00aab21148353a680098a772c4f68e04_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

00aab21148353a680098a772c4f68e04_JaffaCakes118
Size

7.8MB
MD5

00aab21148353a680098a772c4f68e04
SHA1

b8fcecb36c1618ba2aad7d200ad85935bd8cfdad
SHA256

601b80ca56c2767f022fc7c3c2fccc06f288016ab13a3feecdcbfb5dfd021c51
SHA512

33ca6069e47e693f02d1ae1645eced3c7446038ee7628f5acb34b0379920560ec2800f63efce52a19b31c1640784a21b7fbd458e6bc2109546d6f61012e3d2a6
SSDEEP

196608:p0aSnCidfL+hkAdaeQVoxyhhmpis3FVTfJeOqJPEJd3N5hMHT:uZQXEh43jTsOqJyr4T

Score

1^/10

Malware Config

Signatures

Files

00aab21148353a680098a772c4f68e04_JaffaCakes118
.cab
oemprint.inf.D9F23EA6_E0FA_47AA_907F_808D103497A8
oemprint.inf1.D9F23EA6_E0FA_47AA_907F_808D103497A8
tpautoconnect.exe.D9F23EA6_E0FA_47AA_907F_808D103497A8
.exe windows:6 windows x86 arch:x86

8b34323b3b53b140452826612a19c817

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

70:0f:81:3e:cf:44:4d:3c:6e:6d:da:fa:b4:b9:f2:1b:02:09:90:5b:8a:2d:17:1c:62:34:2b:c2:0c:9c:da:35
Signer

Actual PE Digest

70:0f:81:3e:cf:44:4d:3c:6e:6d:da:fa:b4:b9:f2:1b:02:09:90:5b:8a:2d:17:1c:62:34:2b:c2:0c:9c:da:35

Digest Algorithm

sha256

PE Digest Matches

true

d9:f1:0c:b0:9e:5e:c4:ee:01:2e:82:37:86:b4:cb:d7:84:7d:03:33
Signer

Actual PE Digest

d9:f1:0c:b0:9e:5e:c4:ee:01:2e:82:37:86:b4:cb:d7:84:7d:03:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

tpsvc

ord10
ord4
ord11
ord9
ord8
ord22

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileW
FindNextFileA
FindFirstFileExW
FindFirstFileExA
SetFilePointerEx
ReadConsoleW
GetConsoleMode
GetConsoleCP
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetACP
GetModuleFileNameA
GetStdHandle
SetEnvironmentVariableA
SetStdHandle
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
VirtualQuery
VirtualAlloc
GetSystemInfo
QueryPerformanceFrequency
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitProcess
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetCPInfo
LCMapStringW
GetStringTypeW
OutputDebugStringW
SetEnvironmentVariableW
WriteConsoleW
GetFileType
OpenMutexW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
LocalFileTimeToFileTime
SetFileAttributesW
SetFileTime
SystemTimeToTzSpecificLocalTime
SetErrorMode
FreeResource
GlobalFindAtomW
VirtualProtect
lstrcpyW
FindResourceExW
GetWindowsDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetTempFileNameW
GetTempPathW
GetTickCount
GetProfileIntW
SearchPathW
GetDiskFreeSpaceW
ReplaceFileW
GetUserDefaultLCID
LocalLock
LocalUnlock
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetCurrentDirectoryW
EncodePointer
SystemTimeToFileTime
FileTimeToSystemTime
GetAtomNameW
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SuspendThread
SetThreadPriority
GlobalGetAtomNameW
GlobalAddAtomW
GetThreadLocale
GetStringTypeExW
MoveFileW
lstrcmpiW
DuplicateHandle
OutputDebugStringA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
DecodePointer
RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
FreeLibrary
LoadLibraryExW
LoadResource
LockResource
SizeofResource
FindResourceW
GetVersionExW
GetModuleHandleW
GetProcAddress
LocalAlloc
LocalFree
CloseHandle
SetLastError
GetCurrentProcess
GetEnvironmentVariableW
GetVersion
GetModuleHandleA
lstrcmpA
lstrlenA
LoadLibraryW
MultiByteToWideChar
WaitForSingleObject
CreateEventW
Sleep
InitializeCriticalSectionEx
GetSystemDirectoryA
LoadLibraryA
WideCharToMultiByte
GlobalFree
GetComputerNameW
LockFile
GetVolumeInformationW
GetShortPathNameW
GlobalAlloc
WriteProfileStringW
GetSystemDirectoryW
SetEvent
ReleaseMutex
WaitForSingleObjectEx
CreateMutexW
GetFullPathNameW
OpenEventW
GetCurrentProcessId
LocalReAlloc
WaitForMultipleObjects
FreeConsole
SetConsoleCtrlHandler
GetConsoleWindow
GetModuleFileNameW
GetLocaleInfoW
ResetEvent
GetCurrentThread
lstrlenW
GlobalSize
GlobalLock
GlobalUnlock
MulDiv
FormatMessageW
CopyFileW
GetCurrentThreadId
GlobalDeleteAtom
lstrcmpW
CompareStringA
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FlushFileBuffers
GetFileSize
CompareStringW

user32

UnregisterClassW
PostMessageW
GetWindowTextW
EnumWindows
GetWindowThreadProcessId
SendMessageTimeoutW
PostQuitMessage
PeekMessageW
ShowWindow
SetTimer
KillTimer
CharLowerW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
CharUpperW
GetSystemMetrics
UnhookWindowsHookEx
DispatchMessageW
WaitMessage
EnableWindow
GetTabbedTextExtentW
DestroyCursor
GetWindowRgn
WindowFromDC
CreateMenu
InSendMessage
SendNotifyMessageW
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
EnumChildWindows
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
PostThreadMessageW
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
DrawIcon
FrameRect
CopyIcon
SetCursorPos
IsZoomed
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetWindowRgn
SetClassLongW
EnumDisplayMonitors
SetLayeredWindowAttributes
GetMenuDefaultItem
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetParent
LoadBitmapW
IsWindow
MoveWindow
SetWindowPos
GetDlgItem
SetDlgItemInt
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
DrawIconEx
DrawFocusRect
GetNextDlgGroupItem
GetDialogBaseUnits
TrackMouseEvent
LockWindowUpdate
GetDCEx
SetCapture
SetRect
WindowFromPoint
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
SendDlgItemMessageA
SetParent
GetSystemMenu
IsRectEmpty
UnionRect
GetMenuItemInfoW
MapVirtualKeyW
GetKeyNameTextW
InflateRect
GetMonitorInfoW
MonitorFromWindow
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassLongW
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
GetDlgItemInt
SetDlgItemTextW
GetDlgItemTextW
CheckDlgButton
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
TrackPopupMenuEx
TrackPopupMenu
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
CheckRadioButton
IsDlgButtonChecked
SendDlgItemMessageW
GetDlgCtrlID
SetFocus
IsWindowEnabled
ScrollWindowEx
SetWindowTextW
GetWindowTextLengthW
GetWindowLongW
SetWindowLongW
GetWindow
IsDialogMessageW
GetClassInfoW
IsWindowVisible
IsIconic
BringWindowToTop
GetActiveWindow
GetKeyState
GetCapture
ReleaseCapture
LoadAcceleratorsW
TranslateAcceleratorW
LoadMenuW
GetMenu
SetMenu
CreatePopupMenu
DestroyMenu
InsertMenuItemW
UpdateWindow
SetActiveWindow
InvalidateRect
SetCursor
GetSysColor
SetRectEmpty
CopyRect
IntersectRect
OffsetRect
EqualRect
GetDesktopWindow
GetClassNameW
GetLastActivePopup
LoadIconW
DestroyIcon
LoadImageW
WinHelpW
GetMenuBarInfo
SendMessageW
UnpackDDElParam
ReuseDDElParam
GetMessageW
TranslateMessage
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
ShowOwnedPopups
MessageBoxW
GetDC
ReleaseDC
GetSysColorBrush
LoadCursorW
GetClientRect
CopyImage
SystemParametersInfoW
DeleteMenu
GetWindowRect
ClientToScreen
PtInRect
RealChildWindowFromPoint
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
BeginPaint
EndPaint
ScreenToClient
FillRect
RegisterWindowMessageW
GetMessagePos

gdi32

GetTextFaceW
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetROP2
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
DeleteMetaFile
CreateMetaFileW
CloseMetaFile
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
GetCurrentObject
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetDIBits
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
GetTextMetricsW
GetBkColor
StretchDIBits
GetCharWidthW
CreateFontW
GetTextExtentPoint32W
DPtoLP
SetRectRgn
PatBlt
GetMapMode
CreateRectRgnIndirect
CreateFontIndirectW
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
PolylineTo
PolyBezierTo
ExtTextOutW
TextOutW
MoveToEx
GetObjectW
ExtCreatePen
SetArcDirection
SelectClipPath
PolyDraw
ArcTo
StartDocW
SetColorAdjustment
ModifyWorldTransform
SetWorldTransform
EnumMetaFile
PlayMetaFileRecord
SetTextJustification
SetTextAlign
SetTextColor
SetTextCharacterExtra
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
SetMapperFlags
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
BitBlt
DeleteObject
CreateCompatibleDC
CreateCompatibleBitmap
CreateBitmap
GetDeviceCaps
CreateDCW
CopyMetaFileW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DeletePrinterConnectionW
AddPrinterConnectionW
ord204
GetPrinterW
ord203
GetJobW
DocumentPropertiesW
SetPrinterW
GetPrinterDataW
ClosePrinter
OpenPrinterW
EnumPrintersW

advapi32

SystemFunction036
RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegDeleteKeyW
RegSetValueW
LookupAccountSidW
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
OpenThreadToken
QueryServiceStatus
OpenServiceW
OpenSCManagerW
CloseServiceHandle
RegOpenKeyW
SetSecurityDescriptorDacl
EqualSid
RegEnumValueW
RegQueryInfoKeyW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegQueryValueExA
RegOpenKeyA
GetUserNameW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
ConvertStringSidToSidW
ConvertSidToStringSidW
GetTokenInformation
CopySid
OpenProcessToken
SetEntriesInAclW
LookupAccountNameW
InitializeSecurityDescriptor
InitializeAcl
GetLengthSid
FreeSid
AllocateAndInitializeSid
RegSetValueExW
RegQueryValueExW
RegCloseKey

shell32

SHGetSpecialFolderLocation
DragQueryFileW
DragFinish
SHAddToRecentDocs
ExtractIconW
ShellExecuteW
SHGetPathFromIDListW
SHGetDesktopFolder
ShellExecuteExW
SHAppBarMessage
SHBrowseForFolderW
SHGetMalloc
SHGetFileInfoW

shlwapi

PathIsUNCW
PathStripToRootW
PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
StrFormatKBSizeW
PathFindExtensionW

uxtheme

IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
IsAppThemed
GetThemePartSize
CloseThemeData
OpenThemeData
DrawThemeParentBackground
DrawThemeBackground
DrawThemeText

ole32

CoInitializeEx
CLSIDFromString
CoDisconnectObject
CreateStreamOnHGlobal
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
CreateItemMoniker
OleQueryCreateFromData
CreateGenericComposite
StgCreateDocfileOnILockBytes
OleRegEnumVerbs
OleRegGetMiscStatus
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
PropVariantCopy
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorageOnILockBytes
StgIsStorageFile
CreateFileMoniker
CreateILockBytesOnHGlobal
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
CoInitialize
CoCreateInstance
CoUninitialize
SetConvertStg
WriteClassStm
OleCreate
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
CoCreateGuid
StringFromGUID2
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
OleRun
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
IsAccelerator
StgOpenStorage

oleaut32

VariantInit
VarDecFromStr
VarBstrFromDec
VarBstrFromDate
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantChangeType
VariantCopy
VariantClear
SafeArrayPtrOfIndex
SafeArrayCopy
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetLBound
SafeArrayGetUBound
SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysAllocStringLen
SysReAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayCreate
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize

oledlg

OleUIBusyW

ws2_32

WSACleanup
WSAStartup
socket
sendto
send
select
recvfrom
recv
getsockname
getpeername
connect
closesocket
bind
accept
getnameinfo
freeaddrinfo
getaddrinfo
WSAStringToAddressA
htonl
htons
inet_addr
inet_ntoa
ntohs
gethostbyaddr
gethostbyname
getservbyport
getservbyname
WSASetLastError
WSAGetLastError
WSAAsyncSelect

userenv

LeaveCriticalPolicySection
EnterCriticalPolicySection

dnsapi

DnsQuery_W
DnsFree

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromFile
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 702KB - Virtual size: 701KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 400KB - Virtual size: 399KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 198KB - Virtual size: 197KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpautoconnsvc.exe.D9F23EA6_E0FA_47AA_907F_808D103497A8
.exe windows:6 windows x86 arch:x86

a985f89133d81516380b360b29188b82

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

5d:68:8f:ea:10:17:a2:b2:32:76:bc:01:7b:a6:55:3b:4d:69:2e:25:78:a6:51:09:36:ee:57:fd:d4:ec:d1:06
Signer

Actual PE Digest

5d:68:8f:ea:10:17:a2:b2:32:76:bc:01:7b:a6:55:3b:4d:69:2e:25:78:a6:51:09:36:ee:57:fd:d4:ec:d1:06

Digest Algorithm

sha256

PE Digest Matches

true

f4:4c:78:1b:41:9c:60:ee:59:52:74:c3:5b:4b:b2:54:0e:37:bf:d6
Signer

Actual PE Digest

f4:4c:78:1b:41:9c:60:ee:59:52:74:c3:5b:4b:b2:54:0e:37:bf:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

tpsvc

ord6
ord10
ord7
ord2
ord8
ord4

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCPInfo
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
GetStringTypeW
GetACP
ExitProcess
GetStdHandle
GetFileType
SetStdHandle
QueryPerformanceFrequency
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
RtlUnwind
OutputDebugStringW
WriteConsoleW
GetTimeZoneInformation
MulDiv
GlobalReAlloc
GlobalHandle
LocalReAlloc
EncodePointer
FreeResource
GlobalFindAtomW
FileTimeToLocalFileTime
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFileTime
SystemTimeToTzSpecificLocalTime
SetErrorMode
GetCurrentDirectoryW
CompareStringW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GlobalFlags
VirtualProtect
lstrcpyW
FindResourceExW
VerSetConditionMask
VerifyVersionInfoW
GetProfileIntW
SearchPathW
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
FileTimeToSystemTime
GlobalGetAtomNameW
GlobalAddAtomW
GetCurrentProcessId
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
CompareStringA
lstrcmpW
GlobalDeleteAtom
GetCurrentThread
LoadLibraryA
DuplicateHandle
OutputDebugStringA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
HeapFree
InitializeCriticalSectionAndSpinCount
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
DeleteCriticalSection
GetProcessHeap
SizeofResource
LockResource
LoadResource
FindResourceW
FreeLibrary
LoadLibraryExW
LocalAlloc
LocalFree
SetLastError
GetCurrentProcess
lstrlenA
lstrcmpA
GetVersionExW
GetModuleHandleA
GetVersion
CloseHandle
LoadLibraryW
GetProcAddress
GetModuleHandleW
EnterCriticalSection
WaitForMultipleObjects
GetFullPathNameW
GetFileSize
FlushFileBuffers
LeaveCriticalSection
WaitForSingleObject
OpenEventW
Sleep
SetEvent
ResetEvent
GetCurrentThreadId
FormatMessageW
ResumeThread
TerminateThread
GlobalFree
FindFirstFileW
GetModuleFileNameW
GetTempPathW
FindClose
GetSystemDirectoryW
MultiByteToWideChar
GetWindowsDirectoryW
GetTempFileNameW
lstrcmpiW
GlobalAlloc
CreateEventW
GetLocaleInfoW
GetStartupInfoW
GetProcessId
CreateProcessW
SleepEx
GetTickCount
WideCharToMultiByte
GlobalSize
GlobalLock
GlobalUnlock
DeleteFileW
CopyFileW
SetThreadPriority
SuspendThread
CreateFileW
TlsFree

user32

UnregisterClassW
MessageBoxW
SetWindowLongW
RegisterClassW
CreateWindowExW
DefWindowProcW
GetMenuStringW
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
SetRect
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetComboBoxInfo
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
MonitorFromPoint
UpdateLayeredWindow
UnionRect
DrawIcon
FrameRect
CopyIcon
SetCursorPos
BringWindowToTop
GetSystemMenu
IsZoomed
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetParent
SetWindowRgn
SetClassLongW
EnumDisplayMonitors
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetLayeredWindowAttributes
LoadMenuW
GetKeyNameTextW
MapVirtualKeyW
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
DrawIconEx
IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
LoadImageW
TrackMouseEvent
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
OffsetRect
SetRectEmpty
SendDlgItemMessageA
GetMenuItemInfoW
DestroyMenu
IntersectRect
SetWindowsHookExW
CallNextHookEx
CharUpperW
GetSystemMetrics
InflateRect
DestroyIcon
InvalidateRect
KillTimer
SetTimer
RealChildWindowFromPoint
GetDesktopWindow
DeleteMenu
SystemParametersInfoW
CopyImage
IsDialogMessageW
SetWindowTextW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
PostMessageW
PostQuitMessage
ShowOwnedPopups
SetCursor
EnableWindow
IsWindowEnabled
GetWindowLongW
GetParent
GetWindowThreadProcessId
GetLastActivePopup
UnhookWindowsHookEx
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
LoadBitmapW
GetWindowTextW
GetWindowTextLengthW
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
LoadCursorW
DrawTextW
DrawTextExW
GrayStringW
TabbedTextOutW
GetWindowDC
BeginPaint
EndPaint
ClientToScreen
SendMessageW
ScreenToClient
FillRect
RegisterWindowMessageW
GetMessagePos
GetMessageTime
CallWindowProcW
GetClassInfoW
GetClassInfoExW
IsWindow
IsMenu
IsChild
DestroyWindow
SetWindowPos
GetWindowPlacement
SetWindowPlacement
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
IsIconic
GetDlgItem
GetDlgCtrlID
SetFocus
GetCapture
GetMenu
SetMenu
TrackPopupMenu
UpdateWindow
SetActiveWindow
GetForegroundWindow
SetForegroundWindow
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropW
GetPropW
RemovePropW
GetClientRect
GetWindowRect
AdjustWindowRectEx
MapWindowPoints
CopyRect
EqualRect
PtInRect
GetClassLongW
GetClassNameW
GetTopWindow
GetWindow
LoadIconW

gdi32

GetTextFaceW
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
CreateCompatibleBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
EnumFontFamiliesExW
GetTextMetricsW
GetTextExtentPoint32W
DPtoLP
SetRectRgn
PatBlt
CreateRectRgnIndirect
CreateFontIndirectW
CombineRgn
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
ExtTextOutW
TextOutW
MoveToEx
GetObjectW
SetTextAlign
SetTextColor
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateCompatibleDC
BitBlt
CreateBitmap
GetDeviceCaps
CreateDCW
CopyMetaFileW

msimg32

TransparentBlt
AlphaBlend

winspool.drv

ClosePrinter
OpenPrinterW
DocumentPropertiesW

advapi32

SystemFunction036
RegQueryValueW
RegEnumKeyW
CreateProcessAsUserW
DuplicateTokenEx
SetSecurityDescriptorDacl
SetServiceStatus
RegisterServiceCtrlHandlerW
CreateServiceW
EqualSid
RegDeleteKeyW
DeleteService
RegEnumKeyExW
StartServiceCtrlDispatcherW
RegEnumValueW
QueryServiceStatus
CloseServiceHandle
OpenSCManagerW
OpenServiceW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
DeregisterEventSource
RegisterEventSourceW
ReportEventW
RegCloseKey
RegOpenKeyA
RegQueryValueExA
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW
GetTokenInformation
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
InitializeSecurityDescriptor

shell32

DragQueryFileW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragFinish
SHAppBarMessage
SHBrowseForFolderW
SHGetFileInfoW

shlwapi

PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathRemoveFileSpecW
StrFormatKBSizeW
PathIsUNCW

uxtheme

DrawThemeBackground
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
IsAppThemed
GetWindowTheme
GetCurrentThemeName
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemeColor
GetThemePartSize

ole32

RevokeDragDrop
RegisterDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoLockObjectExternal
OleGetClipboard
DoDragDrop
CreateStreamOnHGlobal
CoDisconnectObject
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoInitializeEx

oleaut32

VariantInit
LoadTypeLi
VarBstrFromDate
VariantChangeType
VariantCopy
VariantClear
SysFreeString
SysAllocString
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipDrawImageRectI
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdipSetInterpolationMode
GdiplusShutdown

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 375KB - Virtual size: 374KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 380KB - Virtual size: 380KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpog.bin.D9F23EA6_E0FA_47AA_907F_808D103497A8
tpog.bin1.D9F23EA6_E0FA_47AA_907F_808D103497A8
tpog.chm.D9F23EA6_E0FA_47AA_907F_808D103497A8
.chm
tpog.chm1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.chm
tpog.hlp.D9F23EA6_E0FA_47AA_907F_808D103497A8
tpog.hlp1.D9F23EA6_E0FA_47AA_907F_808D103497A8
tpprint.cat.D9F23EA6_E0FA_47AA_907F_808D103497A8
tpprn.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

e7a3e29c5d1022895ff1417fef2699f5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

18:16:1d:5b:e0:9a:3e:38:b6:a9:88:8c:12:fd:96:be:67:da:c2:78
Signer

Actual PE Digest

18:16:1d:5b:e0:9a:3e:38:b6:a9:88:8c:12:fd:96:be:67:da:c2:78

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

W:\StarTeam\BF3DF08D-D136-4FF9-BC4F-C8C7386FA542\TPPrn\Release\x64\TPPrn.pdb

Imports

kernel32

GlobalFree
GlobalAlloc
HeapFree
GetProcessHeap
ReadFile
HeapAlloc
GetLastError
DisableThreadLibraryCalls
IsDebuggerPresent
LocalFree
LocalAlloc
GetCurrentThreadId
GetVersionExW
WriteConsoleW
SetStdHandle
IsValidLocale
DebugBreak
GetModuleHandleW
CreateFileW
SetFilePointer
SetLastError
GetLocalTime
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
LoadLibraryW
FreeLibrary
SetConsoleCtrlHandler
WriteFile
CloseHandle
LeaveCriticalSection
TryEnterCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLocaleInfoW
InitializeCriticalSection
WideCharToMultiByte
EncodePointer
DecodePointer
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
FlsSetValue
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
TerminateProcess
GetCurrentProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
GetCurrentThread
FlsAlloc
GetStringTypeW
Sleep
HeapSize
GetProcAddress
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringW
FatalAppExitA
GetModuleFileNameW
HeapReAlloc
FlushFileBuffers

user32

MessageBoxW
LoadStringW

gdi32

EngDeletePalette
EngDeleteSurface
EngCreateBitmap
EngAssociateSurface
EngCreatePalette

winspool.drv

GetPrinterW
GetPrinterDataW
EnumPrintersW
EnumPrinterDataW
EnumPrinterDataExW

advapi32

RegisterEventSourceW
ReportEventW
DeregisterEventSource
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegEnumValueW

Exports

Exports

DllMain
DrvDeviceCapabilities
DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo

Sections

.text
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpprn.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

95b47d39fe14cc722f7c9dda249c2d17

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

56:f4:0e:fe:59:f8:0d:06:e5:5d:48:c6:6b:8b:d9:b2:93:18:05:aa
Signer

Actual PE Digest

56:f4:0e:fe:59:f8:0d:06:e5:5d:48:c6:6b:8b:d9:b2:93:18:05:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GlobalAlloc
HeapFree
ReadFile
HeapAlloc
GetLastError
DisableThreadLibraryCalls
IsDebuggerPresent
LocalFree
LocalAlloc
GetCurrentThreadId
GetVersionExW
WriteConsoleW
SetStdHandle
GetModuleHandleW
CreateFileW
SetFilePointer
SetLastError
GetLocalTime
LoadLibraryW
WriteFile
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
GetLocaleInfoW
InitializeCriticalSection
WideCharToMultiByte
EncodePointer
DecodePointer
RtlUnwind
RaiseException
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetProcAddress
GetStringTypeW
IsProcessorFeaturePresent
Sleep
HeapSize
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LCMapStringW
GetModuleFileNameW
HeapReAlloc
FlushFileBuffers

user32

MessageBoxW
LoadStringW

gdi32

EngDeletePalette
EngDeleteSurface
EngCreateBitmap
EngAssociateSurface
EngCreatePalette

winspool.drv

GetPrinterW
GetPrinterDataW
EnumPrinterDataW

advapi32

RegOpenKeyW
RegQueryValueExW
RegCloseKey

Exports

Exports

DllMain
DrvDeviceCapabilities
DrvDisableDriver
DrvEnableDriver
DrvQueryDriverInfo

Sections

.text
Size: 97KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpprnui.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

0ae7ac6fdc41b2ec8ee6ea4afe6c14d6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

f0:46:04:16:90:55:14:fa:d7:79:d4:13:67:af:2f:97:e0:1d:e8:a7
Signer

Actual PE Digest

f0:46:04:16:90:55:14:fa:d7:79:d4:13:67:af:2f:97:e0:1d:e8:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

W:\StarTeam\46EDB79B-FD21-4069-AAF1-393DD6B7F69D\TPPrnUI\Release\x64\TPPrnUI.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

clusapi

CloseCluster
ClusterCloseEnum
ClusterOpenEnum
OpenCluster
ClusterEnum

kernel32

GetConsoleMode
FatalAppExitA
SetHandleCount
GetStartupInfoW
GetStringTypeW
LCMapStringW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetConsoleCtrlHandler
GetTimeZoneInformation
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
GetConsoleCP
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetLocalTime
OutputDebugStringW
SetLastError
GetLastError
CloseHandle
HeapSetInformation
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
GetVersionExW
SizeofResource
LockResource
LoadResource
FindResourceW
WideCharToMultiByte
MultiByteToWideChar
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
HeapDestroy
LoadLibraryW
GetModuleFileNameW
GetModuleHandleExW
OutputDebugStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStdHandle
FlsAlloc
FlsFree
FlsGetValue
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
HeapQueryInformation
HeapSize
CreateThread
ExitThread
ExitProcess
GetCommandLineA
FlsSetValue
HeapAlloc
RtlPcToFileHeader
RaiseException
FreeLibrary
GetProcAddress
GetModuleHandleW
lstrlenW
LocalFree
LocalAlloc
GetLocaleInfoW
GlobalFree
GlobalAlloc
GetPrivateProfileStringW
GetFileSize
CreateFileW
GetCommandLineW
HeapCreate
QueryActCtxW
GetVersion
GetSystemTimeAsFileTime
HeapReAlloc
MulDiv
FormatMessageW
GlobalUnlock
HeapFree
RtlUnwindEx
RtlLookupFunctionEntry
DecodePointer
EncodePointer
LocalUnlock
LocalLock
GetDiskFreeSpaceW
ReplaceFileW
GetUserDefaultLCID
SearchPathW
Sleep
GetProfileIntW
GetTickCount
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetFileTime
GetFileSizeEx
GetFileAttributesW
SetFileTime
LocalFileTimeToFileTime
FileTimeToLocalFileTime
SetFileAttributesW
GetFileAttributesExW
GetShortPathNameW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
MoveFileW
lstrcmpiW
GetStringTypeExW
DeleteFileW
GetCurrentDirectoryW
lstrcpyW
GetSystemDirectoryW
GlobalFlags
FindResourceExW
SystemTimeToFileTime
FileTimeToSystemTime
GetThreadLocale
GetAtomNameW
GlobalGetAtomNameW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
GlobalLock
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
WritePrivateProfileStringW
GetPrivateProfileIntW
CreateEventW
SuspendThread
SetEvent
WaitForSingleObject
ResumeThread
SetThreadPriority
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
CompareStringA
LoadLibraryExW
ReleaseActCtx
GetCurrentProcessId
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
InitializeCriticalSectionAndSpinCount
lstrcmpW
VirtualProtect
lstrlenA
lstrcmpA
CopyFileW
GlobalSize

user32

IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
PostThreadMessageW
CreateMenu
InSendMessage
IsMenu
UpdateLayeredWindow
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
GetMenuBarInfo
InsertMenuItemW
TranslateAcceleratorW
GetNextDlgGroupItem
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateW
MessageBeep
ReleaseCapture
SetCapture
GetSystemMenu
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
CharUpperW
IsIconic
KillTimer
SetTimer
DeleteMenu
IntersectRect
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
RealChildWindowFromPoint
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
GetDialogBaseUnits
GetSystemMetrics
GetSysColorBrush
UnregisterClassW
ShowOwnedPopups
GetMessageW
TranslateMessage
GetCursorPos
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
MapVirtualKeyW
GetKeyNameTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
LoadMenuW
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
SendNotifyMessageW
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
FillRect
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassNameW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetWindowLongPtrW
SetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
ScrollWindow
TrackPopupMenuEx
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
ValidateRect
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
SetPropW
GetCapture
GetActiveWindow
SetActiveWindow
MapDialogRect
GetPropW
RemovePropW
GetAsyncKeyState
PostMessageW
GetWindowTextLengthW
GetWindowTextW
GetFocus
SetFocus
SetWindowPos
ScrollWindowEx
GetParent
IsWindowEnabled
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
IsDlgButtonChecked
SetDlgItemTextW
SetDlgItemInt
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetTabbedTextExtentW
GetDCEx
EnumChildWindows
GetWindowRgn
WindowFromDC
SendDlgItemMessageW
GetDlgItemTextW
GetDlgItemInt
GetDlgItem
CheckRadioButton
CheckDlgButton
GetWindow
GetMenuState
GetMenuStringW
AppendMenuW
DestroyCursor
DrawIcon
SubtractRect
MapVirtualKeyExW
IsCharLowerW
GetDC
GetDoubleClickTime
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
wsprintfW
SetClassLongPtrW
IsWindowVisible
PostQuitMessage
IsWindow
GetIconInfo
MapWindowPoints
LoadCursorW
GetSysColor
DrawTextW
GetWindowLongW
SetWindowLongW
CopyRect
PtInRect
SetCursor
TrackMouseEvent
RedrawWindow
LoadImageW
DrawIconEx
InvalidateRect
DestroyIcon
GetClassLongPtrW
SendMessageW
EnableWindow
UpdateWindow
GetWindowRect
MessageBoxW
GetWindowThreadProcessId

gdi32

SetLayout
SetArcDirection
SetColorAdjustment
SelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
StartDocW
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
GetCurrentPositionEx
ArcTo
PolyDraw
PolylineTo
PolyBezierTo
ExtSelectClipRgn
CreateDIBPatternBrushPt
CreatePatternBrush
CreateBitmap
GetStockObject
SelectPalette
PlayMetaFileRecord
GetObjectType
EnumMetaFile
PlayMetaFile
CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
GetTextExtentPoint32W
GetTextMetricsW
EnumFontFamiliesExW
CreateDIBitmap
CreateCompatibleBitmap
SetTextCharacterExtra
GetTextCharsetInfo
SetRectRgn
GetLayout
GetMapMode
DPtoLP
GetCharWidthW
CreateFontW
StretchDIBits
GetCurrentObject
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
SetDIBColorTable
GetDIBits
StretchBlt
SetPixel
RoundRect
Rectangle
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
StartPage
EndPage
SetAbortProc
AbortDoc
EndDoc
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextAlign
GetTextFaceW
CreateMetaFileW
CloseMetaFile
DeleteMetaFile
SetPixelV
CombineRgn
SetMapperFlags
SetTextJustification
SetTextAlign
MoveToEx
LineTo
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
CreateDCW
CopyMetaFileW
GetDeviceCaps
CreateCompatibleDC
DeleteDC
SelectObject
DeleteObject
SetTextColor
CreateFontIndirectW
EnumFontFamiliesW
PolyPolyline
GetObjectW

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DeletePrinterDataW
ClosePrinter
SetPrinterDataExW
OpenPrinterW
GetPrinterW
EnumPrintersW
GetPrinterDriverW
SetPrinterW
XcvDataW
EnumPrinterDataW
EnumPrinterDataExW
GetPrinterDataW
DocumentPropertiesW
GetJobW
SetPrinterDataW

advapi32

SetFileSecurityW
RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegEnumValueW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegSetValueW
GetFileSecurityW
RegCloseKey
RegQueryValueW
RegEnumKeyW

shell32

SHAppBarMessage
CommandLineToArgvW
SHAddToRecentDocs
ExtractIconW
SHGetFileInfoW
SHGetDesktopFolder
ShellExecuteExW
SHBrowseForFolderW
SHGetMalloc
ShellExecuteW
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation
SHGetPathFromIDListW

comctl32

ImageList_GetIconSize
ImageList_GetIcon
ImageList_ReplaceIcon
ImageList_Create
ImageList_GetImageCount
ImageList_Destroy
ImageList_AddMasked
ImageList_Remove
ImageList_DrawEx

shlwapi

PathRemoveExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW

ole32

OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
StgIsStorageFile
StgOpenStorage
CreateFileMoniker
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
StgCreateDocfile
CoInitializeEx
CoUninitialize
CoInitialize
CLSIDFromString
StringFromGUID2
CreateGenericComposite
PropVariantCopy
OleDuplicateData
CoTreatAsClass
StringFromCLSID
ReleaseStgMedium
CreateBindCtx
IsAccelerator
ReadFmtUserTypeStg
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CreateItemMoniker
OleGetIconOfClass
OleCreateLinkToFile
OleCreateFromFile
OleSetContainedObject
GetHGlobalFromILockBytes
OleLoad
OleCreate
OleCreateStaticFromData
OleCreateLinkFromData
OleCreateFromData
OleSaveToStream
WriteClassStm
OleLockRunning
OleSetMenuDescriptor
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CreateDataAdviseHolder
CreateOleAdviseHolder
CoGetMalloc
GetRunningObjectTable
OleIsRunning
OleQueryLinkFromData
OleQueryCreateFromData
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
OleRun
OleRegGetMiscStatus
ReadClassStg
OleRegEnumVerbs
OleSave
OleFlushClipboard
StgCreateDocfileOnILockBytes
OleIsCurrentClipboard
CoCreateGuid
DoDragDrop
OleSetClipboard
CoDisconnectObject
CreateStreamOnHGlobal

oleaut32

SysAllocString
VarBstrFromDate
VarDecFromStr
VarBstrFromDec
VarBstrFromCy
VarCyFromStr
SysReAllocStringLen
VarDateFromStr
SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayPtrOfIndex
SafeArrayGetElement
SafeArrayCopy
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayRedim
SafeArrayCreate
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
LoadTypeLi
RegisterTypeLi
SysAllocStringLen
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
VariantCopy
SysFreeString
SysStringLen
GetErrorInfo
SetErrorInfo
LoadRegTypeLi
CreateErrorInfo

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromFile
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundW

oledlg

OleUIBusyW

Exports

Exports

DevQueryPrintEx
DllGetClassObject
DrvAdvancedDocumentProperties
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentProperties
DrvDocumentPropertySheets
DrvPrinterEvent
DrvUpgradePrinter
PrinterProperties
TPGetOption
TPSetOption
TPSetOption_RUNDLLW

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 55KB - Virtual size: 110KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 165KB - Virtual size: 165KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 86KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpprnui.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

519d3a6eb509ec7e6985cd5a68b1a13e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

58:45:fb:05:63:0e:09:c6:02:47:bc:4f:f1:9f:bf:ad:b8:f5:ed:38
Signer

Actual PE Digest

58:45:fb:05:63:0e:09:c6:02:47:bc:4f:f1:9f:bf:ad:b8:f5:ed:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

clusapi

CloseCluster
ClusterCloseEnum
ClusterOpenEnum
OpenCluster
ClusterEnum

kernel32

EnumSystemLocalesA
IsValidLocale
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTimeZoneInformation
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
InterlockedCompareExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
GetLocalTime
OutputDebugStringW
SetLastError
GetLastError
CloseHandle
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
SetHandleCount
GetVersionExW
SizeofResource
LockResource
LoadResource
FindResourceW
WideCharToMultiByte
MultiByteToWideChar
GetModuleHandleA
GetModuleHandleW
GetProcAddress
GetFileAttributesW
GetVersion
LoadLibraryW
GetModuleFileNameW
OutputDebugStringA
GetLocaleInfoA
lstrlenW
GetConsoleMode
GetConsoleCP
HeapDestroy
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetStdHandle
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetFileType
SetStdHandle
VirtualQuery
GetSystemInfo
VirtualAlloc
HeapQueryInformation
HeapSize
CreateThread
ExitThread
ExitProcess
GetCommandLineA
HeapAlloc
RaiseException
GetSystemTimeAsFileTime
HeapReAlloc
LocalFree
LocalAlloc
GetLocaleInfoW
GlobalFree
GlobalAlloc
LoadLibraryA
GetPrivateProfileStringW
GetFileSize
CreateFileW
GetCommandLineW
InterlockedIncrement
InterlockedDecrement
LCMapStringW
GetStringTypeW
FreeLibrary
GetStartupInfoW
HeapFree
RtlUnwind
MulDiv
FormatMessageW
GlobalUnlock
DecodePointer
EncodePointer
GetUserDefaultLCID
SearchPathW
Sleep
GetProfileIntW
GetTickCount
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
GetFileTime
GetFileSizeEx
FileTimeToLocalFileTime
GetFileAttributesExW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
lstrcmpiW
DeleteFileW
GetCurrentDirectoryW
lstrcpyW
GetSystemDirectoryW
GlobalFlags
FindResourceExW
FileTimeToSystemTime
GlobalGetAtomNameW
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalLock
WaitForSingleObject
ResumeThread
SetThreadPriority
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
LoadLibraryExW
InterlockedExchange
ReleaseActCtx
CreateActCtxW
GetCurrentProcessId
FreeResource
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
CompareStringW
InitializeCriticalSectionAndSpinCount
lstrcmpW
ActivateActCtx
DeactivateActCtx
VirtualProtect
lstrlenA
lstrcmpA
CopyFileW
GlobalSize

user32

IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
PostThreadMessageW
CreateMenu
IsMenu
UpdateLayeredWindow
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
GetNextDlgGroupItem
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawStateW
MessageBeep
ReleaseCapture
SetCapture
GetSystemMenu
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
CharUpperW
IsIconic
KillTimer
SetTimer
DeleteMenu
IntersectRect
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
RealChildWindowFromPoint
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
GetSystemMetrics
GetSysColorBrush
ShowOwnedPopups
GetMessageW
TranslateMessage
GetCursorPos
GetWindowThreadProcessId
GetDesktopWindow
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
MapVirtualKeyW
GetKeyNameTextW
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
ModifyMenuW
EnableMenuItem
CheckMenuItem
LoadMenuW
EndPaint
BeginPaint
ReleaseDC
GetDC
ClientToScreen
GrayStringW
DrawTextExW
TabbedTextOutW
FillRect
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
IsChild
SetWindowsHookExW
CallNextHookEx
GetClassNameW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
ValidateRect
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
DefWindowProcW
CallWindowProcW
GetMenu
SetPropW
GetCapture
GetActiveWindow
SetActiveWindow
MapDialogRect
GetPropW
RemovePropW
GetAsyncKeyState
PostMessageW
GetWindowTextLengthW
GetWindowTextW
GetFocus
SetFocus
SetWindowPos
GetParent
IsWindowEnabled
ShowWindow
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
CharUpperBuffW
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
SendDlgItemMessageW
GetDlgItem
CheckDlgButton
GetWindow
GetMenuState
GetMenuStringW
GetWindowRgn
DestroyCursor
DrawIcon
GetWindowDC
SubtractRect
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
wsprintfW
SetClassLongW
IsWindowVisible
PostQuitMessage
IsWindow
GetIconInfo
MapWindowPoints
LoadCursorW
GetSysColor
DrawTextW
GetWindowLongW
SetWindowLongW
CopyRect
PtInRect
SetCursor
TrackMouseEvent
RedrawWindow
LoadImageW
DrawIconEx
InvalidateRect
DestroyIcon
GetClassLongW
SendMessageW
EnableWindow
UpdateWindow
GetWindowRect
MessageBoxW
UnregisterClassW

gdi32

SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
SetWindowExtEx
ScaleWindowExtEx
ExtSelectClipRgn
CreatePatternBrush
CreateBitmap
GetStockObject
SelectPalette
GetObjectType
CreatePen
CreateSolidBrush
CreateHatchBrush
CreateRectRgnIndirect
PatBlt
GetTextExtentPoint32W
GetTextMetricsW
EnumFontFamiliesExW
CreateDIBitmap
CreateCompatibleBitmap
GetTextCharsetInfo
SetRectRgn
GetLayout
DPtoLP
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
SetDIBColorTable
StretchBlt
SetPixel
Rectangle
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceW
SetPixelV
CombineRgn
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
SetBkColor
CreateDCW
CopyMetaFileW
GetDeviceCaps
CreateCompatibleDC
DeleteDC
SelectObject
DeleteObject
SetTextColor
CreateFontIndirectW
EnumFontFamiliesW
PolyPolyline
GetObjectW

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DeletePrinterDataW
ClosePrinter
SetPrinterDataExW
OpenPrinterW
GetPrinterW
EnumPrintersW
GetPrinterDriverW
SetPrinterW
XcvDataW
EnumPrinterDataW
GetPrinterDataW
DocumentPropertiesW
SetPrinterDataW

advapi32

RegQueryValueExW
RegOpenKeyW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegSetValueExW
RegEnumValueW
RegDeleteKeyW
RegEnumKeyExW
RegQueryInfoKeyW
DeregisterEventSource
ReportEventW
RegisterEventSourceW
RegCloseKey
RegQueryValueW
RegEnumKeyW

shell32

SHAppBarMessage
CommandLineToArgvW
SHGetFileInfoW
SHGetDesktopFolder
SHBrowseForFolderW
ShellExecuteW
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation
SHGetPathFromIDListW

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW

ole32

OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateGuid
OleDuplicateData
ReleaseStgMedium
IsAccelerator
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
OleLockRunning
CreateStreamOnHGlobal
RevokeDragDrop
CoLockObjectExternal
RegisterDragDrop
OleGetClipboard
DoDragDrop

oleaut32

SysAllocString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
VariantChangeType
SysStringByteLen
SysAllocStringByteLen
VariantClear
VariantInit
VariantCopy
SysFreeString
SysStringLen

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Exports

Exports

DevQueryPrintEx
DllGetClassObject
DrvAdvancedDocumentProperties
DrvConvertDevMode
DrvDeviceCapabilities
DrvDevicePropertySheets
DrvDocumentProperties
DrvDocumentPropertySheets
DrvPrinterEvent
DrvUpgradePrinter
PrinterProperties
TPGetOption
TPSetOption
TPSetOption_RUNDLLW

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 352KB - Virtual size: 352KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 270KB - Virtual size: 270KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpprnuichs.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

26:86:ae:40:49:59:93:ab:83:6e:f7:36:c5:75:52:ac:fb:b0:f7:06
Signer

Actual PE Digest

26:86:ae:40:49:59:93:ab:83:6e:f7:36:c5:75:52:ac:fb:b0:f7:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuichs.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

d0:8d:8c:51:ee:b4:fe:ca:bc:07:d9:e4:a3:99:e9:1e:ac:9e:cc:bf
Signer

Actual PE Digest

d0:8d:8c:51:ee:b4:fe:ca:bc:07:d9:e4:a3:99:e9:1e:ac:9e:cc:bf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuicht.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

9d:60:4c:4e:86:2c:ca:4d:b5:83:af:00:e3:94:f0:a6:ed:5b:e3:4f
Signer

Actual PE Digest

9d:60:4c:4e:86:2c:ca:4d:b5:83:af:00:e3:94:f0:a6:ed:5b:e3:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuicht.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

7e:a2:c5:b4:ba:f6:82:73:fb:b9:10:d9:94:a4:0c:28:29:3b:00:0c
Signer

Actual PE Digest

7e:a2:c5:b4:ba:f6:82:73:fb:b9:10:d9:94:a4:0c:28:29:3b:00:0c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuicsy.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

5f:cf:92:36:de:70:03:ff:94:96:a3:04:f0:1a:32:b8:8c:a4:fd:fe
Signer

Actual PE Digest

5f:cf:92:36:de:70:03:ff:94:96:a3:04:f0:1a:32:b8:8c:a4:fd:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuicsy.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

6e:68:f8:2a:e0:a2:64:37:e0:e7:59:f6:a1:5d:0e:81:85:a8:d9:22
Signer

Actual PE Digest

6e:68:f8:2a:e0:a2:64:37:e0:e7:59:f6:a1:5d:0e:81:85:a8:d9:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuideu.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

0e:77:09:2a:f2:a4:75:9f:14:a9:c1:d4:38:ea:26:c3:f3:04:62:a1
Signer

Actual PE Digest

0e:77:09:2a:f2:a4:75:9f:14:a9:c1:d4:38:ea:26:c3:f3:04:62:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuideu.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

c3:0c:e1:ad:35:8e:1a:6f:e3:82:bf:1a:82:85:9e:e1:2a:a0:13:50
Signer

Actual PE Digest

c3:0c:e1:ad:35:8e:1a:6f:e3:82:bf:1a:82:85:9e:e1:2a:a0:13:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuiell.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

4f:be:64:f3:29:0d:3b:95:4c:cf:f0:2b:21:23:e7:70:af:b9:9b:9a
Signer

Actual PE Digest

4f:be:64:f3:29:0d:3b:95:4c:cf:f0:2b:21:23:e7:70:af:b9:9b:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuiell.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

fb:6e:fe:1c:c4:f2:82:2e:23:70:11:6a:7c:c1:ff:82:cd:b6:4b:dd
Signer

Actual PE Digest

fb:6e:fe:1c:c4:f2:82:2e:23:70:11:6a:7c:c1:ff:82:cd:b6:4b:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuiesn.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

c4:52:ab:5e:ed:ff:96:ad:ec:eb:65:00:e4:36:65:ee:81:21:3c:4f
Signer

Actual PE Digest

c4:52:ab:5e:ed:ff:96:ad:ec:eb:65:00:e4:36:65:ee:81:21:3c:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuiesn.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

5f:0c:3e:2a:11:7d:fa:91:b7:7e:64:9d:14:a8:68:0a:a4:89:b1:1c
Signer

Actual PE Digest

5f:0c:3e:2a:11:7d:fa:91:b7:7e:64:9d:14:a8:68:0a:a4:89:b1:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 54KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuifra.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:e1:13:4d:e4:30:cd:b9:e3:cb:15:96:5c:ff:28:a9:bc:99:45:0f
Signer

Actual PE Digest

dd:e1:13:4d:e4:30:cd:b9:e3:cb:15:96:5c:ff:28:a9:bc:99:45:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuifra.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

df:7b:3c:01:e9:fc:33:9e:af:b5:fc:ef:1b:c1:d3:31:fe:e6:63:4e
Signer

Actual PE Digest

df:7b:3c:01:e9:fc:33:9e:af:b5:fc:ef:1b:c1:d3:31:fe:e6:63:4e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuihun.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

84:e5:95:b7:2f:76:85:ac:72:b7:83:65:1b:86:d2:72:2f:7f:a5:a3
Signer

Actual PE Digest

84:e5:95:b7:2f:76:85:ac:72:b7:83:65:1b:86:d2:72:2f:7f:a5:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuihun.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

c2:3a:ef:b8:68:46:95:40:95:19:5e:bf:86:c5:8e:f8:48:34:9a:9e
Signer

Actual PE Digest

c2:3a:ef:b8:68:46:95:40:95:19:5e:bf:86:c5:8e:f8:48:34:9a:9e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuiita.dll_amd64.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

ee:d5:89:bd:46:63:b6:a3:9b:01:c7:e8:3d:ed:5a:5c:f4:76:1b:ef
Signer

Actual PE Digest

ee:d5:89:bd:46:63:b6:a3:9b:01:c7:e8:3d:ed:5a:5c:f4:76:1b:ef

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuiita.dll_i386.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

7a:f5:26:65:0f:d5:49:76:f1:41:a2:7c:0b:b5:e6:b2:32:dc:a9:21
Signer

Actual PE Digest

7a:f5:26:65:0f:d5:49:76:f1:41:a2:7c:0b:b5:e6:b2:32:dc:a9:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuijpn.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

0b:fd:a1:c1:16:a6:0c:bc:46:26:44:aa:16:34:62:c1:66:a3:cd:69
Signer

Actual PE Digest

0b:fd:a1:c1:16:a6:0c:bc:46:26:44:aa:16:34:62:c1:66:a3:cd:69

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuijpn.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

ea:2a:09:57:76:5a:d4:9b:c8:b9:b3:48:49:e2:8d:b0:39:c1:05:42
Signer

Actual PE Digest

ea:2a:09:57:76:5a:d4:9b:c8:b9:b3:48:49:e2:8d:b0:39:c1:05:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuikor.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

dd:8f:e2:2f:eb:4b:be:3a:27:92:7f:4a:f5:12:1d:06:10:24:58:b0
Signer

Actual PE Digest

dd:8f:e2:2f:eb:4b:be:3a:27:92:7f:4a:f5:12:1d:06:10:24:58:b0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuikor.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

88:a1:e5:0b:6b:70:9d:17:f0:68:ae:9d:48:50:f4:93:f5:ad:3f:a2
Signer

Actual PE Digest

88:a1:e5:0b:6b:70:9d:17:f0:68:ae:9d:48:50:f4:93:f5:ad:3f:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 47KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuiplk.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

ba:11:0c:2e:66:f5:4d:8a:66:0d:c6:82:a4:d5:be:27:9b:dd:bf:c1
Signer

Actual PE Digest

ba:11:0c:2e:66:f5:4d:8a:66:0d:c6:82:a4:d5:be:27:9b:dd:bf:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuiplk.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

5a:9b:38:6c:3b:71:ef:4d:5a:50:b5:54:ab:91:3b:b2:18:48:f0:a8
Signer

Actual PE Digest

5a:9b:38:6c:3b:71:ef:4d:5a:50:b5:54:ab:91:3b:b2:18:48:f0:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuiptb.dll_amd64.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

e1:e1:30:d6:f4:c9:a5:ab:aa:0d:e5:46:b3:0e:14:00:bb:92:62:e3
Signer

Actual PE Digest

e1:e1:30:d6:f4:c9:a5:ab:aa:0d:e5:46:b3:0e:14:00:bb:92:62:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuiptb.dll_i386.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

4d:df:45:25:63:cc:97:5b:c6:05:23:64:89:29:70:0d:00:51:6c:ad
Signer

Actual PE Digest

4d:df:45:25:63:cc:97:5b:c6:05:23:64:89:29:70:0d:00:51:6c:ad

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuirus.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

c7:65:70:d2:48:5b:00:5e:4e:1b:54:db:52:96:7e:74:c7:eb:72:d2
Signer

Actual PE Digest

c7:65:70:d2:48:5b:00:5e:4e:1b:54:db:52:96:7e:74:c7:eb:72:d2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuirus.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

ad:27:5e:26:27:e9:de:2f:93:a7:db:f7:f5:18:bb:39:bf:f4:48:6f
Signer

Actual PE Digest

ad:27:5e:26:27:e9:de:2f:93:a7:db:f7:f5:18:bb:39:bf:f4:48:6f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuisve.dll_amd64.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

c0:61:4a:4e:fa:fc:94:d8:cf:7a:4c:64:81:ab:d2:be:f3:7a:bf:06
Signer

Actual PE Digest

c0:61:4a:4e:fa:fc:94:d8:cf:7a:4c:64:81:ab:d2:be:f3:7a:bf:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuisve.dll_i386.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

0c:b5:39:62:f7:43:72:ad:be:61:38:08:ad:c6:e1:00:3a:4f:a4:d3
Signer

Actual PE Digest

0c:b5:39:62:f7:43:72:ad:be:61:38:08:ad:c6:e1:00:3a:4f:a4:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuitha.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

53:c0:9a:b9:05:a6:46:11:b4:13:8f:0a:d6:26:b7:99:cb:31:75:6c
Signer

Actual PE Digest

53:c0:9a:b9:05:a6:46:11:b4:13:8f:0a:d6:26:b7:99:cb:31:75:6c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpprnuitha.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

24:ee:4a:bb:13:87:27:0a:91:ac:0d:2c:23:2a:c3:55:5d:a1:13:3d
Signer

Actual PE Digest

24:ee:4a:bb:13:87:27:0a:91:ac:0d:2c:23:2a:c3:55:5d:a1:13:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpps.cat.D9F23EA6_E0FA_47AA_907F_808D103497A8
tpps.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

821cb150d6c8bc03bc71489dd43b3af7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

e7:23:b6:91:b5:ea:50:ea:8c:cf:1b:57:1d:9f:3a:f3:f4:06:48:a2
Signer

Actual PE Digest

e7:23:b6:91:b5:ea:50:ea:8c:cf:1b:57:1d:9f:3a:f3:f4:06:48:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

OutputDebugStringW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetLocalTime
DeleteCriticalSection
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetProcessHeap
SetLastError
IsProcessorFeaturePresent
GetStringTypeW
LCMapStringW
CreateFileW
SetStdHandle
WriteConsoleW
InterlockedDecrement
InterlockedIncrement
SetEndOfFile
GetLastError
HeapFree
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
RaiseException
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwind
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CloseHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleFileNameW
SetFilePointer
HeapReAlloc
LoadLibraryW
ReadFile

user32

MessageBoxW

winspool.drv

GetPrinterW
ClosePrinter
DeletePrinterDataW
EnumFormsW
SetPrinterDataW
WritePrinter
GetPrinterDataW
OpenPrinterW
DeviceCapabilitiesW

advapi32

RegOpenKeyW
RegQueryValueExW
RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpps.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

6d863d75d05c43fad4e74d7adf557762

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:03:f3:87:e9:ce:15:9f:c8:95:78:a3:f0:e4:4d:4c:65:69:c5:80
Signer

Actual PE Digest

9e:03:f3:87:e9:ce:15:9f:c8:95:78:a3:f0:e4:4d:4c:65:69:c5:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

W:\StarTeam\8E0EDCE4-ED6B-4900-80CD-523A18FAE933\TPPS\Release\x64\TPPs.pdb

Imports

kernel32

LeaveCriticalSection
EnterCriticalSection
GetLocalTime
DeleteCriticalSection
GetCurrentThreadId
WideCharToMultiByte
MultiByteToWideChar
GetProcessHeap
SetEndOfFile
InitializeCriticalSection
GetStringTypeW
LCMapStringW
CreateFileW
SetStdHandle
WriteConsoleW
LoadLibraryW
OutputDebugStringW
SetLastError
GetLastError
HeapFree
EncodePointer
DecodePointer
GetSystemTimeAsFileTime
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
RaiseException
RtlPcToFileHeader
HeapSetInformation
GetVersion
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
Sleep
GetProcAddress
GetModuleHandleW
ExitProcess
WriteFile
GetConsoleCP
GetConsoleMode
FlushFileBuffers
RtlUnwindEx
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
FlsAlloc
CloseHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetModuleFileNameW
SetFilePointer
HeapReAlloc
ReadFile

user32

MessageBoxW

winspool.drv

GetPrinterW
ClosePrinter
DeletePrinterDataW
EnumFormsW
SetPrinterDataW
WritePrinter
GetPrinterDataW
OpenPrinterW
DeviceCapabilitiesW

advapi32

RegOpenKeyW
RegQueryValueExW
RegCloseKey

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpps.ini.D9F23EA6_E0FA_47AA_907F_808D103497A8
tpps.ini1.D9F23EA6_E0FA_47AA_907F_808D103497A8
tpps.ppd.D9F23EA6_E0FA_47AA_907F_808D103497A8
tpps.ppd1.D9F23EA6_E0FA_47AA_907F_808D103497A8
tprdpw32.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:6 windows x86 arch:x86

7531b4de50e58f0319ba3aa99600c517

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:e2:cd:bc:c6:fa:f9:80:2c:2d:c5:1c:44:72:e6:3b:fd:e1:e9:df:df:41:6c:26:fb:2a:c4:20:62:48:63:15
Signer

Actual PE Digest

13:e2:cd:bc:c6:fa:f9:80:2c:2d:c5:1c:44:72:e6:3b:fd:e1:e9:df:df:41:6c:26:fb:2a:c4:20:62:48:63:15

Digest Algorithm

sha256

PE Digest Matches

true

cd:ec:51:6c:d3:05:fc:d2:99:89:02:08:2f:7f:f2:e2:73:9b:6a:22
Signer

Actual PE Digest

cd:ec:51:6c:d3:05:fc:d2:99:89:02:08:2f:7f:f2:e2:73:9b:6a:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wtsapi32

WTSVirtualChannelQuery
WTSVirtualChannelClose
WTSVirtualChannelOpen
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW

ws2_32

InetPtonW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

WideCharToMultiByte
ReadFile
WriteFile
GetOverlappedResult
CancelIo
SetEvent
ResetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
OpenMutexW
CreateEventW
Sleep
GetCurrentThreadId
GetTickCount
GetModuleFileNameW
MultiByteToWideChar
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
EncodePointer
DecodePointer
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetStdHandle
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
LoadLibraryW
TlsFree
GetStartupInfoW
GetModuleHandleW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
SetEnvironmentVariableA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
CompareStringW
LCMapStringW
LoadLibraryExW
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapReAlloc
HeapSize
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
ReadConsoleW
GetFileSize
DeleteFileW
SetFilePointer
GetLocalTime
FindFirstFileExW
FindClose
LocalAlloc
GlobalFree
GlobalAlloc
GetProcAddress
FreeLibrary
GetVersionExW
GetCurrentThread
GetCurrentProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DuplicateHandle
CloseHandle
LocalFree
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
SetLastError
GetLastError
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
GetCurrentDirectoryW
GetTimeZoneInformation
SetEndOfFile
TlsSetValue
GetSystemTimeAsFileTime

user32

wsprintfW
wvsprintfW
LoadStringW

advapi32

AddAccessAllowedAce
GetAce
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupAccountSidW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
IsValidSid
GetTokenInformation
GetSidLengthRequired
GetLengthSid
FreeSid
EqualSid
CopySid
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl

Exports

Exports

DllEntryPoint
DllMain
GetDllVersion
VirtualChannelClientMachine
VirtualChannelClientMachine2
VirtualChannelClose
VirtualChannelClose2
VirtualChannelFreeMemory
VirtualChannelOpen
VirtualChannelOpen2
VirtualChannelOpen3
VirtualChannelOpenBySessionId2
VirtualChannelOpenBySessionId3
VirtualChannelPurgeInput
VirtualChannelPurgeInput2
VirtualChannelPurgeOutput
VirtualChannelPurgeOutput2
VirtualChannelQuerySessionInformation
VirtualChannelRead
VirtualChannelRead2
VirtualChannelWrite
VirtualChannelWrite2
VirtualChannelWrite3

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpsvc.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll regsvr32 windows:6 windows x86 arch:x86

4acc6d3892a5e35e81080df6ed221228

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:6b:30:96:71:bb:e9:f9:c0:9a:2f:42:3d:13:2a:60:8c:7f:11:5b:dc:5e:be:51:0d:bc:91:9f:3d:13:4a:d5
Signer

Actual PE Digest

1d:6b:30:96:71:bb:e9:f9:c0:9a:2f:42:3d:13:2a:60:8c:7f:11:5b:dc:5e:be:51:0d:bc:91:9f:3d:13:4a:d5

Digest Algorithm

sha256

PE Digest Matches

true

68:4e:61:a2:47:d8:1b:08:a9:fd:c2:72:6f:1c:b7:32:ff:f0:17:f5
Signer

Actual PE Digest

68:4e:61:a2:47:d8:1b:08:a9:fd:c2:72:6f:1c:b7:32:ff:f0:17:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

W:\StarTeam\141F0460-7183-4131-BC16-1DB4E35FD840\TPAutoConnDll\Release\x86\TPSvc.pdb

Imports

framedyn

?ValidateQueryFlags@Provider@@MAEJJ@Z
?ValidatePutInstanceFlags@Provider@@MAEJJ@Z
?ValidateMethodFlags@Provider@@MAEJJ@Z
?ValidateGetObjFlags@Provider@@MAEJJ@Z
?ValidateEnumerationFlags@Provider@@MAEJJ@Z
?ValidateDeletionFlags@Provider@@MAEJJ@Z
?OnFinalRelease@CThreadBase@@MAEXXZ
?GetObject@Provider@@MAEJPAVCInstance@@JAAVCFrameworkQuery@@@Z
?Flush@Provider@@MAEXXZ
?Commit@CInstance@@QAEJXZ
?Getbool@CInstance@@QBE_NPBGAA_N@Z
?GetCHString@CInstance@@QBE_NPBGAAVCHString@@@Z
?FrameworkLoginDLL@CWbemProviderGlue@@SGHPBG@Z
?GetStringArray@CInstance@@QBE_NPBGAAPAUtagSAFEARRAY@@@Z
?SetCHString@CInstance@@QAE_NPBGABVCHString@@@Z
?SetCHString@CInstance@@QAE_NPBG0@Z
?SetVariant@CInstance@@QAE_NPBGABUtagVARIANT@@@Z
?Setbool@CInstance@@QAE_NPBG_N@Z
?SetDWORD@CInstance@@QAE_NPBGK@Z
?SetStringArray@CInstance@@QAE_NPBGABUtagSAFEARRAY@@@Z
?Release@CInstance@@QAEJXZ
??1CWbemGlueFactory@@QAE@XZ
??0CWbemGlueFactory@@QAE@XZ
?FrameworkLogoffDLL@CWbemProviderGlue@@SGHPBG@Z
?CreateNewInstance@Provider@@IAEPAVCInstance@@PAVMethodContext@@@Z
??1Provider@@UAE@XZ
??0Provider@@QAE@PBG0@Z
?Compare@CHString@@QBEHPBG@Z
??4CHString@@QAEABV0@PBG@Z
??BCHString@@QBEPBGXZ
??1CHString@@QAE@XZ
??0CHString@@QAE@PBG@Z
??0CHString@@QAE@XZ
?GetDWORD@CInstance@@QBE_NPBGAAK@Z

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

ws2_32

gethostbyaddr
ntohs
getservbyport
getservbyname
WSASetLastError
WSAGetLastError
WSAStringToAddressA
inet_ntoa
inet_addr
htons
htonl
gethostbyname

rpcrt4

UuidCreate

userenv

RegisterGPNotification
EnterCriticalPolicySection
LeaveCriticalPolicySection
UnregisterGPNotification

kernel32

GetTempFileNameW
GetTempPathW
GetProfileIntW
SearchPathW
GetDiskFreeSpaceW
ReplaceFileW
GetUserDefaultLCID
LocalLock
LocalUnlock
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
WriteConsoleW
SetConsoleCtrlHandler
SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
lstrcpyW
GetCPInfo
GetOEMCP
IsValidCodePage
GetCurrentDirectoryW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
VirtualProtect
CompareStringA
GlobalFindAtomW
GlobalDeleteAtom
FreeResource
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
CompareStringW
GlobalAddAtomW
ResumeThread
SuspendThread
SetThreadPriority
lstrcmpW
GlobalFlags
SetErrorMode
SystemTimeToTzSpecificLocalTime
SetFileTime
SetFileAttributesW
LocalFileTimeToFileTime
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
SystemTimeToFileTime
FileTimeToSystemTime
GetAtomNameW
GlobalGetAtomNameW
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CreateSemaphoreW
ReleaseSemaphore
GetThreadLocale
GetStringTypeExW
MoveFileW
DuplicateHandle
OutputDebugStringA
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
LockFile
GetVolumeInformationW
GetShortPathNameW
GetFullPathNameW
GetFileSize
FlushFileBuffers
CreateFileW
FormatMessageW
MulDiv
GlobalUnlock
GlobalLock
SetFilePointerEx
ReadConsoleW
GetTimeZoneInformation
EnumSystemLocalesW
IsValidLocale
LCMapStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
GetConsoleMode
VerifyVersionInfoW
GetStdHandle
GetACP
ExitProcess
GetFileType
SetStdHandle
VirtualQuery
VirtualAlloc
GetSystemInfo
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
CreateThread
GlobalSize
lstrlenA
lstrcmpA
GetModuleHandleA
GetVersion
GetEnvironmentVariableW
GetTickCount
lstrlenW
GetLocaleInfoW
lstrcmpiW
GetModuleFileNameW
GetCurrentThread
EncodePointer
OutputDebugStringW
WaitForMultipleObjects
CreateEventW
ResetEvent
HeapWalk
GetProcessHeaps
HeapValidate
GlobalFree
GlobalAlloc
DisableThreadLibraryCalls
CreateFileMappingW
GetStartupInfoW
OpenEventW
SetEvent
CreateProcessW
GetExitCodeProcess
CreatePipe
ReadFile
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
LoadLibraryW
GetSystemDirectoryW
InitializeCriticalSectionAndSpinCount
HeapSize
HeapReAlloc
HeapDestroy
GetCurrentProcess
LocalFree
LocalAlloc
HeapQueryInformation
GetProcessHeap
HeapFree
HeapAlloc
CopyFileW
Sleep
FindNextFileW
FindFirstFileW
FindClose
DeleteFileW
GetModuleHandleW
GetVersionExW
LoadLibraryExW
WideCharToMultiByte
LoadLibraryA
GetProcAddress
FreeLibrary
GetSystemDirectoryA
InitializeCriticalSectionEx
RaiseException
DecodePointer
MultiByteToWideChar
FindResourceW
SizeofResource
LockResource
LoadResource
GetLocalTime
GetCurrentThreadId
GetCurrentProcessId
OpenMutexW
CreateMutexW
WaitForSingleObject
ReleaseMutex
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
SetLastError
GetLastError
CloseHandle
QueryPerformanceFrequency
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
VerSetConditionMask
GetWindowsDirectoryW
GetConsoleCP
FindResourceExW

user32

CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetComboBoxInfo
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
MonitorFromPoint
UpdateLayeredWindow
UnionRect
DrawIcon
FrameRect
CopyIcon
SetCursorPos
BringWindowToTop
GetSystemMenu
IsZoomed
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetParent
SetWindowRgn
SetClassLongW
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadMenuW
GetKeyNameTextW
MapVirtualKeyW
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
MessageBeep
GetIconInfo
DrawIconEx
IsRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
GetDialogBaseUnits
LoadImageW
TrackMouseEvent
InvalidateRect
KillTimer
SetTimer
DeleteMenu
SetCursor
ShowOwnedPopups
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
OffsetRect
SetRectEmpty
SendDlgItemMessageA
CopyImage
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetTopWindow
GetClassLongW
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetClientRect
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
ScrollWindow
SetRect
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
UpdateWindow
GetDCEx
TrackPopupMenu
SetMenu
GetMenu
GetCapture
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsChild
IsMenu
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
PostMessageW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
GetScrollPos
SetScrollPos
DestroyIcon
CallNextHookEx
SetWindowsHookExW
GetCursorPos
ValidateRect
GetKeyState
GetActiveWindow
IsWindowVisible
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
RealChildWindowFromPoint
GetClassNameW
GetDesktopWindow
PtInRect
GetWindowRect
IsDialogMessageW
GetWindow
SetWindowLongW
SetWindowTextW
ScrollWindowEx
GetFocus
SetFocus
GetDlgCtrlID
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
GetDlgItem
SetWindowPos
MoveWindow
ShowWindow
IsWindow
IntersectRect
InflateRect
CopyRect
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetSysColorBrush
GetLastActivePopup
GetWindowThreadProcessId
GetParent
GetWindowLongW
MessageBoxW
IsWindowEnabled
EnableWindow
SendMessageW
FillRect
GetSysColor
ScreenToClient
ClientToScreen
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
UnhookWindowsHookEx
MsgWaitForMultipleObjectsEx
GetSystemMetrics
CharUpperW
RemoveMenu
AppendMenuW
InsertMenuW
LockWindowUpdate
SetMenuDefaultItem
GetDoubleClickTime
ModifyMenuW
RegisterClipboardFormatW
CharUpperBuffW
IsClipboardFormatAvailable
GetUpdateRect
EnumChildWindows
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
SubtractRect
SendNotifyMessageW
InSendMessage
CreateMenu
WindowFromDC
GetWindowRgn
RedrawWindow
GetTabbedTextExtentW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringW
CharLowerW
CharNextW
wsprintfW
LoadStringW
UnregisterClassW
TrackPopupMenuEx
DestroyCursor
PostQuitMessage

gdi32

MoveToEx
TextOutW
ExtTextOutW
PolyBezierTo
PolylineTo
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateFontIndirectW
CreateRectRgnIndirect
GetMapMode
PatBlt
SetRectRgn
DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetDIBits
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
GetObjectW
GetTextColor
CreatePolygonRgn
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
GetRgnBox
OffsetRgn
GetCurrentObject
CreateFontW
GetCharWidthW
StretchDIBits
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
CloseMetaFile
CreateMetaFileW
DeleteMetaFile
EndDoc
StartPage
EndPage
AbortDoc
SetAbortProc
GetROP2
GetBkMode
GetNearestColor
GetPolyFillMode
GetStretchBltMode
GetTextAlign
GetTextFaceW
ExtCreatePen
SetArcDirection
SelectClipPath
PolyDraw
ArcTo
StartDocW
SetColorAdjustment
ModifyWorldTransform
SetWorldTransform
EnumMetaFile
PlayMetaFileRecord
SetTextJustification
SetTextAlign
SetTextColor
SetTextCharacterExtra
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
SetMapperFlags
SetBkMode
SetBkColor
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetStockObject
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
DeleteObject
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
CreateCompatibleDC
CreateBitmap
BitBlt
GetDeviceCaps
CreateDCW
Ellipse
CopyMetaFileW

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DeletePrinter
GetPrinterDataExW
GetPrinterW
SetPrinterW
AddPrinterW
EnumPrinterKeyW
DeletePrinterDriverExW
GetPrinterDriverDirectoryW
EnumPrinterDriversW
AddPrinterDriverW
DocumentPropertiesW
EnumPrintersW
ClosePrinter
SetPrinterDataW
GetPrinterDataW
GetJobW
OpenPrinterW
EnumPortsW
EnumPrinterDataExW
SetPrinterDataExW
XcvDataW

advapi32

SystemFunction036
SetFileSecurityW
GetFileSecurityW
RegQueryValueW
RegEnumKeyW
RegSetValueW
RegQueryValueExA
RegOpenKeyA
GetUserNameW
UnlockServiceDatabase
StartServiceW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
LockServiceDatabase
ControlService
CloseServiceHandle
RegCreateKeyW
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
GetSidIdentifierAuthority
GetSecurityDescriptorDacl
GetAclInformation
GetAce
EqualSid
AddAce
AddAccessAllowedAce
SetSecurityInfo
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
LookupAccountSidW
IsValidSecurityDescriptor
OpenThreadToken
SetServiceStatus
CreateProcessAsUserW
ConvertStringSidToSidW
ConvertSidToStringSidW
GetTokenInformation
CopySid
OpenProcessToken
SetEntriesInAclW
LookupAccountNameW
InitializeAcl
GetLengthSid
FreeSid
AllocateAndInitializeSid
RegSetValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHBrowseForFolderW
ExtractIconW
SHAddToRecentDocs
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
ShellExecuteExW
SHAppBarMessage
SHGetFileInfoW
SHGetMalloc
DragFinish
DragQueryFileW

shlwapi

PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW
PathRemoveFileSpecW
PathIsUNCW
StrFormatKBSizeW

uxtheme

DrawThemeBackground
GetThemeColor
GetCurrentThemeName
GetWindowTheme
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemeSysColor
GetThemePartSize
DrawThemeParentBackground
OpenThemeData
DrawThemeText
CloseThemeData

ole32

OleCreateLinkFromData
OleCreateFromData
OleCreate
WriteClassStm
OleCreateStaticFromData
CreateGenericComposite
StgCreateDocfileOnILockBytes
OleRegEnumVerbs
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSaveToStream
OleSetContainedObject
OleGetIconOfClass
GetHGlobalFromILockBytes
OleRun
CreateDataAdviseHolder
CreateOleAdviseHolder
GetRunningObjectTable
OleIsRunning
CoGetMalloc
OleQueryLinkFromData
OleQueryCreateFromData
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoGetClassObject
CoRegisterClassObject
CoRevokeClassObject
CoRegisterMessageFilter
CLSIDFromProgID
CreateItemMoniker
OleRegGetMiscStatus
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateILockBytesOnHGlobal
StringFromGUID2
CoTaskMemAlloc
CreateFileMoniker
StgIsStorageFile
StgOpenStorageOnILockBytes
StgOpenStorage
StgCreateDocfile
OleLockRunning
OleSetMenuDescriptor
PropVariantCopy
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
OleSetClipboard
CreateStreamOnHGlobal
CoInitializeEx
CoCreateGuid
CoUninitialize
CoDisconnectObject
SetConvertStg
OleRegGetUserType
ReleaseStgMedium
OleDuplicateData
ReadFmtUserTypeStg
WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
StringFromCLSID
CoInitialize
CLSIDFromString
CoSetProxyBlanket
CoTaskMemFree
CoTaskMemRealloc
CoCreateInstance

oleaut32

VarBstrFromDate
SysAllocString
VarBstrFromCy
VarCyFromStr
VarDateFromStr
VariantChangeType
SafeArrayPtrOfIndex
SysFreeString
VarDecFromStr
VariantClear
VarBstrFromDec
SafeArrayCopy
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayUnlock
SafeArrayLock
SafeArrayGetElemsize
SafeArrayRedim
SafeArrayDestroyData
SafeArrayDestroyDescriptor
SafeArrayAllocData
SafeArrayAllocDescriptor
VariantTimeToSystemTime
SystemTimeToVariantTime
SysReAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VariantInit
SafeArrayPutElement
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetDim
SafeArrayDestroy
SafeArrayCreate
SysAllocStringLen
RegisterTypeLi
LoadRegTypeLi
LoadTypeLi
VarUI4FromStr
SysStringLen
VariantCopy
UnRegisterTypeLi

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipDrawImageI
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

oledlg

OleUIBusyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
TPACRegister
TPACUnregister
TPADLLAddPrinter
TPADLLAddPrinterObject
TPADLLDbgMessage
TPADLLDelPrinter
TPADLLEnumPrinters
TPADLLGetVersion
TPADLLLoadTranslationList
TPADLLQueryTimeOutValue
TPADLLRepair
TPADLLRunMain
TPADLLServiceStoped
TPADLLTranslate
TSEventDisconnect
TSEventLogoff
TSEventLogon
TSEventReconnect
TSEventShutdown
TSEventStartup

Sections

.text
Size: 2.4MB - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 661KB - Virtual size: 661KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 33KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 189KB - Virtual size: 188KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpvcgateway.exe.D9F23EA6_E0FA_47AA_907F_808D103497A8
.exe windows:5 windows x86 arch:x86

b086a2cdb954c3231209dbdab5a2b635

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

68:fe:bf:8a:bc:ee:aa:af:87:c1:4c:da:be:a6:0f:9f:fb:c8:cf:94
Signer

Actual PE Digest

68:fe:bf:8a:bc:ee:aa:af:87:c1:4c:da:be:a6:0f:9f:fb:c8:cf:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

framedyn

??1CWbemGlueFactory@@QAE@XZ
??0CWbemGlueFactory@@QAE@XZ
?GetStringArray@CInstance@@QBE_NPBGAAPAUtagSAFEARRAY@@@Z
?GetDWORD@CInstance@@QBE_NPBGAAK@Z
?SetDWORD@CInstance@@QAE_NPBGK@Z
?SetStringArray@CInstance@@QAE_NPBGABUtagSAFEARRAY@@@Z
?CreateNewInstance@Provider@@IAEPAVCInstance@@PAVMethodContext@@@Z
?Commit@CInstance@@QAEJXZ
?FrameworkLoginDLL@CWbemProviderGlue@@SGHPBG@Z
??1Provider@@UAE@XZ
?ValidatePutInstanceFlags@Provider@@MAEJJ@Z
?ValidateDeletionFlags@Provider@@MAEJJ@Z
?ValidateQueryFlags@Provider@@MAEJJ@Z
?ValidateMethodFlags@Provider@@MAEJJ@Z
?ValidateGetObjFlags@Provider@@MAEJJ@Z
?ValidateEnumerationFlags@Provider@@MAEJJ@Z
?Flush@Provider@@MAEXXZ
?GetObject@Provider@@MAEJPAVCInstance@@JAAVCFrameworkQuery@@@Z
?OnFinalRelease@CThreadBase@@MAEXXZ
??0Provider@@QAE@PBG0@Z
?AddRef@CWbemGlueFactory@@UAGKXZ
?Release@CInstance@@QAEJXZ

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW
WTSEnumerateSessionsW

kernel32

GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
WriteConsoleW
GetStringTypeW
IsValidCodePage
GetOEMCP
LocalFree
LocalAlloc
GetVersionExW
SizeofResource
SetEnvironmentVariableA
LCMapStringW
GetACP
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
HeapCreate
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
VirtualQuery
GetSystemInfo
VirtualAlloc
ExitProcess
GetSystemTimeAsFileTime
CreateThread
ExitThread
DecodePointer
EncodePointer
RaiseException
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineW
SearchPathW
GetProfileIntW
GetTickCount
GetNumberFormatW
GetWindowsDirectoryW
GetTempPathW
GetTempFileNameW
FindResourceExW
GlobalFlags
lstrcpyW
GetSystemDirectoryW
GetCurrentDirectoryW
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
SetErrorMode
FileTimeToSystemTime
lstrlenA
GlobalGetAtomNameW
InterlockedIncrement
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GetCurrentProcessId
GlobalFindAtomW
CompareStringW
InitializeCriticalSectionAndSpinCount
FreeResource
VirtualProtect
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
GlobalAddAtomW
GetCPInfo
LockResource
LoadResource
ResumeThread
SetThreadPriority
InterlockedDecrement
ReleaseActCtx
CreateActCtxW
lstrcmpA
GlobalDeleteAtom
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
lstrcmpW
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
DuplicateHandle
GetFileSize
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
ActivateActCtx
DeactivateActCtx
DeleteFileW
CreateFileW
CopyFileW
GlobalSize
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
HeapReAlloc
CreateMutexA
UnmapViewOfFile
LoadLibraryA
MapViewOfFile
OpenFileMappingA
CreateWaitableTimerA
SetWaitableTimer
CreateEventA
WaitForMultipleObjects
GetOverlappedResult
ReadFile
CancelIo
DeleteFileA
GetWindowsDirectoryA
CreateFileA
WriteFile
GetProcessHeap
HeapAlloc
HeapFree
GetVersionExA
ReleaseMutex
CreateEventW
Sleep
OpenEventW
WaitForSingleObject
ResetEvent
SetEvent
GetModuleHandleW
lstrlenW
SetLastError
lstrcmpiW
GetProcAddress
GetExitCodeThread
GetCurrentThread
GetCurrentProcess
GetLastError
CloseHandle
LoadLibraryW
FreeLibrary
GetModuleFileNameW
GlobalAlloc
GlobalFree
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLocalTime
GetCurrentThreadId
FindResourceW

user32

IsClipboardFormatAvailable
SetMenuDefaultItem
CreateMenu
IsMenu
UpdateLayeredWindow
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
GetNextDlgGroupItem
LoadImageW
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
MessageBeep
ReleaseCapture
SetCapture
GetSystemMenu
IntersectRect
SetClassLongW
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
LoadMenuW
MapVirtualKeyW
GetKeyNameTextW
CopyImage
DestroyMenu
GetMenuItemInfoW
InflateRect
DestroyIcon
IsIconic
UnregisterClassW
InvalidateRect
RealChildWindowFromPoint
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
SetLayeredWindowAttributes
EnumDisplayMonitors
SystemParametersInfoW
SetRectEmpty
LoadCursorW
GetDC
ReleaseDC
GetSysColorBrush
GetWindowThreadProcessId
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
SendDlgItemMessageW
SendDlgItemMessageA
IsChild
GetClassLongW
GetClassNameW
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
UpdateWindow
GetClientRect
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetSysColor
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
GetDlgCtrlID
DefWindowProcW
CallWindowProcW
GetMenu
SetWindowLongW
CopyRect
PtInRect
GetWindow
GetDesktopWindow
CreateDialogIndirectParamW
DestroyWindow
IsWindow
GetNextDlgTabItem
EndDialog
SetPropW
GetCapture
SetActiveWindow
MapDialogRect
SetWindowPos
ShowWindow
GetPropW
RemovePropW
GetAsyncKeyState
SetFocus
GetWindowRect
GetWindowLongW
GetDlgItem
IsWindowEnabled
WaitMessage
ShowOwnedPopups
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
ModifyMenuW
EnableMenuItem
CheckMenuItem
FrameRect
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
CopyIcon
GetDoubleClickTime
IsCharLowerW
MapVirtualKeyExW
SubtractRect
DrawIcon
DestroyCursor
UnhookWindowsHookEx
CharUpperW
GetSystemMetrics
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
GetWindowRgn
WinHelpW
RemoveMenu
PostMessageW
LoadIconW
PostThreadMessageW
SendMessageW
EnableWindow
MessageBoxW
SetTimer
PostQuitMessage
PeekMessageW
KillTimer
LoadStringW
DeleteMenu
CharUpperBuffW

gdi32

PatBlt
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CombineRgn
GetBkColor
GetTextColor
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetRectRgn
DPtoLP
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
OffsetRgn
GetRgnBox
SetDIBColorTable
EnumFontFamiliesExW
SetPixel
CreateHatchBrush
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
GetTextFaceW
SetPixelV
StretchBlt
GetTextExtentPoint32W
SetTextAlign
MoveToEx
LineTo
GetObjectType
SelectPalette
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
CreateRectRgn
SelectClipRgn
SetLayout
SetMapMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
SaveDC
DeleteObject
GetTextCharsetInfo
EnumFontFamiliesW
GetTextMetricsW
BitBlt
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
CreateFontIndirectW
CreatePatternBrush
CreateSolidBrush
CreatePen
GetStockObject
CreateDIBitmap
GetObjectW
SetBkColor
SetTextColor
CreateBitmap
CreateDCW
CopyMetaFileW
Rectangle
GetDeviceCaps
GetLayout
IntersectClipRect
ExcludeClipRect
GetClipBox

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

GetSidIdentifierAuthority
RegQueryValueExW
RegOpenKeyW
RegSetValueExW
RegDeleteValueW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
RegQueryValueA
RegNotifyChangeKeyValue
RegEnumKeyExA
ConvertSidToStringSidA
RegDeleteKeyA
EqualPrefixSid
RegCreateKeyExA
RevertToSelf
RegisterEventSourceA
ReportEventA
SetThreadToken
RegSetValueExA
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
LookupAccountNameW
IsValidSid
RegCloseKey
GetSidSubAuthorityCount
GetSidSubAuthority
RegisterServiceCtrlHandlerW
SetServiceStatus
RegisterEventSourceW
ReportEventW
DeregisterEventSource
StartServiceCtrlDispatcherW
CreateServiceW
QueryServiceStatus
DeleteService
RegDeleteKeyW
OpenThreadToken
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
GetLengthSid
CopySid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegCreateKeyW

shell32

SHAppBarMessage
ShellExecuteW
SHGetDesktopFolder
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation

comctl32

ImageList_GetIconSize

shlwapi

PathIsUNCW
PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathRemoveFileSpecW

ole32

DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoCreateGuid
OleDuplicateData
ReleaseStgMedium
CoQueryClientBlanket
CoInitialize
CoSetProxyBlanket
CoCreateInstance
CoInitializeEx
CLSIDFromString
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoInitializeSecurity
CoRegisterClassObject
CoRevokeClassObject
CoUninitialize
CoTaskMemAlloc
CoTaskMemFree

oleaut32

SystemTimeToVariantTime
SysStringLen
VarBstrFromDate
VariantInit
VariantTimeToSystemTime
VariantChangeType
VariantClear
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElement
SafeArrayCreate
SafeArrayPutElement
SafeArrayDestroy
SysAllocStringLen
SysFreeString
SysAllocString

wsock32

getpeername
WSASetLastError
connect
sendto
recvfrom
WSAAsyncSelect
recv
listen
WSAGetLastError
setsockopt
ntohl
shutdown
bind
select
send
accept
ioctlsocket
htons
htonl
closesocket
WSACleanup
ntohs
socket
inet_addr
WSAStartup

ws2_32

freeaddrinfo
getaddrinfo
getnameinfo

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

gdiplus

GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipDrawImageI

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 285KB - Virtual size: 284KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 131KB - Virtual size: 131KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 169KB - Virtual size: 168KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpvcgatewaydeu.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

48:df:ae:18:95:0d:24:08:c4:94:7e:1e:85:b9:91:4f:f4:fe:ed:18
Signer

Actual PE Digest

48:df:ae:18:95:0d:24:08:c4:94:7e:1e:85:b9:91:4f:f4:fe:ed:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 134KB - Virtual size: 133KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpvmmon.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

dde9d3e47bea0b95ef1be6bb77b64f8f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

50:91:2a:1b:38:81:c7:5d:76:99:5f:df:a7:5b:36:71:b6:cd:18:3e:35:fe:2e:be:84:d8:83:81:93:fd:c9:7a
Signer

Actual PE Digest

50:91:2a:1b:38:81:c7:5d:76:99:5f:df:a7:5b:36:71:b6:cd:18:3e:35:fe:2e:be:84:d8:83:81:93:fd:c9:7a

Digest Algorithm

sha256

PE Digest Matches

true

39:80:71:af:5c:27:a4:cd:6f:2a:d9:73:db:e5:7a:d2:8b:ec:fe:e3
Signer

Actual PE Digest

39:80:71:af:5c:27:a4:cd:6f:2a:d9:73:db:e5:7a:d2:8b:ec:fe:e3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

spoolss

GetPrinterDataW
ImpersonatePrinterClient
RevertToPrinterSelf
ClosePrinter
SetJobW
OpenPrinterW
GetJobW

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegOpenKeyA
RegOpenKeyExA
LookupAccountNameW
RegSetValueExA
SetThreadToken
ReportEventA
RegisterEventSourceA
RegCreateKeyExA
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
OpenThreadToken
OpenProcessToken
GetTokenInformation
LookupAccountSidW
FreeSid
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AllocateAndInitializeSid
GetLengthSid
IsValidSid
GetAce
AddAccessAllowedAce
InitializeAcl
RevertToSelf
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
CopySid
EqualPrefixSid
RegDeleteKeyA
ConvertSidToStringSidA
RegEnumKeyExA
RegNotifyChangeKeyValue
RegQueryValueA
RegDeleteValueW
RegDeleteKeyW
RegQueryValueExA

kernel32

VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetOEMCP
IsValidCodePage
LCMapStringW
SetHandleCount
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
ExitProcess
QueryPerformanceCounter
IsProcessorFeaturePresent
GetFileInformationByHandle
PeekNamedPipe
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
WriteConsoleW
SetEnvironmentVariableA
HeapQueryInformation
SetLastError
SizeofResource
LockResource
LoadResource
FindResourceW
lstrcmpiW
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
GetLastError
GetVersionExW
WideCharToMultiByte
GetACP
HeapAlloc
GetProcessHeap
HeapFree
FreeLibrary
GetModuleFileNameW
GlobalAlloc
GlobalFree
LoadLibraryW
DisableThreadLibraryCalls
OutputDebugStringW
GetStdHandle
WriteFile
CloseHandle
GetSystemDirectoryW
GetProcAddress
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
FormatMessageW
LocalFree
LocalAlloc
Sleep
GetCurrentThread
GetCurrentProcess
DuplicateHandle
HeapSize
CreateThread
ExitThread
RtlUnwind
GetSystemTimeAsFileTime
RaiseException
FindFirstFileExW
GetDriveTypeW
GetCommandLineA
DecodePointer
EncodePointer
FindResourceExW
VirtualProtect
GetNumberFormatW
GetWindowsDirectoryW
SearchPathW
GetProfileIntW
GetTickCount
GetFileTime
GetFileSizeEx
GetFileAttributesW
FileTimeToLocalFileTime
GetFileAttributesExW
GetTempPathW
GetTempFileNameW
GetCurrentProcessId
CreateFileW
CreateMutexW
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
UnlockFile
LockFile
FlushFileBuffers
FreeResource
GlobalFindAtomW
GlobalFlags
lstrcpyW
GetCurrentDirectoryW
FileTimeToSystemTime
lstrlenA
GlobalGetAtomNameW
CompareStringW
InterlockedIncrement
SetErrorMode
TlsFree
LocalReAlloc
TlsSetValue
TlsAlloc
GlobalHandle
GlobalReAlloc
TlsGetValue
GlobalAddAtomW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
ResumeThread
SetThreadPriority
ReadFile
lstrcmpA
GlobalDeleteAtom
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
lstrcmpW
GetModuleHandleW
GetLocaleInfoW
LoadLibraryExW
InterlockedExchange
InterlockedDecrement
ActivateActCtx
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
MultiByteToWideChar
CopyFileW
GlobalSize
GlobalLock
GlobalUnlock
MulDiv
HeapReAlloc
CreateMutexA
LoadLibraryA
OpenFileMappingA
CreateWaitableTimerA
SetWaitableTimer
CreateEventA
WaitForMultipleObjects
GetOverlappedResult
ResetEvent
CancelIo
DeleteFileA
GetWindowsDirectoryA
CreateFileA
SetEndOfFile
GetVersionExA
lstrlenW
InitializeCriticalSection
MapViewOfFile
UnmapViewOfFile
WaitForSingleObject
ReleaseMutex
GetLocalTime
SetFilePointer
DeleteFileW
GetFileSize
HeapDestroy

user32

IsClipboardFormatAvailable
SetMenuDefaultItem
WaitMessage
PostThreadMessageW
CreateMenu
IsMenu
UpdateLayeredWindow
EnableScrollBar
UnionRect
MonitorFromPoint
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
UnpackDDElParam
ReuseDDElParam
LoadImageW
InsertMenuItemW
TranslateAcceleratorW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
CopyImage
LockWindowUpdate
BringWindowToTop
SetCursorPos
SetRect
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
MapVirtualKeyW
ToUnicodeEx
CopyAcceleratorTableW
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
MessageBeep
ReleaseCapture
SetCapture
GetSystemMenu
LoadMenuW
IntersectRect
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
WindowFromPoint
CreatePopupMenu
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
OffsetRect
IsRectEmpty
DestroyMenu
GetMenuItemInfoW
InflateRect
CharUpperW
DestroyIcon
IsIconic
ShowWindow
MoveWindow
IsDialogMessageW
CheckDlgButton
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
IsWindow
SetFocus
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
DestroyWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
SetScrollPos
GetScrollPos
SetForegroundWindow
ShowScrollBar
RedrawWindow
CreateWindowExW
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
SetWindowPlacement
GetWindowPlacement
CallWindowProcW
GetMenu
SetWindowLongW
SetWindowPos
KillTimer
SetTimer
InvalidateRect
UpdateWindow
GetDesktopWindow
RealChildWindowFromPoint
GetWindow
GetDlgCtrlID
GetWindowRect
GetClassNameW
PtInRect
SetWindowTextW
EndPaint
BeginPaint
GetWindowDC
ClientToScreen
ScreenToClient
FrameRect
GetUpdateRect
GetMenuDefaultItem
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
RegisterClipboardFormatW
GetWindowRgn
DestroyCursor
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
GetClassInfoW
DefWindowProcW
MapWindowPoints
GetClientRect
SetLayeredWindowAttributes
DrawIcon
MapDialogRect
GetNextDlgGroupItem
HideCaret
InvertRect
SubtractRect
EnumDisplayMonitors
SystemParametersInfoW
GetMonitorInfoW
SetRectEmpty
CopyRect
DeleteMenu
GetWindowTextLengthW
GetWindowTextW
LoadCursorW
GetSystemMetrics
GetDC
ReleaseDC
GetSysColor
GetSysColorBrush
UnregisterClassW
GetWindowThreadProcessId
GetWindowLongW
GetLastActivePopup
IsWindowEnabled
EnableWindow
ShowOwnedPopups
SetCursor
SetWindowsHookExW
CallNextHookEx
GetMessageW
TranslateMessage
DispatchMessageW
GetActiveWindow
IsWindowVisible
GetKeyState
PeekMessageW
GetCursorPos
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
GetParent
SendMessageW
ModifyMenuW
EnableMenuItem
CheckMenuItem
PostMessageW
PostQuitMessage
UnhookWindowsHookEx
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
GetSubMenu
RemoveMenu
wvsprintfW
MessageBoxW
wsprintfW
LoadStringW
MapVirtualKeyExW
GetKeyNameTextW
IsCharLowerW
GetIconInfo
GetDoubleClickTime
CharUpperBuffW
GetScrollRange
CopyIcon
GetDlgItem

gdi32

GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
SelectClipRgn
CreateRectRgn
GetViewportExtEx
GetWindowExtEx
GetPixel
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
SelectObject
SetViewportOrgEx
OffsetViewportOrgEx
SetViewportExtEx
ScaleViewportExtEx
SetWindowOrgEx
OffsetWindowOrgEx
DeleteObject
ScaleWindowExtEx
ExtSelectClipRgn
DeleteDC
SelectPalette
GetObjectType
CreateHatchBrush
GetTextExtentPoint32W
SetMapMode
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CombineRgn
GetBkColor
GetTextColor
PatBlt
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetRectRgn
DPtoLP
OffsetRgn
GetRgnBox
SetDIBColorTable
RealizePalette
StretchBlt
SetPixel
Rectangle
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
EnumFontFamiliesExW
GetTextFaceW
SetPixelV
GetTextCharsetInfo
EnumFontFamiliesW
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
GetTextMetricsW
BitBlt
CreateCompatibleDC
CreateRectRgnIndirect
CreateCompatibleBitmap
GetObjectW
CreateFontIndirectW
CreatePatternBrush
CreateSolidBrush
CreatePen
GetStockObject
CreateDIBitmap
CreateBitmap
CreateDCW
CopyMetaFileW
SetWindowExtEx
GetDeviceCaps

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW

shell32

SHGetFileInfoW
ShellExecuteW
DragFinish
DragQueryFileW
SHAppBarMessage
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHBrowseForFolderW
CommandLineToArgvW

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW
PathFindExtensionW

ole32

DoDragDrop
CreateStreamOnHGlobal
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree

oleaut32

VariantInit
VarBstrFromDate
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantChangeType
VariantClear
SysAllocString
SysFreeString

gdiplus

GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

Exports

Exports

InitializePrintMonitor2
InstHelperW

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 287KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 167KB - Virtual size: 167KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpvmmondeu.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

7c:8d:7b:59:14:1a:9d:62:62:df:c2:e9:20:8a:a8:15:2a:07:0f:69:9b:1f:4e:2c:32:de:b2:2a:d3:c0:9a:ac
Signer

Actual PE Digest

7c:8d:7b:59:14:1a:9d:62:62:df:c2:e9:20:8a:a8:15:2a:07:0f:69:9b:1f:4e:2c:32:de:b2:2a:d3:c0:9a:ac

Digest Algorithm

sha256

PE Digest Matches

true

98:94:a8:c2:8a:07:f8:fd:4e:e5:89:aa:b7:bc:53:5f:36:8c:00:4a
Signer

Actual PE Digest

98:94:a8:c2:8a:07:f8:fd:4e:e5:89:aa:b7:bc:53:5f:36:8c:00:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpvmmonjpn.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

53:61:d7:51:67:ca:9e:3d:07:9c:42:b4:69:8f:9b:62:5c:5a:9d:d2:97:d7:dc:5f:74:34:b2:ce:21:80:b5:ec
Signer

Actual PE Digest

53:61:d7:51:67:ca:9e:3d:07:9c:42:b4:69:8f:9b:62:5c:5a:9d:d2:97:d7:dc:5f:74:34:b2:ce:21:80:b5:ec

Digest Algorithm

sha256

PE Digest Matches

true

de:73:3a:e2:38:51:ea:cc:14:56:00:8d:e6:4a:b2:bd:16:c3:c8:72
Signer

Actual PE Digest

de:73:3a:e2:38:51:ea:cc:14:56:00:8d:e6:4a:b2:bd:16:c3:c8:72

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpvmmonui.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

59d0746d91886c90c090631be88b5d85

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:b5:e1:0c:20:6f:e3:20:1a:08:17:00:7d:0d:f1:ea:57:cf:f1:98
Signer

Actual PE Digest

bd:b5:e1:0c:20:6f:e3:20:1a:08:17:00:7d:0d:f1:ea:57:cf:f1:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ord17
InitCommonControlsEx

user32

IsWindow
MessageBoxW
LoadStringW

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

FlushFileBuffers
CloseHandle
CreateFileW
IsProcessorFeaturePresent
SetLastError
FreeLibrary
GlobalAlloc
LoadLibraryW
GetModuleFileNameW
GlobalFree
DisableThreadLibraryCalls
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
Sleep
HeapSize
GetProcAddress
GetModuleHandleW
ExitProcess
GetLastError
HeapFree
HeapAlloc
RaiseException
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapReAlloc
LeaveCriticalSection
EnterCriticalSection
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW

Exports

Exports

InitializePrintMonitorUI

Sections

.text
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpvmmonuideu.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

16:5d:41:9e:f9:4d:9f:2b:ef:d6:65:8d:41:c5:a4:d8:42:a6:3c:21
Signer

Actual PE Digest

16:5d:41:9e:f9:4d:9f:2b:ef:d6:65:8d:41:c5:a4:d8:42:a6:3c:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpvmmonuijpn.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

ac:c4:0d:83:79:1a:82:c3:92:89:89:17:04:9a:04:62:f5:3c:cd:d1
Signer

Actual PE Digest

ac:c4:0d:83:79:1a:82:c3:92:89:89:17:04:9a:04:62:f5:3c:cd:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
tpvmw32.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:6 windows x86 arch:x86

18fc8109f184642960c427182748159e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ae:73:28:eb:a0:8c:48:48:fe:50:80:0b:00:11:d7:6e:44:3e:3b:d1:19:25:91:d5:63:9d:a0:38:ec:63:b4:51
Signer

Actual PE Digest

ae:73:28:eb:a0:8c:48:48:fe:50:80:0b:00:11:d7:6e:44:3e:3b:d1:19:25:91:d5:63:9d:a0:38:ec:63:b4:51

Digest Algorithm

sha256

PE Digest Matches

true

66:c4:f3:e9:61:bc:f8:63:bd:b4:6d:fd:de:12:9d:83:6b:53:53:8e
Signer

Actual PE Digest

66:c4:f3:e9:61:bc:f8:63:bd:b4:6d:fd:de:12:9d:83:6b:53:53:8e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

CreateEventW
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsFree
GetTickCount
SetupComm
GetCommTimeouts
SetCommState
SetCommTimeouts
WriteFile
HeapFree
HeapAlloc
GetCommandLineA
IsDebuggerPresent
IsProcessorFeaturePresent
EncodePointer
DecodePointer
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
RaiseException
RtlUnwind
GetFileType
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
OpenMutexW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
TerminateProcess
TlsSetValue
GetModuleHandleW
GetStringTypeW
LCMapStringW
LoadLibraryExW
OutputDebugStringW
HeapReAlloc
HeapSize
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
GetFileSize
DeleteFileW
SetFilePointer
GetLocalTime
CreateMutexW
WaitForSingleObject
ReleaseMutex
ResetEvent
SetEvent
ReadFile
CreateFileW
WideCharToMultiByte
LoadLibraryW
LocalAlloc
GlobalFree
GlobalAlloc
GetProcAddress
FreeLibrary
GetVersionExW
GetCurrentProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
LocalFree
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
SetLastError
GetLastError
FreeEnvironmentStringsW

user32

wvsprintfW
LoadStringW

advapi32

AddAccessAllowedAce
GetAce
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
ReportEventW
RegisterEventSourceW
DeregisterEventSource
IsValidSid
GetLengthSid
FreeSid
AllocateAndInitializeSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl

Exports

Exports

DllEntryPoint
DllMain
GetDllVersion
VirtualChannelClose
VirtualChannelFreeMemory
VirtualChannelOpen
VirtualChannelPurgeInput
VirtualChannelPurgeOutput
VirtualChannelQuerySessionInformation
VirtualChannelRead
VirtualChannelWrite

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpwinprn.dll.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x64 arch:x64

8797b961b8fead8bdabf3aefdeb85f2b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

2a:a3:67:b1:2a:08:81:29:93:c6:53:2f:b7:ad:bf:18:eb:f4:77:a7
Signer

Actual PE Digest

2a:a3:67:b1:2a:08:81:29:93:c6:53:2f:b7:ad:bf:18:eb:f4:77:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

wsock32

gethostbyname
send
connect
htons
ioctlsocket
socket
WSAStartup
gethostname
closesocket

clusapi

ClusterResourceControl
ClusterCloseEnum
CloseClusterGroup
CloseClusterResource
OpenClusterResource
ClusterGroupEnum
ClusterGroupOpenEnum
OpenClusterGroup
ClusterEnum
ClusterOpenEnum
OpenCluster
CloseCluster
CloseClusterNode
GetClusterNodeState
OpenClusterNode

resutils

ResUtilFindExpandSzProperty

kernel32

CreateEventA
SetWaitableTimer
CreateWaitableTimerA
OpenFileMappingA
LoadLibraryA
CreateMutexA
HeapReAlloc
GetModuleFileNameA
HeapSize
GetOverlappedResult
CancelIo
DeleteFileA
GetWindowsDirectoryA
CreateFileA
WriteFile
GetProcessHeap
HeapAlloc
HeapFree
GetVersionExA
ReleaseMutex
GetProcAddress
FileTimeToSystemTime
CreateEventW
SetEvent
ResetEvent
GetWindowsDirectoryW
GetTempFileNameW
MultiByteToWideChar
FindResourceExW
ExpandEnvironmentStringsW
GetSystemDirectoryW
GlobalFree
HeapDestroy
HeapCreate
GetVersion
HeapSetInformation
ExitProcess
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetStartupInfoW
SetHandleCount
InitializeCriticalSectionAndSpinCount
SetStdHandle
FlsAlloc
FlsFree
SetEnvironmentVariableA
FreeLibrary
MapViewOfFile
CreateFileMappingW
CreateFileW
GetFileSize
UnmapViewOfFile
GetSystemInfo
LocalFree
GetModuleFileNameW
RaiseException
DeleteFileW
SetLastError
GetLocalTime
GetCurrentThreadId
OutputDebugStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetCurrentThread
GetCurrentProcess
CloseHandle
GetLastError
FreeEnvironmentStringsW
GetEnvironmentStringsW
GlobalAlloc
LocalAlloc
GetModuleHandleW
FindResourceW
LoadResource
LockResource
SizeofResource
FreeResource
SetFilePointer
ReadFile
GetVersionExW
lstrlenW
lstrcpyW
QueryPerformanceCounter
QueryPerformanceFrequency
WaitForMultipleObjects
GetTickCount
GetCurrentProcessId
GetTimeZoneInformation
WriteConsoleW
SetEndOfFile
FlsGetValue
TerminateProcess
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
LCMapStringW
GetCommandLineA
FlsSetValue
GetCPInfo
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
DecodePointer
EncodePointer
Sleep
GetStringTypeW
WideCharToMultiByte
CompareStringW
LoadLibraryW

user32

MessageBoxW

gdi32

GetStockObject
GetObjectType
CreateFontIndirectW
GetFontData
GetTextFaceW
CancelDC
GetTextMetricsW
StartDocW
StartPage
EndPage
TextOutA
EndDoc
CreateDCW
GetDeviceCaps
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
SetStretchBltMode
StretchDIBits
DeleteObject
GetDIBits
AbortDoc

winspool.drv

ClosePrinter
OpenPrinterW
GetPrinterDataW
EnumPrinterDataW
SetPrinterDataW
XcvDataW
StartDocPrinterW
SetJobW
WritePrinter
EndDocPrinter
StartPagePrinter
EndPagePrinter
GetJobW
ReadPrinter
GetPrinterW

advapi32

RegQueryValueA
RegNotifyChangeKeyValue
RegEnumKeyExA
ConvertSidToStringSidA
RegDeleteKeyExA
EqualPrefixSid
RegCreateKeyExA
RegisterEventSourceA
ReportEventA
SetThreadToken
RegSetValueExA
GetSidIdentifierAuthority
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
ConvertStringSidToSidW
EqualSid
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
CopySid
SetNamedSecurityInfoW
GetTokenInformation
SetSecurityDescriptorDacl
RegOpenKeyExW
AllocateAndInitializeSid
GetLengthSid
InitializeSecurityDescriptor
FreeSid
LookupAccountNameW
SetEntriesInAclW
RegCreateKeyW
RegSetValueExW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptAcquireContextW
CryptCreateHash
CryptReleaseContext
RegOpenKeyW
RegQueryValueExW
RegCloseKey
ImpersonateLoggedOnUser
OpenThreadToken
OpenProcessToken
RevertToSelf

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

ClosePrintProcessor
ControlPrintProcessor
EnumPrintProcessorDatatypesW
GetPrintProcessorCapabilities
InstallPrintProcessor
OpenPrintProcessor
PrintDocumentOnPrintProcessor

Sections

.text
Size: 498KB - Virtual size: 498KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpwinprn.dll1.D9F23EA6_E0FA_47AA_907F_808D103497A8
.dll windows:5 windows x86 arch:x86

95a6b23eb6b5ae159d6eeee6069b801b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

f7:59:8b:1d:5d:eb:6f:e3:eb:0c:28:1a:6b:f2:93:57:d8:7d:4e:0e
Signer

Actual PE Digest

f7:59:8b:1d:5d:eb:6f:e3:eb:0c:28:1a:6b:f2:93:57:d8:7d:4e:0e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

clusapi

OpenClusterNode
GetClusterNodeState
CloseClusterNode
CloseCluster
OpenCluster
ClusterOpenEnum
ClusterEnum
OpenClusterGroup
ClusterGroupOpenEnum
ClusterGroupEnum
OpenClusterResource
CloseClusterResource
CloseClusterGroup
ClusterCloseEnum
ClusterResourceControl

wsock32

closesocket
send
connect
htons
ioctlsocket
WSAStartup
gethostname
gethostbyname
socket

resutils

ResUtilFindExpandSzProperty

kernel32

CreateEventA
SetWaitableTimer
CreateWaitableTimerA
OpenFileMappingA
LoadLibraryA
WaitForMultipleObjects
HeapReAlloc
HeapSize
HeapDestroy
GetOverlappedResult
CancelIo
DeleteFileA
GetWindowsDirectoryA
CreateFileA
WriteFile
GetProcessHeap
HeapAlloc
HeapFree
GetVersionExA
GlobalAlloc
ReleaseMutex
FileTimeToSystemTime
CreateEventW
SetEvent
ResetEvent
GetWindowsDirectoryW
GetTempFileNameW
MultiByteToWideChar
FindResourceExW
ExpandEnvironmentStringsW
GetSystemDirectoryW
CreateMutexA
HeapCreate
ExitProcess
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidCodePage
GetOEMCP
GetACP
GetStartupInfoW
SetHandleCount
InitializeCriticalSectionAndSpinCount
SetStdHandle
IsProcessorFeaturePresent
TlsFree
TlsSetValue
TlsGetValue
SetEnvironmentVariableA
LocalAlloc
GetModuleHandleW
FindResourceW
LoadResource
LockResource
SizeofResource
FreeResource
ReadFile
SetFilePointer
GetVersionExW
lstrlenW
lstrcpyW
QueryPerformanceCounter
QueryPerformanceFrequency
LoadLibraryW
GetProcAddress
FreeLibrary
MapViewOfFile
CreateFileMappingW
CreateFileW
GetFileSize
UnmapViewOfFile
GetSystemInfo
LocalFree
GetModuleFileNameW
RaiseException
DeleteFileW
SetLastError
GetLocalTime
GetCurrentThreadId
OutputDebugStringW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
WaitForSingleObject
GetCurrentThread
GetCurrentProcess
CloseHandle
GetLastError
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
GetTimeZoneInformation
WriteConsoleW
SetEndOfFile
TlsAlloc
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
LCMapStringW
GetCommandLineA
GetCPInfo
GetFileType
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
RtlUnwind
DecodePointer
EncodePointer
Sleep
InterlockedExchange
GetStringTypeW
InterlockedDecrement
InterlockedIncrement
WideCharToMultiByte
CompareStringW
GlobalFree

user32

MessageBoxW

gdi32

CreateDCW
GetStockObject
GetObjectType
CreateFontIndirectW
GetFontData
GetTextFaceW
CancelDC
GetTextMetricsW
StartDocW
EndDoc
AbortDoc
StartPage
EndPage
TextOutA
GetDeviceCaps
CreateCompatibleDC
DeleteDC
CreateDIBSection
SelectObject
SetStretchBltMode
StretchDIBits
GetDIBits
DeleteObject

winspool.drv

ClosePrinter
OpenPrinterW
GetPrinterDataW
EnumPrinterDataW
SetPrinterDataW
XcvDataW
StartDocPrinterW
SetJobW
WritePrinter
EndDocPrinter
StartPagePrinter
EndPagePrinter
GetJobW
ReadPrinter
GetPrinterW

advapi32

OpenThreadToken
ImpersonateLoggedOnUser
RegCloseKey
RegQueryValueExW
RegOpenKeyW
CryptReleaseContext
OpenProcessToken
CryptAcquireContextW
CryptDestroyHash
CryptHashData
CryptGetHashParam
DeregisterEventSource
ReportEventW
CryptCreateHash
RegQueryValueA
RegNotifyChangeKeyValue
RegEnumKeyExA
ConvertSidToStringSidA
RegDeleteKeyA
EqualPrefixSid
RegCreateKeyExA
RegisterEventSourceA
ReportEventA
SetThreadToken
RegSetValueExA
GetSidIdentifierAuthority
RegOpenKeyExA
RegOpenKeyA
RegQueryValueExA
ConvertStringSidToSidW
EqualSid
IsValidSid
GetSidSubAuthorityCount
GetSidSubAuthority
CopySid
SetNamedSecurityInfoW
GetTokenInformation
SetSecurityDescriptorDacl
RegOpenKeyExW
AllocateAndInitializeSid
GetLengthSid
InitializeSecurityDescriptor
FreeSid
LookupAccountNameW
SetEntriesInAclW
RegCreateKeyW
RegSetValueExW
RegisterEventSourceW
RevertToSelf

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Exports

Exports

ClosePrintProcessor
ControlPrintProcessor
EnumPrintProcessorDatatypesW
GetPrintProcessorCapabilities
InstallPrintProcessor
OpenPrintProcessor
PrintDocumentOnPrintProcessor

Sections

.text
Size: 439KB - Virtual size: 439KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

8b34323b3b53b140452826612a19c817

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22Certificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22Certificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

70:0f:81:3e:cf:44:4d:3c:6e:6d:da:fa:b4:b9:f2:1b:02:09:90:5b:8a:2d:17:1c:62:34:2b:c2:0c:9c:da:35Signer

d9:f1:0c:b0:9e:5e:c4:ee:01:2e:82:37:86:b4:cb:d7:84:7d:03:33Signer

Headers

DLL Characteristics

File Characteristics

Imports

tpsvc

version

kernel32

user32

gdi32

msimg32

winspool.drv

advapi32

shell32

shlwapi

uxtheme

ole32

oleaut32

oledlg

ws2_32

userenv

dnsapi

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 2.6MB - Virtual size: 2.6MB

.rdata Size: 702KB - Virtual size: 701KB

.data Size: 36KB - Virtual size: 66KB

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 400KB - Virtual size: 399KB

.reloc Size: 198KB - Virtual size: 197KB

a985f89133d81516380b360b29188b82

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22Certificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

70:0f:81:3e:cf:44:4d:3c:6e:6d:da:fa:b4:b9:f2:1b:02:09:90:5b:8a:2d:17:1c:62:34:2b:c2:0c:9c:da:35
Signer

d9:f1:0c:b0:9e:5e:c4:ee:01:2e:82:37:86:b4:cb:d7:84:7d:03:33
Signer

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 702KB - Virtual size: 701KB

.data
Size: 36KB - Virtual size: 66KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 400KB - Virtual size: 399KB

.reloc
Size: 198KB - Virtual size: 197KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

5d:68:8f:ea:10:17:a2:b2:32:76:bc:01:7b:a6:55:3b:4d:69:2e:25:78:a6:51:09:36:ee:57:fd:d4:ec:d1:06
Signer

f4:4c:78:1b:41:9c:60:ee:59:52:74:c3:5b:4b:b2:54:0e:37:bf:d6
Signer

.text
Size: 1.4MB - Virtual size: 1.4MB

.rdata
Size: 375KB - Virtual size: 374KB

.data
Size: 21KB - Virtual size: 46KB

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 380KB - Virtual size: 380KB

.reloc
Size: 122KB - Virtual size: 121KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

18:16:1d:5b:e0:9a:3e:38:b6:a9:88:8c:12:fd:96:be:67:da:c2:78
Signer

.text
Size: 227KB - Virtual size: 226KB