Total[.]Commander-11[.]03[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Total.Commander-11.03.exe
Size

7.9MB
MD5

97d819815c7e0253965ea203ff51c6aa
SHA1

e2cde58f60af8e8bf70b1c8c9a7dd91ee3bd16f4
SHA256

a29fdcc7ba4c29c78710537aaa9e3cad9a47d3321ce2572276684b3acc9e0635
SHA512

8e61aa2081302adff0af26ab9ca448a4aca2ba6efffe227efd2a3e01c9adef00cb6e08bbdc83594293e5ade2c9f4619c98ca79828a087d3badbf31ff8e90c65c
SSDEEP

98304:YK+nyW0pMwQZ+IjBjnM4CLX8q17A3Kujipj+tnldnIN78NB+2+Gd8BOTtjZHd+dh:Y50Wd6sq1JaicdIN7J1wUuJ+Tf24R

Score

3^/10

Malware Config

Signatures

Unsigned PE 56 IoCs

Checks for missing Authenticode signature.

resource
Total.Commander-11.03.exe
unpack001/$PLUGINSDIR/BrandingURL.dll
unpack001/$PLUGINSDIR/ShellLink.dll
unpack001/$PLUGINSDIR/ToolTips.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/App/TotalCommander/BLAKEX32.DLL
unpack001/App/TotalCommander/BLAKEX64.DLL
unpack001/App/TotalCommander/CABRK.DLL
unpack001/App/TotalCommander/FILTER32/AutoPitch.dll
unpack001/App/TotalCommander/FILTER32/SoundTouchDLL.dll
unpack001/App/TotalCommander/FILTER64/AutoPitch.dll
unpack001/App/TotalCommander/FILTER64/SoundTouchDLL_x64.dll
unpack001/App/TotalCommander/FRERES32.DLL
unpack001/App/TotalCommander/LIBDEFLATE.DLL
unpack001/App/TotalCommander/LIBDEFLATE64.DLL
unpack001/App/TotalCommander/SFXHEAD.SFX
unpack001/App/TotalCommander/TC7Z.DLL
unpack001/App/TotalCommander/TC7Z64.DLL
unpack001/App/TotalCommander/TCLZMA64.DLL
unpack001/App/TotalCommander/TCMDLZMA.DLL
unpack001/App/TotalCommander/TCZSTD32.DLL
unpack001/App/TotalCommander/TCZSTD64.DLL
unpack001/App/TotalCommander/TOTALCMD.EXE
unpack001/App/TotalCommander/TOTALCMD64.EXE
unpack001/App/TotalCommander/UNACEV2.DLL
unpack001/App/TotalCommander/UNRAR9X.DLL
unpack001/App/TotalCommander/WCMICON2.DLL
unpack001/App/TotalCommander/WCMICONS.DLL
unpack001/BLAKEX32.DLL
unpack001/BLAKEX64.DLL
unpack001/CABRK.DLL
unpack001/FILTER32/AutoPitch.dll
unpack001/FILTER32/SoundTouchDLL.dll
unpack001/FILTER64/AutoPitch.dll
unpack001/FILTER64/SoundTouchDLL_x64.dll
unpack001/FRERES32.DLL
unpack001/LIBDEFLATE.DLL
unpack001/LIBDEFLATE64.DLL
unpack001/SFXHEAD.SFX
unpack001/TC7Z.DLL
unpack001/TC7Z64.DLL
unpack001/TCLZMA64.DLL
unpack001/TCMDLZMA.DLL
unpack001/TCZSTD32.DLL
unpack001/TCZSTD64.DLL
unpack001/TOTALCMD.EXE
unpack001/TOTALCMD64.EXE
unpack001/TotalCommanderPortable.exe
unpack002/$PLUGINSDIR/FindProcDLL.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/newadvsplash.dll
unpack001/UNACEV2.DLL
unpack001/UNRAR9X.DLL
unpack001/WCMICON2.DLL
unpack001/WCMICONS.DLL
unpack001/ TOTALCMD.EXE

NSIS installer 6 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/TotalCommanderPortable.exe	nsis_installer_1
static1/unpack001/TotalCommanderPortable.exe	nsis_installer_2
static1/unpack001/ TOTALCMD.EXE	nsis_installer_1
static1/unpack001/ TOTALCMD.EXE	nsis_installer_2

Files

Total.Commander-11.03.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/GHISLER/wincmd.ini
$PLUGINSDIR/Aero.dll
.dll windows:6 windows x86 arch:x86

3863c2a1ff3d5db5d3cecc7c23714e97

Code Sign

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

Issuer

CN=diakov.soft

Not Before

10/10/2020, 10:39

Not After

08/01/2021, 21:00

Subject

CN=diakov.soft

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:3a:61:03:d8:aa:8d:41:12:7c:e3:d0:f6:25:21:f4:96:ae:f7:e5
Signer

Actual PE Digest

05:3a:61:03:d8:aa:8d:41:12:7c:e3:d0:f6:25:21:f4:96:ae:f7:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
lstrcpyA
lstrcpynA
MultiByteToWideChar
LoadLibraryA
lstrlenA
lstrcmpiA
GlobalFree
GlobalAlloc
GetProcAddress
GetVersion

user32

SetWindowTextA
GetWindowTextW
GetWindowTextLengthA
GetClientRect
GetWindowRect
MapWindowPoints
GetSysColorBrush
FillRect
GetWindowLongA
SetWindowLongA
EnumChildWindows
wsprintfA
GetPropA
SetPropA
InvalidateRect
EndPaint
BeginPaint
GetDlgItem
SetWindowPos
ShowWindow
IsWindow
CallWindowProcA
SendMessageA
SetWindowTextW

gdi32

CreateCompatibleDC
CreateSolidBrush
DeleteDC
DeleteObject
PatBlt
RestoreDC
SaveDC
SelectObject
SetLayout
CreateDIBSection
BitBlt

Exports

Exports

Apply

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BrandingURL.dll
.dll windows:4 windows x86 arch:x86

135de77644e2add2fd9dd8176740e7e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GlobalFree

user32

GetWindowRect
SetCapture
InvalidateRect
SendMessageA
GetCapture
ClientToScreen
EnableWindow
LoadImageA
SetPropA
SetWindowLongA
GetWindowLongA
GetDlgItem
PtInRect
ReleaseCapture
SetCursor
GetPropA
CallWindowProcA
RedrawWindow

gdi32

GetObjectA
SetTextColor
CreateFontIndirectA

shell32

ShellExecuteA

Exports

Exports

Set
Unload

Sections

.text
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 839B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Code Sign

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

Issuer

CN=diakov.soft

Not Before

10/10/2020, 10:39

Not After

08/01/2021, 21:00

Subject

CN=diakov.soft

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:ef:07:d4:8b:79:f8:26:5d:fc:1f:a4:84:09:f7:98:4e:20:66:18
Signer

Actual PE Digest

0c:ef:07:d4:8b:79:f8:26:5d:fc:1f:a4:84:09:f7:98:4e:20:66:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ShellLink.dll
.dll windows:5 windows x86 arch:x86

50112fdd20200a51dbedeae8f1f33cdb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
MultiByteToWideChar
LocalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc

user32

wsprintfA

ole32

CoCreateInstance

Exports

Exports

GetShortCutArgs
GetShortCutDescription
GetShortCutHotkey
GetShortCutIconIndex
GetShortCutIconLocation
GetShortCutShowMode
GetShortCutTarget
GetShortCutWorkingDirectory
SetRunAsAdministrator
SetShortCutArgs
SetShortCutDescription
SetShortCutHotkey
SetShortCutIconIndex
SetShortCutIconLocation
SetShortCutShowMode
SetShortCutTarget
SetShortCutWorkingDirectory

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1014B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Code Sign

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

Issuer

CN=diakov.soft

Not Before

10/10/2020, 10:39

Not After

08/01/2021, 21:00

Subject

CN=diakov.soft

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7
Signer

Actual PE Digest

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ToolTips.dll
.dll windows:4 windows x86 arch:x86

04338c58e26f4ac6ae89608ac6276429

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcessHeap
GlobalFree
HeapAlloc

user32

GetClientRect
SendMessageA
CreateWindowExA

comctl32

ord17

Exports

Exports

Author
Classic
Modern

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 409B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 186B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsis-r.bmp
$PLUGINSDIR/orange-r.bmp
App/AppInfo/appicon.ico
App/AppInfo/appicon_16.png
.png
App/AppInfo/appicon_32.png
.png
App/AppInfo/appinfo.ini
App/TotalCommander/BLAKEX32.DLL
.dll windows:5 windows x86 arch:x86

ed02872256a88488a369fae099cd8499

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW

Exports

Exports

Blake3Finalize
Blake3Init
Blake3Update

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/BLAKEX64.DLL
.dll windows:6 windows x64 arch:x64

b3f852f717f5b6ea49ab39865ea5f006

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\vcc64\blake3test\x64\Release\blake3lib.pdb

Imports

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW

Exports

Exports

Blake3Finalize
Blake3Init
Blake3Update

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/CABRK.DLL
.dll windows:1 windows x86 arch:x86

24443a39fe269254c2d4374dee7b22b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

GetActiveWindow
MessageBoxA
wsprintfA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateMutexA
CreateThread
ExitProcess
ExitThread
GetCommandLineA
GetCurrentThreadId
GetCurrentThread
GetEnvironmentStrings
GetFileType
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStdHandle
GetVersion
LoadLibraryA
ReleaseMutex
SetConsoleCtrlHandler
SetEvent
SetStdHandle
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteFile

Exports

Exports

_zFCIFDIGetErrno
_zFCIFDISetErrno
_zFDICopy
_zFDICreate
_zFDIDestroy
_zFDIIsCabinet

Sections

BEGTEXT
Size: 35KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DGROUP
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 11KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/CGLPT64.SYS
.sys windows:6 windows x64 arch:x64

0f4173f7aa6a0a88d6b52a51ad811216

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:cb:fd:b3:b2:25:d4:fd:03:c7:6c:8e:b7:8f:36:85
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/05/2010, 00:00

Not After

11/05/2011, 23:59

Subject

CN=Ghisler Software GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e3:2f:35:53:db:7c:25:92:d3:3b:98:0b:89:b2:4a:22:26:5b:84:35
Signer

Actual PE Digest

e3:2f:35:53:db:7c:25:92:d3:3b:98:0b:89:b2:4a:22:26:5b:84:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\winddk\cglptnt64\objfre_wlh_AMD64\amd64\CGLptNt.pdb

Imports

ntoskrnl.exe

IoWriteErrorLogEntry
swprintf
IoAllocateErrorLogEntry
DbgPrint
ExAllocatePoolWithTag
IoGetConfigurationInformation
IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
ExFreePoolWithTag
IoRegisterPlugPlayNotification
KeInitializeMutex
RtlInitUnicodeString
RtlIntegerToUnicodeString
IoDeleteDevice
KeInitializeEvent
KeReleaseMutex
IoGetDeviceObjectPointer
IoCreateUnprotectedSymbolicLink
IoUnregisterPlugPlayNotification
RtlAppendUnicodeStringToString
KeWaitForSingleObject
IoGetDeviceInterfaces
ObfDereferenceObject
IoCreateDevice
IofCallDriver
IofCompleteRequest
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeReadStateEvent
IoCancelIrp
KeDelayExecutionThread
KeQueryTimeIncrement
KeBugCheckEx

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/CGLPT9X.VXD
App/TotalCommander/CGLPTNT.SYS
.sys windows:5 windows x86 arch:x86

a1aafec5128ab759a4e2c7c3e94b392b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:cb:fd:b3:b2:25:d4:fd:03:c7:6c:8e:b7:8f:36:85
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/05/2010, 00:00

Not After

11/05/2011, 23:59

Subject

CN=Ghisler Software GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

55:f0:36:0a:b0:38:7d:85:9d:2e:a1:7c:e6:f5:37:3b:f8:ec:48:d3
Signer

Actual PE Digest

55:f0:36:0a:b0:38:7d:85:9d:2e:a1:7c:e6:f5:37:3b:f8:ec:48:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
ObfDereferenceObject
IoCreateDevice
ExFreePool
IoGetDeviceObjectPointer
RtlAppendUnicodeStringToString
ExAllocatePoolWithTag
RtlIntegerToUnicodeString
RtlInitUnicodeString
KeWaitForSingleObject
IofCallDriver
IoCreateUnprotectedSymbolicLink
KeInitializeEvent
IofCompleteRequest
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoDeleteSymbolicLink
IoCancelIrp
KeReadStateEvent
KeDelayExecutionThread
KeTickCount
KeQueryTimeIncrement
_allmul
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
IoBuildDeviceIoControlRequest
IoGetConfigurationInformation

hal

READ_PORT_UCHAR
KfRaiseIrql
KfLowerIrql
WRITE_PORT_UCHAR

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 288B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/DEFAULT.BAR
App/TotalCommander/FILTER32/AutoPitch.dll
.dll regsvr32 windows:4 windows x86 arch:x86

63c02b87c78810731911e5d28eeafafb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DELPHI\EXEDPR\filter32\AutoPitch.pdb

Imports

winmm

timeSetEvent
timeGetTime

soundtouchdll

soundtouch_setSampleRate
soundtouch_destroyInstance
soundtouch_putSamples
soundtouch_receiveSamples
soundtouch_receiveSamples_i16
soundtouch_numSamples
soundtouch_putSamples_i16
soundtouch_setPitch
soundtouch_setChannels
soundtouch_createInstance

kernel32

GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
FreeLibrary
InterlockedDecrement
LoadLibraryW
lstrcmpW
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
CreateEventW
ResetEvent
DuplicateHandle
GetCurrentProcess
GetCurrentThreadId
SetEvent
WaitForMultipleObjects
WaitForSingleObject
CreateSemaphoreW
GetStringTypeW
GetSystemInfo
VirtualAlloc
VirtualFree
lstrlenW
MultiByteToWideChar
lstrlenA
GetLastError
GetModuleFileNameA
GetVersionExW
DisableThreadLibraryCalls
InterlockedExchange
CreateThread
GetProcAddress
GetModuleHandleW
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetTickCount
GetLocaleInfoA
LoadLibraryA
HeapSize
HeapReAlloc
SetStdHandle
ReleaseSemaphore
FlushFileBuffers
CreateFileA
IsValidCodePage
WriteConsoleW
GetConsoleOutputCP
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
WriteFile
WriteConsoleA

user32

GetQueueStatus
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
RegisterWindowMessageW
DispatchMessageW

advapi32

RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyW

ole32

StringFromGUID2
CoTaskMemAlloc
CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/FILTER32/SoundTouchDLL.dll
.dll windows:6 windows x86 arch:x86

4d18aea240985d4251a8d0d909109f73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
CloseHandle
SetFilePointerEx
CreateFileW
WriteConsoleW
DecodePointer

Exports

Exports

bpm_createInstance
bpm_destroyInstance
bpm_getBpm
bpm_putSamples
bpm_putSamples_i16
soundtouch_clear
soundtouch_createInstance
soundtouch_destroyInstance
soundtouch_flush
soundtouch_getSetting
soundtouch_getVersionId
soundtouch_getVersionString
soundtouch_getVersionString2
soundtouch_isEmpty
soundtouch_numSamples
soundtouch_numUnprocessedSamples
soundtouch_putSamples
soundtouch_putSamples_i16
soundtouch_receiveSamples
soundtouch_receiveSamples_i16
soundtouch_setChannels
soundtouch_setPitch
soundtouch_setPitchOctaves
soundtouch_setPitchSemiTones
soundtouch_setRate
soundtouch_setRateChange
soundtouch_setSampleRate
soundtouch_setSetting
soundtouch_setTempo
soundtouch_setTempoChange

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/FILTER32/SoundTouchDLL_License.txt
App/TotalCommander/FILTER32/vmr9rotator.dll
.dll windows:4 windows x86 arch:x86

f6d2e09dd22de09774e6c3008a71dcf5

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:fc:1d:02:0d:4f:02:63:5d:74:52:89:2e:da:3c:da
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/10/2019, 00:00

Not After

28/10/2022, 12:00

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:e9:b8:f9:af:13:d5:53:ba:9a:56:d3:90:76:43:29:a8:ef:30:59:d4:b0:1e:20:37:7e:3b:3f:1c:94:16:60
Signer

Actual PE Digest

ab:e9:b8:f9:af:13:d5:53:ba:9a:56:d3:90:76:43:29:a8:ef:30:59:d4:b0:1e:20:37:7e:3b:3f:1c:94:16:60

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DELPHI\EXEDPR\filter32\vmr9rotator.pdb

Imports

d3d9

Direct3DCreate9

kernel32

ExitProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetTickCount
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
WriteFile
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

user32

GetClientRect
IsWindow

Exports

Exports

DllMain
LoadVrm9Rotator
RotatorResize

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/FILTER64/AutoPitch.dll
.dll regsvr32 windows:4 windows x64 arch:x64

a53a98e40ab9e68cecd4c478ea814039

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\Lazarus\exedpr64.901\filter64\AutoPitch.pdb

Imports

winmm

timeSetEvent
timeGetTime

soundtouchdll_x64

soundtouch_putSamples_i16
soundtouch_setPitch
soundtouch_setSampleRate
soundtouch_destroyInstance
soundtouch_putSamples
soundtouch_receiveSamples
soundtouch_receiveSamples_i16
soundtouch_numSamples
soundtouch_createInstance
soundtouch_setChannels

kernel32

WriteConsoleA
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
LoadLibraryW
lstrcmpW
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
CreateEventW
ResetEvent
DuplicateHandle
GetCurrentProcess
GetCurrentThreadId
SetEvent
WaitForMultipleObjects
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
GetConsoleOutputCP
VirtualAlloc
VirtualFree
lstrlenW
MultiByteToWideChar
lstrlenA
GetLastError
GetModuleFileNameA
GetVersionExW
DisableThreadLibraryCalls
CreateThread
GetProcAddress
GetModuleHandleW
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetTickCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetSystemInfo
SetFilePointer
GetLocaleInfoA
HeapReAlloc
LoadLibraryA
HeapSize
GetOEMCP
GetACP
GetCPInfo
RtlLookupFunctionEntry
RtlUnwindEx
FlsSetValue
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
RaiseException
RtlPcToFileHeader
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
ExitProcess
Sleep
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
WriteFile
IsValidCodePage

user32

PostThreadMessageW
MsgWaitForMultipleObjects
GetQueueStatus
DispatchMessageW
RegisterWindowMessageW
PeekMessageW

advapi32

RegSetValueExW
RegCreateKeyW
RegSetValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW

ole32

CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/FILTER64/SoundTouchDLL_License.txt
App/TotalCommander/FILTER64/SoundTouchDLL_x64.dll
.dll windows:6 windows x64 arch:x64

1bec5be4f1adcb506b409eeec796cb10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
CloseHandle
SetFilePointerEx
CreateFileW
WriteConsoleW

Exports

Exports

bpm_createInstance
bpm_destroyInstance
bpm_getBpm
bpm_putSamples
bpm_putSamples_i16
soundtouch_clear
soundtouch_createInstance
soundtouch_destroyInstance
soundtouch_flush
soundtouch_getSetting
soundtouch_getVersionId
soundtouch_getVersionString
soundtouch_getVersionString2
soundtouch_isEmpty
soundtouch_numSamples
soundtouch_numUnprocessedSamples
soundtouch_putSamples
soundtouch_putSamples_i16
soundtouch_receiveSamples
soundtouch_receiveSamples_i16
soundtouch_setChannels
soundtouch_setPitch
soundtouch_setPitchOctaves
soundtouch_setPitchSemiTones
soundtouch_setRate
soundtouch_setRateChange
soundtouch_setSampleRate
soundtouch_setSetting
soundtouch_setTempo
soundtouch_setTempoChange

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/FILTER64/vmr9rotator.dll
.dll windows:4 windows x64 arch:x64

0c7fb04403fb18532c0f865e9e71acf6

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:fc:1d:02:0d:4f:02:63:5d:74:52:89:2e:da:3c:da
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/10/2019, 00:00

Not After

28/10/2022, 12:00

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:5b:54:63:87:63:a3:ae:21:7f:70:d8:b1:58:4b:22:f7:3b:8a:2d:ee:e7:6f:23:de:c1:70:37:d2:67:7b:40
Signer

Actual PE Digest

25:5b:54:63:87:63:a3:ae:21:7f:70:d8:b1:58:4b:22:f7:3b:8a:2d:ee:e7:6f:23:de:c1:70:37:d2:67:7b:40

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\Lazarus\exedpr64.901\filter64\vmr9rotator.pdb

Imports

d3d9

Direct3DCreate9

kernel32

HeapDestroy
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetLastError
HeapFree
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
GetProcAddress
GetModuleHandleA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
HeapSetInformation
HeapCreate
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
WriteFile
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
HeapReAlloc
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

user32

GetClientRect
IsWindow

Exports

Exports

DllMain
LoadVrm9Rotator
RotatorResize

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/FRERES32.DLL
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetFreeSystemResources32

Sections

CODE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
App/TotalCommander/HISTORY.TXT
App/TotalCommander/LANGUAGE/WCMD_CHN.INC
App/TotalCommander/LANGUAGE/WCMD_CHN.LNG
App/TotalCommander/LANGUAGE/WCMD_CHN.MNU
App/TotalCommander/LANGUAGE/WCMD_CZ.INC
App/TotalCommander/LANGUAGE/WCMD_CZ.LNG
App/TotalCommander/LANGUAGE/WCMD_CZ.MNU
App/TotalCommander/LANGUAGE/WCMD_DAN.INC
App/TotalCommander/LANGUAGE/WCMD_DAN.LNG
App/TotalCommander/LANGUAGE/WCMD_DAN.MNU
App/TotalCommander/LANGUAGE/WCMD_DEU.INC
App/TotalCommander/LANGUAGE/WCMD_DEU.LNG
App/TotalCommander/LANGUAGE/WCMD_DEU.MNU
App/TotalCommander/LANGUAGE/WCMD_DUT.INC
App/TotalCommander/LANGUAGE/WCMD_DUT.LNG
App/TotalCommander/LANGUAGE/WCMD_DUT.MNU
App/TotalCommander/LANGUAGE/WCMD_ENG.MNU
App/TotalCommander/LANGUAGE/WCMD_ESP.INC
App/TotalCommander/LANGUAGE/WCMD_ESP.LNG
App/TotalCommander/LANGUAGE/WCMD_ESP.MNU
App/TotalCommander/LANGUAGE/WCMD_FRA.INC
App/TotalCommander/LANGUAGE/WCMD_FRA.LNG
App/TotalCommander/LANGUAGE/WCMD_FRA.MNU
App/TotalCommander/LANGUAGE/WCMD_HUN.INC
App/TotalCommander/LANGUAGE/WCMD_HUN.LNG
App/TotalCommander/LANGUAGE/WCMD_HUN.MNU
App/TotalCommander/LANGUAGE/WCMD_ITA.INC
App/TotalCommander/LANGUAGE/WCMD_ITA.LNG
App/TotalCommander/LANGUAGE/WCMD_ITA.MNU
App/TotalCommander/LANGUAGE/WCMD_KOR.INC
App/TotalCommander/LANGUAGE/WCMD_KOR.LNG
App/TotalCommander/LANGUAGE/WCMD_KOR.MNU
App/TotalCommander/LANGUAGE/WCMD_NOR.LNG
App/TotalCommander/LANGUAGE/WCMD_NOR.MNU
App/TotalCommander/LANGUAGE/WCMD_POL.INC
App/TotalCommander/LANGUAGE/WCMD_POL.LNG
App/TotalCommander/LANGUAGE/WCMD_POL.MNU
App/TotalCommander/LANGUAGE/WCMD_ROM.INC
App/TotalCommander/LANGUAGE/WCMD_ROM.LNG
App/TotalCommander/LANGUAGE/WCMD_ROM.MNU
App/TotalCommander/LANGUAGE/WCMD_RUS.INC
App/TotalCommander/LANGUAGE/WCMD_RUS.LNG
App/TotalCommander/LANGUAGE/WCMD_RUS.MNU
App/TotalCommander/LANGUAGE/WCMD_SK.LNG
App/TotalCommander/LANGUAGE/WCMD_SK.MNU
App/TotalCommander/LANGUAGE/WCMD_SVN.INC
App/TotalCommander/LANGUAGE/WCMD_SVN.LNG
App/TotalCommander/LANGUAGE/WCMD_SVN.MNU
App/TotalCommander/LANGUAGE/WCMD_SWE.INC
App/TotalCommander/LANGUAGE/WCMD_SWE.LNG
App/TotalCommander/LANGUAGE/WCMD_SWE.MNU
App/TotalCommander/LANGUAGE/WCMD_UKR.INC
App/TotalCommander/LANGUAGE/WCMD_UKR.LNG
App/TotalCommander/LANGUAGE/WCMD_UKR.MNU
App/TotalCommander/LIBDEFLATE.DLL
.dll windows:6 windows x86 arch:x86

e4f8d9e08c26350d5a520223f8c47588

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
LCMapStringW
GetProcessHeap
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
DecodePointer

Exports

Exports

libdeflate_adler32
libdeflate_alloc_compressor
libdeflate_alloc_decompressor
libdeflate_alloc_decompressor2
libdeflate_crc32
libdeflate_deflate_compress
libdeflate_deflate_compress_bound
libdeflate_deflate_compress_with_callback
libdeflate_deflate_decompress
libdeflate_deflate_decompress_ex
libdeflate_deflate_decompress_with_callback
libdeflate_free_compressor
libdeflate_free_decompressor
libdeflate_gzip_compress
libdeflate_gzip_compress_bound
libdeflate_gzip_decompress
libdeflate_gzip_decompress_ex
libdeflate_set_memory_allocator
libdeflate_zlib_compress
libdeflate_zlib_compress_bound
libdeflate_zlib_decompress
libdeflate_zlib_decompress_ex

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/LIBDEFLATE64.DLL
.dll windows:6 windows x64 arch:x64

b3f852f717f5b6ea49ab39865ea5f006

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW

Exports

Exports

libdeflate_alloc_compressor
libdeflate_alloc_decompressor
libdeflate_alloc_decompressor2
libdeflate_crc32
libdeflate_deflate_compress
libdeflate_deflate_compress_bound
libdeflate_deflate_compress_with_callback
libdeflate_deflate_decompress
libdeflate_deflate_decompress_ex
libdeflate_deflate_decompress_with_callback
libdeflate_free_compressor
libdeflate_free_decompressor
libdeflate_gzip_compress
libdeflate_gzip_compress_bound
libdeflate_gzip_decompress
libdeflate_gzip_decompress_ex
libdeflate_set_memory_allocator

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/NO.BAR
App/TotalCommander/NOCLOSE.EXE
.exe windows:4 windows x86 arch:x86

b34c97cd545f501381f9f8f4156ee837

Code Sign

01:72:ea:14:b7:01:21:b0:69:1c:3a:59:39:e9:12:c1
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/10/2019, 00:00

Not After

28/10/2022, 12:00

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:fc:1d:02:0d:4f:02:63:5d:74:52:89:2e:da:3c:da
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/10/2019, 00:00

Not After

28/10/2022, 12:00

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:91:f8:b8:65:6e:08:72:ad:7a:5d:70:41:69:08:0a:c8:31:4a:07:be:e9:d1:73:f8:64:a7:53:16:6c:38:e3
Signer

Actual PE Digest

5b:91:f8:b8:65:6e:08:72:ad:7a:5d:70:41:69:08:0a:c8:31:4a:07:be:e9:d1:73:f8:64:a7:53:16:6c:38:e3

Digest Algorithm

sha256

PE Digest Matches

true

23:b9:83:2d:b1:1b:25:91:6a:b6:c8:1d:a8:bc:bd:56:36:b9:ef:66
Signer

Actual PE Digest

23:b9:83:2d:b1:1b:25:91:6a:b6:c8:1d:a8:bc:bd:56:36:b9:ef:66

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CloseHandle
CreateProcessA
CreateProcessW
GetCommandLineW
GetVersionExA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
App/TotalCommander/NOCLOSE64.EXE
.exe windows:4 windows x64 arch:x64

7f7a7d0212ece75ce22c3d0a75be1cbf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:6c:61:75:7a:92:3f:50:c8:2e:b6:aa:18:d2:1f:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/09/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f2:6d:2b:4d:e7:eb:bb:26:05:fd:83:cc:b1:f4:ad
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/05/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8f:41:03:68:51:9e:c5:55:fb:c6:ea:cc:ef:a9:a8:97:46:b9:a7:c1:2e:0f:76:77:11:5b:23:89:7a:3d:da:bf
Signer

Actual PE Digest

8f:41:03:68:51:9e:c5:55:fb:c6:ea:cc:ef:a9:a8:97:46:b9:a7:c1:2e:0f:76:77:11:5b:23:89:7a:3d:da:bf

Digest Algorithm

sha256

PE Digest Matches

true

5a:39:27:84:fe:22:9f:4a:8a:32:b2:ef:e7:46:41:09:4d:f6:f4:b3
Signer

Actual PE Digest

5a:39:27:84:fe:22:9f:4a:8a:32:b2:ef:e7:46:41:09:4d:f6:f4:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
WaitForSingleObject
CreateProcessA
CreateProcessW
GetCommandLineW
GetVersionExA
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
HeapSize
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapReAlloc

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
App/TotalCommander/SFXHEAD.SFX
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 15KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
App/TotalCommander/SHARE_NT.EXE
App/TotalCommander/TC7Z.DLL
.dll windows:4 windows x86 arch:x86

c9250ea0ac21fea97f7f1d0f9ab3ab31

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
VirtualAlloc
VirtualFree
GetVersion
IsProcessorFeaturePresent
InterlockedIncrement
CloseHandle
WaitForSingleObject
SetEvent
ResetEvent
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
GetProcessAffinityMask
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatus
GetProcAddress
GetModuleHandleA
GetStringTypeW
GetStringTypeA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
TerminateProcess
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
SetLastError
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
HeapSize
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
InterlockedDecrement
LCMapStringA
LCMapStringW

oleaut32

SysAllocStringLen
VariantClear
SysFreeString
SysAllocStringByteLen
SysStringLen

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetModuleProp
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/TC7Z64.DLL
.dll windows:4 windows x64 arch:x64

a27ce0214cd0b4a2fb345b0b1acae645

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\vcc64\7zip\CPP\7zip\Bundles\Format7zExtract\x64\Release\Format7zExtract.pdb

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetCurrentProcess
GlobalMemoryStatusEx
GetSystemInfo
GetProcessAffinityMask
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WriteFile
CloseHandle
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleA
WaitForSingleObject
SetEvent
InitializeCriticalSection
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
ResetEvent
RaiseException
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
ExitThread
GetCurrentThreadId
CreateThread
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
RtlUnwindEx
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
Sleep
HeapSize
LoadLibraryA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
GetLocaleInfoA
RtlPcToFileHeader

oleaut32

SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantClear
SysStringLen

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetModuleProp
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/TC7ZIPIF.DLL
.dll windows:4 windows x86 arch:x86

6242c71257a79d40e3422e635c45c590

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:d9:b4:e7:4c:7f:5f:41:d5:d9:60:fd:a6:f9:22:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/10/2022, 00:00

Not After

12/10/2025, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:4f:09:4d:af:03:41:b4:6b:67:59:0b:1d:85:5d:f9:c8:f0:ef:f4:df:30:52:86:9e:26:12:c0:48:43:35:8d
Signer

Actual PE Digest

23:4f:09:4d:af:03:41:b4:6b:67:59:0b:1d:85:5d:f9:c8:f0:ef:f4:df:30:52:86:9e:26:12:c0:48:43:35:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
LoadLibraryA
AreFileApisANSI
GetModuleFileNameA
CloseHandle
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
SetFileAttributesW
CreateDirectoryA
CreateDirectoryW
GetLastError
DeleteFileA
DeleteFileW
FindClose
FindFirstFileA
FindFirstFileW
CreateFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
GetProcAddress
GetVersionExA
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
SetUnhandledExceptionFilter
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
InterlockedDecrement
InterlockedIncrement
GetStringTypeA
GetStringTypeW

oleaut32

VariantClear
SysAllocString

Exports

Exports

close7zArchive
extract7zFiles
getFileDetails
load7zLibrary
open7zArchive

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/TCLZMA64.DLL
.dll windows:4 windows x64 arch:x64

24f11c986561e10fc9ca31b65fd8102c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
VirtualFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
WaitForSingleObject
ResumeThread
SetThreadAffinityMask
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
__C_specific_handler
InitializeCriticalSection
HeapAlloc
HeapFree
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
ExitThread
GetCurrentThreadId
CreateThread
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
LoadLibraryA
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

BrotliDecoderCreateInstance
BrotliDecoderDecompressStream
BrotliDecoderDestroyInstance
LzmaCompress
LzmaDec_Allocate
LzmaDec_Constr
LzmaDec_DecodeToBuf
LzmaDec_Free
LzmaDec_Init
LzmaEncProps_Init
LzmaEnc_Create
LzmaEnc_Destroy
LzmaEnc_Encode
LzmaEnc_SetProps
LzmaEnc_WriteProperties
LzmaUncompress
XzUnpacker_Code
XzUnpacker_Create
XzUnpacker_Free

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/TCMADM64.EXE
.exe windows:4 windows x64 arch:x64

1956e10634b8112137771b4ca004fad3

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:72:ea:14:b7:01:21:b0:69:1c:3a:59:39:e9:12:c1
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/10/2019, 00:00

Not After

28/10/2022, 12:00

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:fc:1d:02:0d:4f:02:63:5d:74:52:89:2e:da:3c:da
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/10/2019, 00:00

Not After

28/10/2022, 12:00

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:ee:1d:81:5b:b3:70:dd:6d:7c:40:52:3e:b8:1a:20:d6:f7:7c:47:32:d1:35:6f:be:cf:b7:ec:0a:60:16:82
Signer

Actual PE Digest

51:ee:1d:81:5b:b3:70:dd:6d:7c:40:52:3e:b8:1a:20:d6:f7:7c:47:32:d1:35:6f:be:cf:b7:ec:0a:60:16:82

Digest Algorithm

sha256

PE Digest Matches

true

a4:b3:9f:08:1d:75:be:a6:60:c9:89:60:3c:66:ab:bb:f2:c6:d3:54
Signer

Actual PE Digest

a4:b3:9f:08:1d:75:be:a6:60:c9:89:60:3c:66:ab:bb:f2:c6:d3:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
RemoveDirectoryW
CreateDirectoryW
DisconnectNamedPipe
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
DuplicateHandle
GetCurrentProcess
OpenProcess
CreateFileW
DeleteFileW
CopyFileExW
MoveFileWithProgressW
SetFileAttributesW
ConnectNamedPipe
GetCurrentThreadId
CreateFileA
WaitNamedPipeA
GetVersionExA
CreateThread
DeviceIoControl
CloseHandle
CreateNamedPipeA
LocalFree
GetTickCount
WriteFile
PeekNamedPipe
ReadFile
Sleep
GetProcAddress
GetLastError
LocalAlloc
GetSystemDirectoryW
LoadLibraryExW
GetWindowsDirectoryW
LoadLibraryExA
GetSystemDirectoryA
GetWindowsDirectoryA
SetVolumeLabelW
MultiByteToWideChar
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ExitProcess
GetStdHandle
GetModuleFileNameA
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
HeapReAlloc

user32

MessageBoxA

advapi32

SetFileSecurityW
GetSecurityDescriptorControl
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
IsValidSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetUserNameA
LookupAccountNameA
GetFileSecurityW

shell32

SHFileOperationW

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
App/TotalCommander/TCMADMIN.EXE
.exe windows:4 windows x86 arch:x86

dbb360963e56281752abe192d9c83afe

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:72:ea:14:b7:01:21:b0:69:1c:3a:59:39:e9:12:c1
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/10/2019, 00:00

Not After

28/10/2022, 12:00

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:fc:1d:02:0d:4f:02:63:5d:74:52:89:2e:da:3c:da
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/10/2019, 00:00

Not After

28/10/2022, 12:00

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:cd:48:ca:67:47:d5:7e:39:86:d0:59:03:df:25:c9:27:ba:2a:6a:69:87:10:bc:3b:3a:59:d5:ac:14:62:99
Signer

Actual PE Digest

1e:cd:48:ca:67:47:d5:7e:39:86:d0:59:03:df:25:c9:27:ba:2a:6a:69:87:10:bc:3b:3a:59:d5:ac:14:62:99

Digest Algorithm

sha256

PE Digest Matches

true

e4:d7:3f:4d:46:01:3e:bd:06:2c:a3:5b:2f:42:58:9e:f2:44:3d:a2
Signer

Actual PE Digest

e4:d7:3f:4d:46:01:3e:bd:06:2c:a3:5b:2f:42:58:9e:f2:44:3d:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
RemoveDirectoryW
CreateDirectoryW
DisconnectNamedPipe
CopyFileExW
MoveFileWithProgressW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
DuplicateHandle
GetCurrentProcess
CreateFileW
SetVolumeLabelW
DeleteFileW
SetFileAttributesW
ConnectNamedPipe
GetCurrentThreadId
CreateFileA
WaitNamedPipeA
GetVersionExA
CreateThread
DeviceIoControl
CloseHandle
CreateNamedPipeA
LocalFree
GetTickCount
WriteFile
PeekNamedPipe
ReadFile
Sleep
GetProcAddress
GetLastError
LocalAlloc
GetSystemDirectoryW
LoadLibraryExW
GetWindowsDirectoryW
LoadLibraryExA
MultiByteToWideChar
GetSystemDirectoryA
GetWindowsDirectoryA
OpenProcess
WideCharToMultiByte
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

user32

MessageBoxA

advapi32

GetSecurityDescriptorControl
GetFileSecurityW
SetFileSecurityW
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
IsValidSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetUserNameA
LookupAccountNameA

shell32

SHFileOperationW

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
App/TotalCommander/TCMDLZMA.DLL
.dll windows:4 windows x86 arch:x86

b440fd57fd46e4f21d8e917e64344f85

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
VirtualFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
GetLastError
CloseHandle
WaitForSingleObject
ResumeThread
SetThreadAffinityMask
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
HeapAlloc
HeapFree
HeapReAlloc
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InterlockedDecrement
ExitProcess
ExitThread
CreateThread
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapDestroy
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
Sleep
LoadLibraryA
RtlUnwind
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Exports

Exports

BrotliDecoderCreateInstance
BrotliDecoderDecompressStream
BrotliDecoderDestroyInstance
LzmaCompress
LzmaDec_Allocate
LzmaDec_Constr
LzmaDec_DecodeToBuf
LzmaDec_Free
LzmaDec_Init
LzmaEncProps_Init
LzmaEnc_Create
LzmaEnc_Destroy
LzmaEnc_Encode
LzmaEnc_SetProps
LzmaEnc_WriteProperties
LzmaUncompress
XzUnpacker_Code
XzUnpacker_Create
XzUnpacker_Free

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/TCMDX32.EXE
.exe windows:4 windows x86 arch:x86

84dbe7df2013871e34ac7edeb548920b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:6c:61:75:7a:92:3f:50:c8:2e:b6:aa:18:d2:1f:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/09/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f2:6d:2b:4d:e7:eb:bb:26:05:fd:83:cc:b1:f4:ad
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/05/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bd:3a:45:f5:cc:5f:e7:aa:f5:4e:3b:1f:54:79:69:95:e3:0f:dc:89:dc:3d:32:da:87:32:65:8d:3f:65:64:a5
Signer

Actual PE Digest

bd:3a:45:f5:cc:5f:e7:aa:f5:4e:3b:1f:54:79:69:95:e3:0f:dc:89:dc:3d:32:da:87:32:65:8d:3f:65:64:a5

Digest Algorithm

sha256

PE Digest Matches

true

74:53:d8:5f:76:87:ec:9e:3c:19:46:a2:64:cc:ce:57:1d:d2:1c:97
Signer

Actual PE Digest

74:53:d8:5f:76:87:ec:9e:3c:19:46:a2:64:cc:ce:57:1d:d2:1c:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
SetStdHandle
FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeA
GetOEMCP
GetCPInfo
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
SetErrorMode
CreateThread
ConnectNamedPipe
GetLastError
GetTickCount
PeekNamedPipe
ReadFile
WideCharToMultiByte
GetCurrentProcessId
WriteFile
GetModuleFileNameW
GetEnvironmentVariableA
GetStringTypeW
GetACP
GetVersionExA
Sleep
WaitNamedPipeA
CreateFileA
DisconnectNamedPipe
CloseHandle
GetProcAddress
CreateNamedPipeA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
LoadLibraryA
HeapFree
HeapAlloc
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection

user32

GetMenuItemInfoW
GetMenuItemCount
GetMenuItemInfoA
MessageBoxA
GetActiveWindow
CharUpperW
PeekMessageA
TranslateMessage
DispatchMessageA
DestroyMenu
CreatePopupMenu
GetMenuItemID
GetDC
GetSysColor
FillRect
ReleaseDC
DestroyWindow
GetDesktopWindow
GetKeyState
MessageBoxW
CreateWindowExA
RegisterClassExA
DefWindowProcA
PostQuitMessage
SystemParametersInfoA
wsprintfW
DeleteMenu

gdi32

DeleteObject
CreateDIBSection
SelectObject
CreateSolidBrush
SetBkColor
SetTextColor
SetBkMode
GdiFlush
DeleteDC
GetObjectA
GetDIBits
CreateFontIndirectA
TranslateCharsetInfo
CreateCompatibleDC

advapi32

RegOpenKeyA
RegQueryValueA
RegQueryValueW
RegOpenKeyW
RegCloseKey
RegEnumKeyA

shell32

SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation

ole32

CLSIDFromString
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance

comctl32

ord17

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
App/TotalCommander/TCMDX64.EXE
.exe windows:4 windows x64 arch:x64

e72616a6647b2da61de1c26bf632c2f9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:6c:61:75:7a:92:3f:50:c8:2e:b6:aa:18:d2:1f:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/09/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f2:6d:2b:4d:e7:eb:bb:26:05:fd:83:cc:b1:f4:ad
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/05/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ca:68:23:75:82:c0:2b:52:7d:25:83:26:b0:a4:63:e9:2f:47:6e:2b:0d:7c:a1:bf:d2:0d:18:f0:4c:79:62:51
Signer

Actual PE Digest

ca:68:23:75:82:c0:2b:52:7d:25:83:26:b0:a4:63:e9:2f:47:6e:2b:0d:7c:a1:bf:d2:0d:18:f0:4c:79:62:51

Digest Algorithm

sha256

PE Digest Matches

true

a2:07:0b:e1:8f:b5:78:67:fc:dc:bf:6e:b0:31:a9:7e:58:e5:27:33
Signer

Actual PE Digest

a2:07:0b:e1:8f:b5:78:67:fc:dc:bf:6e:b0:31:a9:7e:58:e5:27:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ord17

user32

FillRect
TranslateMessage
GetDC
PostQuitMessage
RegisterClassExA
CreatePopupMenu
MessageBoxW
GetSysColor
GetDesktopWindow
MessageBoxA
wsprintfW
GetMenuItemID
CreateWindowExA
SystemParametersInfoA
PeekMessageA
ReleaseDC
DestroyMenu
GetActiveWindow
GetMenuItemCount
DestroyWindow
GetKeyState
CharUpperW
DefWindowProcA
GetMenuItemInfoW
DispatchMessageA
DeleteMenu
GetMenuItemInfoA

kernel32

GetLocaleInfoA
ConnectNamedPipe
GetACP
SetErrorMode
MultiByteToWideChar
GetTickCount
Sleep
LoadLibraryA
DisconnectNamedPipe
WaitNamedPipeA
WriteFile
GetLastError
GetVersionExA
CloseHandle
ReadFile
GetProcAddress
GetCurrentProcessId
GetModuleFileNameW
CreateNamedPipeA
CreateThread
PeekNamedPipe
WideCharToMultiByte
HeapReAlloc
SetFilePointer
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapSize
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
FlsAlloc
SetLastError
FlsFree
HeapFree
HeapAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
HeapCreate
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
FlsGetValue
FlsSetValue
TlsFree
GetCurrentThreadId

gdi32

CreateCompatibleDC
GetObjectA
TranslateCharsetInfo
SetTextColor
SetBkMode
DeleteDC
DeleteObject
CreateDIBSection
SelectObject
CreateFontIndirectA
CreateSolidBrush
GetDIBits
SetBkColor
GdiFlush

shell32

SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc

ole32

CLSIDFromString
OleInitialize
CoCreateInstance
CoInitialize
CoUninitialize
OleUninitialize

advapi32

RegEnumKeyA
RegOpenKeyW
RegQueryValueA
RegCloseKey
RegQueryValueW
RegOpenKeyA

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
App/TotalCommander/TCUNZL64.DLL
.dll windows:4 windows x64 arch:x64

5b6d4da1a573b1f08533f8b637b52442

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:d9:b4:e7:4c:7f:5f:41:d5:d9:60:fd:a6:f9:22:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/10/2022, 00:00

Not After

12/10/2025, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:ea:17:82:e7:d8:c0:7c:99:4c:ec:6f:58:70:a3:27:84:e0:ac:1b:91:cf:ce:1a:1a:2e:5f:3c:2f:27:4f:90
Signer

Actual PE Digest

ee:ea:17:82:e7:d8:c0:7c:99:4c:ec:6f:58:70:a3:27:84:e0:ac:1b:91:cf:ce:1a:1a:2e:5f:3c:2f:27:4f:90

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CreateFileA
CloseHandle
FindClose
FindFirstFileA
ReadFile
SetFilePointer
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
GetLastError
HeapFree
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
Sleep
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
HeapSize
HeapReAlloc
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

Exports

Exports

DllMain
DoneInflate
InflateChunk
StartInflate
UnzipBzip2
UnzipPpmd

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/TCUNZLIB.DLL
.dll windows:4 windows x86 arch:x86

7f07d18822c6417c58c87cdf6243b29d

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:d9:b4:e7:4c:7f:5f:41:d5:d9:60:fd:a6:f9:22:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/10/2022, 00:00

Not After

12/10/2025, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ff:e3:33:38:92:ed:1a:45:4e:b6:78:d7:b3:76:6c:c2:38:fa:4d:67:8c:4d:15:e8:b1:c6:f2:ad:ff:fe:3d:7b
Signer

Actual PE Digest

ff:e3:33:38:92:ed:1a:45:4e:b6:78:d7:b3:76:6c:c2:38:fa:4d:67:8c:4d:15:e8:b1:c6:f2:ad:ff:fe:3d:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CloseHandle
FindFirstFileA
CreateFileA
FindClose
ReadFile
SetFilePointer
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
RtlUnwind
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
FlushFileBuffers
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetProcAddress
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
SetStdHandle
LCMapStringA
LCMapStringW

Exports

Exports

DllMain
_DoneInflate@4
_InflateChunk@32
_StartInflate@12
_UnzipBzip2@44
_UnzipPpmd@44

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/TCZSTD32.DLL
.dll windows:5 windows x86 arch:x86

ed02872256a88488a369fae099cd8499

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\vcc64\zstd\build\VS2010\bin\Win32_Release\libzstd.pdb

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW

Exports

Exports

ZSTD_DCtx_getParameter
ZSTD_DCtx_loadDictionary
ZSTD_DCtx_loadDictionary_advanced
ZSTD_DCtx_loadDictionary_byReference
ZSTD_DCtx_refDDict
ZSTD_DCtx_refPrefix
ZSTD_DCtx_refPrefix_advanced
ZSTD_DCtx_reset
ZSTD_DCtx_setFormat
ZSTD_DCtx_setMaxWindowSize
ZSTD_DCtx_setParameter
ZSTD_DStreamInSize
ZSTD_DStreamOutSize
ZSTD_copyDCtx
ZSTD_createDCtx
ZSTD_createDCtx_advanced
ZSTD_createDDict
ZSTD_createDDict_advanced
ZSTD_createDDict_byReference
ZSTD_createDStream
ZSTD_createDStream_advanced
ZSTD_dParam_getBounds
ZSTD_decodingBufferSize_min
ZSTD_decompress
ZSTD_decompressBegin
ZSTD_decompressBegin_usingDDict
ZSTD_decompressBegin_usingDict
ZSTD_decompressBlock
ZSTD_decompressBound
ZSTD_decompressContinue
ZSTD_decompressDCtx
ZSTD_decompressStream
ZSTD_decompressStream_simpleArgs
ZSTD_decompress_usingDDict
ZSTD_decompress_usingDict
ZSTD_decompressionMargin
ZSTD_estimateDCtxSize
ZSTD_estimateDDictSize
ZSTD_estimateDStreamSize
ZSTD_estimateDStreamSize_fromFrame
ZSTD_findDecompressedSize
ZSTD_findFrameCompressedSize
ZSTD_frameHeaderSize
ZSTD_freeDCtx
ZSTD_freeDDict
ZSTD_freeDStream
ZSTD_getDecompressedSize
ZSTD_getDictID_fromDDict
ZSTD_getDictID_fromDict
ZSTD_getDictID_fromFrame
ZSTD_getErrorCode
ZSTD_getErrorName
ZSTD_getErrorString
ZSTD_getFrameContentSize
ZSTD_getFrameHeader
ZSTD_getFrameHeader_advanced
ZSTD_initDStream
ZSTD_initDStream_usingDDict
ZSTD_initDStream_usingDict
ZSTD_initStaticDCtx
ZSTD_initStaticDDict
ZSTD_initStaticDStream
ZSTD_insertBlock
ZSTD_isError
ZSTD_isFrame
ZSTD_isSkippableFrame
ZSTD_nextInputType
ZSTD_nextSrcSizeToDecompress
ZSTD_readSkippableFrame
ZSTD_resetDStream
ZSTD_sizeof_DCtx
ZSTD_sizeof_DDict
ZSTD_sizeof_DStream
ZSTD_versionNumber
ZSTD_versionString

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/TCZSTD64.DLL
.dll windows:5 windows x64 arch:x64

e974ca7a0e6b48fe0789b5e8fd039bfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\vcc64\zstd\build\VS2010\bin\x64_Release\libzstd.pdb

Imports

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW

Exports

Exports

ZSTD_DCtx_getParameter
ZSTD_DCtx_loadDictionary
ZSTD_DCtx_loadDictionary_advanced
ZSTD_DCtx_loadDictionary_byReference
ZSTD_DCtx_refDDict
ZSTD_DCtx_refPrefix
ZSTD_DCtx_refPrefix_advanced
ZSTD_DCtx_reset
ZSTD_DCtx_setFormat
ZSTD_DCtx_setMaxWindowSize
ZSTD_DCtx_setParameter
ZSTD_DStreamInSize
ZSTD_DStreamOutSize
ZSTD_copyDCtx
ZSTD_createDCtx
ZSTD_createDCtx_advanced
ZSTD_createDDict
ZSTD_createDDict_advanced
ZSTD_createDDict_byReference
ZSTD_createDStream
ZSTD_createDStream_advanced
ZSTD_dParam_getBounds
ZSTD_decodingBufferSize_min
ZSTD_decompress
ZSTD_decompressBegin
ZSTD_decompressBegin_usingDDict
ZSTD_decompressBegin_usingDict
ZSTD_decompressBlock
ZSTD_decompressBound
ZSTD_decompressContinue
ZSTD_decompressDCtx
ZSTD_decompressStream
ZSTD_decompressStream_simpleArgs
ZSTD_decompress_usingDDict
ZSTD_decompress_usingDict
ZSTD_decompressionMargin
ZSTD_estimateDCtxSize
ZSTD_estimateDDictSize
ZSTD_estimateDStreamSize
ZSTD_estimateDStreamSize_fromFrame
ZSTD_findDecompressedSize
ZSTD_findFrameCompressedSize
ZSTD_frameHeaderSize
ZSTD_freeDCtx
ZSTD_freeDDict
ZSTD_freeDStream
ZSTD_getDecompressedSize
ZSTD_getDictID_fromDDict
ZSTD_getDictID_fromDict
ZSTD_getDictID_fromFrame
ZSTD_getErrorCode
ZSTD_getErrorName
ZSTD_getErrorString
ZSTD_getFrameContentSize
ZSTD_getFrameHeader
ZSTD_getFrameHeader_advanced
ZSTD_initDStream
ZSTD_initDStream_usingDDict
ZSTD_initDStream_usingDict
ZSTD_initStaticDCtx
ZSTD_initStaticDDict
ZSTD_initStaticDStream
ZSTD_insertBlock
ZSTD_isError
ZSTD_isFrame
ZSTD_isSkippableFrame
ZSTD_nextInputType
ZSTD_nextSrcSizeToDecompress
ZSTD_readSkippableFrame
ZSTD_resetDStream
ZSTD_sizeof_DCtx
ZSTD_sizeof_DDict
ZSTD_sizeof_DStream
ZSTD_versionNumber
ZSTD_versionString

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/TCshareWin10.dll
.dll windows:6 windows x86 arch:x86

f2289c5eb66bc3528dbd2c42ad4d345c

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:d9:b4:e7:4c:7f:5f:41:d5:d9:60:fd:a6:f9:22:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/10/2022, 00:00

Not After

12/10/2025, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:b4:9c:37:d1:fc:e2:70:11:1f:49:f8:19:42:94:e5:2f:bc:66:ce:f7:3e:31:c9:1f:b8:33:96:70:e1:9e:0b
Signer

Actual PE Digest

cf:b4:9c:37:d1:fc:e2:70:11:1f:49:f8:19:42:94:e5:2f:bc:66:ce:f7:3e:31:c9:1f:b8:33:96:70:e1:9e:0b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\vcc64\TCshareWin10\Release\TCshareWin10.pdb

Imports

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCompareStringOrdinal
WindowsDuplicateString
WindowsDeleteString
WindowsCreateString

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetFileType
FindClose
WriteFile
FlushFileBuffers
FindNextFileW
FindFirstFileExW
SetFilePointerEx

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

user32

PostMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleFileNameW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapSize
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

IsValidCodePage
GetACP
GetCPInfo

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetCommandLineW
GetCommandLineA

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW
GetConsoleCP

api-ms-win-core-handle-l1-1-0

CloseHandle

kernel32

CreateFileW
UnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
LCMapStringW
LoadLibraryExW
GetModuleHandleExW
GetOEMCP

Exports

Exports

LaunchImageViewer
ShareThisList

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/TCshareWin10x64.dll
.dll windows:6 windows x64 arch:x64

2b4ae0b6a89d6ca69fde8c78cb74b5d1

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:d9:b4:e7:4c:7f:5f:41:d5:d9:60:fd:a6:f9:22:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/10/2022, 00:00

Not After

12/10/2025, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:38:d0:ab:00:92:67:5d:36:7b:53:0e:81:2c:88:f2:c1:d7:1d:ef:35:9e:3b:3b:fc:72:08:45:4c:33:25:99
Signer

Actual PE Digest

ec:38:d0:ab:00:92:67:5d:36:7b:53:0e:81:2c:88:f2:c1:d7:1d:ef:35:9e:3b:3b:fc:72:08:45:4c:33:25:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\vcc64\TCshareWin10\x64\Release\TCshareWin10.pdb

Imports

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsCompareStringOrdinal
WindowsDuplicateString
WindowsDeleteString

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-file-l1-1-0

WriteFile
FindClose
SetFilePointerEx
GetFileType
FindNextFileW
GetFileAttributesW
FindFirstFileExW
FlushFileBuffers

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

user32

PostMessageW

api-ms-win-core-rtlsupport-l1-1-0

RtlPcToFileHeader
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx

api-ms-win-core-processthreads-l1-1-0

ExitProcess
TlsFree
GetCurrentProcess
TlsSetValue
TlsAlloc
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
TlsGetValue

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead

api-ms-win-core-util-l1-1-0

EncodePointer

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetProcAddress
FreeLibrary

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

GetCPInfo
IsValidCodePage
GetACP

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsW
GetCommandLineW
GetCommandLineA
SetStdHandle
GetEnvironmentStringsW
GetStdHandle

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW
GetConsoleCP

api-ms-win-core-handle-l1-1-0

CloseHandle

kernel32

LoadLibraryExW
GetModuleHandleW
CreateFileW
GetStartupInfoW
RtlCaptureContext
UnhandledExceptionFilter
LCMapStringW
GetOEMCP
GetModuleHandleExW

Exports

Exports

LaunchImageViewer
ShareThisList

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/TOTALCMD.CHM
.chm
App/TotalCommander/TOTALCMD.EXE
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 196KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
App/TotalCommander/TOTALCMD.EXE.MANIFEST
.xml
App/TotalCommander/TOTALCMD.INC
App/TotalCommander/TOTALCMD64.EXE
.exe windows:4 windows x64 arch:x64

3e1f5267e7b0e14426e4958aa46de5b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AccessCheck
AddAccessAllowedAce
AdjustTokenPrivileges
AllocateAndInitializeSid
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
EqualSid
FreeSid
GetAce
GetFileSecurityW
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetTokenInformation
GetUserNameA
GetUserNameW
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
IsValidSid
LookupAccountSidA
LookupPrivilegeValueA
MapGenericMask
OpenProcessToken
OpenSCManagerA
OpenServiceA
OpenThreadToken
QueryServiceConfigA
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegEnumKeyA
RegEnumKeyW
RegEnumValueA
RegEnumValueW
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueA
RegQueryValueExA
RegQueryValueExW
RegQueryValueW
RegSetValueA
RegSetValueExA
RegSetValueW
RevertToSelf
SetFileSecurityW
SetSecurityDescriptorDacl
StartServiceA

comctl32

ImageList_Add
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_EndDrag
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Remove
ImageList_Replace
ImageList_SetImageCount
InitCommonControls

comdlg32

ChooseColorA
ChooseFontA
ChooseFontW
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
PageSetupDlgA
PrintDlgA

gdi32

AbortDoc
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateDIBitmap
CreateEllipticRgn
CreateFontA
CreateFontIndirectA
CreateFontIndirectW
CreatePalette
CreatePatternBrush
CreatePen
CreatePenIndirect
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesA
EnumFontFamiliesExA
EnumFontFamiliesExW
EnumFontsA
ExcludeClipRect
ExtCreatePen
ExtCreateRegion
ExtFloodFill
ExtSelectClipRgn
ExtTextOutA
ExtTextOutW
FillRgn
GdiFlush
GetBitmapBits
GetBkColor
GetCharABCWidthsA
GetClipBox
GetClipRgn
GetCurrentObject
GetDCOrgEx
GetDIBits
GetDeviceCaps
GetMapMode
GetObjectA
GetObjectType
GetObjectW
GetPixel
GetROP2
GetRandomRgn
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetTextExtentExPointA
GetTextExtentExPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointA
GetTextExtentPointW
GetTextMetricsA
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LPtoDP
LineTo
MaskBlt
MoveToEx
OffsetRgn
OffsetViewportOrgEx
PatBlt
Pie
PolyBezier
Polygon
Polyline
PtInRegion
RealizePalette
RectVisible
Rectangle
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetArcDirection
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBits
SetDIBitsToDevice
SetMapMode
SetPixel
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
StartDocA
StartPage
StretchBlt
StretchDIBits
TextOutA
TextOutW
TranslateCharsetInfo

imm32

ImmGetContext
ImmGetDefaultIMEWnd
ImmReleaseContext
ImmSetCompositionWindow

kernel32

AddVectoredExceptionHandler
CloseHandle
CompareStringA
CompareStringW
CopyFileA
CopyFileW
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexA
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
EnumSystemCodePagesW
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FindResourceExA
FlushFileBuffers
FlushInstructionCache
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeLibrary
FreeResource
GetACP
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStringsA
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileTime
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetOverlappedResult
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetPrivateProfileSectionW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProfileIntA
GetProfileStringA
GetShortPathNameA
GetShortPathNameW
GetStartupInfoA
GetStdHandle
GetSystemDefaultLCID
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetVersion
GetVersionExA
GetVolumeInformationA
GetVolumeInformationW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAddAtomA
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
IsBadReadPtr
IsBadStringPtrA
IsBadWritePtr
IsDBCSLeadByte
IsDBCSLeadByteEx
IsValidCodePage
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockResource
MapViewOfFile
MoveFileA
MoveFileW
MulDiv
MultiByteToWideChar
OpenMutexA
OpenProcess
OutputDebugStringA
PeekNamedPipe
QueryDosDeviceW
QueryPerformanceCounter
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
RemoveDirectoryW
ResetEvent
ResumeThread
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
SetNamedPipeHandleState
SetThreadLocale
SetThreadPriority
SetVolumeLabelA
SetVolumeLabelW
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TransactNamedPipe
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WritePrivateProfileStringA
WritePrivateProfileStringW
WriteProcessMemory

ole32

CLSIDFromString
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoInitialize
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateItemMoniker
CreateStreamOnHGlobal
DoDragDrop
IsEqualGUID
OleInitialize
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
StgCreateDocfile
StgOpenStorage
StringFromCLSID

oleaut32

SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
DragQueryFileW
ExtractAssociatedIconA
ExtractAssociatedIconW
ExtractIconA
ExtractIconW
FindExecutableA
FindExecutableW
SHBrowseForFolder
SHFileOperationA
SHGetDesktopFolder
SHGetFileInfo
SHGetFileInfoA
SHGetImageList
SHGetMalloc
SHGetPathFromIDList
SHGetSpecialFolderLocation
ShellExecuteA
ShellExecuteExA
ShellExecuteW
Shell_NotifyIconA

user32

ActivateKeyboardLayout
AdjustWindowRect
AdjustWindowRectEx
AppendMenuA
AppendMenuW
AttachThreadInput
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcA
CallWindowProcW
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharToOemA
CharToOemBuffA
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckDlgButton
CheckMenuItem
ChildWindowFromPointEx
ClientToScreen
CloseClipboard
CloseDesktop
CopyImage
CountClipboardFormats
CreateAcceleratorTableA
CreateCaret
CreateDialogIndirectParamA
CreateDialogParamA
CreateDialogParamW
CreateIconFromResourceEx
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DeleteMenu
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawStateA
DrawStateW
DrawTextA
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumClipboardFormats
EnumDesktopWindows
EnumPropsA
EnumThreadWindows
EnumWindows
FillRect
FindWindowA
FindWindowExA
FlashWindow
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretPos
GetClassInfoA
GetClassInfoW
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetClipboardFormatNameA
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetDlgItemTextA
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetKeyboardLayout
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuBarInfo
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuItemInfoW
GetMenuItemRect
GetMenuState
GetMenuStringA
GetMenuStringW
GetMessageA
GetMessagePos
GetNextDlgTabItem
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTabbedTextExtentA
GetTabbedTextExtentW
GetThreadDesktop
GetTopWindow
GetUserObjectSecurity
GetWindow
GetWindowDC
GetWindowLongA
GetWindowLongPtrA
GetWindowLongPtrW
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InflateRect
InsertMenuA
InsertMenuItemA
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
InvalidateRgn
IsCharAlphaA
IsCharAlphaNumericA
IsCharAlphaNumericW
IsChild
IsClipboardFormatAvailable
IsDialogMessageA
IsDlgButtonChecked
IsIconic
IsMenu
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
LoadImageW
LoadKeyboardLayoutA
LoadStringA
LoadStringW
LookupIconIdFromDirectoryEx
MapVirtualKeyA
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
ModifyMenuA
ModifyMenuW
MoveWindow
MsgWaitForMultipleObjects
OemToCharA
OemToCharBuffA
OffsetRect
OpenClipboard
OpenDesktopA
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
ScrollWindowEx
SendDlgItemMessageA
SendMessageA
SendMessageTimeoutA
SendMessageW
SetActiveWindow
SetCapture
SetCaretPos
SetClassLongA
SetClassLongPtrA
SetClipboardData
SetCursor
SetCursorPos
SetDlgItemTextA
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetMenu
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
SetMenuItemInfoW
SetParent
SetPropA
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetSysColors
SetTimer
SetWindowLongA
SetWindowLongPtrA
SetWindowLongPtrW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowTextW
SetWindowsHookExA
ShowCaret
ShowCursor
ShowScrollBar
ShowWindow
SystemParametersInfoA
SystemParametersInfoW
TabbedTextOutA
TabbedTextOutW
ToAscii
ToAsciiEx
ToUnicode
TrackPopupMenu
TrackPopupMenuEx
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UnregisterClassW
UpdateWindow
ValidateRect
WinHelpA
WindowFromDC
WindowFromPoint
keybd_event
mouse_event
wvsprintfA

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 289KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_MEM_DISCARDABLE

.idata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 557KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_MEM_DISCARDABLE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_MEM_DISCARDABLE
App/TotalCommander/TOTALCMD64.EXE.MANIFEST
.xml
App/TotalCommander/TcUsbRun.exe
.exe windows:4 windows x86 arch:x86

25862f4a1c449203791e80620f5cdd91

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:6c:61:75:7a:92:3f:50:c8:2e:b6:aa:18:d2:1f:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/09/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f2:6d:2b:4d:e7:eb:bb:26:05:fd:83:cc:b1:f4:ad
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/05/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:35:3c:fa:39:b2:25:45:cd:70:ac:91:71:81:89:00:2a:74:48:e0:1d:10:5c:8e:0e:2d:c7:2a:50:d0:36:40
Signer

Actual PE Digest

06:35:3c:fa:39:b2:25:45:cd:70:ac:91:71:81:89:00:2a:74:48:e0:1d:10:5c:8e:0e:2d:c7:2a:50:d0:36:40

Digest Algorithm

sha256

PE Digest Matches

true

ee:04:4b:a5:4f:22:22:e8:c3:89:f5:3e:c2:05:58:5c:06:25:75:5e
Signer

Actual PE Digest

ee:04:4b:a5:4f:22:22:e8:c3:89:f5:3e:c2:05:58:5c:06:25:75:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CreateThread
CreateEventA
GetModuleFileNameA
GetVersionExA
GetLastError
Sleep
lstrcmpiA
GetCurrentThreadId
GetSystemInfo
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
CloseHandle
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
LoadLibraryA
lstrcpyA
lstrcatA
LeaveCriticalSection
EnterCriticalSection
GetStringTypeA
RtlUnwind
LCMapStringW
LCMapStringA
InterlockedDecrement
SetEvent
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
ExitProcess
GetStartupInfoA
GetModuleFileNameW
GetFileAttributesW
GetModuleHandleA
GetProcAddress
WideCharToMultiByte
GetCurrentProcess
GetStringTypeW

user32

CharNextA
PostThreadMessageA
DispatchMessageA
MessageBoxA
GetMessageA

advapi32

RegQueryInfoKeyA
OpenProcessToken
GetTokenInformation
RegDeleteKeyA
RegOpenKeyA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegEnumValueA
RegEnumKeyExA

shell32

ShellExecuteExW
ShellExecuteW

ole32

CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString
RegisterTypeLi
LoadRegTypeLi
SysStringLen
LoadTypeLi

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
App/TotalCommander/UNACEV2.DLL
.dll windows:1 windows x86 arch:x86

8390514c40641509cd0941c1fb7588ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteA
ShellExecuteExA

kernel32

AllocConsole
CloseHandle
CreateDirectoryA
CreateFileA
CreateProcessA
DeleteFileA
DeviceIoControl
DisableThreadLibraryCalls
DosDateTimeToFileTime
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
FreeConsole
GetCommandLineA
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentProcess
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetSystemTime
GetTempPathA
GetTimeZoneInformation
GetVersion
GetVolumeInformationA
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
PeekConsoleInputA
ReadConsoleInputA
ReadConsoleOutputAttribute
ReadConsoleOutputA
ReadFile
RemoveDirectoryA
ScrollConsoleScreenBufferA
SearchPathA
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleScreenBufferSize
SetConsoleWindowInfo
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetStdHandle
Sleep
SystemTimeToFileTime
TerminateProcess
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteConsoleOutputA
WriteConsoleOutputCharacterA
WriteFile

advapi32

RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

gdi32

CreateFontA
DeleteObject

user32

CharToOemBuffA
CreateDialogParamA
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
GetDlgItem
GetDlgItemTextA
GetKeyState
GetWindowTextA
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
MessageBeep
MessageBoxA
OemToCharBuffA
PeekMessageA
SendDlgItemMessageA
SetCursor
SetDlgItemTextA
SetFocus
SetTimer
SetWindowTextA
ShowCursor
ShowWindow
TranslateMessage

Exports

Exports

ACEExtract
ACEInitDll
ACEList
ACEReadArchiveData
ACETest
___DllMainCRTStartup@12

Sections

AUTO
Size: 59KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 210KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
App/TotalCommander/UNRAR.DLL
.dll windows:5 windows x86 arch:x86

d511765aa6e3e44bcc6cc6eee3d41953

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

40:b1:d1:b8:d2:7b:19:6a:d0:e2:0c:13:72:40:aa:0f:b8:2e:6e:a2:73:ce:7b:0b:a5:b6:c2:e8:46:f1:c7:c1
Signer

Actual PE Digest

40:b1:d1:b8:d2:7b:19:6a:d0:e2:0c:13:72:40:aa:0f:b8:2e:6e:a2:73:ce:7b:0b:a5:b6:c2:e8:46:f1:c7:c1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\z\Desktop\unrarsrc-6.2.12\unrar\build\unrardll32\Release\UnRAR.pdb

Imports

kernel32

CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
InterlockedDecrement
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
FreeLibrary
GetProcAddress
SetThreadPriority
SetThreadExecutionState
CreateEventW
RemoveDirectoryW
GetSystemDirectoryW
GetProcessAffinityMask
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
DecodePointer
WriteConsoleW
SetFilePointerEx
HeapSize
GetConsoleCP
GetProcessHeap
CreateDirectoryW
CloseHandle
SetFileTime
GetFileType
DeviceIoControl
GetCurrentProcess
Sleep
SetLastError
GetLastError
AreFileApisANSI
GetConsoleMode
GetStdHandle
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
RtlUnwind
RaiseException
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
GetACP
GetStringTypeW
LCMapStringW

user32

CharUpperW
CharToOemA
OemToCharBuffA
OemToCharA
CharLowerW
CharToOemBuffW

advapi32

OpenProcessToken
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueW
SetFileSecurityW
AdjustTokenPrivileges

ole32

CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/UNRAR64.DLL
.dll windows:5 windows x64 arch:x64

4af5c71732729c4648fe86c6854d12d6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:1e:36:53:58:3d:c9:6d:fd:68:01:9c:ba:0f:a7:17:85:2c:74:95:b7:fb:2a:45:df:19:21:f1:95:ec:1e:55
Signer

Actual PE Digest

32:1e:36:53:58:3d:c9:6d:fd:68:01:9c:ba:0f:a7:17:85:2c:74:95:b7:fb:2a:45:df:19:21:f1:95:ec:1e:55

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\z\Desktop\unrarsrc-6.2.12\unrar\build\unrardll64\Release\UnRAR.pdb

Imports

kernel32

CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
FreeLibrary
GetProcAddress
SetThreadPriority
SetThreadExecutionState
CreateEventW
RemoveDirectoryW
GetSystemDirectoryW
GetProcessAffinityMask
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
WriteConsoleW
SetFilePointerEx
HeapSize
GetConsoleCP
GetProcessHeap
CreateDirectoryW
CloseHandle
SetFileTime
DeviceIoControl
GetCurrentProcess
GetFileType
Sleep
SetLastError
GetLastError
AreFileApisANSI
GetConsoleMode
GetStdHandle
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
GetACP
GetStringTypeW
LCMapStringW

user32

OemToCharBuffA
CharLowerW
CharUpperW
CharToOemA
CharToOemBuffW
OemToCharA

advapi32

LookupPrivilegeValueW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
SetFileSecurityW
AdjustTokenPrivileges
OpenProcessToken

ole32

CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/UNRAR9X.DLL
.dll windows:4 windows x86 arch:x86

21a780d19fecaf05525f9be63d0d72e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\VCC\unrar\build\unrardll32\Release\unrar.pdb

Imports

kernel32

DeviceIoControl
WriteFile
SetEndOfFile
FlushFileBuffers
ReadFile
SetFilePointer
GetCurrentProcessId
FindClose
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
FoldStringW
FreeLibrary
GetProcAddress
SetThreadPriority
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
WaitForSingleObject
GetProcessAffinityMask
ReleaseSemaphore
ResetEvent
SetEvent
SystemTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
WideCharToMultiByte
SetFileTime
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
CreateEventA
CreateEventW
CreateSemaphoreA
CreateSemaphoreW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFileAttributesA
GetFileAttributesW
LoadLibraryA
LoadLibraryW
GetSystemDirectoryA
GetSystemDirectoryW
SetFileAttributesA
SetFileAttributesW
GetFullPathNameA
GetFullPathNameW
GetShortPathNameA
GetShortPathNameW
MoveFileA
MoveFileW
GetModuleHandleA
SetErrorMode
IsDBCSLeadByte
GetCPInfo
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCurrentProcess
CloseHandle
Sleep
SetLastError
GetLastError
AreFileApisANSI
GetStdHandle
GetFileType
MultiByteToWideChar
GetConsoleMode
GetStringTypeW
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCommandLineA
GetProcessHeap
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleFileNameA
GetACP
GetOEMCP
SetHandleCount
GetStartupInfoA
SetStdHandle
HeapSize
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetConsoleCP
GetLocaleInfoA
GetStringTypeA

user32

CharToOemBuffA
CharToOemA
OemToCharBuffA
OemToCharA

advapi32

SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc

Sections

.text
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/VERTICAL.BAR
App/TotalCommander/WC32TO16.EXE
App/TotalCommander/WCMICON2.DLL
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
App/TotalCommander/WCMICONS.DLL
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 623KB - Virtual size: 623KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
App/TotalCommander/WCMICONS.INC
App/TotalCommander/WCMZIP32.DLL
.dll windows:4 windows x86 arch:x86

c104b9b02895fc8c000e5eeac50ee031

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:d9:b4:e7:4c:7f:5f:41:d5:d9:60:fd:a6:f9:22:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/10/2022, 00:00

Not After

12/10/2025, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:82:28:99:53:50:3b:d7:d1:66:f6:eb:a0:1e:7b:62:c7:64:78:6b:b6:02:2b:ed:eb:d4:9a:83:a3:20:d6:55
Signer

Actual PE Digest

53:82:28:99:53:50:3b:d7:d1:66:f6:eb:a0:1e:7b:62:c7:64:78:6b:b6:02:2b:ed:eb:d4:9a:83:a3:20:d6:55

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
CreateMutexA
ReleaseMutex
WaitForSingleObject
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
GetLastError
CloseHandle
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
RtlUnwind
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
CreateFileA
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
SetEndOfFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

IsDialogMessageA
TranslateMessage
DispatchMessageA
SendMessageA
PeekMessageA

Exports

Exports

_DecryptAESMemoryCBC@16
_DecryptZipAES@12
_DeflateChunk@32
_DoneDeflate@4
_EnableSetDpi@4
_EncryptAESMemoryCBC@20
_EncryptZipAES@12
_EndZipAES@8
_GetKeys@12
_GetRandomData@8
_InitZipAES@24
_SetPassCryptAES@12
_StartDeflate@12
_UpdateOnlyCrc@12
_file_compress@24

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/WCMZIP64.DLL
.dll windows:4 windows x64 arch:x64

e37478195a7d46c1aa7bbcdea3fda680

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:d9:b4:e7:4c:7f:5f:41:d5:d9:60:fd:a6:f9:22:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/10/2022, 00:00

Not After

12/10/2025, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:85:54:76:76:65:3c:44:50:be:24:2b:27:5e:b0:e1:af:4a:8d:80:66:a8:2b:06:42:65:c6:df:61:74:4c:db
Signer

Actual PE Digest

7d:85:54:76:76:65:3c:44:50:be:24:2b:27:5e:b0:e1:af:4a:8d:80:66:a8:2b:06:42:65:c6:df:61:74:4c:db

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

__C_specific_handler
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetStringTypeW
GetStringTypeA
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CloseHandle
EnterCriticalSection
LeaveCriticalSection
HeapSetInformation
HeapCreate
HeapDestroy
RtlUnwindEx
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
MultiByteToWideChar
ReadFile
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
Sleep
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
CreateFileA
InitializeCriticalSection
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
SetEndOfFile
LCMapStringA
LCMapStringW
HeapSize
GetLocaleInfoA

user32

SetScrollInfo
SetScrollPos
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SendMessageA

Exports

Exports

DecryptAESMemoryCBC
DecryptZipAES
DeflateChunk
DoneDeflate
EnableSetDpi
EncryptAESMemoryCBC
EncryptZipAES
EndZipAES
GetKeys
GetRandomData
InitZipAES
SetPassCryptAES
SetProtectedScrollInfo
SetProtectedScrollPos
StartDeflate
UpdateOnlyCrc
file_compress

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
App/TotalCommander/default.br2
App/TotalCommander/descript.ion
App/TotalCommander/vertical.br2
App/TotalCommander/wincmd.key
BLAKEX32.DLL
.dll windows:5 windows x86 arch:x86

ed02872256a88488a369fae099cd8499

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW

Exports

Exports

Blake3Finalize
Blake3Init
Blake3Update

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BLAKEX64.DLL
.dll windows:6 windows x64 arch:x64

b3f852f717f5b6ea49ab39865ea5f006

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\vcc64\blake3test\x64\Release\blake3lib.pdb

Imports

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW

Exports

Exports

Blake3Finalize
Blake3Init
Blake3Update

Sections

.text
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CABRK.DLL
.dll windows:1 windows x86 arch:x86

24443a39fe269254c2d4374dee7b22b6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

user32

GetActiveWindow
MessageBoxA
wsprintfA

kernel32

CloseHandle
CreateEventA
CreateFileA
CreateMutexA
CreateThread
ExitProcess
ExitThread
GetCommandLineA
GetCurrentThreadId
GetCurrentThread
GetEnvironmentStrings
GetFileType
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetStdHandle
GetVersion
LoadLibraryA
ReleaseMutex
SetConsoleCtrlHandler
SetEvent
SetStdHandle
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteFile

Exports

Exports

_zFCIFDIGetErrno
_zFCIFDISetErrno
_zFDICopy
_zFDICreate
_zFDIDestroy
_zFDIIsCabinet

Sections

BEGTEXT
Size: 35KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DGROUP
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 11KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CGLPT64.SYS
.sys windows:6 windows x64 arch:x64

0f4173f7aa6a0a88d6b52a51ad811216

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:cb:fd:b3:b2:25:d4:fd:03:c7:6c:8e:b7:8f:36:85
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/05/2010, 00:00

Not After

11/05/2011, 23:59

Subject

CN=Ghisler Software GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e3:2f:35:53:db:7c:25:92:d3:3b:98:0b:89:b2:4a:22:26:5b:84:35
Signer

Actual PE Digest

e3:2f:35:53:db:7c:25:92:d3:3b:98:0b:89:b2:4a:22:26:5b:84:35

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\winddk\cglptnt64\objfre_wlh_AMD64\amd64\CGLptNt.pdb

Imports

ntoskrnl.exe

IoWriteErrorLogEntry
swprintf
IoAllocateErrorLogEntry
DbgPrint
ExAllocatePoolWithTag
IoGetConfigurationInformation
IoBuildDeviceIoControlRequest
IoDeleteSymbolicLink
ExFreePoolWithTag
IoRegisterPlugPlayNotification
KeInitializeMutex
RtlInitUnicodeString
RtlIntegerToUnicodeString
IoDeleteDevice
KeInitializeEvent
KeReleaseMutex
IoGetDeviceObjectPointer
IoCreateUnprotectedSymbolicLink
IoUnregisterPlugPlayNotification
RtlAppendUnicodeStringToString
KeWaitForSingleObject
IoGetDeviceInterfaces
ObfDereferenceObject
IoCreateDevice
IofCallDriver
IofCompleteRequest
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
KeReadStateEvent
IoCancelIrp
KeDelayExecutionThread
KeQueryTimeIncrement
KeBugCheckEx

Sections

.text
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 796B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 408B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CGLPT9X.VXD
CGLPTNT.SYS
.sys windows:5 windows x86 arch:x86

a1aafec5128ab759a4e2c7c3e94b392b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:cb:fd:b3:b2:25:d4:fd:03:c7:6c:8e:b7:8f:36:85
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

11/05/2010, 00:00

Not After

11/05/2011, 23:59

Subject

CN=Ghisler Software GmbH,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

55:f0:36:0a:b0:38:7d:85:9d:2e:a1:7c:e6:f5:37:3b:f8:ec:48:d3
Signer

Actual PE Digest

55:f0:36:0a:b0:38:7d:85:9d:2e:a1:7c:e6:f5:37:3b:f8:ec:48:d3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

IoDeleteDevice
ObfDereferenceObject
IoCreateDevice
ExFreePool
IoGetDeviceObjectPointer
RtlAppendUnicodeStringToString
ExAllocatePoolWithTag
RtlIntegerToUnicodeString
RtlInitUnicodeString
KeWaitForSingleObject
IofCallDriver
IoCreateUnprotectedSymbolicLink
KeInitializeEvent
IofCompleteRequest
IoReleaseCancelSpinLock
IoAcquireCancelSpinLock
IoDeleteSymbolicLink
IoCancelIrp
KeReadStateEvent
KeDelayExecutionThread
KeTickCount
KeQueryTimeIncrement
_allmul
wcslen
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
IoBuildDeviceIoControlRequest
IoGetConfigurationInformation

hal

READ_PORT_UCHAR
KfRaiseIrql
KfLowerIrql
WRITE_PORT_UCHAR

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 192B - Virtual size: 184B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 288B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DEFAULT.BAR
FILTER32/AutoPitch.dll
.dll regsvr32 windows:4 windows x86 arch:x86

63c02b87c78810731911e5d28eeafafb

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DELPHI\EXEDPR\filter32\AutoPitch.pdb

Imports

winmm

timeSetEvent
timeGetTime

soundtouchdll

soundtouch_setSampleRate
soundtouch_destroyInstance
soundtouch_putSamples
soundtouch_receiveSamples
soundtouch_receiveSamples_i16
soundtouch_numSamples
soundtouch_putSamples_i16
soundtouch_setPitch
soundtouch_setChannels
soundtouch_createInstance

kernel32

GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
SetFilePointer
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
FreeLibrary
InterlockedDecrement
LoadLibraryW
lstrcmpW
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
CreateEventW
ResetEvent
DuplicateHandle
GetCurrentProcess
GetCurrentThreadId
SetEvent
WaitForMultipleObjects
WaitForSingleObject
CreateSemaphoreW
GetStringTypeW
GetSystemInfo
VirtualAlloc
VirtualFree
lstrlenW
MultiByteToWideChar
lstrlenA
GetLastError
GetModuleFileNameA
GetVersionExW
DisableThreadLibraryCalls
InterlockedExchange
CreateThread
GetProcAddress
GetModuleHandleW
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetTickCount
GetLocaleInfoA
LoadLibraryA
HeapSize
HeapReAlloc
SetStdHandle
ReleaseSemaphore
FlushFileBuffers
CreateFileA
IsValidCodePage
WriteConsoleW
GetConsoleOutputCP
GetOEMCP
GetACP
GetCPInfo
RtlUnwind
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
RaiseException
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapDestroy
HeapCreate
WriteFile
WriteConsoleA

user32

GetQueueStatus
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
RegisterWindowMessageW
DispatchMessageW

advapi32

RegSetValueW
RegSetValueExW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW
RegCreateKeyW

ole32

StringFromGUID2
CoTaskMemAlloc
CoInitialize
CoFreeUnusedLibraries
CoUninitialize
CoCreateInstance
CoTaskMemFree

oleaut32

SysFreeString
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 124KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FILTER32/SoundTouchDLL.dll
.dll windows:6 windows x86 arch:x86

4d18aea240985d4251a8d0d909109f73

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
RtlUnwind
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
CloseHandle
SetFilePointerEx
CreateFileW
WriteConsoleW
DecodePointer

Exports

Exports

bpm_createInstance
bpm_destroyInstance
bpm_getBpm
bpm_putSamples
bpm_putSamples_i16
soundtouch_clear
soundtouch_createInstance
soundtouch_destroyInstance
soundtouch_flush
soundtouch_getSetting
soundtouch_getVersionId
soundtouch_getVersionString
soundtouch_getVersionString2
soundtouch_isEmpty
soundtouch_numSamples
soundtouch_numUnprocessedSamples
soundtouch_putSamples
soundtouch_putSamples_i16
soundtouch_receiveSamples
soundtouch_receiveSamples_i16
soundtouch_setChannels
soundtouch_setPitch
soundtouch_setPitchOctaves
soundtouch_setPitchSemiTones
soundtouch_setRate
soundtouch_setRateChange
soundtouch_setSampleRate
soundtouch_setSetting
soundtouch_setTempo
soundtouch_setTempoChange

Sections

.text
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FILTER32/SoundTouchDLL_License.txt
FILTER32/vmr9rotator.dll
.dll windows:4 windows x86 arch:x86

f6d2e09dd22de09774e6c3008a71dcf5

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:fc:1d:02:0d:4f:02:63:5d:74:52:89:2e:da:3c:da
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/10/2019, 00:00

Not After

28/10/2022, 12:00

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:e9:b8:f9:af:13:d5:53:ba:9a:56:d3:90:76:43:29:a8:ef:30:59:d4:b0:1e:20:37:7e:3b:3f:1c:94:16:60
Signer

Actual PE Digest

ab:e9:b8:f9:af:13:d5:53:ba:9a:56:d3:90:76:43:29:a8:ef:30:59:d4:b0:1e:20:37:7e:3b:3f:1c:94:16:60

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\DELPHI\EXEDPR\filter32\vmr9rotator.pdb

Imports

d3d9

Direct3DCreate9

kernel32

ExitProcess
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
InterlockedDecrement
GetTickCount
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetLastError
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlUnwind
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
WriteFile
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

user32

GetClientRect
IsWindow

Exports

Exports

DllMain
LoadVrm9Rotator
RotatorResize

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FILTER64/AutoPitch.dll
.dll regsvr32 windows:4 windows x64 arch:x64

a53a98e40ab9e68cecd4c478ea814039

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\Lazarus\exedpr64.901\filter64\AutoPitch.pdb

Imports

winmm

timeSetEvent
timeGetTime

soundtouchdll_x64

soundtouch_putSamples_i16
soundtouch_setPitch
soundtouch_setSampleRate
soundtouch_destroyInstance
soundtouch_putSamples
soundtouch_receiveSamples
soundtouch_receiveSamples_i16
soundtouch_numSamples
soundtouch_createInstance
soundtouch_setChannels

kernel32

WriteConsoleA
SetStdHandle
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
LoadLibraryW
lstrcmpW
InitializeCriticalSection
DeleteCriticalSection
CloseHandle
CreateEventW
ResetEvent
DuplicateHandle
GetCurrentProcess
GetCurrentThreadId
SetEvent
WaitForMultipleObjects
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
GetConsoleOutputCP
VirtualAlloc
VirtualFree
lstrlenW
MultiByteToWideChar
lstrlenA
GetLastError
GetModuleFileNameA
GetVersionExW
DisableThreadLibraryCalls
CreateThread
GetProcAddress
GetModuleHandleW
SetThreadPriority
GetThreadPriority
GetCurrentThread
GetTickCount
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetConsoleMode
GetConsoleCP
WriteConsoleW
CreateFileA
FlushFileBuffers
GetSystemInfo
SetFilePointer
GetLocaleInfoA
HeapReAlloc
LoadLibraryA
HeapSize
GetOEMCP
GetACP
GetCPInfo
RtlLookupFunctionEntry
RtlUnwindEx
FlsSetValue
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
RaiseException
RtlPcToFileHeader
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
ExitProcess
Sleep
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
WriteFile
IsValidCodePage

user32

PostThreadMessageW
MsgWaitForMultipleObjects
GetQueueStatus
DispatchMessageW
RegisterWindowMessageW
PeekMessageW

advapi32

RegSetValueExW
RegCreateKeyW
RegSetValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegDeleteKeyW

ole32

CoUninitialize
CoFreeUnusedLibraries
CoInitialize
CoTaskMemAlloc
CoTaskMemFree
StringFromGUID2
CoCreateInstance

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllMain
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FILTER64/SoundTouchDLL_License.txt
FILTER64/SoundTouchDLL_x64.dll
.dll windows:6 windows x64 arch:x64

1bec5be4f1adcb506b409eeec796cb10

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlPcToFileHeader
RaiseException
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
HeapFree
LCMapStringW
GetStdHandle
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
GetStringTypeW
HeapSize
HeapReAlloc
CloseHandle
SetFilePointerEx
CreateFileW
WriteConsoleW

Exports

Exports

bpm_createInstance
bpm_destroyInstance
bpm_getBpm
bpm_putSamples
bpm_putSamples_i16
soundtouch_clear
soundtouch_createInstance
soundtouch_destroyInstance
soundtouch_flush
soundtouch_getSetting
soundtouch_getVersionId
soundtouch_getVersionString
soundtouch_getVersionString2
soundtouch_isEmpty
soundtouch_numSamples
soundtouch_numUnprocessedSamples
soundtouch_putSamples
soundtouch_putSamples_i16
soundtouch_receiveSamples
soundtouch_receiveSamples_i16
soundtouch_setChannels
soundtouch_setPitch
soundtouch_setPitchOctaves
soundtouch_setPitchSemiTones
soundtouch_setRate
soundtouch_setRateChange
soundtouch_setSampleRate
soundtouch_setSetting
soundtouch_setTempo
soundtouch_setTempoChange

Sections

.text
Size: 97KB - Virtual size: 97KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FILTER64/vmr9rotator.dll
.dll windows:4 windows x64 arch:x64

0c7fb04403fb18532c0f865e9e71acf6

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:fc:1d:02:0d:4f:02:63:5d:74:52:89:2e:da:3c:da
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/10/2019, 00:00

Not After

28/10/2022, 12:00

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

25:5b:54:63:87:63:a3:ae:21:7f:70:d8:b1:58:4b:22:f7:3b:8a:2d:ee:e7:6f:23:de:c1:70:37:d2:67:7b:40
Signer

Actual PE Digest

25:5b:54:63:87:63:a3:ae:21:7f:70:d8:b1:58:4b:22:f7:3b:8a:2d:ee:e7:6f:23:de:c1:70:37:d2:67:7b:40

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\Lazarus\exedpr64.901\filter64\vmr9rotator.pdb

Imports

d3d9

Direct3DCreate9

kernel32

HeapDestroy
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetTickCount
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
GetLastError
HeapFree
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
HeapAlloc
GetProcessHeap
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
RtlVirtualUnwind
GetProcAddress
GetModuleHandleA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
HeapSetInformation
HeapCreate
ExitProcess
Sleep
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
HeapSize
WriteFile
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
HeapReAlloc
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

user32

GetClientRect
IsWindow

Exports

Exports

DllMain
LoadVrm9Rotator
RotatorResize

Sections

.text
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FRERES32.DLL
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Exports

Exports

GetFreeSystemResources32

Sections

CODE
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HISTORY.TXT
LANGUAGE/WCMD_CHN.INC
LANGUAGE/WCMD_CHN.LNG
LANGUAGE/WCMD_CHN.MNU
LANGUAGE/WCMD_CZ.INC
LANGUAGE/WCMD_CZ.LNG
LANGUAGE/WCMD_CZ.MNU
LANGUAGE/WCMD_DAN.INC
LANGUAGE/WCMD_DAN.LNG
LANGUAGE/WCMD_DAN.MNU
LANGUAGE/WCMD_DEU.INC
LANGUAGE/WCMD_DEU.LNG
LANGUAGE/WCMD_DEU.MNU
LANGUAGE/WCMD_DUT.INC
LANGUAGE/WCMD_DUT.LNG
LANGUAGE/WCMD_DUT.MNU
LANGUAGE/WCMD_ENG.MNU
LANGUAGE/WCMD_ESP.INC
LANGUAGE/WCMD_ESP.LNG
LANGUAGE/WCMD_ESP.MNU
LANGUAGE/WCMD_FRA.INC
LANGUAGE/WCMD_FRA.LNG
LANGUAGE/WCMD_FRA.MNU
LANGUAGE/WCMD_HUN.INC
LANGUAGE/WCMD_HUN.LNG
LANGUAGE/WCMD_HUN.MNU
LANGUAGE/WCMD_ITA.INC
LANGUAGE/WCMD_ITA.LNG
LANGUAGE/WCMD_ITA.MNU
LANGUAGE/WCMD_KOR.INC
LANGUAGE/WCMD_KOR.LNG
LANGUAGE/WCMD_KOR.MNU
LANGUAGE/WCMD_NOR.LNG
LANGUAGE/WCMD_NOR.MNU
LANGUAGE/WCMD_POL.INC
LANGUAGE/WCMD_POL.LNG
LANGUAGE/WCMD_POL.MNU
LANGUAGE/WCMD_ROM.INC
LANGUAGE/WCMD_ROM.LNG
LANGUAGE/WCMD_ROM.MNU
LANGUAGE/WCMD_RUS.INC
LANGUAGE/WCMD_RUS.LNG
LANGUAGE/WCMD_RUS.MNU
LANGUAGE/WCMD_SK.LNG
LANGUAGE/WCMD_SK.MNU
LANGUAGE/WCMD_SVN.INC
LANGUAGE/WCMD_SVN.LNG
LANGUAGE/WCMD_SVN.MNU
LANGUAGE/WCMD_SWE.INC
LANGUAGE/WCMD_SWE.LNG
LANGUAGE/WCMD_SWE.MNU
LANGUAGE/WCMD_UKR.INC
LANGUAGE/WCMD_UKR.LNG
LANGUAGE/WCMD_UKR.MNU
LIBDEFLATE.DLL
.dll windows:6 windows x86 arch:x86

e4f8d9e08c26350d5a520223f8c47588

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
LCMapStringW
GetProcessHeap
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
DecodePointer

Exports

Exports

libdeflate_adler32
libdeflate_alloc_compressor
libdeflate_alloc_decompressor
libdeflate_alloc_decompressor2
libdeflate_crc32
libdeflate_deflate_compress
libdeflate_deflate_compress_bound
libdeflate_deflate_compress_with_callback
libdeflate_deflate_decompress
libdeflate_deflate_decompress_ex
libdeflate_deflate_decompress_with_callback
libdeflate_free_compressor
libdeflate_free_decompressor
libdeflate_gzip_compress
libdeflate_gzip_compress_bound
libdeflate_gzip_decompress
libdeflate_gzip_decompress_ex
libdeflate_set_memory_allocator
libdeflate_zlib_compress
libdeflate_zlib_compress_bound
libdeflate_zlib_decompress
libdeflate_zlib_decompress_ex

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LIBDEFLATE64.DLL
.dll windows:6 windows x64 arch:x64

b3f852f717f5b6ea49ab39865ea5f006

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW

Exports

Exports

libdeflate_alloc_compressor
libdeflate_alloc_decompressor
libdeflate_alloc_decompressor2
libdeflate_crc32
libdeflate_deflate_compress
libdeflate_deflate_compress_bound
libdeflate_deflate_compress_with_callback
libdeflate_deflate_decompress
libdeflate_deflate_decompress_ex
libdeflate_deflate_decompress_with_callback
libdeflate_free_compressor
libdeflate_free_decompressor
libdeflate_gzip_compress
libdeflate_gzip_compress_bound
libdeflate_gzip_decompress
libdeflate_gzip_decompress_ex
libdeflate_set_memory_allocator

Sections

.text
Size: 92KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NO.BAR
NOCLOSE.EXE
.exe windows:4 windows x86 arch:x86

b34c97cd545f501381f9f8f4156ee837

Code Sign

01:72:ea:14:b7:01:21:b0:69:1c:3a:59:39:e9:12:c1
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/10/2019, 00:00

Not After

28/10/2022, 12:00

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:fc:1d:02:0d:4f:02:63:5d:74:52:89:2e:da:3c:da
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/10/2019, 00:00

Not After

28/10/2022, 12:00

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:91:f8:b8:65:6e:08:72:ad:7a:5d:70:41:69:08:0a:c8:31:4a:07:be:e9:d1:73:f8:64:a7:53:16:6c:38:e3
Signer

Actual PE Digest

5b:91:f8:b8:65:6e:08:72:ad:7a:5d:70:41:69:08:0a:c8:31:4a:07:be:e9:d1:73:f8:64:a7:53:16:6c:38:e3

Digest Algorithm

sha256

PE Digest Matches

true

23:b9:83:2d:b1:1b:25:91:6a:b6:c8:1d:a8:bc:bd:56:36:b9:ef:66
Signer

Actual PE Digest

23:b9:83:2d:b1:1b:25:91:6a:b6:c8:1d:a8:bc:bd:56:36:b9:ef:66

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CloseHandle
CreateProcessA
CreateProcessW
GetCommandLineW
GetVersionExA
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
WriteFile
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
GetProcAddress
LoadLibraryA
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

Sections

.text
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
NOCLOSE64.EXE
.exe windows:4 windows x64 arch:x64

7f7a7d0212ece75ce22c3d0a75be1cbf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:6c:61:75:7a:92:3f:50:c8:2e:b6:aa:18:d2:1f:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/09/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f2:6d:2b:4d:e7:eb:bb:26:05:fd:83:cc:b1:f4:ad
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/05/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

8f:41:03:68:51:9e:c5:55:fb:c6:ea:cc:ef:a9:a8:97:46:b9:a7:c1:2e:0f:76:77:11:5b:23:89:7a:3d:da:bf
Signer

Actual PE Digest

8f:41:03:68:51:9e:c5:55:fb:c6:ea:cc:ef:a9:a8:97:46:b9:a7:c1:2e:0f:76:77:11:5b:23:89:7a:3d:da:bf

Digest Algorithm

sha256

PE Digest Matches

true

5a:39:27:84:fe:22:9f:4a:8a:32:b2:ef:e7:46:41:09:4d:f6:f4:b3
Signer

Actual PE Digest

5a:39:27:84:fe:22:9f:4a:8a:32:b2:ef:e7:46:41:09:4d:f6:f4:b3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

CloseHandle
WaitForSingleObject
CreateProcessA
CreateProcessW
GetCommandLineW
GetVersionExA
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetLastError
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
Sleep
HeapSize
MultiByteToWideChar
GetLocaleInfoA
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
HeapReAlloc

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SFXHEAD.SFX
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 15KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 12B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SHARE_NT.EXE
TC7Z.DLL
.dll windows:4 windows x86 arch:x86

c9250ea0ac21fea97f7f1d0f9ab3ab31

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
GetLastError
GetVersionExA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
VirtualAlloc
VirtualFree
GetVersion
IsProcessorFeaturePresent
InterlockedIncrement
CloseHandle
WaitForSingleObject
SetEvent
ResetEvent
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
GetProcessAffinityMask
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatus
GetProcAddress
GetModuleHandleA
GetStringTypeW
GetStringTypeA
RaiseException
RtlUnwind
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
TerminateProcess
CreateThread
GetCurrentThreadId
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
SetLastError
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
HeapSize
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
InterlockedDecrement
LCMapStringA
LCMapStringW

oleaut32

SysAllocStringLen
VariantClear
SysFreeString
SysAllocStringByteLen
SysStringLen

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetModuleProp
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 172KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TC7Z64.DLL
.dll windows:4 windows x64 arch:x64

a27ce0214cd0b4a2fb345b0b1acae645

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\vcc64\7zip\CPP\7zip\Bundles\Format7zExtract\x64\Release\Format7zExtract.pdb

Imports

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetLastError
GetCurrentProcess
GlobalMemoryStatusEx
GetSystemInfo
GetProcessAffinityMask
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WriteFile
CloseHandle
VirtualFree
VirtualAlloc
IsProcessorFeaturePresent
GetProcAddress
GetModuleHandleA
WaitForSingleObject
SetEvent
InitializeCriticalSection
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
ResetEvent
RaiseException
LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
HeapFree
HeapAlloc
HeapReAlloc
ExitProcess
ExitThread
GetCurrentThreadId
CreateThread
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
HeapCreate
HeapDestroy
GetStdHandle
GetModuleFileNameA
RtlUnwindEx
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
Sleep
HeapSize
LoadLibraryA
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
GetLocaleInfoA
RtlPcToFileHeader

oleaut32

SysFreeString
SysAllocStringByteLen
SysAllocStringLen
VariantClear
SysStringLen

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetModuleProp
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 235KB - Virtual size: 234KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 67KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TC7ZIPIF.DLL
.dll windows:4 windows x86 arch:x86

6242c71257a79d40e3422e635c45c590

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:d9:b4:e7:4c:7f:5f:41:d5:d9:60:fd:a6:f9:22:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/10/2022, 00:00

Not After

12/10/2025, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:4f:09:4d:af:03:41:b4:6b:67:59:0b:1d:85:5d:f9:c8:f0:ef:f4:df:30:52:86:9e:26:12:c0:48:43:35:8d
Signer

Actual PE Digest

23:4f:09:4d:af:03:41:b4:6b:67:59:0b:1d:85:5d:f9:c8:f0:ef:f4:df:30:52:86:9e:26:12:c0:48:43:35:8d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FreeLibrary
LoadLibraryA
AreFileApisANSI
GetModuleFileNameA
CloseHandle
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
SetFileAttributesW
CreateDirectoryA
CreateDirectoryW
GetLastError
DeleteFileA
DeleteFileW
FindClose
FindFirstFileA
FindFirstFileW
CreateFileA
GetFileSize
SetFilePointer
ReadFile
WriteFile
SetEndOfFile
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
GetProcAddress
GetVersionExA
LCMapStringW
LCMapStringA
RtlUnwind
RaiseException
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
TlsGetValue
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
SetUnhandledExceptionFilter
GetModuleHandleA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TerminateProcess
GetCurrentProcess
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
InterlockedDecrement
InterlockedIncrement
GetStringTypeA
GetStringTypeW

oleaut32

VariantClear
SysAllocString

Exports

Exports

close7zArchive
extract7zFiles
getFileDetails
load7zLibrary
open7zArchive

Sections

.text
Size: 36KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCLZMA64.DLL
.dll windows:4 windows x64 arch:x64

24f11c986561e10fc9ca31b65fd8102c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
VirtualFree
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetLastError
CloseHandle
WaitForSingleObject
ResumeThread
SetThreadAffinityMask
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
__C_specific_handler
InitializeCriticalSection
HeapAlloc
HeapFree
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
ExitThread
GetCurrentThreadId
CreateThread
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
WriteFile
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
LoadLibraryA
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

BrotliDecoderCreateInstance
BrotliDecoderDecompressStream
BrotliDecoderDestroyInstance
LzmaCompress
LzmaDec_Allocate
LzmaDec_Constr
LzmaDec_DecodeToBuf
LzmaDec_Free
LzmaDec_Init
LzmaEncProps_Init
LzmaEnc_Create
LzmaEnc_Destroy
LzmaEnc_Encode
LzmaEnc_SetProps
LzmaEnc_WriteProperties
LzmaUncompress
XzUnpacker_Code
XzUnpacker_Create
XzUnpacker_Free

Sections

.text
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCMADM64.EXE
.exe windows:4 windows x64 arch:x64

1956e10634b8112137771b4ca004fad3

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:72:ea:14:b7:01:21:b0:69:1c:3a:59:39:e9:12:c1
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/10/2019, 00:00

Not After

28/10/2022, 12:00

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:fc:1d:02:0d:4f:02:63:5d:74:52:89:2e:da:3c:da
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/10/2019, 00:00

Not After

28/10/2022, 12:00

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:ee:1d:81:5b:b3:70:dd:6d:7c:40:52:3e:b8:1a:20:d6:f7:7c:47:32:d1:35:6f:be:cf:b7:ec:0a:60:16:82
Signer

Actual PE Digest

51:ee:1d:81:5b:b3:70:dd:6d:7c:40:52:3e:b8:1a:20:d6:f7:7c:47:32:d1:35:6f:be:cf:b7:ec:0a:60:16:82

Digest Algorithm

sha256

PE Digest Matches

true

a4:b3:9f:08:1d:75:be:a6:60:c9:89:60:3c:66:ab:bb:f2:c6:d3:54
Signer

Actual PE Digest

a4:b3:9f:08:1d:75:be:a6:60:c9:89:60:3c:66:ab:bb:f2:c6:d3:54

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetModuleHandleA
RemoveDirectoryW
CreateDirectoryW
DisconnectNamedPipe
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
DuplicateHandle
GetCurrentProcess
OpenProcess
CreateFileW
DeleteFileW
CopyFileExW
MoveFileWithProgressW
SetFileAttributesW
ConnectNamedPipe
GetCurrentThreadId
CreateFileA
WaitNamedPipeA
GetVersionExA
CreateThread
DeviceIoControl
CloseHandle
CreateNamedPipeA
LocalFree
GetTickCount
WriteFile
PeekNamedPipe
ReadFile
Sleep
GetProcAddress
GetLastError
LocalAlloc
GetSystemDirectoryW
LoadLibraryExW
GetWindowsDirectoryW
LoadLibraryExA
GetSystemDirectoryA
GetWindowsDirectoryA
SetVolumeLabelW
MultiByteToWideChar
GetCommandLineA
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
ExitProcess
GetStdHandle
GetModuleFileNameA
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
FlsGetValue
FlsSetValue
TlsFree
FlsFree
SetLastError
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSection
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
HeapReAlloc

user32

MessageBoxA

advapi32

SetFileSecurityW
GetSecurityDescriptorControl
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
IsValidSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetUserNameA
LookupAccountNameA
GetFileSecurityW

shell32

SHFileOperationW

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCMADMIN.EXE
.exe windows:4 windows x86 arch:x86

dbb360963e56281752abe192d9c83afe

Code Sign

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:72:ea:14:b7:01:21:b0:69:1c:3a:59:39:e9:12:c1
Certificate

Issuer

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/10/2019, 00:00

Not After

28/10/2022, 12:00

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a8:49:06:15:d7:00:a0:be:21:76:fd:c5:ec:6d:bd
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

11/02/2011, 12:00

Not After

10/02/2026, 12:00

Subject

CN=DigiCert Assured ID Code Signing CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

03:fc:1d:02:0d:4f:02:63:5d:74:52:89:2e:da:3c:da
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/10/2019, 00:00

Not After

28/10/2022, 12:00

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:cd:48:ca:67:47:d5:7e:39:86:d0:59:03:df:25:c9:27:ba:2a:6a:69:87:10:bc:3b:3a:59:d5:ac:14:62:99
Signer

Actual PE Digest

1e:cd:48:ca:67:47:d5:7e:39:86:d0:59:03:df:25:c9:27:ba:2a:6a:69:87:10:bc:3b:3a:59:d5:ac:14:62:99

Digest Algorithm

sha256

PE Digest Matches

true

e4:d7:3f:4d:46:01:3e:bd:06:2c:a3:5b:2f:42:58:9e:f2:44:3d:a2
Signer

Actual PE Digest

e4:d7:3f:4d:46:01:3e:bd:06:2c:a3:5b:2f:42:58:9e:f2:44:3d:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetModuleHandleA
RemoveDirectoryW
CreateDirectoryW
DisconnectNamedPipe
CopyFileExW
MoveFileWithProgressW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
SetFilePointer
DuplicateHandle
GetCurrentProcess
CreateFileW
SetVolumeLabelW
DeleteFileW
SetFileAttributesW
ConnectNamedPipe
GetCurrentThreadId
CreateFileA
WaitNamedPipeA
GetVersionExA
CreateThread
DeviceIoControl
CloseHandle
CreateNamedPipeA
LocalFree
GetTickCount
WriteFile
PeekNamedPipe
ReadFile
Sleep
GetProcAddress
GetLastError
LocalAlloc
GetSystemDirectoryW
LoadLibraryExW
GetWindowsDirectoryW
LoadLibraryExA
MultiByteToWideChar
GetSystemDirectoryA
GetWindowsDirectoryA
OpenProcess
WideCharToMultiByte
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
UnhandledExceptionFilter
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
TlsSetValue
TlsAlloc
SetLastError
TlsGetValue
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapFree
RtlUnwind
InterlockedDecrement
InterlockedIncrement
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

user32

MessageBoxA

advapi32

GetSecurityDescriptorControl
GetFileSecurityW
SetFileSecurityW
LookupPrivilegeValueA
OpenProcessToken
AdjustTokenPrivileges
GetNamedSecurityInfoW
SetEntriesInAclW
SetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
SetSecurityDescriptorControl
IsValidSecurityDescriptor
GetLengthSid
InitializeAcl
AddAccessAllowedAce
GetUserNameA
LookupAccountNameA

shell32

SHFileOperationW

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCMDLZMA.DLL
.dll windows:4 windows x86 arch:x86

b440fd57fd46e4f21d8e917e64344f85

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
VirtualFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
GetLastError
CloseHandle
WaitForSingleObject
ResumeThread
SetThreadAffinityMask
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
HeapAlloc
HeapFree
HeapReAlloc
GetProcAddress
GetModuleHandleA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetCurrentThreadId
InterlockedDecrement
ExitProcess
ExitThread
CreateThread
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapDestroy
HeapCreate
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
Sleep
LoadLibraryA
RtlUnwind
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Exports

Exports

BrotliDecoderCreateInstance
BrotliDecoderDecompressStream
BrotliDecoderDestroyInstance
LzmaCompress
LzmaDec_Allocate
LzmaDec_Constr
LzmaDec_DecodeToBuf
LzmaDec_Free
LzmaDec_Init
LzmaEncProps_Init
LzmaEnc_Create
LzmaEnc_Destroy
LzmaEnc_Encode
LzmaEnc_SetProps
LzmaEnc_WriteProperties
LzmaUncompress
XzUnpacker_Code
XzUnpacker_Create
XzUnpacker_Free

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 940B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCMDX32.EXE
.exe windows:4 windows x86 arch:x86

84dbe7df2013871e34ac7edeb548920b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:6c:61:75:7a:92:3f:50:c8:2e:b6:aa:18:d2:1f:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/09/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f2:6d:2b:4d:e7:eb:bb:26:05:fd:83:cc:b1:f4:ad
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/05/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

bd:3a:45:f5:cc:5f:e7:aa:f5:4e:3b:1f:54:79:69:95:e3:0f:dc:89:dc:3d:32:da:87:32:65:8d:3f:65:64:a5
Signer

Actual PE Digest

bd:3a:45:f5:cc:5f:e7:aa:f5:4e:3b:1f:54:79:69:95:e3:0f:dc:89:dc:3d:32:da:87:32:65:8d:3f:65:64:a5

Digest Algorithm

sha256

PE Digest Matches

true

74:53:d8:5f:76:87:ec:9e:3c:19:46:a2:64:cc:ce:57:1d:d2:1c:97
Signer

Actual PE Digest

74:53:d8:5f:76:87:ec:9e:3c:19:46:a2:64:cc:ce:57:1d:d2:1c:97

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFilePointer
SetStdHandle
FlushFileBuffers
LCMapStringW
LCMapStringA
GetStringTypeA
GetOEMCP
GetCPInfo
InterlockedIncrement
InterlockedDecrement
MultiByteToWideChar
TlsGetValue
SetLastError
TlsAlloc
TlsSetValue
GetCurrentThreadId
GetFileType
SetErrorMode
CreateThread
ConnectNamedPipe
GetLastError
GetTickCount
PeekNamedPipe
ReadFile
WideCharToMultiByte
GetCurrentProcessId
WriteFile
GetModuleFileNameW
GetEnvironmentVariableA
GetStringTypeW
GetACP
GetVersionExA
Sleep
WaitNamedPipeA
CreateFileA
DisconnectNamedPipe
CloseHandle
GetProcAddress
CreateNamedPipeA
GetStdHandle
SetHandleCount
GetEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsW
FreeEnvironmentStringsA
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
LoadLibraryA
HeapFree
HeapAlloc
RtlUnwind
GetModuleHandleA
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection

user32

GetMenuItemInfoW
GetMenuItemCount
GetMenuItemInfoA
MessageBoxA
GetActiveWindow
CharUpperW
PeekMessageA
TranslateMessage
DispatchMessageA
DestroyMenu
CreatePopupMenu
GetMenuItemID
GetDC
GetSysColor
FillRect
ReleaseDC
DestroyWindow
GetDesktopWindow
GetKeyState
MessageBoxW
CreateWindowExA
RegisterClassExA
DefWindowProcA
PostQuitMessage
SystemParametersInfoA
wsprintfW
DeleteMenu

gdi32

DeleteObject
CreateDIBSection
SelectObject
CreateSolidBrush
SetBkColor
SetTextColor
SetBkMode
GdiFlush
DeleteDC
GetObjectA
GetDIBits
CreateFontIndirectA
TranslateCharsetInfo
CreateCompatibleDC

advapi32

RegOpenKeyA
RegQueryValueA
RegQueryValueW
RegOpenKeyW
RegCloseKey
RegEnumKeyA

shell32

SHGetMalloc
SHGetDesktopFolder
SHGetSpecialFolderLocation

ole32

CLSIDFromString
OleUninitialize
CoUninitialize
CoInitialize
OleInitialize
CoCreateInstance

comctl32

ord17

Sections

.text
Size: 40KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCMDX64.EXE
.exe windows:4 windows x64 arch:x64

e72616a6647b2da61de1c26bf632c2f9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:6c:61:75:7a:92:3f:50:c8:2e:b6:aa:18:d2:1f:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/09/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f2:6d:2b:4d:e7:eb:bb:26:05:fd:83:cc:b1:f4:ad
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/05/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ca:68:23:75:82:c0:2b:52:7d:25:83:26:b0:a4:63:e9:2f:47:6e:2b:0d:7c:a1:bf:d2:0d:18:f0:4c:79:62:51
Signer

Actual PE Digest

ca:68:23:75:82:c0:2b:52:7d:25:83:26:b0:a4:63:e9:2f:47:6e:2b:0d:7c:a1:bf:d2:0d:18:f0:4c:79:62:51

Digest Algorithm

sha256

PE Digest Matches

true

a2:07:0b:e1:8f:b5:78:67:fc:dc:bf:6e:b0:31:a9:7e:58:e5:27:33
Signer

Actual PE Digest

a2:07:0b:e1:8f:b5:78:67:fc:dc:bf:6e:b0:31:a9:7e:58:e5:27:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

comctl32

ord17

user32

FillRect
TranslateMessage
GetDC
PostQuitMessage
RegisterClassExA
CreatePopupMenu
MessageBoxW
GetSysColor
GetDesktopWindow
MessageBoxA
wsprintfW
GetMenuItemID
CreateWindowExA
SystemParametersInfoA
PeekMessageA
ReleaseDC
DestroyMenu
GetActiveWindow
GetMenuItemCount
DestroyWindow
GetKeyState
CharUpperW
DefWindowProcA
GetMenuItemInfoW
DispatchMessageA
DeleteMenu
GetMenuItemInfoA

kernel32

GetLocaleInfoA
ConnectNamedPipe
GetACP
SetErrorMode
MultiByteToWideChar
GetTickCount
Sleep
LoadLibraryA
DisconnectNamedPipe
WaitNamedPipeA
WriteFile
GetLastError
GetVersionExA
CloseHandle
ReadFile
GetProcAddress
GetCurrentProcessId
GetModuleFileNameW
CreateNamedPipeA
CreateThread
PeekNamedPipe
WideCharToMultiByte
HeapReAlloc
SetFilePointer
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
HeapSize
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetOEMCP
GetCPInfo
GetSystemTimeAsFileTime
QueryPerformanceCounter
FlsAlloc
SetLastError
FlsFree
HeapFree
HeapAlloc
GetCommandLineA
GetProcessHeap
GetStartupInfoA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapSetInformation
HeapCreate
GetModuleHandleA
ExitProcess
GetStdHandle
GetModuleFileNameA
RaiseException
RtlPcToFileHeader
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
DeleteCriticalSection
FlsGetValue
FlsSetValue
TlsFree
GetCurrentThreadId

gdi32

CreateCompatibleDC
GetObjectA
TranslateCharsetInfo
SetTextColor
SetBkMode
DeleteDC
DeleteObject
CreateDIBSection
SelectObject
CreateFontIndirectA
CreateSolidBrush
GetDIBits
SetBkColor
GdiFlush

shell32

SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc

ole32

CLSIDFromString
OleInitialize
CoCreateInstance
CoInitialize
CoUninitialize
OleUninitialize

advapi32

RegEnumKeyA
RegOpenKeyW
RegQueryValueA
RegCloseKey
RegQueryValueW
RegOpenKeyA

Sections

.text
Size: 73KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TCUNZL64.DLL
.dll windows:4 windows x64 arch:x64

5b6d4da1a573b1f08533f8b637b52442

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:d9:b4:e7:4c:7f:5f:41:d5:d9:60:fd:a6:f9:22:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/10/2022, 00:00

Not After

12/10/2025, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:ea:17:82:e7:d8:c0:7c:99:4c:ec:6f:58:70:a3:27:84:e0:ac:1b:91:cf:ce:1a:1a:2e:5f:3c:2f:27:4f:90
Signer

Actual PE Digest

ee:ea:17:82:e7:d8:c0:7c:99:4c:ec:6f:58:70:a3:27:84:e0:ac:1b:91:cf:ce:1a:1a:2e:5f:3c:2f:27:4f:90

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CreateFileA
CloseHandle
FindClose
FindFirstFileA
ReadFile
SetFilePointer
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
GetLastError
HeapFree
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
GetProcAddress
GetModuleHandleA
ExitProcess
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlUnwindEx
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
Sleep
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
MultiByteToWideChar
HeapSize
HeapReAlloc
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA

Exports

Exports

DllMain
DoneInflate
InflateChunk
StartInflate
UnzipBzip2
UnzipPpmd

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCUNZLIB.DLL
.dll windows:4 windows x86 arch:x86

7f07d18822c6417c58c87cdf6243b29d

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:d9:b4:e7:4c:7f:5f:41:d5:d9:60:fd:a6:f9:22:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/10/2022, 00:00

Not After

12/10/2025, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ff:e3:33:38:92:ed:1a:45:4e:b6:78:d7:b3:76:6c:c2:38:fa:4d:67:8c:4d:15:e8:b1:c6:f2:ad:ff:fe:3d:7b
Signer

Actual PE Digest

ff:e3:33:38:92:ed:1a:45:4e:b6:78:d7:b3:76:6c:c2:38:fa:4d:67:8c:4d:15:e8:b1:c6:f2:ad:ff:fe:3d:7b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CloseHandle
FindFirstFileA
CreateFileA
FindClose
ReadFile
SetFilePointer
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
GetCurrentProcess
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
RtlUnwind
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
FlushFileBuffers
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetProcAddress
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
SetStdHandle
LCMapStringA
LCMapStringW

Exports

Exports

DllMain
_DoneInflate@4
_InflateChunk@32
_StartInflate@12
_UnzipBzip2@44
_UnzipPpmd@44

Sections

.text
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCZSTD32.DLL
.dll windows:5 windows x86 arch:x86

ed02872256a88488a369fae099cd8499

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\vcc64\zstd\build\VS2010\bin\Win32_Release\libzstd.pdb

Imports

kernel32

UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW

Exports

Exports

ZSTD_DCtx_getParameter
ZSTD_DCtx_loadDictionary
ZSTD_DCtx_loadDictionary_advanced
ZSTD_DCtx_loadDictionary_byReference
ZSTD_DCtx_refDDict
ZSTD_DCtx_refPrefix
ZSTD_DCtx_refPrefix_advanced
ZSTD_DCtx_reset
ZSTD_DCtx_setFormat
ZSTD_DCtx_setMaxWindowSize
ZSTD_DCtx_setParameter
ZSTD_DStreamInSize
ZSTD_DStreamOutSize
ZSTD_copyDCtx
ZSTD_createDCtx
ZSTD_createDCtx_advanced
ZSTD_createDDict
ZSTD_createDDict_advanced
ZSTD_createDDict_byReference
ZSTD_createDStream
ZSTD_createDStream_advanced
ZSTD_dParam_getBounds
ZSTD_decodingBufferSize_min
ZSTD_decompress
ZSTD_decompressBegin
ZSTD_decompressBegin_usingDDict
ZSTD_decompressBegin_usingDict
ZSTD_decompressBlock
ZSTD_decompressBound
ZSTD_decompressContinue
ZSTD_decompressDCtx
ZSTD_decompressStream
ZSTD_decompressStream_simpleArgs
ZSTD_decompress_usingDDict
ZSTD_decompress_usingDict
ZSTD_decompressionMargin
ZSTD_estimateDCtxSize
ZSTD_estimateDDictSize
ZSTD_estimateDStreamSize
ZSTD_estimateDStreamSize_fromFrame
ZSTD_findDecompressedSize
ZSTD_findFrameCompressedSize
ZSTD_frameHeaderSize
ZSTD_freeDCtx
ZSTD_freeDDict
ZSTD_freeDStream
ZSTD_getDecompressedSize
ZSTD_getDictID_fromDDict
ZSTD_getDictID_fromDict
ZSTD_getDictID_fromFrame
ZSTD_getErrorCode
ZSTD_getErrorName
ZSTD_getErrorString
ZSTD_getFrameContentSize
ZSTD_getFrameHeader
ZSTD_getFrameHeader_advanced
ZSTD_initDStream
ZSTD_initDStream_usingDDict
ZSTD_initDStream_usingDict
ZSTD_initStaticDCtx
ZSTD_initStaticDDict
ZSTD_initStaticDStream
ZSTD_insertBlock
ZSTD_isError
ZSTD_isFrame
ZSTD_isSkippableFrame
ZSTD_nextInputType
ZSTD_nextSrcSizeToDecompress
ZSTD_readSkippableFrame
ZSTD_resetDStream
ZSTD_sizeof_DCtx
ZSTD_sizeof_DDict
ZSTD_sizeof_DStream
ZSTD_versionNumber
ZSTD_versionString

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCZSTD64.DLL
.dll windows:5 windows x64 arch:x64

e974ca7a0e6b48fe0789b5e8fd039bfb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\vcc64\zstd\build\VS2010\bin\x64_Release\libzstd.pdb

Imports

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
CreateFileW

Exports

Exports

ZSTD_DCtx_getParameter
ZSTD_DCtx_loadDictionary
ZSTD_DCtx_loadDictionary_advanced
ZSTD_DCtx_loadDictionary_byReference
ZSTD_DCtx_refDDict
ZSTD_DCtx_refPrefix
ZSTD_DCtx_refPrefix_advanced
ZSTD_DCtx_reset
ZSTD_DCtx_setFormat
ZSTD_DCtx_setMaxWindowSize
ZSTD_DCtx_setParameter
ZSTD_DStreamInSize
ZSTD_DStreamOutSize
ZSTD_copyDCtx
ZSTD_createDCtx
ZSTD_createDCtx_advanced
ZSTD_createDDict
ZSTD_createDDict_advanced
ZSTD_createDDict_byReference
ZSTD_createDStream
ZSTD_createDStream_advanced
ZSTD_dParam_getBounds
ZSTD_decodingBufferSize_min
ZSTD_decompress
ZSTD_decompressBegin
ZSTD_decompressBegin_usingDDict
ZSTD_decompressBegin_usingDict
ZSTD_decompressBlock
ZSTD_decompressBound
ZSTD_decompressContinue
ZSTD_decompressDCtx
ZSTD_decompressStream
ZSTD_decompressStream_simpleArgs
ZSTD_decompress_usingDDict
ZSTD_decompress_usingDict
ZSTD_decompressionMargin
ZSTD_estimateDCtxSize
ZSTD_estimateDDictSize
ZSTD_estimateDStreamSize
ZSTD_estimateDStreamSize_fromFrame
ZSTD_findDecompressedSize
ZSTD_findFrameCompressedSize
ZSTD_frameHeaderSize
ZSTD_freeDCtx
ZSTD_freeDDict
ZSTD_freeDStream
ZSTD_getDecompressedSize
ZSTD_getDictID_fromDDict
ZSTD_getDictID_fromDict
ZSTD_getDictID_fromFrame
ZSTD_getErrorCode
ZSTD_getErrorName
ZSTD_getErrorString
ZSTD_getFrameContentSize
ZSTD_getFrameHeader
ZSTD_getFrameHeader_advanced
ZSTD_initDStream
ZSTD_initDStream_usingDDict
ZSTD_initDStream_usingDict
ZSTD_initStaticDCtx
ZSTD_initStaticDDict
ZSTD_initStaticDStream
ZSTD_insertBlock
ZSTD_isError
ZSTD_isFrame
ZSTD_isSkippableFrame
ZSTD_nextInputType
ZSTD_nextSrcSizeToDecompress
ZSTD_readSkippableFrame
ZSTD_resetDStream
ZSTD_sizeof_DCtx
ZSTD_sizeof_DDict
ZSTD_sizeof_DStream
ZSTD_versionNumber
ZSTD_versionString

Sections

.text
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCshareWin10.dll
.dll windows:6 windows x86 arch:x86

f2289c5eb66bc3528dbd2c42ad4d345c

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:d9:b4:e7:4c:7f:5f:41:d5:d9:60:fd:a6:f9:22:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/10/2022, 00:00

Not After

12/10/2025, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:b4:9c:37:d1:fc:e2:70:11:1f:49:f8:19:42:94:e5:2f:bc:66:ce:f7:3e:31:c9:1f:b8:33:96:70:e1:9e:0b
Signer

Actual PE Digest

cf:b4:9c:37:d1:fc:e2:70:11:1f:49:f8:19:42:94:e5:2f:bc:66:ce:f7:3e:31:c9:1f:b8:33:96:70:e1:9e:0b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\vcc64\TCshareWin10\Release\TCshareWin10.pdb

Imports

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCompareStringOrdinal
WindowsDuplicateString
WindowsDeleteString
WindowsCreateString

api-ms-win-core-errorhandling-l1-1-0

RaiseException
SetLastError
GetLastError
SetUnhandledExceptionFilter

api-ms-win-core-file-l1-1-0

GetFileAttributesW
GetFileType
FindClose
WriteFile
FlushFileBuffers
FindNextFileW
FindFirstFileExW
SetFilePointerEx

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

user32

PostMessageW

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
ExitProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCurrentProcess
GetCurrentProcessId

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead
InterlockedFlushSList

api-ms-win-core-rtlsupport-l1-1-0

RtlUnwind

api-ms-win-core-util-l1-1-0

DecodePointer
EncodePointer

api-ms-win-core-synch-l1-1-0

InitializeCriticalSectionAndSpinCount
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection

api-ms-win-core-libraryloader-l1-2-0

FreeLibrary
GetProcAddress
GetModuleFileNameW

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapSize
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

IsValidCodePage
GetACP
GetCPInfo

api-ms-win-core-processenvironment-l1-1-0

GetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetCommandLineW
GetCommandLineA

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
MultiByteToWideChar
GetStringTypeW

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW
GetConsoleCP

api-ms-win-core-handle-l1-1-0

CloseHandle

kernel32

CreateFileW
UnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
LCMapStringW
LoadLibraryExW
GetModuleHandleExW
GetOEMCP

Exports

Exports

LaunchImageViewer
ShareThisList

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TCshareWin10x64.dll
.dll windows:6 windows x64 arch:x64

2b4ae0b6a89d6ca69fde8c78cb74b5d1

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:d9:b4:e7:4c:7f:5f:41:d5:d9:60:fd:a6:f9:22:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/10/2022, 00:00

Not After

12/10/2025, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:38:d0:ab:00:92:67:5d:36:7b:53:0e:81:2c:88:f2:c1:d7:1d:ef:35:9e:3b:3b:fc:72:08:45:4c:33:25:99
Signer

Actual PE Digest

ec:38:d0:ab:00:92:67:5d:36:7b:53:0e:81:2c:88:f2:c1:d7:1d:ef:35:9e:3b:3b:fc:72:08:45:4c:33:25:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\vcc64\TCshareWin10\x64\Release\TCshareWin10.pdb

Imports

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsCreateString
WindowsCompareStringOrdinal
WindowsDuplicateString
WindowsDeleteString

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
SetLastError

api-ms-win-core-file-l1-1-0

WriteFile
FindClose
SetFilePointerEx
GetFileType
FindNextFileW
GetFileAttributesW
FindFirstFileExW
FlushFileBuffers

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
CoCreateFreeThreadedMarshaler

user32

PostMessageW

api-ms-win-core-rtlsupport-l1-1-0

RtlPcToFileHeader
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlUnwindEx

api-ms-win-core-processthreads-l1-1-0

ExitProcess
TlsFree
GetCurrentProcess
TlsSetValue
TlsAlloc
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
TlsGetValue

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InterlockedFlushSList
InitializeSListHead

api-ms-win-core-util-l1-1-0

EncodePointer

api-ms-win-core-synch-l1-1-0

LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
EnterCriticalSection

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetProcAddress
FreeLibrary

api-ms-win-core-heap-l1-1-0

HeapSize
HeapReAlloc
GetProcessHeap
HeapAlloc
HeapFree

api-ms-win-core-localization-l1-2-0

GetCPInfo
IsValidCodePage
GetACP

api-ms-win-core-processenvironment-l1-1-0

FreeEnvironmentStringsW
GetCommandLineW
GetCommandLineA
SetStdHandle
GetEnvironmentStringsW
GetStdHandle

api-ms-win-core-string-l1-1-0

GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-console-l1-1-0

GetConsoleMode
WriteConsoleW
GetConsoleCP

api-ms-win-core-handle-l1-1-0

CloseHandle

kernel32

LoadLibraryExW
GetModuleHandleW
CreateFileW
GetStartupInfoW
RtlCaptureContext
UnhandledExceptionFilter
LCMapStringW
GetOEMCP
GetModuleHandleExW

Exports

Exports

LaunchImageViewer
ShareThisList

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TOTALCMD.CHM
.chm
TOTALCMD.EXE
.exe windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 196KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 6KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TOTALCMD.EXE.MANIFEST
.xml
TOTALCMD.INC
TOTALCMD64.EXE
.exe windows:4 windows x64 arch:x64

3e1f5267e7b0e14426e4958aa46de5b3

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

advapi32

AccessCheck
AddAccessAllowedAce
AdjustTokenPrivileges
AllocateAndInitializeSid
CloseServiceHandle
ControlService
CreateServiceA
DeleteService
EqualSid
FreeSid
GetAce
GetFileSecurityW
GetLengthSid
GetSecurityDescriptorControl
GetSecurityDescriptorOwner
GetTokenInformation
GetUserNameA
GetUserNameW
ImpersonateSelf
InitializeAcl
InitializeSecurityDescriptor
IsValidSecurityDescriptor
IsValidSid
LookupAccountSidA
LookupPrivilegeValueA
MapGenericMask
OpenProcessToken
OpenSCManagerA
OpenServiceA
OpenThreadToken
QueryServiceConfigA
RegCloseKey
RegCreateKeyA
RegCreateKeyExA
RegCreateKeyExW
RegDeleteKeyA
RegDeleteKeyW
RegDeleteValueA
RegEnumKeyA
RegEnumKeyW
RegEnumValueA
RegEnumValueW
RegOpenKeyA
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueA
RegQueryValueExA
RegQueryValueExW
RegQueryValueW
RegSetValueA
RegSetValueExA
RegSetValueW
RevertToSelf
SetFileSecurityW
SetSecurityDescriptorDacl
StartServiceA

comctl32

ImageList_Add
ImageList_AddMasked
ImageList_BeginDrag
ImageList_Copy
ImageList_Create
ImageList_Destroy
ImageList_DragEnter
ImageList_DragLeave
ImageList_DragMove
ImageList_DragShowNolock
ImageList_DrawEx
ImageList_DrawIndirect
ImageList_EndDrag
ImageList_GetIcon
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_Remove
ImageList_Replace
ImageList_SetImageCount
InitCommonControls

comdlg32

ChooseColorA
ChooseFontA
ChooseFontW
GetOpenFileNameA
GetOpenFileNameW
GetSaveFileNameA
GetSaveFileNameW
PageSetupDlgA
PrintDlgA

gdi32

AbortDoc
Arc
BitBlt
Chord
CombineRgn
CreateBitmap
CreateBrushIndirect
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCA
CreateDIBSection
CreateDIBitmap
CreateEllipticRgn
CreateFontA
CreateFontIndirectA
CreateFontIndirectW
CreatePalette
CreatePatternBrush
CreatePen
CreatePenIndirect
CreatePolygonRgn
CreateRectRgn
CreateRectRgnIndirect
CreateRoundRectRgn
CreateSolidBrush
DPtoLP
DeleteDC
DeleteObject
Ellipse
EndDoc
EndPage
EnumFontFamiliesA
EnumFontFamiliesExA
EnumFontFamiliesExW
EnumFontsA
ExcludeClipRect
ExtCreatePen
ExtCreateRegion
ExtFloodFill
ExtSelectClipRgn
ExtTextOutA
ExtTextOutW
FillRgn
GdiFlush
GetBitmapBits
GetBkColor
GetCharABCWidthsA
GetClipBox
GetClipRgn
GetCurrentObject
GetDCOrgEx
GetDIBits
GetDeviceCaps
GetMapMode
GetObjectA
GetObjectType
GetObjectW
GetPixel
GetROP2
GetRandomRgn
GetRgnBox
GetStockObject
GetTextAlign
GetTextColor
GetTextExtentExPointA
GetTextExtentExPointW
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextExtentPointA
GetTextExtentPointW
GetTextMetricsA
GetViewportExtEx
GetViewportOrgEx
GetWindowExtEx
GetWindowOrgEx
IntersectClipRect
LPtoDP
LineTo
MaskBlt
MoveToEx
OffsetRgn
OffsetViewportOrgEx
PatBlt
Pie
PolyBezier
Polygon
Polyline
PtInRegion
RealizePalette
RectVisible
Rectangle
RestoreDC
RoundRect
SaveDC
SelectClipRgn
SelectObject
SelectPalette
SetArcDirection
SetBkColor
SetBkMode
SetBrushOrgEx
SetDIBits
SetDIBitsToDevice
SetMapMode
SetPixel
SetPolyFillMode
SetROP2
SetStretchBltMode
SetTextAlign
SetTextCharacterExtra
SetTextColor
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
StartDocA
StartPage
StretchBlt
StretchDIBits
TextOutA
TextOutW
TranslateCharsetInfo

imm32

ImmGetContext
ImmGetDefaultIMEWnd
ImmReleaseContext
ImmSetCompositionWindow

kernel32

AddVectoredExceptionHandler
CloseHandle
CompareStringA
CompareStringW
CopyFileA
CopyFileW
CreateDirectoryA
CreateDirectoryW
CreateEventA
CreateFileA
CreateFileMappingA
CreateFileW
CreateMutexA
CreateProcessA
CreateProcessW
CreateSemaphoreA
CreateThread
DeleteCriticalSection
DeleteFileA
DeleteFileW
DeviceIoControl
DuplicateHandle
EnterCriticalSection
EnumCalendarInfoA
EnumResourceLanguagesA
EnumResourceNamesA
EnumResourceTypesA
EnumSystemCodePagesW
ExitProcess
ExitThread
ExpandEnvironmentStringsA
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FindResourceA
FindResourceExA
FlushFileBuffers
FlushInstructionCache
FormatMessageA
FormatMessageW
FreeEnvironmentStringsA
FreeLibrary
FreeResource
GetACP
GetCommandLineA
GetCommandLineW
GetComputerNameA
GetComputerNameW
GetConsoleMode
GetConsoleOutputCP
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
GetCurrentThreadId
GetDateFormatA
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStringsA
GetEnvironmentVariableA
GetEnvironmentVariableW
GetExitCodeProcess
GetExitCodeThread
GetFileAttributesA
GetFileAttributesW
GetFileTime
GetFileType
GetLastError
GetLocalTime
GetLocaleInfoA
GetLocaleInfoW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetOEMCP
GetOverlappedResult
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetPrivateProfileSectionW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetProcAddress
GetProcessHeap
GetProfileIntA
GetProfileStringA
GetShortPathNameA
GetShortPathNameW
GetStartupInfoA
GetStdHandle
GetSystemDefaultLCID
GetSystemDirectoryA
GetSystemDirectoryW
GetSystemInfo
GetSystemTime
GetTempFileNameA
GetTempFileNameW
GetTempPathA
GetThreadLocale
GetThreadPriority
GetTickCount
GetTimeZoneInformation
GetUserDefaultLCID
GetUserDefaultLangID
GetVersion
GetVersionExA
GetVolumeInformationA
GetVolumeInformationW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAddAtomA
GlobalAddAtomW
GlobalAlloc
GlobalDeleteAtom
GlobalFree
GlobalLock
GlobalMemoryStatus
GlobalReAlloc
GlobalSize
GlobalUnlock
HeapAlloc
HeapFree
InitializeCriticalSection
IsBadReadPtr
IsBadStringPtrA
IsBadWritePtr
IsDBCSLeadByte
IsDBCSLeadByteEx
IsValidCodePage
LCMapStringA
LeaveCriticalSection
LoadLibraryA
LoadLibraryExA
LoadLibraryExW
LoadResource
LocalAlloc
LocalFileTimeToFileTime
LocalFree
LockResource
MapViewOfFile
MoveFileA
MoveFileW
MulDiv
MultiByteToWideChar
OpenMutexA
OpenProcess
OutputDebugStringA
PeekNamedPipe
QueryDosDeviceW
QueryPerformanceCounter
ReadFile
ReadProcessMemory
ReleaseMutex
ReleaseSemaphore
RemoveDirectoryA
RemoveDirectoryW
ResetEvent
ResumeThread
SetCurrentDirectoryA
SetCurrentDirectoryW
SetEndOfFile
SetEnvironmentVariableA
SetEnvironmentVariableW
SetErrorMode
SetEvent
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetLastError
SetNamedPipeHandleState
SetThreadLocale
SetThreadPriority
SetVolumeLabelA
SetVolumeLabelW
SizeofResource
Sleep
SuspendThread
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
TerminateThread
TlsAlloc
TlsGetValue
TlsSetValue
TransactNamedPipe
TryEnterCriticalSection
TzSpecificLocalTimeToSystemTime
UnmapViewOfFile
VirtualAlloc
VirtualFree
VirtualProtect
VirtualQuery
WaitForMultipleObjects
WaitForMultipleObjectsEx
WaitForSingleObject
WideCharToMultiByte
WinExec
WriteFile
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WritePrivateProfileStringA
WritePrivateProfileStringW
WriteProcessMemory

ole32

CLSIDFromString
CoCreateInstance
CoGetInterfaceAndReleaseStream
CoInitialize
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
CoTaskMemFree
CoUninitialize
CreateItemMoniker
CreateStreamOnHGlobal
DoDragDrop
IsEqualGUID
OleInitialize
OleUninitialize
RegisterDragDrop
ReleaseStgMedium
RevokeDragDrop
StgCreateDocfile
StgOpenStorage
StringFromCLSID

oleaut32

SafeArrayAccessData
SafeArrayCreate
SafeArrayGetElement
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayRedim
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysFreeString
SysReAllocStringLen
VariantChangeTypeEx
VariantClear
VariantCopy
VariantInit

shell32

DragAcceptFiles
DragFinish
DragQueryFileA
DragQueryFileW
ExtractAssociatedIconA
ExtractAssociatedIconW
ExtractIconA
ExtractIconW
FindExecutableA
FindExecutableW
SHBrowseForFolder
SHFileOperationA
SHGetDesktopFolder
SHGetFileInfo
SHGetFileInfoA
SHGetImageList
SHGetMalloc
SHGetPathFromIDList
SHGetSpecialFolderLocation
ShellExecuteA
ShellExecuteExA
ShellExecuteW
Shell_NotifyIconA

user32

ActivateKeyboardLayout
AdjustWindowRect
AdjustWindowRectEx
AppendMenuA
AppendMenuW
AttachThreadInput
BeginPaint
BringWindowToTop
CallNextHookEx
CallWindowProcA
CallWindowProcW
CharLowerA
CharLowerBuffA
CharLowerBuffW
CharLowerW
CharNextA
CharNextExA
CharNextW
CharPrevA
CharPrevExA
CharPrevW
CharToOemA
CharToOemBuffA
CharUpperA
CharUpperBuffA
CharUpperBuffW
CharUpperW
CheckDlgButton
CheckMenuItem
ChildWindowFromPointEx
ClientToScreen
CloseClipboard
CloseDesktop
CopyImage
CountClipboardFormats
CreateAcceleratorTableA
CreateCaret
CreateDialogIndirectParamA
CreateDialogParamA
CreateDialogParamW
CreateIconFromResourceEx
CreateIconIndirect
CreateMenu
CreatePopupMenu
CreateWindowExA
CreateWindowExW
DefWindowProcA
DefWindowProcW
DeleteMenu
DestroyCaret
DestroyCursor
DestroyIcon
DestroyMenu
DestroyWindow
DispatchMessageA
DispatchMessageW
DrawEdge
DrawFocusRect
DrawFrameControl
DrawIcon
DrawIconEx
DrawMenuBar
DrawStateA
DrawStateW
DrawTextA
DrawTextW
EmptyClipboard
EnableMenuItem
EnableScrollBar
EnableWindow
EndPaint
EnumChildWindows
EnumClipboardFormats
EnumDesktopWindows
EnumPropsA
EnumThreadWindows
EnumWindows
FillRect
FindWindowA
FindWindowExA
FlashWindow
FrameRect
GetActiveWindow
GetAsyncKeyState
GetCapture
GetCaretPos
GetClassInfoA
GetClassInfoW
GetClassLongA
GetClassNameA
GetClientRect
GetClipboardData
GetClipboardFormatNameA
GetCursor
GetCursorPos
GetDC
GetDCEx
GetDesktopWindow
GetDialogBaseUnits
GetDlgCtrlID
GetDlgItem
GetDlgItemTextA
GetDoubleClickTime
GetFocus
GetForegroundWindow
GetIconInfo
GetKeyState
GetKeyboardLayout
GetKeyboardState
GetLastActivePopup
GetMenu
GetMenuBarInfo
GetMenuItemCount
GetMenuItemID
GetMenuItemInfoA
GetMenuItemInfoW
GetMenuItemRect
GetMenuState
GetMenuStringA
GetMenuStringW
GetMessageA
GetMessagePos
GetNextDlgTabItem
GetParent
GetPropA
GetScrollInfo
GetScrollPos
GetScrollRange
GetSubMenu
GetSysColor
GetSysColorBrush
GetSystemMenu
GetSystemMetrics
GetTabbedTextExtentA
GetTabbedTextExtentW
GetThreadDesktop
GetTopWindow
GetUserObjectSecurity
GetWindow
GetWindowDC
GetWindowLongA
GetWindowLongPtrA
GetWindowLongPtrW
GetWindowPlacement
GetWindowRect
GetWindowTextA
GetWindowTextLengthA
GetWindowTextLengthW
GetWindowTextW
GetWindowThreadProcessId
HideCaret
InflateRect
InsertMenuA
InsertMenuItemA
InsertMenuItemW
InsertMenuW
IntersectRect
InvalidateRect
InvalidateRgn
IsCharAlphaA
IsCharAlphaNumericA
IsCharAlphaNumericW
IsChild
IsClipboardFormatAvailable
IsDialogMessageA
IsDlgButtonChecked
IsIconic
IsMenu
IsWindow
IsWindowEnabled
IsWindowUnicode
IsWindowVisible
IsZoomed
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
LoadImageW
LoadKeyboardLayoutA
LoadStringA
LoadStringW
LookupIconIdFromDirectoryEx
MapVirtualKeyA
MapVirtualKeyW
MapWindowPoints
MessageBeep
MessageBoxA
MessageBoxW
ModifyMenuA
ModifyMenuW
MoveWindow
MsgWaitForMultipleObjects
OemToCharA
OemToCharBuffA
OffsetRect
OpenClipboard
OpenDesktopA
PeekMessageA
PeekMessageW
PostMessageA
PostMessageW
PostQuitMessage
PtInRect
RedrawWindow
RegisterClassA
RegisterClassW
RegisterClipboardFormatA
RegisterWindowMessageA
ReleaseCapture
ReleaseDC
RemoveMenu
RemovePropA
ScreenToClient
ScrollWindow
ScrollWindowEx
SendDlgItemMessageA
SendMessageA
SendMessageTimeoutA
SendMessageW
SetActiveWindow
SetCapture
SetCaretPos
SetClassLongA
SetClassLongPtrA
SetClipboardData
SetCursor
SetCursorPos
SetDlgItemTextA
SetDlgItemTextW
SetFocus
SetForegroundWindow
SetMenu
SetMenuDefaultItem
SetMenuItemBitmaps
SetMenuItemInfoA
SetMenuItemInfoW
SetParent
SetPropA
SetPropW
SetRect
SetScrollInfo
SetScrollPos
SetScrollRange
SetSysColors
SetTimer
SetWindowLongA
SetWindowLongPtrA
SetWindowLongPtrW
SetWindowPlacement
SetWindowPos
SetWindowRgn
SetWindowTextA
SetWindowTextW
SetWindowsHookExA
ShowCaret
ShowCursor
ShowScrollBar
ShowWindow
SystemParametersInfoA
SystemParametersInfoW
TabbedTextOutA
TabbedTextOutW
ToAscii
ToAsciiEx
ToUnicode
TrackPopupMenu
TrackPopupMenuEx
TranslateMessage
UnhookWindowsHookEx
UnregisterClassA
UnregisterClassW
UpdateWindow
ValidateRect
WinHelpA
WindowFromDC
WindowFromPoint
keybd_event
mouse_event
wvsprintfA

Sections

.text
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 289KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_MEM_DISCARDABLE

.idata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 557KB - Virtual size: 556KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 166KB - Virtual size: 165KB

IMAGE_SCN_MEM_DISCARDABLE

/4
Size: 512B - Virtual size: 20B

IMAGE_SCN_MEM_DISCARDABLE
TOTALCMD64.EXE.MANIFEST
.xml
TcUsbRun.exe
.exe windows:4 windows x86 arch:x86

25862f4a1c449203791e80620f5cdd91

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:6c:61:75:7a:92:3f:50:c8:2e:b6:aa:18:d2:1f:c6
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

09/09/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f2:6d:2b:4d:e7:eb:bb:26:05:fd:83:cc:b1:f4:ad
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

25/05/2016, 00:00

Not After

25/05/2017, 23:59

Subject

CN=Ghisler Software GmbH,OU=Development,O=Ghisler Software GmbH,L=Bolligen,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

06:35:3c:fa:39:b2:25:45:cd:70:ac:91:71:81:89:00:2a:74:48:e0:1d:10:5c:8e:0e:2d:c7:2a:50:d0:36:40
Signer

Actual PE Digest

06:35:3c:fa:39:b2:25:45:cd:70:ac:91:71:81:89:00:2a:74:48:e0:1d:10:5c:8e:0e:2d:c7:2a:50:d0:36:40

Digest Algorithm

sha256

PE Digest Matches

true

ee:04:4b:a5:4f:22:22:e8:c3:89:f5:3e:c2:05:58:5c:06:25:75:5e
Signer

Actual PE Digest

ee:04:4b:a5:4f:22:22:e8:c3:89:f5:3e:c2:05:58:5c:06:25:75:5e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

WaitForSingleObject
CreateThread
CreateEventA
GetModuleFileNameA
GetVersionExA
GetLastError
Sleep
lstrcmpiA
GetCurrentThreadId
GetSystemInfo
HeapCreate
InitializeCriticalSection
DeleteCriticalSection
InterlockedIncrement
lstrlenW
MultiByteToWideChar
lstrlenA
GetShortPathNameA
CloseHandle
FreeLibrary
SizeofResource
LoadResource
FindResourceA
LoadLibraryExA
lstrcpynA
IsDBCSLeadByte
HeapDestroy
LoadLibraryA
lstrcpyA
lstrcatA
LeaveCriticalSection
EnterCriticalSection
GetStringTypeA
RtlUnwind
LCMapStringW
LCMapStringA
InterlockedDecrement
SetEvent
HeapFree
HeapReAlloc
HeapAlloc
GetCommandLineA
ExitProcess
GetStartupInfoA
GetModuleFileNameW
GetFileAttributesW
GetModuleHandleA
GetProcAddress
WideCharToMultiByte
GetCurrentProcess
GetStringTypeW

user32

CharNextA
PostThreadMessageA
DispatchMessageA
MessageBoxA
GetMessageA

advapi32

RegQueryInfoKeyA
OpenProcessToken
GetTokenInformation
RegDeleteKeyA
RegOpenKeyA
RegDeleteValueA
RegOpenKeyExA
RegCreateKeyExA
RegCreateKeyA
RegQueryValueExA
RegCloseKey
RegSetValueExA
RegEnumValueA
RegEnumKeyExA

shell32

ShellExecuteExW
ShellExecuteW

ole32

CoCreateInstance
CoRevokeClassObject
CoRegisterClassObject
CoTaskMemRealloc
CoTaskMemAlloc
CoTaskMemFree
CoInitialize
CoUninitialize

oleaut32

SysAllocString
VarUI4FromStr
SysFreeString
RegisterTypeLi
LoadRegTypeLi
SysStringLen
LoadTypeLi

Sections

.text
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TotalCommanderPortable.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$EXEDIR/Data/TotalCommander/wincmd.key
$PLUGINSDIR/FindProcDLL.dll
.dll windows:4 windows x86 arch:x86

8df26927f8978d4eb40ff179c0aa961b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
lstrcmpA
OpenProcess
lstrcpyA
LoadLibraryA
CloseHandle
FreeLibrary
GetVersionExA
lstrlenA
GlobalFree

user32

wsprintfA

Exports

Exports

FindProc

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/newadvsplash.dll
.dll windows:4 windows x86 arch:x86

eee37c14e102da3f62385f9796c701ce

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetProcAddress
GetModuleHandleA
CloseHandle
CreateThread
lstrcpynA
lstrlenA
GetCurrentThreadId
Sleep
lstrcpyA
lstrcmpiA
lstrcatA
GlobalAlloc
GlobalFree
WaitForSingleObject

user32

DefWindowProcA
DestroyWindow
IsWindowVisible
UnregisterClassA
EnumDisplaySettingsA
wsprintfA
SetWindowPos
LoadCursorA
BeginPaint
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
IsWindow
GetClientRect
SetWindowLongA
SetForegroundWindow
AttachThreadInput
GetWindowThreadProcessId
GetForegroundWindow
RegisterClassA
SystemParametersInfoA
SendMessageA
ShowWindow
PostMessageA
SetWindowRgn
EndPaint

gdi32

CombineRgn
GetObjectA
CreateCompatibleDC
SelectObject
GetDIBits
CreateRectRgn
DeleteObject

msvfw32

MCIWndCreateA

winmm

timeSetEvent
PlaySoundA
timeKillEvent

oleaut32

OleLoadPicturePath

msvcrt

_lseek
memset
memcmp
_read
memcpy
_close
_open
strtol

Exports

Exports

hwnd
play
show
stop

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 289B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 634B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/splash.bmp
TotalCommanderPortable.ini
UNACEV2.DLL
.dll windows:1 windows x86 arch:x86

8390514c40641509cd0941c1fb7588ab

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shell32

ShellExecuteA
ShellExecuteExA

kernel32

AllocConsole
CloseHandle
CreateDirectoryA
CreateFileA
CreateProcessA
DeleteFileA
DeviceIoControl
DisableThreadLibraryCalls
DosDateTimeToFileTime
ExitProcess
ExitThread
FileTimeToDosDateTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FillConsoleOutputAttribute
FillConsoleOutputCharacterA
FindClose
FindFirstFileA
FindNextFileA
FlushFileBuffers
FreeConsole
GetCommandLineA
GetConsoleCursorInfo
GetConsoleScreenBufferInfo
GetCurrentDirectoryA
GetCurrentProcess
GetDiskFreeSpaceA
GetDriveTypeA
GetEnvironmentStrings
GetEnvironmentVariableA
GetExitCodeProcess
GetFileAttributesA
GetFileInformationByHandle
GetFileTime
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetProcAddress
GetShortPathNameA
GetStartupInfoA
GetStdHandle
GetSystemTime
GetTempPathA
GetTimeZoneInformation
GetVersion
GetVolumeInformationA
GlobalMemoryStatus
HeapAlloc
HeapCreate
HeapDestroy
HeapFree
HeapReAlloc
HeapSize
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
PeekConsoleInputA
ReadConsoleInputA
ReadConsoleOutputAttribute
ReadConsoleOutputA
ReadFile
RemoveDirectoryA
ScrollConsoleScreenBufferA
SearchPathA
SetConsoleCtrlHandler
SetConsoleCursorInfo
SetConsoleCursorPosition
SetConsoleScreenBufferSize
SetConsoleWindowInfo
SetCurrentDirectoryA
SetEndOfFile
SetEnvironmentVariableA
SetFileAttributesA
SetFilePointer
SetFileTime
SetHandleCount
SetStdHandle
Sleep
SystemTimeToFileTime
TerminateProcess
VirtualAlloc
VirtualFree
WaitForSingleObject
WriteConsoleOutputA
WriteConsoleOutputCharacterA
WriteFile

advapi32

RegCloseKey
RegCreateKeyA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

gdi32

CreateFontA
DeleteObject

user32

CharToOemBuffA
CreateDialogParamA
DestroyWindow
DialogBoxParamA
DispatchMessageA
EnableWindow
EndDialog
GetDlgItem
GetDlgItemTextA
GetKeyState
GetWindowTextA
KillTimer
LoadBitmapA
LoadCursorA
LoadIconA
LoadImageA
MessageBeep
MessageBoxA
OemToCharBuffA
PeekMessageA
SendDlgItemMessageA
SetCursor
SetDlgItemTextA
SetFocus
SetTimer
SetWindowTextA
ShowCursor
ShowWindow
TranslateMessage

Exports

Exports

ACEExtract
ACEInitDll
ACEList
ACEReadArchiveData
ACETest
___DllMainCRTStartup@12

Sections

AUTO
Size: 59KB - Virtual size:

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DGROUP
Size: 4KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: 210KB - Virtual size:

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size:

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
UNRAR.DLL
.dll windows:5 windows x86 arch:x86

d511765aa6e3e44bcc6cc6eee3d41953

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

40:b1:d1:b8:d2:7b:19:6a:d0:e2:0c:13:72:40:aa:0f:b8:2e:6e:a2:73:ce:7b:0b:a5:b6:c2:e8:46:f1:c7:c1
Signer

Actual PE Digest

40:b1:d1:b8:d2:7b:19:6a:d0:e2:0c:13:72:40:aa:0f:b8:2e:6e:a2:73:ce:7b:0b:a5:b6:c2:e8:46:f1:c7:c1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\z\Desktop\unrarsrc-6.2.12\unrar\build\unrardll32\Release\UnRAR.pdb

Imports

kernel32

CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
InterlockedDecrement
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
FreeLibrary
GetProcAddress
SetThreadPriority
SetThreadExecutionState
CreateEventW
RemoveDirectoryW
GetSystemDirectoryW
GetProcessAffinityMask
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
DecodePointer
WriteConsoleW
SetFilePointerEx
HeapSize
GetConsoleCP
GetProcessHeap
CreateDirectoryW
CloseHandle
SetFileTime
GetFileType
DeviceIoControl
GetCurrentProcess
Sleep
SetLastError
GetLastError
AreFileApisANSI
GetConsoleMode
GetStdHandle
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
RtlUnwind
RaiseException
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
GetACP
GetStringTypeW
LCMapStringW

user32

CharUpperW
CharToOemA
OemToCharBuffA
OemToCharA
CharLowerW
CharToOemBuffW

advapi32

OpenProcessToken
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueW
SetFileSecurityW
AdjustTokenPrivileges

ole32

CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc

Sections

.text
Size: 216KB - Virtual size: 215KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UNRAR64.DLL
.dll windows:5 windows x64 arch:x64

4af5c71732729c4648fe86c6854d12d6

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:8b:08:39:9e:c7:03:62:3c:72:cd:20:77:ad:65:d9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/08/2023, 00:00

Not After

07/08/2026, 23:59

Subject

SERIALNUMBER=HRB 109885,CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.1=#130e436861726c6f7474656e62757267,1.3.6.1.4.1.311.60.2.1.2=#13064265726c696e,1.3.6.1.4.1.311.60.2.1.3=#13024445

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:1e:36:53:58:3d:c9:6d:fd:68:01:9c:ba:0f:a7:17:85:2c:74:95:b7:fb:2a:45:df:19:21:f1:95:ec:1e:55
Signer

Actual PE Digest

32:1e:36:53:58:3d:c9:6d:fd:68:01:9c:ba:0f:a7:17:85:2c:74:95:b7:fb:2a:45:df:19:21:f1:95:ec:1e:55

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\z\Desktop\unrarsrc-6.2.12\unrar\build\unrardll64\Release\UnRAR.pdb

Imports

kernel32

CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
GetCurrentProcessId
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
FreeLibrary
GetProcAddress
SetThreadPriority
SetThreadExecutionState
CreateEventW
RemoveDirectoryW
GetSystemDirectoryW
GetProcessAffinityMask
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
WriteConsoleW
SetFilePointerEx
HeapSize
GetConsoleCP
GetProcessHeap
CreateDirectoryW
CloseHandle
SetFileTime
DeviceIoControl
GetCurrentProcess
GetFileType
Sleep
SetLastError
GetLastError
AreFileApisANSI
GetConsoleMode
GetStdHandle
LoadLibraryW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SetStdHandle
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
GetModuleHandleW
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
LocalFree
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapReAlloc
HeapAlloc
GetACP
GetStringTypeW
LCMapStringW

user32

OemToCharBuffA
CharLowerW
CharUpperW
CharToOemA
CharToOemBuffW
OemToCharA

advapi32

LookupPrivilegeValueW
CheckTokenMembership
FreeSid
AllocateAndInitializeSid
SetFileSecurityW
AdjustTokenPrivileges
OpenProcessToken

ole32

CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
SysFreeString
SysAllocString

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc

Sections

.text
Size: 236KB - Virtual size: 235KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 62KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UNRAR9X.DLL
.dll windows:4 windows x86 arch:x86

21a780d19fecaf05525f9be63d0d72e1

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\VCC\unrar\build\unrardll32\Release\unrar.pdb

Imports

kernel32

DeviceIoControl
WriteFile
SetEndOfFile
FlushFileBuffers
ReadFile
SetFilePointer
GetCurrentProcessId
FindClose
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetVersionExA
FoldStringW
FreeLibrary
GetProcAddress
SetThreadPriority
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateThread
WaitForSingleObject
GetProcessAffinityMask
ReleaseSemaphore
ResetEvent
SetEvent
SystemTimeToFileTime
GetSystemTime
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
FileTimeToSystemTime
LocalFileTimeToFileTime
WideCharToMultiByte
SetFileTime
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
CreateDirectoryA
CreateDirectoryW
RemoveDirectoryA
RemoveDirectoryW
CreateEventA
CreateEventW
CreateSemaphoreA
CreateSemaphoreW
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
GetCurrentDirectoryA
GetCurrentDirectoryW
GetFileAttributesA
GetFileAttributesW
LoadLibraryA
LoadLibraryW
GetSystemDirectoryA
GetSystemDirectoryW
SetFileAttributesA
SetFileAttributesW
GetFullPathNameA
GetFullPathNameW
GetShortPathNameA
GetShortPathNameW
MoveFileA
MoveFileW
GetModuleHandleA
SetErrorMode
IsDBCSLeadByte
GetCPInfo
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCurrentProcess
CloseHandle
Sleep
SetLastError
GetLastError
AreFileApisANSI
GetStdHandle
GetFileType
MultiByteToWideChar
GetConsoleMode
GetStringTypeW
HeapFree
HeapReAlloc
HeapAlloc
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
ExitProcess
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
GetCurrentThreadId
InterlockedDecrement
GetCommandLineA
GetProcessHeap
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
GetModuleFileNameA
GetACP
GetOEMCP
SetHandleCount
GetStartupInfoA
SetStdHandle
HeapSize
LCMapStringA
LCMapStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetConsoleCP
GetLocaleInfoA
GetStringTypeA

user32

CharToOemBuffA
CharToOemA
OemToCharBuffA
OemToCharA

advapi32

SetFileSecurityW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc

Sections

.text
Size: 188KB - Virtual size: 184KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 988B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VERTICAL.BAR
WC32TO16.EXE
WCMICON2.DLL
.dll windows:1 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 512B - Virtual size: 128B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 1KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 556B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WCMICONS.DLL
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.rsrc
Size: 623KB - Virtual size: 623KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WCMICONS.INC
WCMZIP32.DLL
.dll windows:4 windows x86 arch:x86

c104b9b02895fc8c000e5eeac50ee031

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:d9:b4:e7:4c:7f:5f:41:d5:d9:60:fd:a6:f9:22:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/10/2022, 00:00

Not After

12/10/2025, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

53:82:28:99:53:50:3b:d7:d1:66:f6:eb:a0:1e:7b:62:c7:64:78:6b:b6:02:2b:ed:eb:d4:9a:83:a3:20:d6:55
Signer

Actual PE Digest

53:82:28:99:53:50:3b:d7:d1:66:f6:eb:a0:1e:7b:62:c7:64:78:6b:b6:02:2b:ed:eb:d4:9a:83:a3:20:d6:55

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
CreateMutexA
ReleaseMutex
WaitForSingleObject
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
GetLastError
CloseHandle
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
RtlUnwind
FlushFileBuffers
WriteFile
ReadFile
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
TerminateProcess
GetCurrentProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetStdHandle
CreateFileA
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
InterlockedDecrement
InterlockedIncrement
SetEndOfFile
MultiByteToWideChar
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

IsDialogMessageA
TranslateMessage
DispatchMessageA
SendMessageA
PeekMessageA

Exports

Exports

_DecryptAESMemoryCBC@16
_DecryptZipAES@12
_DeflateChunk@32
_DoneDeflate@4
_EnableSetDpi@4
_EncryptAESMemoryCBC@20
_EncryptZipAES@12
_EndZipAES@8
_GetKeys@12
_GetRandomData@8
_InitZipAES@24
_SetPassCryptAES@12
_StartDeflate@12
_UpdateOnlyCrc@12
_file_compress@24

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
WCMZIP64.DLL
.dll windows:4 windows x64 arch:x64

e37478195a7d46c1aa7bbcdea3fda680

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/05/2021, 00:00

Not After

31/12/2028, 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:1d:6d:0c:52:01:9e:3b:90:79:15:20:89:21:1c:0a
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22/03/2021, 00:00

Not After

21/03/2036, 23:59

Subject

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:d9:b4:e7:4c:7f:5f:41:d5:d9:60:fd:a6:f9:22:ad
Certificate

Issuer

CN=Sectigo Public Code Signing CA R36,O=Sectigo Limited,C=GB

Not Before

13/10/2022, 00:00

Not After

12/10/2025, 23:59

Subject

CN=Ghisler Software GmbH,O=Ghisler Software GmbH,ST=Bern,C=CH

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03/05/2023, 00:00

Not After

02/08/2034, 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02/05/2019, 00:00

Not After

18/01/2038, 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:85:54:76:76:65:3c:44:50:be:24:2b:27:5e:b0:e1:af:4a:8d:80:66:a8:2b:06:42:65:c6:df:61:74:4c:db
Signer

Actual PE Digest

7d:85:54:76:76:65:3c:44:50:be:24:2b:27:5e:b0:e1:af:4a:8d:80:66:a8:2b:06:42:65:c6:df:61:74:4c:db

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

__C_specific_handler
GetProcAddress
GetModuleHandleA
QueryPerformanceCounter
ReleaseMutex
WaitForSingleObject
CreateMutexA
GetStringTypeW
GetStringTypeA
GetLastError
HeapFree
HeapAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CloseHandle
EnterCriticalSection
LeaveCriticalSection
HeapSetInformation
HeapCreate
HeapDestroy
RtlUnwindEx
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DeleteCriticalSection
MultiByteToWideChar
ReadFile
SetFilePointer
SetHandleCount
GetFileType
GetStartupInfoA
FlsGetValue
TlsFree
FlsFree
SetLastError
TlsSetValue
FlsAlloc
Sleep
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetStdHandle
CreateFileA
InitializeCriticalSection
LoadLibraryA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
SetEndOfFile
LCMapStringA
LCMapStringW
HeapSize
GetLocaleInfoA

user32

SetScrollInfo
SetScrollPos
PeekMessageA
IsDialogMessageA
TranslateMessage
DispatchMessageA
SendMessageA

Exports

Exports

DecryptAESMemoryCBC
DecryptZipAES
DeflateChunk
DoneDeflate
EnableSetDpi
EncryptAESMemoryCBC
EncryptZipAES
EndZipAES
GetKeys
GetRandomData
InitZipAES
SetPassCryptAES
SetProtectedScrollInfo
SetProtectedScrollPos
StartDeflate
UpdateOnlyCrc
file_compress

Sections

.text
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 934B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
default.br2
descript.ion
vertical.br2
wincmd.key
 TOTALCMD.EXE
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 60KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Code Sign

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

Issuer

CN=diakov.soft

Not Before

10/10/2020, 10:39

Not After

08/01/2021, 21:00

Subject

CN=diakov.soft

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7
Signer

Actual PE Digest

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 88KB

.rsrc Size: 60KB - Virtual size: 60KB

3863c2a1ff3d5db5d3cecc7c23714e97

Code Sign

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aaCertificate

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

05:3a:61:03:d8:aa:8d:41:12:7c:e3:d0:f6:25:21:f4:96:ae:f7:e5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 288B

.rsrc Size: 1024B - Virtual size: 832B

.reloc Size: 1KB - Virtual size: 1KB

135de77644e2add2fd9dd8176740e7e0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 992B

.rdata Size: 1024B - Virtual size: 839B

.data Size: 512B - Virtual size: 336B

.reloc Size: 512B - Virtual size: 220B

9b6b6a7858e17fb0b17e1c1428330343

Code Sign

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aaCertificate

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

0c:ef:07:d4:8b:79:f8:26:5d:fc:1f:a4:84:09:f7:98:4e:20:66:18Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 88KB

.rsrc
Size: 60KB - Virtual size: 60KB

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

05:3a:61:03:d8:aa:8d:41:12:7c:e3:d0:f6:25:21:f4:96:ae:f7:e5
Signer

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 288B

.rsrc
Size: 1024B - Virtual size: 832B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1024B - Virtual size: 992B

.rdata
Size: 1024B - Virtual size: 839B

.data
Size: 512B - Virtual size: 336B

.reloc
Size: 512B - Virtual size: 220B

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

0c:ef:07:d4:8b:79:f8:26:5d:fc:1f:a4:84:09:f7:98:4e:20:66:18
Signer

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 320B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 1014B

.data
Size: - Virtual size: 12B

.reloc
Size: 512B - Virtual size: 262B

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7
Signer

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 512B - Virtual size: 409B

.data
Size: 512B - Virtual size: 68B

.reloc
Size: 512B - Virtual size: 186B

.text
Size: 4KB - Virtual size: 4KB