID
xmlParseExternalSubset
xmlParseInNodeContext
xmlParseMarkupDecl
xmlParseMisc
xmlParseName
xmlParseNmtoken
xmlParseNotationDecl
xmlParseNotationType
xmlParsePEReference
xmlParsePI
xmlParsePITarget
xmlParsePubidLiteral
xmlParseReference
xmlParseSDDecl
xmlParseSystemLiteral
xmlParseTextDecl
xmlParseURI
xmlParseURIRaw
xmlParseURIReference
xmlParseVersionInfo
xmlParseVersionNum
xmlParseXMLDecl
xmlParserAddNodeInfo
xmlParserError
xmlParserFindNodeInfo
xmlParserFindNodeInfoIndex
xmlParserGetDirectory
xmlParserHandlePEReference
xmlParserInputBufferCreateFd
xmlParserInputBufferCreateFile
xmlParserInputBufferCreateFilename
xmlParserInputBufferCreateFilenameDefault
xmlParserInputBufferCreateIO
xmlParserInputBufferCreateMem
xmlParserInputBufferCreateStatic
xmlParserInputBufferGrow
xmlParserInputBufferPush
xmlParserInputBufferRead
xmlParserInputGrow
xmlParserInputRead
xmlParserInputShrink
xmlParserMaxDepth
xmlParserPrintFileContext
xmlParserPrintFileInfo

Sections

.text
Size: 257KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 108KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IDMan.exe
.exe windows:5 windows x86 arch:x86

7b8d983565478bdc1ccabfea31fdb5f2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\IDM_projects\IDM_vs2008_2\Release\IDMan.pdb

Imports

kernel32

InterlockedIncrement
GlobalFlags
GetCPInfo
GetOEMCP
FileTimeToLocalFileTime
GetFileSizeEx
GetFileTime
SetErrorMode
WritePrivateProfileStringA
FindResourceExA
RtlUnwind
GetTimeFormatA
GetDateFormatA
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetSystemTimeAsFileTime
GetTimeZoneInformation
HeapReAlloc
GetLocalTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RemoveDirectoryA
SetEnvironmentVariableA
SetCurrentDirectoryA
GetFileInformationByHandle
PeekNamedPipe
GetFileType
GlobalHandle
GetStartupInfoA
VirtualAlloc
VirtualQuery
ExitThread
HeapSize
IsDebuggerPresent
IsValidCodePage
HeapCreate
VirtualFree
LCMapStringA
LCMapStringW
GetStdHandle
GetConsoleCP
GetConsoleMode
SetHandleCount
InitializeCriticalSectionAndSpinCount
SetStdHandle
GetStringTypeA
GetStringTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringW
GlobalReAlloc
GetCurrentThread
ConvertDefaultLocale
EnumResourceLanguagesA
LoadLibraryExA
GetProfileIntA
GetTickCount
GetFullPathNameA
FindFirstFileA
DuplicateHandle
UnlockFile
LockFile
GetThreadLocale
lstrcmpA
SuspendThread
ResumeThread
SetThreadPriority
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GlobalDeleteAtom
CompareStringA
lstrcmpW
RaiseException
InterlockedExchange
LocalReAlloc
GetDiskFreeSpaceW
GetVolumeInformationW
SetThreadExecutionState
CreateProcessA
GetSystemInfo
InterlockedDecrement
GetComputerNameA
FreeResource
GetCurrentDirectoryA
GetACP
GetSystemDefaultLangID
GetUserDefaultLangID
EnterCriticalSection
LeaveCriticalSection
CreateThread
SleepEx
lstrcpynA
ReadFile
CreateDirectoryA
CopyFileA
MoveFileA
LocalAlloc
FormatMessageA
CreateDirectoryW
CopyFileW
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetModuleFileNameA
TlsFree
TlsGetValue
GetFileAttributesExW
FileTimeToSystemTime
CreateWaitableTimerA
SetWaitableTimer
CancelWaitableTimer
DeviceIoControl
SetFileAttributesW
FlushFileBuffers
InitializeCriticalSection
DeleteCriticalSection
GetVolumeInformationA
GetCommandLineW
GetWindowsDirectoryW
SetFileAttributesA
DeleteFileA
SetEvent
TerminateProcess
lstrlenA
LoadLibraryW
VirtualProtect
lstrcmpiA
GetDriveTypeW
GetLocaleInfoA
GetVersion
SetLastError
LoadLibraryA
GetCurrentProcessId
lstrlenW
GetSystemDirectoryA
GetSystemDirectoryW
lstrcatA
SetFilePointer
SetEndOfFile
GetFileAttributesA
GetWindowsDirectoryA
GetModuleFileNameW
GetModuleHandleA
WriteFile
GetExitCodeProcess
MoveFileW
DeleteFileW
RemoveDirectoryW
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
CreateProcessW
CompareFileTime
FindFirstFileW
FindNextFileW
FindClose
CreateEventA
WaitForMultipleObjects
ResetEvent
GetCurrentProcess
GetSystemTime
SystemTimeToFileTime
SetFileTime
GlobalAlloc
GlobalFree
MoveFileExW
GetProcessHeap
HeapFree
HeapAlloc
OpenProcess
GetVersionExA
CreateFileA
CreateFileW
FreeLibrary
Sleep
CreateMutexA
OpenMutexA
WaitForSingleObject
ReleaseMutex
CloseHandle
GetModuleHandleW
GetProcAddress
GlobalSize
GlobalLock
GlobalUnlock
GetFileAttributesW
GetLastError
FormatMessageW
LocalFree
MulDiv
ExitProcess
MultiByteToWideChar
WideCharToMultiByte
FindResourceA
LoadResource
LockResource
GetCommandLineA
SizeofResource

user32

DeferWindowPos
AdjustWindowRectEx
GetClassInfoA
GetClassInfoExA
GetScrollPos
SetMenu
MapWindowPoints
GetMessageTime
GetTopWindow
EndDeferWindowPos
BeginDeferWindowPos
GetLastActivePopup
GetClassLongA
IsChild
WinHelpA
TabbedTextOutA
DrawTextA
DrawTextExA
GrayStringA
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
ValidateRect
IsClipboardFormatAvailable
CharUpperA
InflateRect
IsRectEmpty
MapDialogRect
SetWindowContextHelpId
SetRectEmpty
GetAsyncKeyState
IsZoomed
UnregisterClassA
PostThreadMessageA
CharNextA
CopyAcceleratorTableA
InvalidateRgn
GetNextDlgGroupItem
GetWindowPlacement
GetActiveWindow
CreateDialogIndirectParamA
GetNextDlgTabItem
EndDialog
IsDialogMessageA
SendDlgItemMessageA
GetDlgItemTextA
GetMenuState
DrawFrameControl
SetRect
DrawStateA
DeleteMenu
DrawIconEx
IntersectRect
GetSysColorBrush
FrameRect
PeekMessageA
SetActiveWindow
WindowFromPoint
ClientToScreen
UnionRect
SetClassLongA
SetDlgItemTextA
ModifyMenuA
GetMenuItemInfoW
FillRect
CopyIcon
GetKeyboardLayoutList
SetPropA
GetPropA
RemovePropA
GetMessageA
TranslateMessage
DispatchMessageA
DefWindowProcA
PostQuitMessage
DestroyIcon
GetDlgItemTextW
GetClassNameA
SetCursorPos
SetLayeredWindowAttributes
UpdateWindow
CloseWindow
CreateWindowExA
RegisterClassA
DefDlgProcA
DestroyWindow
GetWindowLongA
BeginPaint
EndPaint
GetWindowDC
GetMenu
RegisterWindowMessageA
GetKeyState
RegisterClipboardFormatA
GetDlgCtrlID
LoadImageW
LoadImageA
SetWindowsHookExA
DestroyMenu
CreatePopupMenu
TrackPopupMenu
GetMessagePos
LoadCursorA
SetCursor
ReleaseCapture
GetSystemMetrics
AppendMenuW
ModifyMenuW
DrawTextW
UnhookWindowsHookEx
SetWindowLongA
CallWindowProcA
SystemParametersInfoA
CheckMenuItem
SetClipboardViewer
ChangeClipboardChain
SetCapture
GetCapture
ScreenToClient
IsIconic
DrawMenuBar
RemoveMenu
EnableMenuItem
DrawFocusRect
DrawIcon
EqualRect
OffsetRect
CharUpperBuffW
GetWindow
EnumWindows
SetForegroundWindow
IsWindowVisible
wsprintfW
MessageBoxA
GetComboBoxInfo
MessageBoxW
LoadBitmapA
SetPropW
SystemParametersInfoW
CheckMenuRadioItem
GetSubMenu
GetMenuItemID
GetMenuItemCount
AppendMenuA
GetCursorPos
GetClientRect
CopyRect
PtInRect
FindWindowA
GetWindowThreadProcessId
MsgWaitForMultipleObjects
GetParent
SetParent
KillTimer
SetTimer
InvalidateRect
GetFocus
SetFocus
SendMessageW
GetForegroundWindow
ExitWindowsEx
wsprintfA
ReleaseDC
MessageBeep
MoveWindow
GetWindowTextLengthA
ShowWindow
SetDlgItemTextW
GetWindowTextLengthW
PostMessageA
IsWindowEnabled
GetWindowTextA
IsWindow
CreateWindowExW
SetWindowPos
SetWindowTextA
GetWindowRect
SetWindowTextW
GetWindowTextW
LoadStringA
DefWindowProcW
GetDesktopWindow
LoadIconA
GetDC
SendMessageA
GetDlgItem
GetSysColor
EnableWindow
CallNextHookEx

gdi32

PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreateBitmap
GetBkColor
GetCharWidthA
StretchDIBits
GetTextColor
GetRgnBox
EnumFontFamiliesExA
GetWindowExtEx
GetViewportExtEx
GetObjectA
SelectClipRgn
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
SetBkMode
RestoreDC
SaveDC
GetClipBox
CopyMetaFileA
SetStretchBltMode
GetMapMode
SetMapMode
LPtoDP
DPtoLP
ExtTextOutW
CreateRectRgnIndirect
CreateFontIndirectA
GetTextMetricsA
GetStockObject
CreateCompatibleBitmap
DeleteObject
SelectObject
StretchBlt
BitBlt
DeleteDC
TranslateCharsetInfo
GetDIBits
CreateDIBSection
GetObjectW
CreateFontIndirectW
GetDeviceCaps
CreatePen
SetTextColor
SetBkColor
CreateSolidBrush
GetTextExtentPoint32W
GetTextExtentPoint32A
CreateFontA
CreateCompatibleDC

comdlg32

ChooseFontW
GetFileTitleA
GetSaveFileNameA
GetOpenFileNameW
GetSaveFileNameW

advapi32

RegRestoreKeyA
RegQueryValueExA
RegQueryValueA
RegOpenKeyA
OpenSCManagerA
OpenServiceA
CloseServiceHandle
RegEnumKeyW
RegDeleteKeyW
DuplicateTokenEx
GetLengthSid
SetTokenInformation
CreateProcessAsUserW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetUserNameW
GetUserNameA
RegCloseKey
RegLoadKeyA
RegSaveKeyA
RegEnumValueA
RegCreateKeyExW
RegFlushKey
RegDeleteValueW
RegSetValueExW
RegNotifyChangeKeyValue
OpenProcessToken
LookupPrivilegeValueA
AdjustTokenPrivileges
RegQueryValueExW
RegEnumKeyExA
RegDeleteKeyA
RegQueryInfoKeyA
RegEnumKeyA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA

comctl32

ord17
ImageList_GetIcon

shlwapi

StrCmpLogicalW
PathStripToRootA
PathIsUNCA
PathFindFileNameA
PathFindExtensionA

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 876KB - Virtual size: 875KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 214KB - Virtual size: 213KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MediumILStart.exe
.exe windows:5 windows x86 arch:x86

8b9e8171fedea437adc3b4da24139da4

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:59:29:2a:8c:f6:59:10:78:c9:29:d5:ba:55:a7:f6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/07/2022, 00:00

Not After

06/08/2025, 23:59

Subject

CN=Tonec Inc.,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

64:7e:a5:0a:70:1c:12:3a:59:20:87:c2:6d:c8:99:1b:25:2b:59:a3:ca:97:9f:ae:82:7e:37:e3:f6:6f:53:b6
Signer

Actual PE Digest

64:7e:a5:0a:70:1c:12:3a:59:20:87:c2:6d:c8:99:1b:25:2b:59:a3:ca:97:9f:ae:82:7e:37:e3:f6:6f:53:b6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

S:\IDM_projects\MediumILStart\Release\MediumILStart.pdb

Imports

ole32

CoUninitialize
CoCreateInstance
CoInitialize

kernel32

TerminateProcess
Sleep
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstall.exe
.exe windows:4 windows x86 arch:x86

ec78679ef28febdf08bf42c1424103e9

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:59:29:2a:8c:f6:59:10:78:c9:29:d5:ba:55:a7:f6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

28/07/2022, 00:00

Not After

06/08/2025, 23:59

Subject

CN=Tonec Inc.,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

28:98:63:ba:a9:0f:f0:a2:8f:f3:36:25:2c:29:dc:05:39:a8:cf:8d:5a:10:7b:e3:f4:9c:e6:17:7f:5d:1d:54
Signer

Actual PE Digest

28:98:63:ba:a9:0f:f0:a2:8f:f3:36:25:2c:29:dc:05:39:a8:cf:8d:5a:10:7b:e3:f4:9c:e6:17:7f:5d:1d:54

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

InitCommonControlsEx

shlwapi

SHDeleteKeyW

kernel32

CopyFileW
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
ExitThread
DeleteFileW
ExitProcess
lstrcpyW
lstrcmpW
UnmapViewOfFile
MultiByteToWideChar
GetSystemTime
CreateEventW
MapViewOfFile
SetFileTime
GetFileTime
CreateFileMappingW
GetFileSize
MoveFileExW
TerminateProcess
OpenProcess
CreateDirectoryW
RemoveDirectoryW
FindClose
CreateProcessW
FindFirstFileW
SetEndOfFile
SetFilePointer
GetShortPathNameW
WriteFile
LocalFree
FormatMessageW
GetUserDefaultLangID
GetSystemDefaultLangID
SetCurrentDirectoryW
LocalAlloc
GetExitCodeThread
FreeResource
LockResource
LoadResource
SizeofResource
FindResourceW
MulDiv
CreateThread
HeapAlloc
HeapFree
GetProcessHeap
GetDiskFreeSpaceW
ResumeThread
SuspendThread
WideCharToMultiByte
CompareFileTime
GetExitCodeProcess
GetLastError
CreateFileW
GetModuleFileNameW
GetModuleHandleW
GetCurrentProcess
GetVersionExW
lstrlenW
GetWindowsDirectoryW
Sleep
GetSystemDirectoryW
CreateMutexW
OpenMutexW
WaitForSingleObject
ReleaseMutex
CloseHandle
lstrcmpiW
LoadLibraryW
GetProcAddress
FreeLibrary
GetFileAttributesW
lstrcatW
FindNextFileW
GetStartupInfoW

user32

EnumWindows
MessageBoxW
wsprintfW
GetForegroundWindow
SendMessageW
SetDlgItemTextW
SendDlgItemMessageW
wsprintfA
EnableWindow
GetDlgItem
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
PostQuitMessage
GetKeyboardLayoutList
DestroyWindow
GetDlgCtrlID
GetFocus
DialogBoxParamW
GetDesktopWindow
GetWindow
SetWindowTextW
IsDialogMessageW
ExitWindowsEx
GetDC
ReleaseDC
CreateWindowExW
CallWindowProcW
GetParent
SetFocus
IsIconic
BeginPaint
GetSystemMetrics
DrawIcon
GetWindowRect
ScreenToClient
EndPaint
CharUpperW
FindWindowW
GetMessageW
GetWindowThreadProcessId
GetWindowTextW
GetClientRect
SetWindowPos
GetWindowLongW
SetWindowLongW
SetForegroundWindow
PostMessageW
GetWindowDC
CreateDialogParamW
LoadIconW
ShowWindow

gdi32

LPtoDP
GetDeviceCaps
DPtoLP
SetMapMode
GetMapMode
TranslateCharsetInfo

advapi32

RegQueryInfoKeyW
AllocateAndInitializeSid
RegSetValueExA
FreeSid
LookupPrivilegeValueW
AdjustTokenPrivileges
GetUserNameW
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyW
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHBrowseForFolderW
ShellExecuteExW
ShellExecuteW

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

OleLoadPicture
LoadTypeLibEx

msvcrt

_controlfp
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
?terminate@@YAXXZ
_except_handler3
_wcsnicmp
strcpy
strrchr
atoi
strcmp
_snwprintf
_wfopen
fgets
sscanf
fclose
_CxxThrowException
_itow
strstr
strchr
memmove
wcschr
wcsncpy
_ftime
_ftol
memcpy
_stricmp
strncpy
_wcsupr
wcscmp
time
_wsplitpath
strlen
wcsncmp
free
malloc
memcmp
??2@YAPAXI@Z
wcsstr
memset
wcsrchr
wcslen
wcscat
wcscpy
??3@YAXPAX@Z
__CxxFrameHandler
__p__commode
__p__fmode
__set_app_type
_adjust_fdiv

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
idmBroker.exe
.exe windows:5 windows x86 arch:x86

e9bdfa0eca9121a8a6ea497367a8bd98

Code Sign

06:c5:07:8a:a5:28:bb:d3:b8:66:8a:b1:0b:03:5f:94
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/07/2019, 00:00

Not After

03/08/2022, 12:00

Subject

CN=Tonec Inc.,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:96:cb:38:36:ac:ef:b7:37:c2:12:d1:55:41:7e:f1
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/07/2019, 00:00

Not After

03/08/2022, 12:00

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:0b:83:ab:e3:4e:b6:33:24:91:95:a6:22:22:0a:6c:7d:26:0b:32:19:c9:16:5b:be:3b:f2:ce:9f:c9:b8:64
Signer

Actual PE Digest

6d:0b:83:ab:e3:4e:b6:33:24:91:95:a6:22:22:0a:6c:7d:26:0b:32:19:c9:16:5b:be:3b:f2:ce:9f:c9:b8:64

Digest Algorithm

sha256

PE Digest Matches

true

d0:84:ef:60:6e:a1:d9:04:89:d7:54:5d:c0:62:b8:5e:ea:2b:a8:70
Signer

Actual PE Digest

d0:84:ef:60:6e:a1:d9:04:89:d7:54:5d:c0:62:b8:5e:ea:2b:a8:70

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

s:\IDM_projects\idmBroker\idmBroker\Release\idmBroker.pdb

Imports

kernel32

CreateEventW
GetCurrentThreadId
InterlockedIncrement
InterlockedDecrement
SetEvent
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
GetCommandLineW
SetUnhandledExceptionFilter
FindClose
FindNextFileW
FindFirstFileW
GetVersionExW
CreateThread
GetACP
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
GetFileAttributesW
EnterCriticalSection
LeaveCriticalSection
CreateFileA
GetProcessHeap
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
GetModuleFileNameW
Sleep
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
WaitForSingleObject
LoadLibraryW
CloseHandle
WriteConsoleA
ReadFile
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LCMapStringA
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
SetFilePointer
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
HeapAlloc
HeapFree
RtlUnwind
GetStartupInfoW
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapSize
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsW

user32

CharUpperW
TranslateMessage
DispatchMessageW
GetMessageW
PostThreadMessageW
GetAsyncKeyState
CharNextW

gdi32

TranslateCharsetInfo

advapi32

RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW

ole32

CoUninitialize
CoTaskMemAlloc
CoTaskMemRealloc
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemFree
StringFromGUID2
CoInitialize
CoCreateInstance

oleaut32

LoadRegTypeLi
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayDestroy
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayCreate
SafeArrayPutElement
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen

Sections

.text
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
idmcchandler2_64.dll
.dll windows:5 windows x64 arch:x64

e58a7880d9f120a9074aef6c3b26c186

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

s:\IDM_projects\Mozilla\idmcchandler_old\64bit\Release\idmcchandler64.pdb

Imports

wininet

InternetCombineUrlA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

kernel32

ReleaseMutex
WaitForSingleObject
GetLocaleInfoA
GetStringTypeW
GetCurrentProcessId
GetLastError
CreateThread
LoadLibraryA
GetSystemDirectoryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
FindFirstFileW
GetFileAttributesA
GetVersionExA
GetCurrentProcess
GetFileSize
CreateFileA
CreateMutexA
SetEnvironmentVariableA
ReadFile
GetCurrentThreadId
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetTickCount
RtlVirtualUnwind
FindNextFileW
FindClose
MulDiv
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
CloseHandle
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryW
GetProcAddress
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetWindowsDirectoryA
GetSystemTimeAsFileTime

user32

ShowWindow
ReleaseDC
GetDC
SendMessageA
PostMessageA
IntersectRect
GetSystemMetrics
GetClientRect
PtInRect
ScreenToClient
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
DefWindowProcA
RegisterClassA
LoadCursorA
LoadIconA
MessageBoxA
GetKeyState
GetKeyboardState
GetParent
GetClassNameA
IsWindow
GetCursorPos

gdi32

GetDeviceCaps
GetStockObject

advapi32

RegLoadKeyA
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
RegEnumKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteKeyA
RegRestoreKeyA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

VariantInit
SafeArrayCreate
SafeArrayDestroy
SafeArrayPutElement
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString

msvcr90

_mbsstr
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
_i64toa
memcmp
isdigit
memchr
_i64tow
strncmp
sprintf
wcsncmp
_strlwr
_itoa
_strnicmp
isalpha
isalnum
isspace
strncpy
strpbrk
wcsncpy
_wcslwr
strchr
free
malloc
memcpy
_memicmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
wcsrchr
_snwprintf
wcsstr
__CxxFrameHandler3
_CxxThrowException
_stricmp
memmove
swscanf
memset
strrchr
wcschr
iswdigit
fclose
sscanf
fgets
_wfopen
_wsplitpath
_wcsicmp
_snprintf
strstr
_wcsnicmp
_strupr
atoi

Exports

Exports

IDMMzCC_DownloadAllWithIDM
IDMMzCC_DownloadLast10FLVwithIDM
IDMMzCC_DownloadLastFLVwithIDM
IDMMzCC_DownloadLinkWithIDM
IDMMzCC_GetListenerState
IDMMzCC_Observe
IDMMzCC_ShouldLoad
IDMMzCC_ShouldLoad_old1

Sections

.text
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
idmfc.dat
idmindex.dll
.dll windows:5 windows x86 arch:x86

1ed5468e84d27b94a9ff70787d506d89

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
realloc
malloc
memmove
_beginthreadex
strncmp
memset
memcpy
_endthreadex
_msize
free
_localtime64_s

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedExchange
RtlUnwind
GetCurrentThreadId
TryEnterCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
AreFileApisANSI
CloseHandle
CreateFileA
CreateFileW
CreateFileMappingA
CreateFileMappingW
CreateMutexW
DeleteFileA
DeleteFileW
FlushFileBuffers
FormatMessageA
FormatMessageW
FreeLibrary
GetCurrentProcessId
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetFileAttributesA
GetFileAttributesW
GetFileAttributesExW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetTickCount
GetVersionExA
GetVersionExW
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
LoadLibraryA
LoadLibraryW
LocalFree
LockFile
LockFileEx
MapViewOfFile
MultiByteToWideChar
QueryPerformanceCounter
ReadFile
SetEndOfFile
SetFilePointer
Sleep
SystemTimeToFileTime
UnlockFile
UnlockFileEx
HeapAlloc
HeapFree
GetProcessHeap
GetProcAddress
GetSystemInfo
GetVersion
FlushViewOfFile
InterlockedCompareExchange
OutputDebugStringW
OutputDebugStringA
WaitForSingleObjectEx
WaitForSingleObject
WriteFile
WideCharToMultiByte
UnmapViewOfFile

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_backup_finish
sqlite3_backup_init
sqlite3_backup_pagecount
sqlite3_backup_remaining
sqlite3_backup_step
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_bind_zeroblob
sqlite3_blob_bytes
sqlite3_blob_close
sqlite3_blob_open
sqlite3_blob_read
sqlite3_blob_reopen
sqlite3_blob_write
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_close_v2
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_compileoption_get
sqlite3_compileoption_used
sqlite3_complete
sqlite3_complete16
sqlite3_config
sqlite3_context_db_handle
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_collation_v2
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_function_v2
sqlite3_create_module
sqlite3_create_module_v2
sqlite3_data_count
sqlite3_db_config
sqlite3_db_filename
sqlite3_db_handle
sqlite3_db_mutex
sqlite3_db_readonly
sqlite3_db_release_memory
sqlite3_db_status
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_errstr
sqlite3_exec
sqlite3_expired
sqlite3_extended_errcode
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_initialize
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_limit
sqlite3_load_extension
sqlite3_log
sqlite3_malloc
sqlite3_memory_alarm
sqlite3_memory_highwater
sqlite3_memory_used
sqlite3_mprintf
sqlite3_mutex_alloc
sqlite3_mutex_enter
sqlite3_mutex_free
sqlite3_mutex_leave
sqlite3_mutex_try
sqlite3_next_stmt
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_os_end
sqlite3_os_init
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_randomness
sqlite3_realloc
sqlite3_release_memory
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_error_code
sqlite3_result_error_nomem
sqlite3_result_error_toobig
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_result_zeroblob
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_shutdown
sqlite3_sleep
sqlite3_snprintf
sqlite3_soft_heap_limit
sqlite3_soft_heap_limit64
sqlite3_sourceid
sqlite3_sql
sqlite3_status
sqlite3_step
sqlite3_stmt_busy
sqlite3_stmt_readonly
sqlite3_stmt_status
sqlite3_strglob
sqlite3_stricmp
sqlite3_strnicmp
sqlite3_test_control
sqlite3_thread_cleanup
sqlite3_threadsafe
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_uri_boolean
sqlite3_uri_int64
sqlite3_uri_parameter
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vfs_find
sqlite3_vfs_register
sqlite3_vfs_unregister
sqlite3_vmprintf
sqlite3_vsnprintf
sqlite3_vtab_config
sqlite3_vtab_on_conflict
sqlite3_wal_autocheckpoint
sqlite3_wal_checkpoint
sqlite3_wal_checkpoint_v2
sqlite3_wal_hook
sqlite3_win32_mbcs_to_utf8
sqlite3_win32_set_directory
sqlite3_win32_sleep
sqlite3_win32_utf8_to_mbcs
sqlite3_win32_write_debug

Sections

.text
Size: 358KB - Virtual size: 357KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
idmmzcc.xpi
.zip
META-INF/manifest.mf
META-INF/zigbert.rsa
META-INF/zigbert.sf
chrome.manifest
chrome/idmmzcc.jar
.zip
content/IDM/contents.rdf
.xml
content/IDM/dwnl1.gif
.gif
content/IDM/dwnl1.png
.png
content/IDM/dwnlAll.gif
.gif
content/IDM/dwnlAll.png
.png
content/IDM/idmmenuitems.css
content/IDM/overlay.js
.js
content/IDM/overlay.xul
.xml
components/iIDMHelper5.xpt
components/iIDMMzCC.xpt
components/idmhelper5.js
.js
components/idmmzcc.dll
.dll windows:4 windows x86 arch:x86

88ffcc106a97c95e58ff2d3220f89e9b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:60:fc:32:bd:52:1d:77:f2:11:c1:33:6a:a9:8b:9e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2010, 00:00

Not After

01/06/2013, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Secure Application Development,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GetProcAddress
LoadLibraryA
LoadLibraryW
GlobalLock
GetModuleFileNameA
GetModuleHandleA
GetVersionExA
DisableThreadLibraryCalls
GlobalUnlock
GlobalFree
GetModuleFileNameW
FreeLibrary

user32

MessageBoxA

advapi32

RegOpenKeyExA
RegCloseKey
RegQueryValueExW

xpcom

NS_Alloc
NS_Free
NS_GetServiceManager

nspr4

PR_AtomicDecrement
PR_AtomicIncrement

msvcrt

swprintf
_adjust_fdiv
malloc
_initterm
strlen
free
memcpy
atoi
strchr
strncpy
sprintf
__CxxFrameHandler
wcscpy
strcpy
wcsrchr
strrchr
??3@YAXPAX@Z
??2@YAPAXI@Z

Exports

Exports

GetListenerState
NSGetModule

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 994B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
components12/idmmzcc.dll
.dll windows:5 windows x86 arch:x86

1a69b20f34a9fb518b30d5bee863cccb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_amsg_exit
_initterm
_XcptFilter
free
malloc
??2@YAPAXI@Z
??3@YAXPAX@Z
_wcsicmp
_snwprintf
_snprintf
strncpy
atoi
wcsrchr
strrchr
strchr
__CxxFrameHandler

version

GetFileVersionInfoW
VerQueryValueA
GetFileVersionInfoSizeW

kernel32

LoadLibraryA
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
GetVersionExA
GetModuleHandleA
GetModuleFileNameA
GetModuleFileNameW
LoadLibraryW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetProcAddress

user32

MessageBoxA

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExA

Exports

Exports

GetListenerState
NSModule

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
components12/idmmzcc64.dll
.dll windows:5 windows x64 arch:x64

a2c1e36c591eb85bc753627370e54536

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

s:\IDM_projects\Mozilla\idmmzcc\64bit\Release\idmmzcc.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
GetTickCount
GetModuleFileNameW
GetModuleHandleA
QueryPerformanceCounter
DisableThreadLibraryCalls
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryW
GetSystemTimeAsFileTime
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
RtlCaptureContext

user32

MessageBoxA

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExA

msvcr90

??3@YAXPEAX@Z
_encode_pointer
_malloc_crt
_initterm
_initterm_e
free
_encoded_null
_decode_pointer
_amsg_exit
__C_specific_handler
__CppXcptFilter
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
_wcsicmp
_snwprintf
_snprintf
strncpy
atoi
__CxxFrameHandler3
wcsrchr
strchr
??2@YAPEAX_K@Z

Exports

Exports

GetListenerState
NSModule

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
components2/iIDMHelper.xpt
components2/iIDMMzCC.xpt
components2/idmcchandler2.dll
.dll windows:5 windows x86 arch:x86

50c293ae2379fe31404837ffcbeef2ad

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

s:\IDM_projects\Mozilla\idmcchandler_old\64bit\Release\idmcchandler.pdb

Imports

wininet

InternetCombineUrlA

msvcrt

_i64toa
isdigit
_i64tow
strncmp
sprintf
wcsncmp
atoi
memchr
_itoa
_strnicmp
isalpha
isalnum
isspace
strncpy
strpbrk
wcsncpy
iswdigit
_wcsnicmp
strstr
_wcsicmp
_snprintf
_wsplitpath
fgets
_wfopen
sscanf
fclose
_mbsstr
strrchr
memset
swscanf
memmove
_stricmp
_CxxThrowException
wcsstr
_snwprintf
wcsrchr
??2@YAPAXI@Z
??3@YAXPAX@Z
??1type_info@@UAE@XZ
_unlock
__dllonexit
_lock
_onexit
?terminate@@YAXXZ
_XcptFilter
_initterm
_amsg_exit
_memicmp
memcpy
malloc
free
strchr
wcschr
_wcslwr
_strupr
__CxxFrameHandler
_strlwr

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

kernel32

GetProcAddress
GetStringTypeW
GetModuleHandleW
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
Sleep
InterlockedExchange
RtlUnwind
GetCurrentThreadId
ReadFile
SetEnvironmentVariableA
CreateMutexA
CreateFileA
GetFileSize
GetCurrentProcess
GetFileAttributesA
GetWindowsDirectoryA
FreeLibrary
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetSystemDirectoryA
CreateThread
GetLastError
GetCurrentProcessId
GetLocaleInfoA
WaitForSingleObject
ReleaseMutex
GetVersionExA
LoadLibraryA
FindFirstFileW
FindNextFileW
FindClose
MulDiv
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
CloseHandle
GetModuleHandleA
GetModuleFileNameW
LoadLibraryW
GetVersion

user32

LoadCursorA
GetCursorPos
IsWindow
GetClassNameA
GetParent
GetKeyboardState
GetKeyState
ReleaseDC
GetDC
SendMessageA
PostMessageA
MessageBoxA
LoadIconA
ShowWindow
RegisterClassA
DefWindowProcA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
ScreenToClient
PtInRect
GetClientRect
GetSystemMetrics
IntersectRect

gdi32

GetStockObject
GetDeviceCaps

advapi32

AdjustTokenPrivileges
RegLoadKeyA
RegRestoreKeyA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
RegEnumKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegSetValueExA
RegCreateKeyExA
OpenProcessToken
LookupPrivilegeValueA
GetUserNameA
RegDeleteKeyA

shell32

ShellExecuteA

ole32

CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysAllocString
SysFreeString
SysStringLen
SysAllocStringLen
SafeArrayPutElement
SafeArrayDestroy
SafeArrayCreate
VariantInit

Exports

Exports

IDMMzCC_DownloadAllWithIDM
IDMMzCC_DownloadLast10FLVwithIDM
IDMMzCC_DownloadLastFLVwithIDM
IDMMzCC_DownloadLinkWithIDM
IDMMzCC_GetListenerState
IDMMzCC_Observe
IDMMzCC_ShouldLoad
IDMMzCC_ShouldLoad_old1

Sections

.text
Size: 244KB - Virtual size: 244KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
components2/idmcchandler2_64.dll
.dll windows:5 windows x64 arch:x64

e58a7880d9f120a9074aef6c3b26c186

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:4f:32:8f:3e:ff:4f:b9:8f:53:43:81:17:88:f7:8a
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

21/05/2013, 00:00

Not After

19/06/2016, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

s:\IDM_projects\Mozilla\idmcchandler_old\64bit\Release\idmcchandler64.pdb

Imports

wininet

InternetCombineUrlA

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

kernel32

ReleaseMutex
WaitForSingleObject
GetLocaleInfoA
GetStringTypeW
GetCurrentProcessId
GetLastError
CreateThread
LoadLibraryA
GetSystemDirectoryA
GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
FreeLibrary
FindFirstFileW
GetFileAttributesA
GetVersionExA
GetCurrentProcess
GetFileSize
CreateFileA
CreateMutexA
SetEnvironmentVariableA
ReadFile
GetCurrentThreadId
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetTickCount
RtlVirtualUnwind
FindNextFileW
FindClose
MulDiv
WideCharToMultiByte
MultiByteToWideChar
lstrlenA
CloseHandle
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameW
LoadLibraryW
GetProcAddress
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetWindowsDirectoryA
GetSystemTimeAsFileTime

user32

ShowWindow
ReleaseDC
GetDC
SendMessageA
PostMessageA
IntersectRect
GetSystemMetrics
GetClientRect
PtInRect
ScreenToClient
DispatchMessageA
TranslateMessage
GetMessageA
CreateWindowExA
DefWindowProcA
RegisterClassA
LoadCursorA
LoadIconA
MessageBoxA
GetKeyState
GetKeyboardState
GetParent
GetClassNameA
IsWindow
GetCursorPos

gdi32

GetDeviceCaps
GetStockObject

advapi32

RegLoadKeyA
RegSetValueExA
RegQueryValueExW
RegQueryValueExA
RegCloseKey
RegEnumKeyA
RegQueryInfoKeyA
RegOpenKeyExA
RegDeleteKeyA
RegRestoreKeyA
GetUserNameA
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
RegCreateKeyExA

shell32

ShellExecuteA

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

oleaut32

VariantInit
SafeArrayCreate
SafeArrayDestroy
SafeArrayPutElement
SysAllocStringLen
SysStringLen
SysFreeString
SysAllocString

msvcr90

_mbsstr
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
_i64toa
memcmp
isdigit
memchr
_i64tow
strncmp
sprintf
wcsncmp
_strlwr
_itoa
_strnicmp
isalpha
isalnum
isspace
strncpy
strpbrk
wcsncpy
_wcslwr
strchr
free
malloc
memcpy
_memicmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
wcsrchr
_snwprintf
wcsstr
__CxxFrameHandler3
_CxxThrowException
_stricmp
memmove
swscanf
memset
strrchr
wcschr
iswdigit
fclose
sscanf
fgets
_wfopen
_wsplitpath
_wcsicmp
_snprintf
strstr
_wcsnicmp
_strupr
atoi

Exports

Exports

IDMMzCC_DownloadAllWithIDM
IDMMzCC_DownloadLast10FLVwithIDM
IDMMzCC_DownloadLastFLVwithIDM
IDMMzCC_DownloadLinkWithIDM
IDMMzCC_GetListenerState
IDMMzCC_Observe
IDMMzCC_ShouldLoad
IDMMzCC_ShouldLoad_old1

Sections

.text
Size: 322KB - Virtual size: 322KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 91KB - Virtual size: 91KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
components2/idmhelper.js
.js
components2/idmmzcc.dll
.dll windows:4 windows x86 arch:x86

c609652f4863100205107b46940e95f2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:60:fc:32:bd:52:1d:77:f2:11:c1:33:6a:a9:8b:9e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2010, 00:00

Not After

01/06/2013, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Secure Application Development,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
GlobalFree
LoadLibraryW
GetModuleFileNameA
GetVersionExA
DisableThreadLibraryCalls
FreeLibrary
GetModuleHandleA
LoadLibraryA
GetModuleFileNameW

user32

MessageBoxA

advapi32

RegCloseKey
RegOpenKeyExA
RegQueryValueExW

xpcom

NS_GetServiceManager

msvcrt

_wcsicmp
wcsrchr
atoi
strchr
strncpy
sprintf
__CxxFrameHandler
wcscpy
swprintf
strrchr
??3@YAXPAX@Z
??2@YAPAXI@Z
free
_initterm
malloc
_adjust_fdiv

Exports

Exports

GetListenerState
NSModule

Sections

.text
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 806B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
components2/idmmzcc64.dll
.dll windows:5 windows x64 arch:x64

af1dc2e2f649248098ffdfbf225eece2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

46:60:fc:32:bd:52:1d:77:f2:11:c1:33:6a:a9:8b:9e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

02/06/2010, 00:00

Not After

01/06/2013, 23:59

Subject

CN=Tonec Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Secure Application Development,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

s:\IDM_projects\Mozilla\idmmzcc\64bit\Release\idmmzcc.pdb

Imports

xpcom

NS_GetServiceManager

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
LoadLibraryW
GetTickCount
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryA
GetSystemTimeAsFileTime
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
Sleep
DisableThreadLibraryCalls

user32

MessageBoxA

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExA

msvcr90

_encode_pointer
_malloc_crt
_initterm
_initterm_e
free
_encoded_null
_decode_pointer
_amsg_exit
__C_specific_handler
__CppXcptFilter
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
_unlock
__dllonexit
_lock
_onexit
??3@YAXPEAX@Z
_wcsicmp
sprintf
strncpy
atoi
__CxxFrameHandler3
_vswprintf
wcsrchr
strchr
??2@YAPEAX_K@Z

Exports

Exports

GetListenerState
NSModule

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 684B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 206B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
icon.png
.png
install.js
.js
install.rdf
.xml
idmmzcc7_64.dll
.dll windows:5 windows x64 arch:x64

03099183afcecf68a376fb309c7bc95d

Code Sign

06:c5:07:8a:a5:28:bb:d3:b8:66:8a:b1:0b:03:5f:94
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/07/2019, 00:00

Not After

03/08/2022, 12:00

Subject

CN=Tonec Inc.,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:96:cb:38:36:ac:ef:b7:37:c2:12:d1:55:41:7e:f1
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

30/07/2019, 00:00

Not After

03/08/2022, 12:00

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

be:b1:1a:a9:0d:1e:e9:8e:f3:ee:98:65:e1:02:78:df:60:e9:48:39:a6:11:83:53:8e:12:2a:43:7c:74:af:80
Signer

Actual PE Digest

be:b1:1a:a9:0d:1e:e9:8e:f3:ee:98:65:e1:02:78:df:60:e9:48:39:a6:11:83:53:8e:12:2a:43:7c:74:af:80

Digest Algorithm

sha256

PE Digest Matches

true

fd:13:01:27:83:e4:92:62:37:13:f1:50:1a:30:5b:20:47:94:c2:19
Signer

Actual PE Digest

fd:13:01:27:83:e4:92:62:37:13:f1:50:1a:30:5b:20:47:94:c2:19

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

s:\IDM_projects\Mozilla\idmmzcc\64bit\Release\idmmzcc.pdb

Imports

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueA

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetProcAddress
FlushFileBuffers
GetModuleFileNameW
GetModuleHandleA
CloseHandle
CreateFileA
LoadLibraryW
GetStdHandle
RtlLookupFunctionEntry
RtlUnwindEx
GetCurrentThreadId
FlsSetValue
GetCommandLineA
EncodePointer
DecodePointer
FlsGetValue
FlsFree
SetLastError
GetLastError
FlsAlloc
RaiseException
RtlPcToFileHeader
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapFree
HeapAlloc
Sleep
GetModuleHandleW
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW

user32

MessageBoxA

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExA

Exports

Exports

GetListenerState
InitCC
InitObs
NSModule
OnStartup

Sections

.text
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
idmtdi32.sys
.sys windows:6 windows x86 arch:x86

3f4b3bf14451d8b5595ce146faeda6eb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

d4:10:0e:c4:d5:79:a8:8e:b2:33:3a:14:f4:58:37:d4:56:e7:af:b8:71:eb:cc:a5:f7:b4:ad:1f:dd:7e:32:9f
Signer

Actual PE Digest

d4:10:0e:c4:d5:79:a8:8e:b2:33:3a:14:f4:58:37:d4:56:e7:af:b8:71:eb:cc:a5:f7:b4:ad:1f:dd:7e:32:9f

Digest Algorithm

sha256

PE Digest Matches

true

63:e1:e8:5d:bb:ec:08:00:56:a0:20:db:a9:ac:21:c3:d8:d4:67:38
Signer

Actual PE Digest

63:e1:e8:5d:bb:ec:08:00:56:a0:20:db:a9:ac:21:c3:d8:d4:67:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

x:\projects\idmwfp\objfre_w2k_x86\i386\idmtdi.pdb

Imports

ntoskrnl.exe

ZwQueryValueKey
ZwOpenKey
IoDeleteDevice
ObfDereferenceObject
ObfReferenceObject
IoCreateDriver
RtlAppendUnicodeToString
RtlCopyUnicodeString
IoDetachDevice
IoReleaseRemoveLockAndWaitEx
KeDelayExecutionThread
ZwYieldExecution
IoDeleteSymbolicLink
PsSetCreateProcessNotifyRoutine
PsSetLoadImageNotifyRoutine
IoCreateSymbolicLink
PsGetVersion
MmGetSystemRoutineAddress
InitSafeBootMode
ExAllocatePoolWithTag
InterlockedIncrement
InterlockedDecrement
ZwQuerySystemInformation
IofCompleteRequest
KeLeaveCriticalRegion
KeUnstackDetachProcess
KeStackAttachProcess
KeEnterCriticalRegion
_except_handler3
PsLookupProcessByProcessId
IoGetRequestorProcessId
memset
KeRestoreFloatingPointState
KeSaveFloatingPointState
IoQueueWorkItem
IoAllocateWorkItem
ZwDeleteValueKey
_strnicmp
ZwWriteFile
memmove
ZwReadFile
ZwQueryInformationFile
ZwCreateFile
_purecall
IoFreeMdl
InterlockedCompareExchange
MmBuildMdlForNonPagedPool
IoAllocateMdl
memcpy
IoFreeWorkItem
KeResetEvent
KeSetEvent
ObReferenceObjectByHandle
ExEventObjectType
ZwClose
_strlwr
_wcslwr
strspn
towlower
InterlockedExchange
IofCallDriver
InterlockedExchangeAdd
KeGetCurrentThread
IoFreeIrp
IoAllocateIrp
IoCancelIrp
KeWaitForSingleObject
IoBuildDeviceIoControlRequest
KeInitializeEvent
KeClearEvent
IoReleaseRemoveLockEx
IoGetRelatedDeviceObject
RtlCompareMemory
wcschr
wcsspn
tolower
_wcsnicmp
strncmp
_stricmp
wcsncmp
_wcsicmp
strstr
wcsstr
strchr
wcscspn
strncpy
_allmul
IoCreateDevice
RtlInitUnicodeString
IoAttachDevice
IoInitializeRemoveLockEx
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
RtlAddAccessAllowedAce
RtlLengthSid
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwCreateKey
ZwSetValueKey
RtlFreeUnicodeString
IoAcquireRemoveLockEx
KeInitializeSpinLock
KeQuerySystemTime
ExFreePoolWithTag
KeBugCheckEx

hal

KfReleaseSpinLock
KeGetCurrentIrql
KfAcquireSpinLock

tdi.sys

TdiCopyMdlToBuffer
TdiCopyBufferToMdl
TdiMapUserRequest

Sections

.text
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
idmtdi64.sys
.sys windows:6 windows x64 arch:x64

cf8c00ceafea78b3d6615d4325255b36

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

78:28:c7:31:58:08:bc:87:17:71:0e:13:fa:3c:0b:24
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

18/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

14:b9:55:fb:88:8e:2d:d6:c8:31:92:d7:e7:88:28:62
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

16/05/2016, 00:00

Not After

15/07/2019, 23:59

Subject

CN=Tonec Inc.,OU=Internet Download Manager,O=Tonec Inc.,L=New York,ST=New York,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c6:91:35:9c:66:c7:5b:b1:0c:19:90:20:7b:2f:bd:93:9a:0f:37:f5:e8:84:6c:69:fd:f4:06:18:ff:e7:7a:45
Signer

Actual PE Digest

c6:91:35:9c:66:c7:5b:b1:0c:19:90:20:7b:2f:bd:93:9a:0f:37:f5:e8:84:6c:69:fd:f4:06:18:ff:e7:7a:45

Digest Algorithm

sha256

PE Digest Matches

true

ad:fd:7f:31:9d:d1:4e:2f:7b:a0:27:75:9e:ff:dc:dc:95:c1:3b:7a
Signer

Actual PE Digest

ad:fd:7f:31:9d:d1:4e:2f:7b:a0:27:75:9e:ff:dc:dc:95:c1:3b:7a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

x:\projects\idmwfp\objfre_wnet_amd64\amd64\idmtdi.pdb

Imports

ntoskrnl.exe

KeReleaseInStackQueuedSpinLock
ZwYieldExecution
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
RtlAppendUnicodeToString
RtlGetVersion
KeAcquireInStackQueuedSpinLock
IoDetachDevice
PsSetCreateProcessNotifyRoutine
KeDelayExecutionThread
ZwQueryValueKey
InitSafeBootMode
ZwClose
IoReleaseRemoveLockAndWaitEx
PsRemoveLoadImageNotifyRoutine
IoAttachDevice
ObfReferenceObject
IoCreateSymbolicLink
RtlCopyUnicodeString
ObfDereferenceObject
IoCreateDriver
IoInitializeRemoveLockEx
IoCreateDevice
ZwOpenKey
ExAllocatePoolWithTag
ZwQuerySystemInformation
PsGetProcessPeb
KeLeaveCriticalRegion
PsLookupProcessByProcessId
KeUnstackDetachProcess
KeEnterCriticalRegion
IofCompleteRequest
IoGetRequestorProcessId
KeStackAttachProcess
_strnicmp
ZwReadFile
ZwDeleteValueKey
ZwCreateFile
IoAllocateWorkItem
IoQueueWorkItem
ZwQueryInformationFile
ZwWriteFile
MmBuildMdlForNonPagedPool
IoFreeMdl
_purecall
IoAllocateMdl
KeResetEvent
KeSetEvent
IoFreeWorkItem
PsSetLoadImageNotifyRoutine
ObReferenceObjectByHandle
_strlwr
_wcslwr
strspn
towlower
IofCallDriver
KeClearEvent
IoBuildDeviceIoControlRequest
IoGetRelatedDeviceObject
KeInitializeEvent
IoReleaseRemoveLockEx
IoCancelIrp
KeWaitForSingleObject
IoFreeIrp
IoAllocateIrp
RtlCompareMemory
wcschr
_stricmp
_wcsicmp
strncmp
_wcsnicmp
strstr
strchr
tolower
strncpy
wcsstr
wcsspn
wcscspn
wcsncmp
ObOpenObjectByPointer
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwCreateKey
ZwSetValueKey
RtlFreeUnicodeString
ExFreePoolWithTag
IoDeleteSymbolicLink
ExEventObjectType
IoAcquireRemoveLockEx
KeBugCheckEx
__C_specific_handler

tdi.sys

TdiCopyMdlToBuffer
TdiCopyBufferToMdl
TdiMapUserRequest

Sections

.text
Size: 163KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
idmwfp.cat
idmwfp32.sys
.sys windows:6 windows x86 arch:x86

539ab0fa16be0aee97ec09e4fcbf61b5

Code Sign

33:00:00:00:61:c8:8b:12:9c:2a:7f:1d:87:00:00:00:00:00:61
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b4:67:e8:65:1d:f2:41:92:c8:de:ef:58:33:a2:7a:94:b1:42:3a:2d:f2:71:60:2b:13:49:d7:3b:06:6e:b4:5e
Signer

Actual PE Digest

b4:67:e8:65:1d:f2:41:92:c8:de:ef:58:33:a2:7a:94:b1:42:3a:2d:f2:71:60:2b:13:49:d7:3b:06:6e:b4:5e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Z:\Projects\IDMWFP\VistaRelease\x86\idmwfp.pdb

Imports

ntoskrnl.exe

RtlGetVersion
PsSetCreateProcessNotifyRoutine
ZwQueryValueKey
InitSafeBootMode
PsRemoveLoadImageNotifyRoutine
IoCreateSymbolicLink
PsGetProcessPeb
KeLeaveCriticalRegion
PsLookupProcessByProcessId
_wcsnicmp
KeUnstackDetachProcess
KeEnterCriticalRegion
IofCompleteRequest
IoGetRequestorProcessId
wcsncmp
KeStackAttachProcess
MmGetSystemRoutineAddress
KeResetEvent
IoFreeWorkItem
ExEventObjectType
ObfReferenceObject
MmBuildMdlForNonPagedPool
IoAllocateMdl
KeQuerySystemTime
KeDelayExecutionThread
IoFreeMdl
ZwCreateKey
KeSetEvent
ExAllocatePoolWithTag
IoReuseIrp
KeRestoreFloatingPointState
IoDeleteDevice
NtBuildNumber
PsSetLoadImageNotifyRoutine
IoDeleteSymbolicLink
strspn
_strlwr
_stricmp
KeInitializeSpinLock
_purecall
ZwOpenKey
ZwQueryKey
IoQueryFileDosDeviceName
ZwDeleteKey
ZwWriteFile
ZwQueryInformationFile
ZwOpenFile
IoQueueWorkItem
ObfDereferenceObject
ObReferenceObjectByHandle
ZwClose
IoAllocateWorkItem
ZwCreateFile
IoFileObjectType
ZwDeleteValueKey
RtlInitUnicodeString
ZwReadFile
strlen
ZwQuerySystemInformation
strncmp
RtlRaiseException
ZwSetSecurityObject
ObOpenObjectByPointer
IoDeviceObjectType
IoCreateDevice
RtlGetDaclSecurityDescriptor
RtlGetSaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
SeExports
IoIsWdmVersionAvailable
RtlAddAccessAllowedAce
RtlLengthSid
memcpy
memset
wcschr
RtlAbsoluteToSelfRelativeSD
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwSetValueKey
RtlFreeUnicodeString
_strnicmp
IoAllocateIrp
IoFreeIrp
KeInitializeEvent
KeWaitForSingleObject
KeSaveFloatingPointState
memmove
ExFreePoolWithTag
PsGetVersion
ExAllocatePoolWithQuotaTag
RtlImageDirectoryEntryToData
KeBugCheckEx
RtlUnwind
_allmul
_except_handler3
_alloca_probe

ndis.sys

NdisAllocateGenericObject
NdisFreeGenericObject
NdisFreeNetBufferListPool
NdisGetDataBuffer
NdisAllocateNetBufferListPool

fwpkclnt.sys

FwpsCopyStreamDataToBuffer0
FwpsStreamInjectAsync0
FwpmSubLayerAdd0
FwpsInjectionHandleDestroy0
FwpsInjectionHandleCreate0
FwpmProviderAdd0
FwpmFilterCreateEnumHandle0
FwpsFlowAssociateContext0
FwpsCalloutUnregisterById0
FwpsFreeCloneNetBufferList0
FwpsFlowRemoveContext0
FwpsQueryPacketInjectionState0
FwpmTransactionCommit0
FwpmCalloutAdd0
FwpmFilterDeleteByKey0
FwpsAllocateCloneNetBufferList0
FwpmFilterEnum0
FwpsCalloutRegister0
FwpmTransactionAbort0
FwpmEngineOpen0
FwpmFilterDestroyEnumHandle0
FwpmFilterAdd0
FwpsInjectTransportSendAsync0
FwpmTransactionBegin0
FwpmEngineClose0
FwpmFreeMemory0
FwpsFreeNetBufferList0
FwpsAllocateNetBufferAndNetBufferList0

netio.sys

WskDeregister
WskCaptureProviderNPI
WskRegister
WskReleaseProviderNPI

hal

KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
KeGetCurrentIrql

Sections

.text
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
idmwfp64.sys
.sys windows:6 windows x64 arch:x64

c527b76944990543ac6e57d2cc93e13c

Code Sign

33:00:00:00:61:c8:8b:12:9c:2a:7f:1d:87:00:00:00:00:00:61
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/04/2023, 19:16

Not After

03/04/2024, 19:16

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:26:d9:19:db:40:0c:15:ca:dd:4c:dd:fd:20:67:5e:04:da:53:16:d6:bd:6d:4f:86:cc:c2:61:b9:0b:94:19
Signer

Actual PE Digest

1a:26:d9:19:db:40:0c:15:ca:dd:4c:dd:fd:20:67:5e:04:da:53:16:d6:bd:6d:4f:86:cc:c2:61:b9:0b:94:19

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

Z:\Projects\IDMWFP\VistaRelease\x64\idmwfp.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
MmGetSystemRoutineAddress
RtlGetVersion
PsSetCreateProcessNotifyRoutine
ZwQueryValueKey
InitSafeBootMode
PsRemoveLoadImageNotifyRoutine
IoCreateSymbolicLink
PsGetProcessPeb
KeLeaveCriticalRegion
PsLookupProcessByProcessId
_wcsnicmp
KeUnstackDetachProcess
KeEnterCriticalRegion
IofCompleteRequest
IoGetRequestorProcessId
NtBuildNumber
KeStackAttachProcess
ZwQuerySystemInformation
KeResetEvent
IoFreeWorkItem
ExEventObjectType
ObfReferenceObject
MmBuildMdlForNonPagedPool
_strnicmp
ExAllocatePoolWithTag
IoAllocateIrp
IoFreeIrp
KeWaitForSingleObject
KeDelayExecutionThread
IoFreeMdl
PsSetLoadImageNotifyRoutine
IoDeleteSymbolicLink
strspn
_strlwr
_stricmp
KeAcquireInStackQueuedSpinLock
KeReleaseInStackQueuedSpinLock
_purecall
ZwOpenKey
ZwQueryKey
IoQueryFileDosDeviceName
ZwDeleteKey
ZwWriteFile
ZwQueryInformationFile
ZwOpenFile
IoQueueWorkItem
ObfDereferenceObject
ObReferenceObjectByHandle
ZwClose
IoAllocateWorkItem
ZwCreateFile
IoFileObjectType
ZwDeleteValueKey
RtlInitUnicodeString
ZwReadFile
strlen
strncmp
wcsncmp
ZwCreateKey
RtlUnwindEx
IoCreateDevice
ObOpenObjectByPointer
ZwSetSecurityObject
IoDeviceObjectType
_snwprintf
RtlLengthSecurityDescriptor
SeCaptureSecurityDescriptor
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
IoIsWdmVersionAvailable
SeExports
wcschr
RtlLengthSid
RtlAddAccessAllowedAce
RtlGetSaclSecurityDescriptor
RtlGetDaclSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
ZwSetValueKey
RtlFreeUnicodeString
KeInitializeEvent
KeSetEvent
IoReuseIrp
ExFreePoolWithTag
IoAllocateMdl
PsGetVersion
ExAllocatePoolWithQuotaTag
RtlImageDirectoryEntryToData
KeBugCheckEx
__chkstk

ndis.sys

NdisGetDataBuffer
NdisFreeGenericObject
NdisAllocateNetBufferListPool
NdisAllocateGenericObject
NdisFreeNetBufferListPool

fwpkclnt.sys

FwpsCopyStreamDataToBuffer0
FwpsStreamInjectAsync0
FwpmSubLayerAdd0
FwpsInjectionHandleDestroy0
FwpsInjectionHandleCreate0
FwpmProviderAdd0
FwpmFilterCreateEnumHandle0
FwpsFlowAssociateContext0
FwpsCalloutUnregisterById0
FwpsFreeCloneNetBufferList0
FwpsFlowRemoveContext0
FwpsQueryPacketInjectionState0
FwpmTransactionCommit0
FwpmCalloutAdd0
FwpmFilterDeleteByKey0
FwpsAllocateCloneNetBufferList0
FwpmFilterEnum0
FwpsCalloutRegister0
FwpmTransactionAbort0
FwpmEngineOpen0
FwpmFilterDestroyEnumHandle0
FwpmFilterAdd0
FwpsInjectTransportSendAsync0
FwpmTransactionBegin0
FwpmEngineClose0
FwpmFreeMemory0
FwpsFreeNetBufferList0
FwpsAllocateNetBufferAndNetBufferList0

netio.sys

WskDeregister
WskReleaseProviderNPI
WskCaptureProviderNPI
WskRegister

Sections

.text
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
idmwfpAA.sys
oldjsproxy.dll
.dll windows:10 windows x86 arch:x86

72686ecb2776c521ec34a63ecc17fe40

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

JSPROXY.pdb

Imports

msvcrt

__dllonexit
_except_handler4_common
free
_amsg_exit
_lock
malloc
_unlock
_initterm
_XcptFilter
_callnewh
_onexit
wcstok_s
_wtoi
_vsnwprintf
_wcsnicmp
iswspace
_wcsicmp
wcsstr
wcsrchr
memset

api-ms-win-core-file-l1-1-0

CreateFileW
GetFileSizeEx
ReadFile

api-ms-win-core-errorhandling-l1-1-0

GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-synch-l1-1-0

ReleaseSRWLockExclusive
InitializeSRWLock
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls

api-ms-win-core-heap-l2-1-0

GlobalAlloc
GlobalFree

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-classicprovider-l1-1-0

TraceMessageVa

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount
GetTickCount64
GetSystemTime

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-datetime-l1-1-0

GetDateFormatW

ntdll

RtlIpv6StringToAddressExW
RtlIpv6AddressToStringExW
RtlIpv4StringToAddressExW
RtlIpv4AddressToStringExW
RtlIpv4AddressToStringW
RtlNtStatusToDosError
EtwUnregisterTraceGuids
EtwGetTraceEnableFlags
EtwGetTraceLoggerHandle
EtwGetTraceEnableLevel
EtwRegisterTraceGuidsW
RtlGetVersion

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

InternetDeInitializeAutoProxyDll
InternetDeInitializeAutoProxyDllEx
InternetGetProxyInfo
InternetGetProxyInfoEx
InternetInitializeAutoProxyDll
InternetInitializeAutoProxyDllEx

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.wpp_sf
Size: 1024B - Virtual size: 755B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 96B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

055720b1d71187bd221e80b79d690573

Code Sign

06:c5:07:8a:a5:28:bb:d3:b8:66:8a:b1:0b:03:5f:94Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bdCertificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

09:96:cb:38:36:ac:ef:b7:37:c2:12:d1:55:41:7e:f1Certificate

Extended Key Usages

Key Usages

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66Certificate

Extended Key Usages

Key Usages

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1bCertificate

Extended Key Usages

Key Usages

4e:0e:f0:0e:37:c6:23:ea:65:d0:23:dc:2a:a7:58:c8:9a:d1:4f:e1:64:11:ab:ca:ad:15:c3:93:e8:35:32:9bSigner

73:fc:de:da:11:03:3e:62:a7:cd:56:df:0c:27:04:e2:aa:93:47:cfSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

wininet

shell32

kernel32

user32

gdi32

comdlg32

winspool.drv

advapi32

shlwapi

oledlg

ole32

oleaut32

urlmon

Sections

.text Size: 264KB - Virtual size: 263KB

.rdata Size: 64KB - Virtual size: 64KB

.data Size: 11KB - Virtual size: 26KB

.rsrc Size: 114KB - Virtual size: 114KB

.reloc Size: 37KB - Virtual size: 37KB

686f67c6bb9e40fa1405ff4a6eeebeb4

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

0b:59:29:2a:8c:f6:59:10:78:c9:29:d5:ba:55:a7:f6Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

59:52:b0:c3:74:b8:a1:79:30:85:13:15:53:07:44:08:04:a6:3d:00:8f:b4:29:65:c8:d8:c3:fd:a9:b3:1c:2fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

06:c5:07:8a:a5:28:bb:d3:b8:66:8a:b1:0b:03:5f:94
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

09:96:cb:38:36:ac:ef:b7:37:c2:12:d1:55:41:7e:f1
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

4e:0e:f0:0e:37:c6:23:ea:65:d0:23:dc:2a:a7:58:c8:9a:d1:4f:e1:64:11:ab:ca:ad:15:c3:93:e8:35:32:9b
Signer

73:fc:de:da:11:03:3e:62:a7:cd:56:df:0c:27:04:e2:aa:93:47:cf
Signer

.text
Size: 264KB - Virtual size: 263KB

.rdata
Size: 64KB - Virtual size: 64KB

.data
Size: 11KB - Virtual size: 26KB

.rsrc
Size: 114KB - Virtual size: 114KB

.reloc
Size: 37KB - Virtual size: 37KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:59:29:2a:8c:f6:59:10:78:c9:29:d5:ba:55:a7:f6
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

59:52:b0:c3:74:b8:a1:79:30:85:13:15:53:07:44:08:04:a6:3d:00:8f:b4:29:65:c8:d8:c3:fd:a9:b3:1c:2f
Signer

.text
Size: 5KB - Virtual size: 5KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 2KB

.pdata
Size: 512B - Virtual size: 300B

.rsrc
Size: 3KB - Virtual size: 3KB

.reloc
Size: 512B - Virtual size: 20B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

0b:59:29:2a:8c:f6:59:10:78:c9:29:d5:ba:55:a7:f6
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

bc:9d:fa:c3:93:b6:4c:30:30:38:0a:cb:6c:3a:96:be:0e:33:c9:17:ad:90:00:89:e4:44:46:62:1f:f7:76:8d
Signer

.text
Size: 257KB - Virtual size: 256KB

.rdata
Size: 108KB - Virtual size: 108KB

.data
Size: 2KB - Virtual size: 8KB

.pdata
Size: 11KB - Virtual size: 11KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 5KB - Virtual size: 5KB

.text
Size: 2.5MB - Virtual size: 2.5MB

.rdata
Size: 876KB - Virtual size: 875KB

.data
Size: 32KB - Virtual size: 69KB

.rsrc
Size: 2.2MB - Virtual size: 2.2MB

.reloc
Size: 214KB - Virtual size: 213KB

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate