mediaget_3[.]01[.]4319[.]zip

Sharing

Copy URL

Twitter E-mail

General

Target

mediaget_3.01.4319.zip
Size

119.6MB
MD5

9a64a2af1d91abf7ab0f8beef07e8864
SHA1

8d2315d3f5082de893aff175c3c0bbb48c3f3cb5
SHA256

f073344ffdd3d5d6c8da8bf71bcdab1a5c317ca76d92c5534284a045c7ef95f6
SHA512

141711ae68a48bfbf0b29ab7a4ff1214fd803205f18cf8a88cc5e50fbef673231b8981382aa94ee6c29c05753b237cd660ba7fb9c176c9ce86c27f9628ad386e
SSDEEP

3145728:aglj6uoN651+nCTdl5Qn2j/xYFHWOLJCUwkwf+bkPoCP0w0l:56LCUCTVgmxYFtNgkwukP3PJM

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack001/MediaGet 3.01.4319.exe

Files

mediaget_3.01.4319.zip
.zip
CSASASDSACSA/SystemInformer.exe
.exe windows:6 windows x64 arch:x64

027166c97025b87b2219a54ea593c913

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2023 00:00

Not After

15-09-2026 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:a3:55:ba:42:bd:46:d2:68:b0:96:a7:9e:cf:07:98:02:6e:48:1a:ba:87:54:f5:df:b6:61:ab:8b:00:13:9f
Signer

Actual PE Digest

34:a3:55:ba:42:bd:46:d2:68:b0:96:a7:9e:cf:07:98:02:6e:48:1a:ba:87:54:f5:df:b6:61:ab:8b:00:13:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SystemInformer.pdb

Imports

comctl32

ord381
PropertySheetW
ord345
InitCommonControlsEx
CreatePropertySheetPageW
ImageList_CoCreateInstance

ntdll

NtSetEvent
NtCreateEvent
NtAlpcQueryInformation
NtReadVirtualMemory
NtReadFile
NtWriteFile
NtQueryInformationThread
NtSuspendProcess
NtResumeThread
NtWaitForSingleObject
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtShutdownSystem
NtDuplicateObject
NtInitiatePowerAction
NtClose
NtQueryInformationToken
NtResumeProcess
NtSetSystemPowerState
NtRemoveProcessDebug
NtQueryInformationProcess
RtlEnterCriticalSection
RtlLeaveCriticalSection
RtlDeleteCriticalSection
RtlInitializeCriticalSection
RtlSetHeapInformation
NtProtectVirtualMemory
NtSuspendThread
RtlExitUserProcess
NtFreeVirtualMemory
RtlQueryPerformanceFrequency
RtlNtStatusToDosErrorNoTeb
NtCreateDirectoryObject
RtlTimeFieldsToTime
RtlGUIDFromString
NtDuplicateToken
RtlRandomEx
RtlTimeToTimeFields
RtlCreateProcessReflection
RtlGetAce
RtlGetFullPathName_UEx
NtDelayExecution
RtlFindMessage
RtlStringFromGUID
RtlQueryPerformanceCounter
RtlCreateProcessParameters
NtQueryDefaultLocale
RtlCreateUserProcess
RtlGetDaclSecurityDescriptor
NtTerminateProcess
RtlExpandEnvironmentStrings_U
RtlFirstEntrySList
RtlUnicodeToMultiByteN
RtlDowncaseUnicodeChar
NtCreateThreadEx
NtAllocateVirtualMemory
RtlReAllocateHeap
TpSimpleTryPost
RtlUTF8ToUnicodeN
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteSize
RtlUnicodeToUTF8N
RtlFindClearBitsAndSet
RtlInterlockedPopEntrySList
RtlGetVersion
NtUnlockFile
NtSetInformationFile
NtLockFile
NtFlushBuffersFile
NtQueryInformationFile
NtGetContextThread
LdrGetProcedureAddress
LdrUnloadDll
LdrLoadDll
NtQueryValueKey
NtQueryKey
NtOpenProcessToken
NtOpenThread
RtlQueueApcWow64Thread
NtOpenSymbolicLinkObject
NtEnumerateKey
NtGetNextProcess
NtUnloadDriver
NtEnumerateValueKey
NtQueueApcThread
NtOpenKey
RtlGetSaclSecurityDescriptor
RtlDosPathNameToNtPathName_U_WithStatus
RtlConvertSidToUnicodeString
NtQuerySymbolicLinkObject
NtOpenProcess
NtTerminateThread
NtCreateNamedPipeFile
NtGetNextThread
NtQueryInformationJobObject
NtSetSecurityObject
NtDeleteValueKey
NtWaitForMultipleObjects
NtDeviceIoControlFile
NtOpenDirectoryObject
RtlGetUnloadEventTraceEx
NtFsControlFile
NtQueryDirectoryObject
NtAdjustGroupsToken
NtSetSystemEnvironmentValueEx
NtOpenThreadToken
NtTraceControl
NtQuerySystemEnvironmentValueEx
RtlInitializeBitMap
RtlNumberOfSetBits
NtLoadKeyEx
NtCreateKey
NtEnumerateSystemEnvironmentValuesEx
NtQueueApcThreadEx
NtQuerySecurityAttributesToken
NtQueryObject
NtCreateFile
NtQueryDirectoryFile
NtOpenSection
NtQuerySecurityObject
NtSetValueKey
RtlQueryEnvironmentVariable
NtOpenFile
NtQueryFullAttributesFile
NtReleaseKeyedEvent
NtWaitForKeyedEvent
NtCreateKeyedEvent
NtLoadDriver
LdrFindResource_U
LdrAccessResource
RtlLengthSecurityDescriptor
RtlValidSecurityDescriptor
NtClearEvent
NtCreateSemaphore
NtFlushInstructionCache
RtlSetOwnerSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlSetControlSecurityDescriptor
RtlSetGroupSecurityDescriptor
TpWaitForIoCompletion
TpAllocIoCompletion
TpReleasePool
TpReleaseIoCompletion
TpAllocPool
TpSetPoolMinThreads
TpCancelAsyncIoOperation
TpStartAsyncIoOperation
TpSetPoolMaxThreads
NtSetTimer
NtAlertThread
NtCreateTimer
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
NtResetEvent
NtQueryVirtualMemory
NtQueryOpenSubKeysEx
NtQuerySection
NtMapViewOfSection
NtQueryVolumeInformationFile
NtAssignProcessToJobObject
NtTerminateJobObject
NtSystemDebugControl
NtOpenMutant
NtAdjustPrivilegesToken
RtlSetUnhandledExceptionFilter
RtlSetCurrentDirectory_U
NtCreateMutant
NtWriteVirtualMemory
NtQuerySystemInformation
NtSetSystemInformation
RtlDestroyQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlCreateQueryDebugBuffer
RtlDestroyHeap
RtlAllocateHeap
RtlFreeHeap
RtlCreateHeap
RtlInterlockedPushEntrySList
RtlInterlockedFlushSList
RtlIpv4AddressToStringExW
RtlIpv6AddressToStringExW
NtQueryTimer
NtSetLowEventPair
NtPulseEvent
NtCancelTimer
NtQuerySemaphore
NtQueryEvent
NtSetHighEventPair
NtReleaseSemaphore
NtDeleteKey
RtlQueryElevationFlags
NtCreateSection
RtlAbsoluteToSelfRelativeSD
NtRequestWaitReplyPort
NtConnectPort
RtlSelfRelativeToAbsoluteSD2
RtlValidRelativeSecurityDescriptor
NtCreatePort
RtlSetDaclSecurityDescriptor
NtReplyWaitReceivePort
NtAcceptConnectPort
NtQueryAttributesFile
RtlUpcaseUnicodeChar
NtSetInformationToken
NtPowerInformation
NtTestAlert
NtSetInformationThread
RtlSizeHeap
NtIsProcessInJob
NtQuerySystemInformationEx
RtlRegisterWait
RtlDeregisterWaitEx
RtlCreateSecurityDescriptor
RtlCreateAcl
NtQueryMutant
RtlAddAccessAllowedAce

kernel32

FindFirstFileExW
FindClose
SetEndOfFile
WideCharToMultiByte
SetStdHandle
GetOEMCP
GetACP
IsValidCodePage
MultiByteToWideChar
GetCPInfo
GetStringTypeW
HeapReAlloc
GetLastError
SetConsoleCtrlHandler
FreeConsole
GetConsoleWindow
AllocConsole
LoadLibraryExW
LocalFree
SearchPathW
GetTimeFormatEx
GetLocaleInfoW
GetDateFormatEx
FormatMessageW
GetNumberFormatW
CreateProcessW
TlsSetValue
SetLastError
TlsAlloc
TlsGetValue
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
IsProcessorFeaturePresent
FreeLibrary
GetCurrentProcess
LocalAlloc
GlobalSize
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
HeapFree
HeapAlloc
SetFilePointerEx
GetFileSizeEx
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetFileType
CreateFileW
GetConsoleOutputCP
WriteFile
CloseHandle
ReadConsoleW
GetConsoleMode
ReadFile
GetProcAddress
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
RaiseException
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCommandLineW
GetProcessHeap
FlushFileBuffers
WriteConsoleW
HeapSize
FindNextFileW
GetCommandLineA

user32

GetCapture
RegisterClassExW
UnregisterClassW
GetDC
GetFocus
CallWindowProcW
DefWindowProcW
LoadImageW
PostQuitMessage
KillTimer
SetCursor
TranslateMessage
IsDialogMessageW
SetTimer
DispatchMessageW
GetMessageW
TranslateAcceleratorW
IsChild
LoadAcceleratorsW
SendMessageTimeoutW
UpdateWindow
OpenWindowStationW
OpenDesktopW
CreateMenu
EndDeferWindowPos
ChangeWindowMessageFilterEx
IntersectRect
SetMenu
CloseDesktop
BeginDeferWindowPos
IsWindow
GetWindowPlacement
CreateWindowExW
CloseWindowStation
GetWindow
ShowWindowAsync
DeferWindowPos
MoveWindow
GetMonitorInfoW
IsHungAppWindow
SetActiveWindow
MonitorFromWindow
MonitorFromPoint
GetForegroundWindow
GetDoubleClickTime
CreateIconIndirect
GetProcessWindowStation
SetWindowTextW
EnumDesktopsW
ReleaseCapture
PtInRect
SetCapture
GetAsyncKeyState
SetWindowPlacement
GetGUIThreadInfo
PeekMessageW
MsgWaitForMultipleObjects
MonitorFromRect
MessageBoxW
GetScrollBarInfo
GetWindowDC
SetMenuInfo
GetIconInfo
FindWindowExW
GetWindowTextW
SystemParametersInfoW
CreateDialogIndirectParamW
GetDesktopWindow
LookupIconIdFromDirectoryEx
IsClipboardFormatAvailable
GetUserObjectInformationW
SetClipboardData
GetClipboardData
EnumWindows
LoadMenuIndirectW
DialogBoxIndirectParamW
InternalGetWindowText
EmptyClipboard
CloseClipboard
GetWindowInfo
OpenClipboard
GetActiveWindow
GetThreadDesktop
GetSystemMetrics
GetGuiResources
EnumChildWindows
GetPropW
CreateIconFromResourceEx
GetWindowTextLengthW
DestroyMenu
TrackPopupMenu
CreatePopupMenu
InsertMenuItemW
SetScrollPos
ShowCaret
EnableScrollBar
DestroyCaret
DragDetect
CreateCaret
SetCaretPos
GetScrollInfo
RegisterClipboardFormatW
SetScrollInfo
SetCursorPos
ScrollWindowEx
GetUpdateRect
GetMessageTime
DrawFocusRect
InvalidateRgn
WaitMessage
MessageBeep
GetMessagePos
GetUpdateRgn
IsIconic
SetForegroundWindow
GetDlgItem
ShowWindow
SendMessageW
DestroyWindow
LockWorkStation
ExitWindowsEx
IsWindowVisible
AllowSetForegroundWindow
GetShellWindow
GetWindowThreadProcessId
EnableWindow
GetParent
IsWindowEnabled
EndDialog
GetClassNameW
GetCursorPos
InvalidateRect
GetClientRect
FindWindowW
SetLayeredWindowAttributes
ClientToScreen
DestroyIcon
RedrawWindow
GetSubMenu
GetWindowLongPtrW
ScreenToClient
SetWindowLongPtrW
GetMenuItemCount
GetMenu
PostMessageW
GetKeyState
GetMenuItemInfoW
GetSysColorBrush
DrawTextW
GetSysColor
FillRect
MapWindowPoints
FrameRect
SetWindowPos
GetWindowRect
MapDialogRect
SetFocus
DrawIconEx
EnableMenuItem
BringWindowToTop
DeleteMenu
GetSystemMenu
EndPaint
BeginPaint
ReleaseDC
GetDCEx
GetAncestor
DrawFrameControl
GetClassInfoExW
DrawEdge
TrackMouseEvent

gdi32

SaveDC
GetClipRgn
SelectClipRgn
RestoreDC
IntersectClipRect
SetBoundsRect
TextOutW
GetCharWidthW
Rectangle
GetDIBits
GetDeviceCaps
GdiAlphaBlend
CreateRectRgn
CombineRgn
PatBlt
ExcludeClipRect
CreateDIBSection
CreateFontW
Polyline
SetDCPenColor
GetTextMetricsW
GetTextColor
SetBkColor
GetTextExtentPoint32W
GetObjectW
RectVisible
GetStockObject
SetDCBrushColor
BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
DeleteDC
SetTextColor
SetBkMode
CreateSolidBrush
CreateFontIndirectW
DeleteObject

advapi32

CloseServiceHandle
LsaClose
LsaAddAccountRights
CreateServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
CreateProcessAsUserW
GetEffectiveRightsFromAclW
LsaSetSecurityObject
LsaQuerySecurityObject
SetSecurityInfo
GetSecurityInfo
GetInheritanceSourceW
LsaLookupSids
LsaFreeMemory
LsaLookupPrivilegeValue
LsaLookupPrivilegeDisplayName
LsaLookupNames2
LsaOpenPolicy
LsaEnumeratePrivileges
LsaLookupPrivilegeName
OpenSCManagerW
ChangeServiceConfig2W
DeleteService
SetServiceObjectSecurity
ControlService
EnumDependentServicesW
StartServiceW
EnumServicesStatusExW
QueryServiceConfigW
ChangeServiceConfigW
QueryServiceConfig2W
OpenServiceW
QueryServiceStatusEx
QueryServiceObjectSecurity
InitiateShutdownW
CreateProcessWithLogonW
LogonUserW

ole32

CoUninitialize
CoTaskMemFree
CoInitializeEx
CoSetProxyBlanket

Exports

Exports

KphEnumerateProcessHandles2
KphLevel
KphQueryHashInformationFile
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddJsonArrayObject
PhAddJsonObject
PhAddJsonObject2
PhAddJsonObjectInt64
PhAddJsonObjectUInt64
PhAddJsonObjectValue
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewGroup
PhAddListViewGroupItem
PhAddListViewItem
PhAddPlusMaxMemorySingles
PhAddProcessPropPage
PhAddProcessPropPage2
PhAddPropPageLayoutItem
PhAddSetting
PhAddSettings
PhAddTabControlTab
PhAddTreeNewFilter
PhAdjustPrivilege
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppResolverGetAppIdForWindow
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilderEx
PhApplyTreeNewFilters
PhApplyTreeNewFiltersToNode
PhAutoDereferenceObject
PhBitmapSetAlpha
PhBoostProvider
PhBufferToHexString
PhBufferToHexStringEx
PhCallKphQueryFileInformationWithTimeout
PhCenterRectangle
PhCenterWindow
PhChangeServiceConfig2
PhClearArray
PhClearCacheDirectory
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearIgnoredSettings
PhClearList
PhCloseServiceHandle
PhCmLoadSettings
PhCmSaveSettings
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConnectPipe
PhConvertIgnoredSettings
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyConvertCircularBufferULONG
PhCopyListView
PhCopyListViewInfoTip
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateCacheFile
PhCreateDialog
PhCreateDirectoryFullPathWin32
PhCreateDirectoryWin32
PhCreateEMenu
PhCreateEMenuItem
PhCreateFile
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateJsonArray
PhCreateJsonObject
PhCreateJsonParser
PhCreateJsonParserEx
PhCreateKey
PhCreateKsiSettingsBlob
PhCreateList
PhCreateNamedPipe
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePipe
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessPropContext
PhCreateProcessPropPageContext
PhCreateProcessPropPageContextEx
PhCreateProcessRedirection
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSearchControl
PhCreateSecurityPage
PhCreateServiceListControl
PhCreateSimpleHashtable
PhCreateString
PhCreateString3
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhCreateThread2
PhCreateThreadEx
PhCreateXmlNode
PhCreateXmlOpaqueNode
PhDecodeUnicodeDecoder
PhDelayExecution
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCacheFile
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteDirectoryWin32
PhDeleteFastLock
PhDeleteFile
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteMemoryItemList
PhDeleteProviderThread
PhDeleteStaticWindowIcon
PhDeleteStringBuilder
PhDeleteTreeNewColumnMenu
PhDeleteTreeNewFilterSupport
PhDeleteValueKey
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDereferenceProcessRecord
PhDeselectAllProcessNodes
PhDeselectAllServiceNodes
PhDestroyEMenu
PhDestroyEMenuItem
PhDestroyWindowIcon
PhDestroyWindowRemote
PhDetermineDosPathNameType
PhDevFreeObjects
PhDevGetObjects
PhDeviceIoControlFile
PhDeviceProviderInitialization
PhDialogBox
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDnsFree
PhDnsQuery
PhDnsQuery2
PhDoPropPageLayout
PhDoesFileExist
PhDoesFileExistWin32
PhDosErrorToNtStatus
PhDosPathNameToNtPathName
PhDrainAutoPool
PhDrawGraphDirect
PhDrawTrayIconText
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateProcessInformation
PhDuplicateProcessNodeList
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumChildWindows
PhEnumDependentServices
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumFirmwareEnvironmentValues
PhEnumGenericModules
PhEnumHashtable
PhEnumKernelModules
PhEnumNetworkItems
PhEnumNetworkItemsByProcessId
PhEnumNextProcess
PhEnumNextThread
PhEnumObjectIdInformation
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcessItems
PhEnumProcesses
PhEnumProcessesEx
PhEnumReparsePointInformation
PhEnumWindows
PhEnumerateKey
PhEnumeratePlugins
PhEnumeratePrivileges
PhEnumerateValueKey
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExecuteRunAsCommand2
PhExecuteRunAsCommand3
PhExpandAllProcessNodes
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhExtractIcon
PhExtractIconEx
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindNetworkNode
PhFindPlugin2
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindProcessNode
PhFindProcessRecord
PhFindServiceNode
PhFindStringInStringRef
PhFindXmlObject
PhFlushFileStream
PhFormat
PhFormatBytes
PhFormatBytes_V
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatLogEntry
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreeJsonObject
PhFreeLibrary
PhFreeLibraryAsImageResource
PhFreePage
PhFreeToFreeList
PhFreeXmlObject
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGenerateRandomNumber64
PhGetAccessEntries
PhGetAccessString
PhGetActiveProcessorCount
PhGetApplicationDataFileName
PhGetApplicationDirectory
PhGetApplicationDirectoryFileName
PhGetApplicationDirectoryWin32
PhGetApplicationFileNameWin32
PhGetApplicationIcon
PhGetApplicationIconEx
PhGetBaseDirectory
PhGetBaseName
PhGetClassObject
PhGetClientIdName
PhGetClientIdNameEx
PhGetComboBoxString
PhGetDeviceIcon
PhGetDeviceProperty
PhGetDeviceType
PhGetDialogItemValue
PhGetDllFileName
PhGetDllHandle
PhGetDpi
PhGetDpiValue
PhGetDrawInfoGraphBuffers
PhGetEnabledProvider
PhGetEtwPublisherName
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileFullAttributesInformation
PhGetFileName
PhGetFilePosition
PhGetFileSize
PhGetFileVersionFixedInfo
PhGetFileVersionInfo
PhGetFileVersionInfoEx
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFilterSupportNetworkTreeList
PhGetFilterSupportProcessTreeList
PhGetFilterSupportServiceTreeList
PhGetFirmwareEnvironmentVariable
PhGetFullPath
PhGetGeneralCallback
PhGetGenericTreeNewLines
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetImageListIcon
PhGetIntegerPairStringRefSetting
PhGetIntegerStringRefSetting
PhGetJobProcessIdList
PhGetJsonArrayIndexObject
PhGetJsonArrayLength
PhGetJsonArrayLong64
PhGetJsonArrayString
PhGetJsonObject
PhGetJsonObjectAsArrayList
PhGetJsonObjectBool
PhGetJsonObjectLength
PhGetJsonObjectType
PhGetJsonValueAsInt64
PhGetJsonValueAsString
PhGetJsonValueAsUInt64
PhGetKernelFileName
PhGetKernelFileName2
PhGetKnownFolderPath
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewContextMenuPoint
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetListViewItemText
PhGetListViewSelectedItemText
PhGetMessage
PhGetModuleFromAddress
PhGetModuleProcAddress
PhGetMonitorDpi
PhGetNamedPipeClientComputerName
PhGetNamedPipeClientProcessId
PhGetNamedPipeServerProcessId
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetObjectTypeName
PhGetOwnTokenAttributes
PhGetPhVersion
PhGetPhVersionHash
PhGetPhVersionNumbers
PhGetPluginCallback
PhGetPluginFileName
PhGetPluginInformation
PhGetPluginInterface
PhGetPluginName
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddress
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessDeviceMap
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessIsSuspended
PhGetProcessKnownType
PhGetProcessKnownTypeEx
PhGetProcessMappedFileName
PhGetProcessPackageFullName
PhGetProcessPebString
PhGetProcessPriority
PhGetProcessPriorityClassString
PhGetProcessSmallImageList
PhGetProcessUnloadedDlls
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetProtocolTypeName
PhGetScalableIntegerPairStringRefSetting
PhGetSeObjectSecurity
PhGetSelectedAndPropagateProcessItems
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetSelectedProcessItem
PhGetSelectedProcessItems
PhGetSelectedProcessNodes
PhGetSelectedServiceItem
PhGetSelectedServiceItems
PhGetServiceChange
PhGetServiceConfig
PhGetServiceConfigFileName
PhGetServiceDescription
PhGetServiceDllParameter
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceFileName
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetShieldBitmap
PhGetSidFullName
PhGetSizeDpiValue
PhGetStatisticsTime
PhGetStatisticsTimeString
PhGetStatusMessage
PhGetStockApplicationIcon
PhGetStringRefSetting
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemDpi
PhGetSystemMetrics
PhGetSystemParametersInfo
PhGetSystemRoot
PhGetTaskbarDpi
PhGetTcpStateName
PhGetTemporaryDirectoryRandomAlphaFileName
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenIntegrityLevelRID
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowContext
PhGetWindowDpi
PhGetWindowText
PhGetWindowTextEx
PhGetXmlInterface

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 708KB - Virtual size: 706KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.si3rc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.si3rd
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/SystemInformer.exe.settings.xml
CSASASDSACSA/SystemInformer.sig
CSASASDSACSA/SystemInformer.sys
.sys windows:10 windows x64 arch:x64

9f3845c4018003a0646180dea2b687ad

Code Sign

33:00:00:00:68:64:82:c2:f9:11:1a:c8:76:00:00:00:00:00:68
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-01-2024 20:09

Not After

10-01-2025 20:09

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:c5:e8:63:fc:65:de:3e:07:74:3b:23:3d:86:c9:5e:9d:4c:03:c4:73:97:0d:3c:ae:84:02:91:15:25:a9:22
Signer

Actual PE Digest

3a:c5:e8:63:fc:65:de:3e:07:74:3b:23:3d:86:c9:5e:9d:4c:03:c4:73:97:0d:3c:ae:84:02:91:15:25:a9:22

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

systeminformer.pdb

Imports

ksi

KsiInitialize
KsiUninitialize
KsiRemoveQueueApc
KsiInsertQueueApc
KsiInitializeApc

fltmgr.sys

FltGetTunneledName
FltGetDestinationFileNameInformation
FltAcquirePushLockExclusiveEx
FltDeletePushLock
FltInitializePushLock
FltGetVolumeName
FltGetFileNameInformationUnsafe
FltReleaseContext
FltGetStreamHandleContext
FltSetStreamHandleContext
FltAllocateContext
FltAcquirePushLockSharedEx
FltReleasePushLockEx
FltObjectReference
FltObjectDereference
FltCreateCommunicationPort
FltCloseCommunicationPort
FltCloseClientPort
FltSendMessage
FltBuildDefaultSecurityDescriptor
FltFreeSecurityDescriptor
FltRegisterFilter
FltUnregisterFilter
FltStartFiltering
FltReleaseFileNameInformation
FltReferenceFileNameInformation
FltGetFileNameInformation
FltCancelFileOpen
FltSupportsStreamHandleContexts

ksecdd.sys

BCryptVerifySignature
BCryptDestroyKey
BCryptImportKeyPair
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptDestroyHash
BCryptGenRandom

ntoskrnl.exe

ExQueryDepthSList
ExpInterlockedPopEntrySList
ExpInterlockedPushEntrySList
ExInitializeNPagedLookasideList
ExDeleteNPagedLookasideList
ExInitializePagedLookasideList
ExDeletePagedLookasideList
RtlRandomEx
RtlCopyUnicodeString
ProbeForWrite
ObReferenceObjectByHandle
ObfReferenceObject
ObfDereferenceObject
PsGetProcessId
KeStackAttachProcess
KeUnstackDetachProcess
ObGetObjectType
PsProcessType
PsInitialSystemProcess
LpcPortObjectType
KeGetCurrentIrql
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
RtlWalkFrameChain
PsGetCurrentThreadId
ZwQuerySystemInformation
__C_specific_handler
KeEnterCriticalRegion
KeLeaveCriticalRegion
KeInitializeSpinLock
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
ObCloseHandle
PsGetThreadId
PsGetThreadProcessId
IoGetTransactionParameterBlock
SeLocateProcessImageName
PsIsThreadTerminating
PsLookupProcessByProcessId
PsLookupThreadByThreadId
PsIsSystemThread
MmDoesFileHaveUserWritableReferences
ObOpenObjectByPointer
ZwQueryInformationProcess
ZwQueryInformationThread
PsReferenceProcessFilePointer
PsGetProcessWow64Process
PsIsProcessBeingDebugged
KdDebuggerEnabled
PsThreadType
KeQueryActiveProcessorCountEx
ProbeForRead
ExGetPreviousMode
PsCreateSystemThread
PsTerminateSystemThread
IoGetCurrentProcess
PsGetCurrentProcessId
KeInitializeQueue
KeInsertHeadQueue
KeRemoveQueue
KeRundownQueue
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
RtlEqualString
RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlEqualUnicodeString
ExAcquireResourceSharedLite
ExReleaseResourceLite
RtlFindExportedRoutineByName
PsLoadedModuleList
PsLoadedModuleResource
IoCreateFile
ZwQueryInformationFile
ExAllocatePoolWithTag
IoFileObjectType
KeResetEvent
FsRtlKernelFsControlFile
FsRtlQueryKernelEaFile
FsRtlSetKernelEaFile
ZwCreateEvent
ZwFsControlFile
RtlImageNtHeaderEx
ExEventObjectType
DbgSetDebugPrintCallback
KeInitializeThreadedDpc
KeInsertQueueDpc
KeRemoveQueueDpcEx
KeAcquireSpinLockAtDpcLevel
KeReleaseSpinLockFromDpcLevel
RtlAppendUnicodeStringToString
RtlAppendUnicodeToString
ZwCreateKey
ZwSetValueKey
ObQueryNameString
MmProbeAndLockProcessPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
IoAllocateMdl
IoFreeMdl
IoGetStackLimits
IoGetOplockKeyContextEx
IoIsFileOriginRemote
IoIsFileObjectIgnoringSharing
PsGetThreadProcess
FsRtlIsPagingFile
FsRtlIsSystemPagingFile
FsRtlCreateSectionForDataScan
ExAcquireSpinLockShared
ExReleaseSpinLockShared
ExAcquireSpinLockExclusive
ExReleaseSpinLockExclusive
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
ObRegisterCallbacks
ObUnRegisterCallbacks
ExDesktopObjectType
PsSetCreateProcessNotifyRoutineEx
PsGetProcessExitStatus
KeTestAlertThread
CmUnRegisterCallback
CmRegisterCallbackEx
CmGetBoundTransaction
CmCallbackGetKeyObjectIDEx
CmCallbackReleaseKeyObjectIDEx
CmKeyObjectType
PsSetCreateThreadNotifyRoutineEx
PsRemoveCreateThreadNotifyRoutine
PsGetThreadExitStatus
ZwOpenSection
MmMapViewInSystemSpace
MmUnmapViewInSystemSpace
ZwQuerySection
MmSectionObjectType
KeLowerIrql
KfRaiseIrql
RtlGetVersion
IoWMIRegistrationControl
KeAreAllApcsDisabled
IoGetRelatedDeviceObject
IoGetTopLevelIrp
ZwMapViewOfSection
ZwUnmapViewOfSection
IoAcquireVpbSpinLock
IoGetAttachedDevice
IoReleaseVpbSpinLock
ZwQueryObject
ZwQueryVirtualMemory
ExfUnblockPushLock
ExEnumHandleTable
ObOpenObjectByName
ObSetHandleAttributes
ObDuplicateObject
PsAcquireProcessExitSynchronization
PsReleaseProcessExitSynchronization
IoDriverObjectType
ZwTerminateProcess
PsReferencePrimaryToken
PsDereferencePrimaryToken
PsLookupProcessThreadByCid
PsGetProcessJob
ZwSetInformationProcess
PsJobType
SeTokenObjectType
SeReleaseSubjectContext
SeCaptureSubjectContextEx
MmHighestUserAddress
IoQueryFullDriverPath
ExUuidCreate
ZwOpenProcess
ZwSetInformationThread
RtlInitAnsiStringEx
ExInitializeRundownProtection
ExAcquireRundownProtection
ExReleaseRundownProtection
ExWaitForRundownProtectionRelease
SeCaptureSubjectContext
ZwCreateSection
ZwOpenKey
ZwQueryValueKey
MmMapViewInSystemSpaceEx
PsGetCurrentThreadTeb
RtlInitUnicodeStringEx
SePrivilegeCheck
ZwSetInformationVirtualMemory
LdrAccessResource
LdrFindResource_U
PsGetProcessProtection
PsGetThreadTeb
PsGetProcessImageFileName
ZwAlpcConnectPort
ZwReadFile
RtlDuplicateUnicodeString
ExRaiseStatus
MmProbeAndLockPages
MmUnmapLockedPages
MmIsAddressValid
ExFreePoolWithTag
ZwQueryVolumeInformationFile

hal

KeQueryPerformanceCounter

Sections

.text
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

KSIRO
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

KSIDATA
Size: 4KB - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 112KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGEDATA
Size: 4KB - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/capslist.txt
CSASASDSACSA/etwguids.txt
CSASASDSACSA/icon.png
.png
CSASASDSACSA/ksi.dll
.dll windows:10 windows x64 arch:x64

7aa58473975a85b44e72574ad135628e

Code Sign

33:00:00:00:68:64:82:c2:f9:11:1a:c8:76:00:00:00:00:00:68
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11-01-2024 20:09

Not After

10-01-2025 20:09

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-10-2014 20:31

Not After

15-10-2029 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

56:7b:e2:d3:14:b1:a4:79:e2:51:5c:59:5b:3d:f8:b7:64:10:c6:80:fd:85:f6:29:0c:2b:3f:a9:57:60:cc:c1
Signer

Actual PE Digest

56:7b:e2:d3:14:b1:a4:79:e2:51:5c:59:5b:3d:f8:b7:64:10:c6:80:fd:85:f6:29:0c:2b:3f:a9:57:60:cc:c1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ksi.pdb

Imports

ntoskrnl.exe

RtlInitUnicodeString
MmGetSystemRoutineAddress
RtlGetVersion
ExQueueWorkItem
ObfReferenceObject
ObfDereferenceObject
ObDereferenceObjectDeferDelete
KeInitializeApc
KeInsertQueueApc

Exports

Exports

DllInitialize
DllUnload
KsiInitialize
KsiInitializeApc
KsiInitializeWorkItem
KsiInsertQueueApc
KsiQueueWorkItem
KsiRemoveQueueApc
KsiUninitialize

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 25B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

KSIDATA
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 4KB - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 338B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/ksidyn.bin
CSASASDSACSA/ksidyn.sig
CSASASDSACSA/peview.exe
.exe windows:6 windows x64 arch:x64

4bcc994fe9352c2a64aae673bea325ea

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2023 00:00

Not After

15-09-2026 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f8:bc:ba:6d:d9:82:03:94:e6:43:76:4d:3b:26:e9:3f:ec:53:5a:e9:01:10:c5:91:3a:b8:d5:d0:37:61:a3:ab
Signer

Actual PE Digest

f8:bc:ba:6d:d9:82:03:94:e6:43:76:4d:3b:26:e9:3f:ec:53:5a:e9:01:10:c5:91:3a:b8:d5:d0:37:61:a3:ab

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

peview.pdb

Imports

ntdll

NtOpenKey
RtlDosPathNameToNtPathName_U_WithStatus
RtlConvertSidToUnicodeString
NtQuerySymbolicLinkObject
NtQuerySystemInformationEx
NtOpenProcess
NtTerminateThread
NtSetInformationFile
NtSetEaFile
NtCreateNamedPipeFile
NtSetInformationThread
NtSetSecurityObject
NtQueryEaFile
NtQueryAttributesFile
NtDeviceIoControlFile
NtFsControlFile
NtQueryInformationFile
NtEnumerateKey
NtQueryObject
NtCreateFile
NtQueryDirectoryFile
NtQuerySecurityObject
RtlQueryEnvironmentVariable
NtOpenFile
NtQueryFullAttributesFile
LdrFindResource_U
NtProtectVirtualMemory
LdrAccessResource
NtFlushInstructionCache
NtCreateEvent
NtSetEvent
NtClearEvent
RtlLengthSecurityDescriptor
RtlSetOwnerSecurityDescriptor
RtlSetControlSecurityDescriptor
RtlSetGroupSecurityDescriptor
NtReleaseKeyedEvent
NtWaitForKeyedEvent
NtCreateKeyedEvent
TpWaitForIoCompletion
TpAllocIoCompletion
TpReleasePool
TpReleaseIoCompletion
TpAllocPool
TpSetPoolMinThreads
TpCancelAsyncIoOperation
TpStartAsyncIoOperation
TpSetPoolMaxThreads
NtCreateSemaphore
NtReleaseSemaphore
RtlValidRelativeSecurityDescriptor
RtlValidSecurityDescriptor
RtlAbsoluteToSelfRelativeSD
NtOpenSymbolicLinkObject
NtOpenThread
NtOpenProcessToken
RtlExpandEnvironmentStrings_U
RtlGetDaclSecurityDescriptor
NtQueryDefaultLocale
NtWaitForSingleObject
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlStringFromGUID
RtlFindMessage
RtlAddAccessAllowedAce
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
NtQueryInformationToken
NtSetInformationToken
RtlTimeToTimeFields
RtlSetDaclSecurityDescriptor
NtCreateDirectoryObject
RtlNtStatusToDosErrorNoTeb
RtlCreateHeap
RtlSetHeapInformation
RtlGetVersion
NtQueryValueKey
NtQueryInformationThread
RtlInterlockedPopEntrySList
RtlFindClearBitsAndSet
RtlLeaveCriticalSection
RtlUnicodeToUTF8N
RtlFreeHeap
RtlMultiByteToUnicodeSize
RtlMultiByteToUnicodeN
RtlEnterCriticalSection
RtlUTF8ToUnicodeN
RtlReAllocateHeap
NtAllocateVirtualMemory
NtCreateThreadEx
RtlAllocateHeap
NtFreeVirtualMemory
RtlInterlockedFlushSList
RtlInterlockedPushEntrySList
NtMapViewOfSection
NtReadVirtualMemory
NtQuerySystemInformation
RtlLcidToLocaleName
LdrUnloadAlternateResourceModule
NtWriteFile
LdrLoadAlternateResourceModule
NtUnmapViewOfSection
RtlDeleteTimer
RtlCreateTimerQueue
RtlCreateTimer
RtlUpdateTimer
NtSetInformationProcess
NtCreateMutant
RtlSetUnhandledExceptionFilter
NtQueryInformationProcess
RtlExitUserProcess
NtReadFile
RtlComputeImportTableHash
RtlDowncaseUnicodeChar
RtlRaiseStatus
NtCreateSection
NtClose
RtlUpcaseUnicodeChar
NtQueryVirtualMemory

kernel32

HeapSize
GetLastError
LocalFree
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
TlsSetValue
SetLastError
TlsAlloc
TlsGetValue
WriteConsoleW
FlushFileBuffers
GetProcessHeap
GetCommandLineW
GetCommandLineA
FindNextFileW
FindFirstFileExW
FindClose
WideCharToMultiByte
SetStdHandle
SetFilePointerEx
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetOEMCP
GetACP
IsValidCodePage
MultiByteToWideChar
GetCPInfo
HeapAlloc
HeapFree
GetStringTypeW
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetFileType
CreateFileW
GetConsoleOutputCP
WriteFile
CloseHandle
GetConsoleMode
TlsFree
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
EncodePointer
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
SearchPathW
LocalAlloc
GetCurrentProcess
FreeLibrary
IsProcessorFeaturePresent
LoadLibraryExW
CreateProcessW
FormatMessageW
GetDateFormatEx
GetLocaleInfoW
GetTimeFormatEx
HeapReAlloc

Sections

.text
Size: 912KB - Virtual size: 910KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 432KB - Virtual size: 429KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 640B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.si3rc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.si3rd
Size: 4KB - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/peview.sig
CSASASDSACSA/plugins/DotNetTools.dll
.dll windows:6 windows x64 arch:x64

6b36989b5b445da515ff2f2fff684f14

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2023 00:00

Not After

15-09-2026 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:28:25:08:55:32:19:a1:e0:ad:41:05:dc:cf:b3:29:01:96:1c:7a:b1:66:bd:cf:35:a9:a1:c2:65:ac:0a:37
Signer

Actual PE Digest

10:28:25:08:55:32:19:a1:e0:ad:41:05:dc:cf:b3:29:01:96:1c:7a:b1:66:bd:cf:35:a9:a1:c2:65:ac:0a:37

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DotNetTools.pdb

Imports

systeminformer.exe

PhLoadLibrary
PhOpenThread
PhVerifyFileIsChainedToMicrosoft
PhLoadResource
PhEnumDirectoryFile
PhImpersonateToken
PhCreateFileWin32
PhGetJsonArrayIndexObject
PhGetTemporaryDirectoryRandomAlphaFileName
PhGetBaseName
PhGetJsonArrayString
PhReferenceEmptyString
PhGetProcedureAddress
PhHexStringToBufferEx
PhRevertImpersonationToken
PhGetJsonObjectType
PhFreeLibrary
PhAddJsonArrayObject
PhGetProcessMappedFileName
PhDeleteImageVersionInfo
PhAddJsonObjectUInt64
PhCreateFileWin32Ex
PhConvertUtf16ToUtf8Ex
PhCreateJsonParserEx
PhEqualStringRef
PhDeleteFileWin32
PhFreeJsonObject
PhAddJsonObject2
PhGetJsonArrayLength
PhDeleteDirectoryWin32
PhBufferToHexString
PhOpenProcess
PhAddJsonObjectValue
PhConcatStringRef3
PhGetSystemRoot
PhLoadLibraryAsImageResource
PhGetJsonValueAsString
PhOpenProcessToken
PhGetJsonObject
PhUnloadMappedImage
PhAutoDereferenceObject
PhFormatString_V
PhPluginInvokeWindowCallback
PhGetPluginCallback
PhRegisterPlugin
PhRegisterCallback
PhPluginSetObjectExtension
PhGetGeneralCallback
PhAddSettings
PhCopyListView
PhLoadListViewGroupStatesFromSetting
PhHandleListViewNotifyBehaviors
PhLoadListViewSortColumnsFromSetting
PhGetListViewContextMenuPoint
PhSaveListViewColumnsToSetting
PhSaveListViewGroupStatesToSetting
PhUnregisterCallback
PhLoadListViewColumnsFromSetting
PhAddListViewGroupItem
PhAddListViewColumn
PhSetExtendedListView
PhSaveListViewSortColumnsToSetting
PhAddListViewGroup
PhInsertCopyListViewEMenuItem
PhWindowThemeControlColor
PhFormatToBuffer
PhHandleCopyListViewEMenuItem
PhGetSelectedListViewItemParams
PhCreateSimpleHashtable
PhfAcquireQueuedLockExclusive
PhFindItemSimpleHashtable
PhfWakeForReleaseQueuedLock
PhRemoveItemSimpleHashtable
PhAddItemSimpleHashtable
PhCreateBytesEx
PhPluginQueryPhSvc
PhPluginCallPhSvc
PhPluginGetObjectExtension
PhPluginAddTreeNewColumn
PhReferenceProcessItem
PhConcatStringRef2
PhInitializeImageVersionInfoEx
PhEnumGenericModules
PhNtStatusToDosError
PhGetFileName
PhGetBaseDirectory
PhCreateJsonObject
PhExpandEnvironmentStrings
PhGetJsonValueAsUInt64
PhLoadMappedImage
PhCreateJsonArray
PhFindLastCharInStringRef
PhCreateThreadEx
PhInsertEMenuItem
PhCreateList
PhCreateString
PhGetTreeNewText
PhFormat
PhFreeLibraryAsImageResource
PhCreateObjectType
PhInitializeTreeNewFilterSupport
PhSetControlTheme
PhFormatString
PhCreateSearchControl
PhAllocate
PhCountStringZ
PhCreateEMenuItem
PhClearList
PhInitializeStringBuilder
PhCmLoadSettings
PhPropPageDlgProcHeader
PhCompareStringRef
PhConcatStrings2
PhDeleteTreeNewColumnMenu
PhCreateEMenu
PhFormatGuid
PhHandleCopyCellEMenuItem
PhAddItemList
PhGetStringRefSetting
PhGetWin32Message
PhfEndInitOnce
PhAddItemsList
PhInitializeWindowTheme
PhInitializeTreeNewColumnMenuEx
PhHandleTreeNewColumnMenu
PhGetIntegerStringRefSetting
PhSetIntegerStringRefSetting
PhSetClipboardString
PhAddTreeNewFilter
PhGetProcessIsDotNetEx
PhUiDisconnectFromPhSvc
PhSetIntegerPairStringRefSetting
PhGetGlobalWorkQueue
PhUiConnectToPhSvcEx
PhSplitStringRefAtChar
PhSetStringRefSetting
PhAddProcessPropPage
PhRemoveStringBuilder
PhCreateStringEx
PhQueueItemWorkQueue
PhDoPropPageLayout
PhFinalStringBuilderString
PhApplyTreeNewFilters
PhSearchControlMatch
PhShellExecuteUserString
PhShowEMenu
PhCreateObject
PhDoesFileExistWin32
PhRemoveTreeNewFilter
PhDestroyEMenu
PhFree
PhConcatStrings
PhCmSaveSettings
PhReferenceObject
PhInsertCopyCellEMenuItem
PhGetIntegerPairStringRefSetting
PhDeleteTreeNewFilterSupport
PhCreateProcessPropPageContextEx
PhAppendStringBuilder
PhDereferenceObject
PhfBeginInitOnce
PhSetFlagsEMenuItem
PhAddPropPageLayoutItem
PhQueryTokenVariableSize
PhFormatUInt64

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext
NtMapViewOfSection
NtOpenSection
RtlAddSIDToBoundaryDescriptor
NtOpenPrivateNamespace
NtUnmapViewOfSection
RtlFreeHeap
RtlCreateBoundaryDescriptor
NtReadVirtualMemory
NtQueryInformationProcess
NtWriteFile
NtGetContextThread
NtWaitForSingleObject
NtClose

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetLastError
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW

user32

GetDlgItem
SetFocus
SendMessageW
SetWindowLongPtrW
GetWindowRect
PostMessageW
UpdateWindow
GetKeyState

Sections

.text
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/plugins/DotNetTools.sig
CSASASDSACSA/plugins/ExtendedNotifications.dll
.dll windows:6 windows x64 arch:x64

a92f94575f70a1861a38769dcd574cd8

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2023 00:00

Not After

15-09-2026 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b9:ed:1e:a3:e1:6e:aa:16:5e:dd:3d:b8:04:17:5c:a6:46:88:0e:5d:13:bc:ec:9f:9f:bc:e3:43:2c:72:c5:09
Signer

Actual PE Digest

b9:ed:1e:a3:e1:6e:aa:16:5e:dd:3d:b8:04:17:5c:a6:46:88:0e:5d:13:bc:ec:9f:9f:bc:e3:43:2c:72:c5:09

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ExtendedNotifications.pdb

Imports

systeminformer.exe

PhSetWindowContext
PhCreateList
PhWindowThemeControlColor
PhInitializeLayoutManager
PhDeleteLayoutManager
PhFreeFileDialog
PhAllocate
PhShowFileDialog
PhEqualStringRef
PhInsertItemList
PhClearList
PhInitializeStringBuilder
PhGetWindowText
PhConcatStrings2
PhSetFileDialogFilter
PhAddItemList
PhAddSettings
PhRemoveItemList
PhGetFileDialogFileName
PhSetFileDialogFileName
PhCreateSaveFileDialog
PhGetWindowContext
PhSetStringRefSetting
PhSetDialogItemText
PhFinalStringBuilderString
PhAddLayoutItem
PhAppendCharStringBuilder
PhMatchWildcards
PhGetDeviceProperty
PhFree
PhRegisterPlugin
PhReferenceObject
PhAppendStringBuilderEx
PhGetPluginCallback
PhDeleteStringBuilder
PhGetFileName
PhLayoutManagerLayout
PhRemoveWindowContext
PhFindCharInStringRef
PhFormatToBuffer
PhGetStringRefSetting
PhGetApplicationDirectoryFileName
PhGetGeneralCallback
PhCreateFileStream
PhWriteStringFormatAsUtf8FileStream
PhFormatLogEntry
PhAutoDereferenceObject
PhRegisterCallback
PhFormatDateTime
PhExpandEnvironmentStrings
PhWriteStringAsUtf8FileStream
PhDereferenceObject
PhDetermineDosPathNameType

user32

EnableWindow
GetParent
GetDlgItem
GetWindowLongPtrW
SendMessageW
CallWindowProcW
SetWindowLongPtrW

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext

kernel32

GetCurrentThreadId
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
RaiseException
EncodePointer
LoadLibraryExW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
InterlockedFlushSList
WriteConsoleW
CloseHandle
CreateFileW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetModuleHandleW
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
HeapSize

Sections

.text
Size: 68KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/plugins/ExtendedNotifications.sig
CSASASDSACSA/plugins/ExtendedServices.dll
.dll windows:6 windows x64 arch:x64

700afe55f2c4403004e9b0fb37c8fd65

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2023 00:00

Not After

15-09-2026 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:70:7d:3a:72:33:fe:6e:a1:bc:2c:77:af:5e:fe:2a:da:fc:4c:8b:21:69:f0:2a:00:0b:03:1e:85:98:04:1e
Signer

Actual PE Digest

7d:70:7d:3a:72:33:fe:6e:a1:bc:2c:77:af:5e:fe:2a:da:fc:4c:8b:21:69:f0:2a:00:0b:03:1e:85:98:04:1e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ExtendedServices.pdb

Imports

systeminformer.exe

PhGetFileDialogFileName
PhGetComboBoxString
PhCreateOpenFileDialog
PhSetFileDialogFilter
PhShowFileDialog
PhFreeFileDialog
PhCreateString
PhGetHandleInformation
PhDevGetObjects
PhImageListCreate
PhShellOpenKey2
PhExpandEnvironmentStrings
PhDestroyEMenu
PhLoadLibrary
PhGetWindowDpi
PhGetDpi
PhExtractIconEx
PhShowEMenu
PhSplitStringRefAtChar
PhReferenceEmptyString
PhGetProcedureAddress
PhFreeLibrary
PhAddListViewGroupItem
PhStringToInteger64
PhDialogBox
PhGetSelectedListViewItemParam
PhDevFreeObjects
PhCreateEMenuItem
PhFormat
PhSplitStringRefAtLastChar
PhAddListViewGroup
PhWindowThemeControlColor
PhFormatToBuffer
PhSetListViewItemImageIndex
PhImageListAddIcon
PhCreateAlloc
PhAppendStringBuilderEx
PhInitializeAutoPool
PhFinalArrayItems
PhFinalStringBuilderString
PhInitializeArray
PhDeleteAutoPool
PhFormatGuid
PhGetEtwPublisherName
PhAddItemArray
PhClearList
PhStringToGuid
PhEnumerateKey
PhFormatString
PhQueryServiceStatus
PhCenterWindow
PhGetSystemRoot
PhConcatStringRef3
PhSetFileDialogFileName
PhQueryRegistryString
PhConcatStringRef2
PhOpenKey
PhaChoiceDialog
PhSetListViewSubItem
PhFindListViewItemByFlags
PhLookupPrivilegeDisplayName
PhSetControlTheme
PhQueryServiceVariableSize
PhEqualStringRef
PhSelectComboBoxString
PhSetExtendedListView
PhInitializeStringBuilder
PhGetWindowText
PhChangeServiceConfig2
PhAddListViewColumn
PhRemoveItemList
PhSidToStringSid
PhQueryServiceConfig2
PhGetDialogItemValue
PhGetModuleProcAddress
PhRemoveListViewItem
PhUiDisconnectFromPhSvc
PhEnumeratePrivileges
PhUiConnectToPhSvc
PhCreateStringEx
PhGetListViewItemParam
PhFindItemList
PhAddListViewItem
PhSvcCallChangeServiceConfig2
PhAppendCharStringBuilder
PhDeleteStringBuilder
PhShowMessage
PhAppendStringBuilder
PhGetOwnTokenAttributes
PhSetDialogItemValue
PhInsertEMenuItem
PhUiContinueService
PhUiStopService
PhfReleaseQueuedLockShared
PhEscapeStringForMenuPrefix
PhPluginCreateEMenuItem
PhPluginInvokeWindowCallback
PhCompareStringRef
PhFindEMenuItem
PhDestroyEMenuItem
PhAddSettings
PhShowStatus
PhGetGeneralCallback
PhfAcquireQueuedLockShared
PhIndexOfEMenuItem
PhFormatString_V
PhRegisterCallback
PhUiStartService
PhRegisterPlugin
PhReferenceObject
PhGetPluginCallback
PhUiPauseService
PhSetWindowContext
PhCreateList
PhInitializeLayoutManager
PhGetNtMessage
PhDeleteLayoutManager
PhAllocate
PhOpenService
PhCountStringZ
PhConcatStrings2
PhAddItemList
PhReferenceServiceItem
PhInitializeWindowTheme
PhGetIntegerStringRefSetting
PhGetWindowContext
PhSetDialogItemText
PhGetServiceConfig
PhAddLayoutItem
PhAutoDereferenceObject
PhFree
PhCloseServiceHandle
PhEnumDependentServices
PhLayoutManagerLayout
PhDereferenceObject
PhCreateServiceListControl
PhCreateEMenu
PhRemoveWindowContext

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext
RtlPcToFileHeader
NtClose

kernel32

FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
LCMapStringW
DeleteCriticalSection
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
GetComputerNameW
CreateFileW
CloseHandle
WriteConsoleW

user32

GetDlgItem
MoveWindow
MapWindowPoints
ShowWindow
GetWindowRect
IsWindowEnabled
DestroyIcon
GetCursorPos
EndDialog
GetWindowLongPtrW
SetTimer
KillTimer
EnableWindow
SetWindowLongPtrW
SendMessageW
GetParent

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 96KB - Virtual size: 94KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/plugins/ExtendedServices.sig
CSASASDSACSA/plugins/ExtendedTools.dll
.dll windows:6 windows x64 arch:x64

7bbb6a9795632b12dd853276c4cf07fa

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2023 00:00

Not After

15-09-2026 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:35:d8:98:73:25:d5:ce:b1:66:9c:5c:a7:53:5a:04:fe:fa:e5:02:bf:3f:1c:60:04:2d:23:90:65:33:55:58
Signer

Actual PE Digest

10:35:d8:98:73:25:d5:ce:b1:66:9c:5c:a7:53:5a:04:fe:fa:e5:02:bf:3f:1c:60:04:2d:23:90:65:33:55:58

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ExtendedTools.pdb

Imports

systeminformer.exe

PhGetListViewItemParam
PhRemoveStringBuilder
PhLoadWindowPlacementFromSetting
PhSetApplicationWindowIcon
PhGetWindowContext
PhRemoveListViewItem
PhShowStatus
PhLoadListViewColumnsFromSetting
PhFormatGuid
PhAddListViewColumn
PhGetSelectedListViewItemParam
PhInitializeStringBuilder
PhSetExtendedListView
PhDialogBox
PhEqualStringRef
PhSetFirmwareEnvironmentVariable
PhSaveWindowPlacementToSetting
PhFindListViewItemByFlags
PhSetListViewSubItem
PhDeleteLayoutManager
PhInitializeLayoutManager
PhFormatSize
PhCreateString
PhInsertCopyListViewEMenuItem
PhWindowThemeControlColor
PhSetWindowContext
PhHandleCopyListViewEMenuItem
PhGetSelectedListViewItemParams
PhSetWindowText
PhSetScalableIntegerPairStringRefSetting2
PhInitializeAutoPool
PhFormatString_V
PhDrainAutoPool
PhCreateFileStream
PhCreateSaveFileDialog
PhSetFileDialogFileName
PhSetIntegerStringRefSetting
PhGetFileDialogFileName
PhDeleteAutoPool
PhAdjustRectangleToWorkingArea
PhSetFileDialogFilter
PhGetWindowText
PhSelectComboBoxString
PhGetScalableIntegerPairStringRefSetting
PhCreateDialog
PhGetFirmwareEnvironmentVariable
PhShowFileDialog
PhFreeFileDialog
PhGetMonitorDpi
PhWriteFileStream
PhGetStatisticsTimeString
PhAddPropPageLayoutItem
PhSetGroupBoxText
PhMaxMemorySingles
PhCreateProcessPropPageContextEx
PhSetGraphText
PhGetWindowDpi
PhGetDpi
PhCopyCircularBuffer_FLOAT
PhDoPropPageLayout
PhAddProcessPropPage
PhGraphStateGetDrawInfo
PhDeleteGraphState
PhUnregisterCallback
PhSiSetColorsGraphDrawInfo
PhPropPageDlgProcHeader
PhInitializeGraphState
PhDivideSinglesBySingle
PhfBeginInitOnce
PhInitializeWorkQueue
PhDnsQuery
PhGetSidFullName
PhHashBytes
PhLoadLibrary
PhQueueItemWorkQueue
PhFindPlugin2
PhGenerateGuid
PhGetBaseName
PhGetProcedureAddress
PhEnumProcessItems
PhfEndInitOnce
PhGetPluginInformation
PhAppendFormatStringBuilder
PhDnsFree
PhDnsQuery2
PhHashStringRefEx
PhGetSystemMetrics
PhFormatDateTime
PhImageListDrawIcon
PhAddItemsList
PhDoesFileExist
PhInsertItemList
PhLargeIntegerToLocalSystemTime
PhFormatUInt64
PhfResetEvent
PhShowMessage
PhfSetEvent
PhAddListViewGroupItem
PhfWaitForEvent
PhAddListViewGroup
PhCreateThreadEx
PhReferenceProcessRecordForStatistics
PhQueryRegistryUlong
PhInitializeCircularBuffer_FLOAT
PhFormatDate
PhQueryValueKey
PhInitializeCircularBuffer_ULONG64
PhInitializeCircularBuffer_ULONG
PhQueryRegistryUlong64
PhSaveListViewColumnsToSetting
PhGetSizeDpiValue
PhCopyConvertCircularBufferULONG
PhSiSizeLabelYFunction
PhGetStatisticsTime
PhGetDrawInfoGraphBuffers
PhFindProcessRecord
PhSetDialogItemText
PhAddLayoutItemEx
PhDrawTrayIconText
PhBitmapSetAlpha
PhNfGetTrayIconFont
PhShowSystemInformationDialog
PhStringToGuid
PhDrawGraphDirect
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetDeviceType
PhEnumProcesses
PhStdGetClientIdName
PhCallKphQueryFileInformationWithTimeout
PhEnumDirectoryFile
KphEnumerateProcessHandles2
KphLevel
PhGetNamedPipeServerProcessId
PhGetAccessEntries
PhGetAccessString
PhOpenProcess
PhOpenFile
PhImageListCreate
PhLoadIcon
PhConcatStringRef2
PhDosErrorToNtStatus
PhOpenDriver
PhGetModuleProcAddress
PhEnumDirectoryObjects
PhImageListDestroy
PhEditSecurity
PhConcatStringRef3
PhSetListViewItemImageIndex
PhImageListAddIcon
PhZeroExtendToUtf16Ex
PhExpandEnvironmentStrings
PhConvertUtf16ToUtf8Buffer
PhGetApplicationDirectoryFileName
PhSplitStringRefAtString
PhCreateString3
PhClearList
PhCreateFile
PhGetFileSize
PhDeleteTreeNewFilterSupport
PhZeroExtendToUtf16Buffer
PhSearchControlMatch
PhCreateSearchControl
PhSearchControlMatchLongHintZ
PhfReleaseFastLockExclusive
PhfAcquireFastLockExclusive
PhQueryObjectName
PhConcatStrings
PhOpenFileById
PhEnumReparsePointInformation
PhDeviceIoControlFile
PhShowConfirmMessage
PhEnumObjectIdInformation
PhPluginQueryPhSvc
PhPluginCallPhSvc
PhGetProcessUnloadedDlls
PhBufferToHexString
PhPluginGetObjectExtension
PhPluginAddTreeNewColumn
PhGetClassObject
PhPluginEnableTreeNewNotify
PhDuplicateProcessInformation
PhReferenceNetworkItem
PhIsExecutingInWow64
PhDeleteCircularBuffer_FLOAT
PhGetPluginCallback
PhRegisterPlugin
PhIndexOfEMenuItem
PhSetListViewItemParam
PhPluginSetObjectExtension
PhDeleteCircularBuffer_ULONG
PhAddSettings
PhPluginCreateEMenuItem
PhDeleteCircularBuffer_ULONG64
PhCreateServiceListControl
PhReferenceServiceItem
PhCreateSymbolProvider
PhCreateAlloc
PhEnumGenericModules
PhLoadSymbolProviderOptions
PhGetSymbolFromAddress
PhLoadModuleSymbolProvider
PhOpenThread
PhUiConnectToPhSvcEx
PhUiDisconnectFromPhSvc
PhHexStringToBufferEx
PhSecondsSince1970ToTime
PhCopyStringZ
PhCreateProcessPropContext
PhEnumNextThread
PhShowProcessProperties
PhFreeLibrary
PhFormatTime
PhSetSelectThreadIdProcessPropContext
PhGetListViewItemText
PhFindItemSimpleHashtable
PhSystemBasicInformation
PhGetModuleFromAddress
PhAddItemSimpleHashtable
PhHandleListViewNotifyForCopy
PhAddLayoutItem
PhAddListViewItem
PhAdjustPrivilege
PhCenterWindow
PhGetListViewContextMenuPoint
PhFindListViewItemByParam
PhAppendStringBuilder
PhLayoutManagerLayout
PhRemoveWindowContext
PhEnumFirmwareEnvironmentValues
PhCopyListView
PhIsFirmwareSupported
PhSetThreadName
PhCreateThread2
PhDelayExecution
PhGetOwnTokenAttributes
PhAutoDereferenceObject
PhCreateObjectType
PhQueryPerformanceCounter
PhAddEntryHashtableEx
PhInvokeCallback
PhGetGeneralCallback
PhAllocateFromFreeList
PhInitializeFreeList
PhDereferenceProcessRecord
PhCreateObject
PhReferenceProcessItem
PhGetFileName
PhFreeToFreeList
PhReferenceProcessRecord
PhCreateSimpleHashtable
PhQueryPerformanceFrequency
PhFinalStringBuilderString
PhFindLastCharInStringRef
PhMainWndHandle
PhInsertEMenuItem
PhFormatToBuffer
PhCreateList
PhGetStatusMessage
PhGetPluginInterface
PhGetTreeNewText
PhShowProcessRecordDialog
PhFormat
PhInitializeTreeNewFilterSupport
PhSetControlTheme
PhFormatString
PhFindProcessNode
PhCreateEMenuItem
PhRemoveEntryHashtable
PhPluginInvokeWindowCallback
PhSetFlagsAllEMenuItems
PhCmLoadSettings
PhAddItemArray
PhCompareStringRef
PhDeleteTreeNewColumnMenu
PhFindEMenuItem
PhCreateEMenu
PhHandleCopyCellEMenuItem
PhAddItemList
PhGetStringRefSetting
PhReferenceProcessItemForRecord
PhShellExploreFile
PhInitializeWindowTheme
PhInitializeTreeNewColumnMenuEx
PhHandleTreeNewColumnMenu
PhPluginCreateTabPage
PhInitializeArray
PhRemoveItemList
PhGetIntegerStringRefSetting
PhSetClipboardString
PhAddTreeNewFilter
PhReferenceEmptyString
PhApplyTreeNewFiltersToNode
PhShowMessage2
PhGetProcessSmallImageList
PhSetIntegerPairStringRefSetting
PhSetStringRefSetting
PhCreateStringEx
PhApplyTreeNewFilters
PhFindItemList
PhShellExecuteUserString
PhShowEMenu
PhRegisterCallback
PhRemoveItemsArray
PhSelectAndEnsureVisibleProcessNode
PhDoesFileExistWin32
PhDestroyEMenu
PhCmSaveSettings
PhReferenceObject
PhInsertCopyCellEMenuItem
PhGetIntegerPairStringRefSetting
PhWriteStringAsUtf8FileStream
PhGetGenericTreeNewLines
PhShellProperties
PhSetFlagsEMenuItem
PhAddEntryHashtable
PhfReleaseQueuedLockShared
PhAllocate
PhCountStringZ
PhStringToInteger64
PhfWakeForReleaseQueuedLock
PhClearHashtable
PhCreateHashtable
PhfAcquireQueuedLockShared
PhSplitStringRefAtChar
PhFree
PhfAcquireQueuedLockExclusive
PhEnumHashtable
PhDereferenceObject
PhSiDoubleLabelYFunction
PhFindEntryHashtable

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext
RtlPcToFileHeader
NtSetInformationProcess
NtQueryInformationProcess
NtQueryInformationThread
NtCancelSynchronousIoFile
NtDuplicateObject
NtQueryInformationWorkerFactory
RtlValidSecurityDescriptor
RtlGetOwnerSecurityDescriptor
NtQuerySystemInformation
NtReadFile
NtOpenSection
NtOpenJobObject
NtOpenDirectoryObject
NtOpenSession
NtOpenKeyedEvent
NtAlpcConnectPort
NtOpenEvent
NtOpenKey
NtOpenSymbolicLinkObject
NtOpenMutant
NtQueryInformationFile
RtlSetBits
RtlInitializeBitMap
NtClose
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlInterlockedFlushSList
RtlRaiseStatus
RtlInterlockedPushEntrySList

kernel32

IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
GetStartupInfoW
FreeLibrary
GetModuleHandleW
GetProcAddress
LoadLibraryExA
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
HeapReAlloc
HeapSize
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
LocalFree
GetLastError
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
UnhandledExceptionFilter

user32

InvalidateRect
SetFocus
SendMessageW
CreateWindowExW
GetKeyState
SetTimer
KillTimer
MapWindowPoints
EnableWindow
GetCursorPos
SetWindowTextW
GetWindowRect
DestroyIcon
SetCursor
LoadImageW
SetWindowPos
PostQuitMessage
IsIconic
DrawTextW
GetParent
DeferWindowPos
PostMessageW
SetWindowLongPtrW
GetWindowLongPtrW
BeginDeferWindowPos
EndDeferWindowPos
MapDialogRect
GetClientRect
GetMessageW
DestroyWindow
ShowWindow
DispatchMessageW
IsDialogMessageW
MoveWindow
TranslateMessage
SetForegroundWindow
EndDialog
GetDlgItem

gdi32

D3DKMTOpenAdapterFromDeviceName
D3DKMTQueryStatistics
D3DKMTQueryAdapterInfo
D3DKMTCloseAdapter
SelectObject

advapi32

GetThreadWaitChain
ConvertSecurityDescriptorToStringSecurityDescriptorW
CloseThreadWaitChainSession
OpenThreadWaitChainSession
RegisterWaitChainCOMCallback
PerfCloseQueryHandle
PerfQueryCounterData
PerfOpenQueryHandle
PerfAddCounters
EnableTraceEx2
OpenTraceW
ControlTraceW
CloseTrace
ProcessTrace
StartTraceW

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 376KB - Virtual size: 374KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 136B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 596KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/plugins/ExtendedTools.sig
CSASASDSACSA/plugins/HardwareDevices.dll
.dll windows:6 windows x64 arch:x64

baeb1c621fbaa6648ecb7c01c05b5348

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2023 00:00

Not After

15-09-2026 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:d7:43:d2:bd:88:a8:03:f8:8e:0a:69:30:4a:9e:82:6f:a3:93:46:56:8f:56:38:3c:4c:a0:fe:87:c2:a9:be
Signer

Actual PE Digest

8d:d7:43:d2:bd:88:a8:03:f8:8e:0a:69:30:4a:9e:82:6f:a3:93:46:56:8f:56:38:3c:4c:a0:fe:87:c2:a9:be

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

HardwareDevices.pdb

Imports

systeminformer.exe

PhReferenceServiceItem
PhGetStringRefSetting
PhHandleCopyCellEMenuItem
PhDeleteTreeNewColumnMenu
PhCompareStringRef
PhAddItemArray
PhCmLoadSettings
PhPluginInvokeWindowCallback
PhGetApplicationIcon
PhInitializeTreeNewFilterSupport
PhGetTreeNewText
PhQuerySystemTime
PhGetPluginInterface
PhImageListAddIcon
PhMainWndHandle
PhFormatUInt64
PhQueryPerformanceFrequency
PhfResetEvent
PhRemoveWindowContext
PhShowMessage
PhAutoDereferenceObject
PhFormatString_V
PhfSetEvent
PhCreateStringEx
PhUnregisterCallback
PhfWaitForEvent
PhFormatSize
PhCreateThreadEx
PhDeleteCircularBuffer_FLOAT
PhInitializeCircularBuffer_FLOAT
PhFindPlugin2
PhDeleteCircularBuffer_ULONG
PhGetPluginInformation
PhInitializeCircularBuffer_ULONG
PhEqualStringRef
PhQueryPerformanceCounter
PhLayoutManagerLayout
PhCenterWindow
PhInitializeAutoPool
PhAddLayoutItem
PhDrainAutoPool
PhSetApplicationWindowIcon
PhDeleteAutoPool
PhCreateDialog
PhFormatString
PhDeleteLayoutManager
PhInitializeLayoutManager
PhFormatToBuffer
PhGetStatisticsTimeString
PhSiDoubleLabelYFunction
PhMaxMemorySingles
PhGetDrawInfoGraphBuffers
PhCreatePointerList
PhGetDpi
PhCopyCircularBuffer_FLOAT
PhSetDialogItemText
PhAddLayoutItemEx
PhGraphStateGetDrawInfo
PhDeleteGraphState
PhSiSizeLabelYFunction
PhInitializeGraphState
PhDivideSinglesBySingle
PhGetSizeDpiValue
PhWindowThemeControlColor
PhSetGraphText
PhLoadWindowPlacementFromSetting
PhSiSetColorsGraphDrawInfo
PhSaveWindowPlacementToSetting
PhExpandEnvironmentStrings
PhAppendCharStringBuilder
PhExtractIconEx
PhGetListViewItemParam
PhSplitStringRefAtChar
PhStringToInteger64
PhGetSelectedListViewItemParam
PhFindListViewItemByFlags
PhQueryRegistryUlong
PhFormatDate
PhQueryValueKey
PhFindStringInStringRef
PhQueryRegistryUlong64
PhLoadListViewSortColumnsFromSetting
PhAppendFormatStringBuilder
PhSaveListViewSortColumnsToSetting
PhQueueItemWorkQueue
PhGetGlobalWorkQueue
PhConcatStrings2
PhGetHandleInformation
PhShellOpenKey2
PhGetPluginCallback
PhRegisterPlugin
PhShowStatus
PhFreeLibrary
PhAddSettings
PhDeviceProviderInitialization
PhGetDllHandle
PhDeviceIoControlFile
PhConvertUtf8ToUtf16
PhQueryRegistryString
PhEnumChildWindows
PhReAllocate
PhCreateString3
PhGetProcessDeviceMap
PhGetActiveProcessorCount
PhInitializeTreeNewColumnMenuEx
PhHandleTreeNewColumnMenu
PhPluginCreateTabPage
PhInitializeArray
PhSetIntegerStringRefSetting
PhSetClipboardString
PhAddTreeNewFilter
PhApplyTreeNewFiltersToNode
PhGetGeneralCallback
PhSetIntegerPairStringRefSetting
PhSetStringRefSetting
PhApplyTreeNewFilters
PhRemoveItemPointerList
PhRegisterCallback
PhFinalArrayItems
PhCmSaveSettings
PhInsertCopyCellEMenuItem
PhImageListSetIconSize
PhReferenceDeviceTreeEx
PhAddItemPointerList
PhImageListCreate
PhSetFlagsEMenuItem
PhGetSelectedListViewItemParams
PhInsertEMenuItem
PhHandleCopyListViewEMenuItem
PhSetWindowContext
PhGetStatusMessage
PhInsertCopyListViewEMenuItem
PhAddListViewGroup
PhBufferToHexString
PhLargeIntegerToLocalSystemTime
PhFormat
PhSetListViewSubItem
PhSetControlTheme
PhAllocate
PhCreateEMenuItem
PhSetExtendedListView
PhInitializeStringBuilder
PhAddListViewColumn
PhCreateEMenu
PhFormatGuid
PhAddListViewGroupItem
PhfEndInitOnce
PhInitializeWindowTheme
PhLoadListViewColumnsFromSetting
PhGetProcedureAddress
PhReferenceEmptyString
PhLookupDevicePropertyClass
PhGetWindowContext
PhRemoveStringBuilder
PhFinalStringBuilderString
PhSaveListViewColumnsToSetting
PhCreateThread2
PhShowEMenu
PhAddListViewItem
PhGetDeviceIcon
PhGetWindowDpi
PhLoadLibrary
PhGetDeviceProperty
PhFormatDateTime
PhDestroyEMenu
PhFree
PhAppendStringBuilderEx
PhSetWindowText
PhGetListViewContextMenuPoint
PhGetIntegerPairStringRefSetting
PhDeleteStringBuilder
PhHandleListViewNotifyBehaviors
PhAppendStringBuilder
PhGetOwnTokenAttributes
PhfBeginInitOnce
PhGetSystemMetrics
PhCopyListView
PhModalPropertySheet
PhCreateList
PhDereferenceObjectDeferDelete
PhCreateString
PhDeleteCircularBuffer_ULONG64
PhfReleaseQueuedLockShared
PhCreateObjectType
PhCreateFile
PhCountStringZ
PhStringToGuid
PhfWakeForReleaseQueuedLock
PhAddItemList
PhRemoveItemList
PhGetIntegerStringRefSetting
PhInitializeCircularBuffer_ULONG64
PhfAcquireQueuedLockShared
PhReferenceObjectSafe
PhFindItemList
PhCreateObject
PhConcatStringRef2
PhReferenceObject
PhfAcquireQueuedLockExclusive
PhCopyConvertCircularBufferULONG
PhDereferenceObject

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext
RtlPcToFileHeader
NtQueryVolumeInformationFile
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
NtClose

user32

GetParent
GetDlgItem
DestroyIcon
SendMessageW
GetWindowRect
DefWindowProcW
CallWindowProcW
MapWindowPoints
GetClassNameW
GetAncestor
GetCursorPos
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowPos
MapDialogRect
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
GetClientRect
GetMessageW
DestroyWindow
DispatchMessageW
InvalidateRect
TranslateMessage
PostQuitMessage
PostMessageW
ShowWindow
UpdateWindow
SetForegroundWindow
IsIconic
CreateWindowExW
SetFocus
IsDialogMessageW

gdi32

D3DKMTQueryAdapterInfo
D3DKMTOpenAdapterFromDeviceName
D3DKMTQueryStatistics
D3DKMTCloseAdapter
GetStockObject
SetTextColor
SetDCBrushColor
SetBkMode

comctl32

CreatePropertySheetPageW

kernel32

TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TlsSetValue
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
TlsFree
LoadLibraryExW
TlsGetValue
EncodePointer
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapAlloc
TerminateProcess
FindClose
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
HeapFree

Sections

.text
Size: 196KB - Virtual size: 194KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 92KB - Virtual size: 90KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/plugins/HardwareDevices.sig
CSASASDSACSA/plugins/NetworkTools.dll
.dll windows:6 windows x64 arch:x64

594f3174314d539a38121a9f0a3447b6

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2023 00:00

Not After

15-09-2026 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:25:6e:ff:41:f8:7a:f4:06:c3:5b:9a:f3:e1:55:9b:b3:14:18:2f:49:6e:4c:26:07:5f:68:2c:26:ee:e2:36
Signer

Actual PE Digest

1b:25:6e:ff:41:f8:7a:f4:06:c3:5b:9a:f3:e1:55:9b:b3:14:18:2f:49:6e:4c:26:07:5f:68:2c:26:ee:e2:36

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

NetworkTools.pdb

Imports

systeminformer.exe

PhSaveWindowPlacementToSetting
PhAllocate
PhQueryPerformanceCounter
PhCreateObjectType
PhFormat
PhGenerateRandomAlphaString
PhSetWindowContext
PhfSetEvent
PhHttpSocketGetErrorMessage
PhGetApplicationIcon
PhShellProcessHacker
PhGetStatusMessage
PhCountStringZ
PhSetFlagsEMenuItem
PhAppendStringBuilder
PhInsertCopyCellEMenuItem
PhConcatStrings
PhDnsQuery
PhDestroyEMenu
PhFindStringInStringRef
PhShowEMenu
PhFinalStringBuilderString
PhRemoveStringBuilder
PhSetClipboardString
PhHexStringToBuffer
PhGetWin32Message
PhHandleCopyCellEMenuItem
PhCreateEMenu
PhAppendFormatStringBuilder
PhDnsFree
PhInitializeStringBuilder
PhConvertUtf16ToMultiByteEx
PhDnsQuery2
PhGetTreeNewText
PhFormatToBuffer
PhCmSaveSettings
PhSetIntegerPairStringRefSetting
PhClearHashtable
PhHandleTreeNewColumnMenu
PhInitializeTreeNewColumnMenuEx
PhAddItemList
PhDeleteTreeNewColumnMenu
PhCmLoadSettings
PhClearList
PhCreateDialog
PhSetControlTheme
PhCreateList
PhfResetEvent
PhHttpSocketBeginRequest
PhDeleteCacheFile
PhShowMessage
PhGetBaseDirectory
PhNtStatusToDosError
PhConcatStringRef2
PhDoesFileExistWin32
PhHttpSocketConnect
PhCreateDirectoryFullPathWin32
PhUpdateHash
PhRegisterWindowCallback
PhGetPhVersionNumbers
PhHttpSocketDestroy
PhHttpSocketReadData
PhHttpSocketQueryHeaderString
PhHttpSocketQueryHeaderUlong
PhMoveFileWin32
PhCreateProcessRedirection
PhHttpSocketEndRequest
PhCreateFileWin32Ex
PhHttpSocketCreate
PhEqualStringRef
PhDeleteFileWin32
PhfWaitForEvent
PhFormatString
PhBufferToHexString
PhFinalHash
PhCreateCacheFile
PhInitializeHash
PhUnregisterWindowCallback
PhCreateThreadEx
PhGetSystemDirectory
PhHttpSocketSendRequest
PhZeroExtendToUtf16Ex
PhDeleteStringBuilder
PhLoadLibrary
PhReAllocate
PhFormatBytes
PhCreateString3
PhStringToInteger64
PhFindEMenuItem
PhInitializeGraphState
PhConvertUtf16ToUtf8Ex
PhPluginInvokeWindowCallback
PhDeleteAutoPool
PhInitializeWindowTheme
PhSiSetColorsGraphDrawInfo
PhUnregisterCallback
PhDeleteGraphState
PhReferenceEmptyString
PhGraphStateGetDrawInfo
PhAddLayoutItemEx
PhGetWindowContext
PhDivideSinglesBySingle
PhSetApplicationWindowIcon
PhLoadWindowPlacementFromSetting
PhCreateStringEx
PhDrainAutoPool
PhQueueItemWorkQueue
PhCopyCircularBuffer_FLOAT
PhCreateThread2
PhFormatString_V
PhGetWindowDpi
PhCreateObject
PhDeleteWorkQueue
PhSetGraphText
PhInitializeAutoPool
PhFree
PhSetWindowText
PhGetIntegerPairStringRefSetting
PhInitializeWorkQueue
PhGetSystemParametersInfo
PhInitializeCircularBuffer_FLOAT
PhDeleteCircularBuffer_FLOAT
PhAddPlusMaxMemorySingles
PhRemoveWindowContext
PhQueryPerformanceFrequency
PhGetStatisticsTimeString
PhWindowThemeControlColor
PhInitializeLayoutManager
PhDeleteLayoutManager
PhDialogBox
PhGetWindowText
PhGetStringRefSetting
PhAllocateSafe
PhCreateFile
PhGetFileSize
PhSetIntegerStringRefSetting
PhGetDialogItemValue
PhSetStringRefSetting
PhSetDialogItemText
PhAddLayoutItem
PhAutoDereferenceObject
PhCenterWindow
PhLayoutManagerLayout
PhShellExecute
PhSetDialogItemValue
PhInsertEMenuItem
PhCreateString
PhaChoiceDialog
PhFormatSize
PhPluginCreateEMenuItem
PhCreateEMenuItem
PhCompareStringRef
PhAddSettings
PhGetIntegerStringRefSetting
PhGetGeneralCallback
PhPluginSetObjectExtension
PhRegisterCallback
PhPluginAddTreeNewColumn
PhRegisterPlugin
PhGetPluginCallback
PhPluginGetObjectExtension
PhGetOwnTokenAttributes
PhFormatUInt64
PhAddEntryHashtable
PhQuerySystemTime
PhfReleaseQueuedLockShared
PhConvertUtf8ToUtf16Ex
PhfWakeForReleaseQueuedLock
PhfEndInitOnce
PhLoadImageFormatFromResource
PhCreateHashtable
PhImageListDrawIcon
PhfAcquireQueuedLockShared
PhTimeToSecondsSince1970
PhReferenceObject
PhGetApplicationDataFileName
PhfAcquireQueuedLockExclusive
PhImageListAddBitmap
PhImageListCreate
PhDereferenceObject
PhfBeginInitOnce
PhFindEntryHashtable

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext
RtlPcToFileHeader
NtMapViewOfSection
NtUnmapViewOfSection
NtCreateSection
NtClose
NtWriteFile
RtlIpv6StringToAddressExW
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlIpv4StringToAddressExW

kernel32

GetModuleFileNameW
GetModuleHandleExW
ExitProcess
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
HeapFree
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetStdHandle
GetFileType
HeapAlloc
FindClose
GetSystemTimeAsFileTime
FindNextFileW
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStringTypeW
SetStdHandle
SetFilePointerEx
WriteFile
GetLastError
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
FlushFileBuffers
CloseHandle
CreateFileW
WriteConsoleW
FindFirstFileExW

user32

DrawTextW
GetParent
GetDlgItem
EndDialog
SendMessageW
SetFocus
CallWindowProcW
IsIconic
EnableWindow
GetMessageW
PostMessageW
DestroyWindow
SetWindowLongPtrW
CreateWindowExW
GetWindowLongPtrW
ShowWindow
DispatchMessageW
IsDialogMessageW
IsChild
InvalidateRect
PostQuitMessage
SetForegroundWindow
TranslateMessage

gdi32

CreateFontIndirectW
DeleteObject
CreateFontW

comctl32

ord345

Sections

.text
Size: 156KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 300KB - Virtual size: 299KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/plugins/NetworkTools.sig
CSASASDSACSA/plugins/OnlineChecks.dll
.dll windows:6 windows x64 arch:x64

4e9da9e9967066c012c4f7c5431953b6

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2023 00:00

Not After

15-09-2026 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bc:9b:e7:10:87:4e:34:24:f7:a6:56:1d:bd:41:b2:5d:e4:52:9c:ab:3d:66:ad:47:81:6d:b2:03:9b:94:2a:a0
Signer

Actual PE Digest

bc:9b:e7:10:87:4e:34:24:f7:a6:56:1d:bd:41:b2:5d:e4:52:9c:ab:3d:66:ad:47:81:6d:b2:03:9b:94:2a:a0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

OnlineChecks.pdb

Imports

systeminformer.exe

PhHttpSocketCreate
PhCountStringZ
PhFreeJsonObject
PhFormatString
PhSetThreadIoPriority
PhCreateObjectType
PhBufferToHexString
PhGenerateRandomNumber64
PhFinalHash
PhFormatSize
PhQuerySystemTime
PhGetFileSize
PhInitializeHash
PhGetJsonObjectBool
PhCreateString
PhFormatToBuffer
PhSetWindowContext
PhGetJsonValueAsString
PhGetJsonObject
PhHttpSocketSendRequest
PhOpenKey
PhQueryRegistryUlong
PhCreateJsonArray
PhFormatDate
PhExpandEnvironmentStrings
PhInitializeStringBuilder
PhCreateJsonObject
PhConcatStringRef2
PhFree
PhFormatDateTime
PhQueryRegistryString
PhGetServiceDllParameter
PhDelayExecution
PhGetJsonObjectAsArrayList
PhFormatBytes
PhGetJsonArrayIndexObject
PhConvertUtf16ToUtf8
PhGetJsonArrayString
PhHexStringToBuffer
PhConvertUtf16ToMultiByte
PhAddJsonArrayObject
PhAddItemList
PhFormatTime
PhCreateBytes
PhQueryFullAttributesFileWin32
PhParseCommandLineFuzzy
PhGetJsonArrayLength
PhAddJsonObject
PhLargeIntegerToLocalSystemTime
PhCreateList
PhCreateThreadEx
KphQueryHashInformationFile
PhConcatStrings2
PhAppendFormatStringBuilder
PhGetPhVersion
PhfEndInitOnce
PhHttpSocketQueryHeaderUlong
PhHttpSocketDestroy
PhHttpSocketEndRequest
PhDeleteAutoPool
PhHttpSocketAddRequestHeaders
PhSetFilePosition
KphLevel
PhShowStatus
PhHttpSocketParseUrl
PhGetClassObject
PhUpdateHash
PhGetBaseName
PhGetWindowContext
PhHttpSocketGetErrorMessage
PhCreateFileWin32
PhLoadMappedImageEx
PhSetApplicationWindowIcon
PhCreateThread2
PhSetThreadBasePriority
PhHttpSocketConnect
PhHttpSocketWriteData
PhCreateObject
PhInitializeAutoPool
PhCenterWindow
PhConvertUtf16ToAsciiEx
PhUnloadMappedImage
PhDeleteStringBuilder
PhNtStatusToDosError
PhGetJsonArrayLong64
PhHttpSocketDownloadString
PhGetJsonValueAsUInt64
PhCreateJsonParser
PhfBeginInitOnce
PhRemoveWindowContext
PhHttpSocketBeginRequest
PhShellExecute
PhFormatUInt64
PhMainWndHandle
PhGetGlobalWorkQueue
PhQueueItemWorkQueue
PhFormatString_V
PhInsertEMenuItem
PhShellProcessHacker
PhFreeFileDialog
PhPluginCreateEMenuItem
PhShowFileDialog
PhCreateEMenuItem
PhGetApplicationIcon
PhPluginInvokeWindowCallback
PhCompareStringRef
PhSetFileDialogFilter
PhFindEMenuItem
PhCreateOpenFileDialog
PhAddSettings
PhGetFileDialogFileName
PhGetIntegerStringRefSetting
PhSetIntegerStringRefSetting
PhGetGeneralCallback
PhPluginSetObjectExtension
PhIndexOfEMenuItem
PhAutoDereferenceObject
PhRegisterCallback
PhPluginAddTreeNewColumn
PhRegisterPlugin
PhGetPluginCallback
PhGetFileName
PhPluginGetObjectExtension
PhFormat
PhHashStringRefEx
PhAllocate
PhEqualStringRef
PhAddEntryHashtableEx
PhfWakeForReleaseQueuedLock
PhCreateHashtable
PhReferenceObject
PhfAcquireQueuedLockExclusive
PhDereferenceObject
PhConvertUtf8ToUtf16
PhFindEntryHashtable

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext
RtlPcToFileHeader
NtQueryInformationThread
NtClose
NtReadFile

kernel32

FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
RaiseException
EncodePointer
LCMapStringW
GetProcAddress
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcessHeap
GetStringTypeW
LoadLibraryExW
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
SystemTimeToTzSpecificLocalTime
GetLastError
CloseHandle
CreateFileW
WriteConsoleW

user32

DrawTextW
GetDlgItem
SendMessageW
IsIconic
SetWindowLongPtrW
CallWindowProcW
PostMessageW
IsWindowVisible
GetWindowLongPtrW

comctl32

ord345

Sections

.text
Size: 116KB - Virtual size: 112KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/plugins/OnlineChecks.sig
CSASASDSACSA/plugins/ToolStatus.dll
.dll windows:6 windows x64 arch:x64

30a5e4d8f9053e6a0e7d8e32e0f24403

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2023 00:00

Not After

15-09-2026 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:a2:75:b2:3e:02:ac:d9:cc:ca:42:1d:ac:da:c0:5d:11:46:17:c2:c1:da:3a:bd:97:2a:9f:a2:0c:98:c7:65
Signer

Actual PE Digest

2b:a2:75:b2:3e:02:ac:d9:cc:ca:42:1d:ac:da:c0:5d:11:46:17:c2:c1:da:3a:bd:97:2a:9f:a2:0c:98:c7:65

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

ToolStatus.pdb

Imports

systeminformer.exe

PhfAcquireQueuedLockShared
PhGetProtocolTypeName
PhSearchControlMatchZ
PhGetServiceTypeString
PhfReleaseQueuedLockShared
PhFormatToBuffer
PhSearchControlMatchLongHintZ
PhClearList
PhGetSelectedAndPropagateProcessItems
PhfBeginInitOnce
PhDelayExecution
PhTaskbarListCreate
PhSetThreadName
PhfEndInitOnce
PhFindServiceNode
PhDrawGraphDirect
PhTaskbarListDestroy
PhTaskbarListSetOverlayIcon
PhCreateThreadEx
PhImageListCreate
PhImageListSetIconSize
PhLoadIcon
PhSetWindowText
PhAddTreeNewFilter
PhLoadImageFormatFromResource
PhGetShieldBitmap
PhCreateSearchControl
PhIconToBitmap
PhReferenceObject
PhSearchControlMatch
PhGetProcessPriorityClassString
PhGetTcpStateName
PhSelectComboBoxString
PhGetWindowText
PhGetFilterSupportProcessTreeList
PhSetSelectThreadIdProcessPropContext
PhRemoveWindowContext
PhFindProcessNode
PhPluginGetSystemStatistics
PhPluginInvokeWindowCallback
PhUiTerminateProcesses
PhFindEMenuItem
PhCreateEMenu
PhDestroyEMenuItem
PhInvokeCallback
PhAddSettings
PhThemeWindowDrawRebar
PhGetGeneralCallback
PhRegisterMessageLoopFilter
PhShowProcessProperties
PhIndexOfEMenuItem
PhApplyTreeNewFilters
PhShowEMenu
PhExpandAllProcessNodes
PhRegisterCallback
PhSelectAndEnsureVisibleProcessNode
PhGetFilterSupportServiceTreeList
PhDeselectAllServiceNodes
PhGetSelectedProcessItem
PhDestroyEMenu
PhGetFilterSupportNetworkTreeList
PhReferenceProcessItem
PhRegisterPlugin
PhGetPluginCallback
PhHungWindowFromGhostWindow
PhCreateAlloc
PhShowMessage
PhThemeWindowDrawToolbar
PhImageListAddBitmap
PhGetOwnTokenAttributes
PhCreateProcessPropContext
PhDeselectAllProcessNodes
PhAddItemSimpleHashtable
PhInsertEMenuItem
PhCreateList
PhRemoveItemSimpleHashtable
PhModifyEMenuItem
PhShowProcessRecordDialog
PhFormat
PhSystemBasicInformation
PhPluginCreateEMenuItem
PhDivideSinglesBySingle
PhEqualStringRef
PhInitializeGraphState
PhCreateEMenuItem
PhInitializeStringBuilder
PhConcatStrings2
PhAppendFormatStringBuilder
PhStringToInteger64
PhAddItemList
PhGetStringRefSetting
PhSiSetColorsGraphDrawInfo
PhDeleteGraphState
PhShowSystemInformationDialog
PhReferenceEmptyString
PhGraphStateGetDrawInfo
PhSplitStringRefAtChar
PhSetStringRefSetting
PhRemoveStringBuilder
PhFinalStringBuilderString
PhCopyCircularBuffer_FLOAT
PhFindItemSimpleHashtable
PhDereferenceProcessRecord
PhAutoDereferenceObject
PhFindProcessRecord
PhDereferenceObject
PhGetPluginName
PhGetStatisticsTime
PhCreateSimpleHashtable
PhGetStatisticsTimeString
PhMainWndHandle
PhCountStringZ
PhSetIntegerStringRefSetting
PhImageListReplace
PhGetSystemMetrics
PhSetWindowContext
PhWindowThemeControlColor
PhAllocate
PhDialogBox
PhInsertItemList
PhInitializeWindowTheme
PhRemoveItemList
PhGetIntegerStringRefSetting
PhGetWindowContext
PhSetApplicationWindowIcon
PhGetDpi
PhGetWindowDpi
PhCenterWindow
PhFree
PhGetSystemParametersInfo
PhGetTaskbarDpi

ntdll

RtlUnwindEx
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlPcToFileHeader
NtCreateEvent
NtWaitForSingleObject
NtSetEvent

user32

DefWindowProcW
CallWindowProcW
GetWindowRect
GetMenu
GetFocus
SetWindowPos
SetWindowLongPtrW
GetWindowLongPtrW
WindowFromPoint
LoadAcceleratorsW
IsChild
MapWindowPoints
SetFocus
TranslateAcceleratorW
SetCapture
GetWindowDC
SetCursor
GetClientRect
IsZoomed
ReleaseCapture
LoadImageW
IsIconic
GetCursorPos
DestroyWindow
IsWindowVisible
CreateWindowExW
ShowWindow
GetDC
DestroyIcon
CreateIconIndirect
SetMenu
DrawMenuBar
DrawIconEx
ReleaseDC
FillRect
SendMessageW
EndDialog
GetSysColor
GetDlgItem
GetSysColorBrush
GetParent
InvalidateRect
EnableWindow
GetWindowThreadProcessId
DrawTextW

gdi32

CreateFontIndirectW
DeleteObject
SetBkMode
SetTextColor
DeleteDC
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
SetROP2
RestoreDC
Rectangle
CreatePen
GetStockObject
SaveDC
GetTextExtentPoint32W
SetDCPenColor
SetDCBrushColor
Polyline
CreateDIBSection
GetTextMetricsW
CreateSolidBrush

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsProcessorFeaturePresent
SetFilePointerEx
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetConsoleMode
GetConsoleOutputCP
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
CreateFileW
CloseHandle
WriteConsoleW
WriteFile
FreeLibrary

Sections

.text
Size: 120KB - Virtual size: 116KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/plugins/ToolStatus.sig
CSASASDSACSA/plugins/Updater.dll
.dll windows:6 windows x64 arch:x64

c5a263e3cac227df6d673ebfa54fcbe5

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2023 00:00

Not After

15-09-2026 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:b4:82:c1:2e:97:74:06:61:1f:87:ed:f8:4d:5c:c0:77:1f:11:cb:4d:93:74:c7:15:99:86:4b:f6:ac:2b:e9
Signer

Actual PE Digest

7b:b4:82:c1:2e:97:74:06:61:1f:87:ed:f8:4d:5c:c0:77:1f:11:cb:4d:93:74:c7:15:99:86:4b:f6:ac:2b:e9

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

Updater.pdb

Imports

systeminformer.exe

PhfSetEvent
PhGetApplicationIcon
PhHttpSocketGetErrorMessage
PhFormatString
PhGetStatusMessage
PhfResetEvent
PhDeleteCacheFile
PhfBeginInitOnce
PhGetKernelFileName2
PhShowMessage
PhNtStatusToDosError
PhConcatStrings
PhInitializeAutoPool
PhCreateObject
PhDelayExecution
PhQueueItemWorkQueue
PhShellExecuteEx
PhSplitStringRefAtChar
PhGetGlobalWorkQueue
PhRegisterWindowCallback
PhHttpSocketParseUrl
PhShowStatus
PhGetApplicationDirectoryFileName
PhHttpSocketAddRequestHeaders
PhGetSelectedListViewItemParams
PhHttpSocketReadData
PhAllocateSafe
PhHttpSocketQueryHeaderUlong
PhfEndInitOnce
PhClearCacheDirectory
PhGetPhVersion
PhGetFileVersionInfoEx
PhPluginInvokeWindowCallback
PhDialogBox
PhCreateFileWin32Ex
PhGetFileVersionFixedInfo
PhIsExecutingInWow64
PhfWaitForEvent
PhCreateFile
PhCreateObjectType
PhConvertUtf8ToUtf16Ex
PhSplitStringRefAtLastChar
PhFormatSize
PhCreateCacheFile
PhUnregisterWindowCallback
PhCreateThreadEx
PhCreateKsiSettingsBlob
PhIntegerToString64
PhHexStringToBufferEx
PhBufferToHexString
PhGetJsonObject
PhGetJsonValueAsString
PhHandleCopyListViewEMenuItem
PhSetWindowContext
PhFormatToBuffer
PhCreateList
PhHttpSocketSendRequest
PhWindowThemeControlColor
PhInsertCopyListViewEMenuItem
PhQuerySystemTime
PhInitializeLayoutManager
PhLargeIntegerToLocalSystemTime
PhDeleteLayoutManager
PhFormat
PhSetListViewSubItem
PhFindListViewItemByFlags
PhSetControlTheme
PhFormatTimeSpanRelative
PhAllocate
PhGetJsonArrayLength
PhSaveWindowPlacementToSetting
PhGetPhVersionHash
PhFreeJsonObject
PhEqualStringRef
PhCreateJsonParserEx
PhSaveListViewSortColumnsToSetting
PhHttpSocketCreate
PhCreateEMenuItem
PhHttpSocketEndRequest
PhSetExtendedListView
PhInitializeStringBuilder
PhGetSelectedListViewItemParam
PhConcatStrings2
PhAddListViewColumn
PhCreateEMenu
PhStringToInteger64
PhAddItemList
PhCreateString3
PhHttpSocketDestroy
PhInitializeWindowTheme
PhLoadListViewColumnsFromSetting
PhGetJsonObjectType
PhGetPhVersionNumbers
PhReferenceEmptyString
PhGetJsonArrayIndexObject
PhGetWindowContext
PhSetDialogItemText
PhSetApplicationWindowIcon
PhLoadWindowPlacementFromSetting
PhCreateStringEx
PhGetListViewItemParam
PhFinalStringBuilderString
PhSaveListViewColumnsToSetting
PhHandleListViewNotifyForCopy
PhCreateThread2
PhAddLayoutItem
PhShowEMenu
PhHttpSocketConnect
PhAddListViewItem
PhFormatString_V
PhFindStringInStringRef
PhAutoDereferenceObject
PhAppendCharStringBuilder
PhFormatDateTime
PhCenterWindow
PhDestroyEMenu
PhFree
PhReferenceObject
PhGetListViewContextMenuPoint
PhLoadListViewSortColumnsFromSetting
PhGetIntegerPairStringRefSetting
PhHttpSocketDownloadString
PhGetJsonValueAsUInt64
PhFormatDate
PhGetListViewItemText
PhAppendStringBuilder
PhLayoutManagerLayout
PhRemoveWindowContext
PhHttpSocketBeginRequest
PhShellExecute
PhCopyListView
PhInsertEMenuItem
PhPluginCreateEMenuItem
PhGetStringRefSetting
PhAddSettings
PhGetIntegerStringRefSetting
PhSetIntegerStringRefSetting
PhGetGeneralCallback
PhSetStringRefSetting
PhRegisterCallback
PhRegisterPlugin
PhGetPluginCallback
PhDeleteAutoPool
PhDereferenceObject

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlCaptureContext
RtlPcToFileHeader
NtClose
NtWriteFile

kernel32

WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
LCMapStringW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
EnterCriticalSection
GetProcessHeap
GetStringTypeW
SetStdHandle
HeapSize
HeapReAlloc
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
GetLastError
SystemTimeToTzSpecificLocalTime
CloseHandle
CreateFileW
WriteConsoleW

user32

GetParent
GetDlgItem
GetSysColor
EndDialog
SendMessageW
CallWindowProcW
PostMessageW
GetWindowLongPtrW
ShowWindow
SetForegroundWindow
IsIconic
SetWindowLongPtrW
SetTimer
KillTimer

gdi32

SelectObject
GetObjectW
CreateFontIndirectW
DeleteObject

comctl32

ord345

Sections

.text
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/plugins/Updater.sig
CSASASDSACSA/plugins/UserNotes.dll
.dll windows:6 windows x64 arch:x64

b67831227029474238ee103fc44a539d

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2023 00:00

Not After

15-09-2026 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:fc:1d:a1:06:de:c4:5d:ba:16:7b:b8:1c:df:d8:3a:2d:c9:cf:1f:fb:15:4e:65:08:e4:18:04:0a:29:9c:c2
Signer

Actual PE Digest

1b:fc:1d:a1:06:de:c4:5d:ba:16:7b:b8:1c:df:d8:3a:2d:c9:cf:1f:fb:15:4e:65:08:e4:18:04:0a:29:9c:c2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

UserNotes.pdb

Imports

systeminformer.exe

PhAddSettings
PhCreateOpenFileDialog
PhFindEMenuItem
PhSetFileDialogFilter
PhCompareStringRef
PhPluginInvokeWindowCallback
PhGetApplicationIcon
PhCreateEMenuItem
PhShowFileDialog
PhLoadCustomColorList
PhPluginCreateEMenuItem
PhSetProcessItemPriority
PhFreeFileDialog
PhInvalidateAllProcessNodes
PhPluginAddMenuHook
PhGetPluginInterface
PhGetKnownLocation
PhGetFileDialogFileName
PhRemoveEMenuItem
PhInsertEMenuItem
PhCopyListView
PhGetListViewContextMenuPoint
PhDestroyEMenu
PhAddListViewItem
PhShowEMenu
PhSaveListViewColumnsToSetting
PhRemoveListViewItem
PhLoadListViewColumnsFromSetting
PhCreateEMenu
PhAddListViewColumn
PhSetExtendedListView
PhSetControlTheme
PhSetListViewSubItem
PhInsertCopyListViewEMenuItem
PhHandleCopyListViewEMenuItem
PhGetSelectedListViewItemParams
PhGetApplicationDirectoryFileName
PhShowStatus
PhSaveCustomColorList
PhGetGeneralCallback
PhShowMessage2
PhGetBaseName
PhPluginSetObjectExtension
PhSetApplicationWindowIcon
PhSetProcessItemIoPriority
PhAddProcessPropPage
PhGetSelectedProcessItems
PhShowProcessAffinityDialog2
PhIndexOfEMenuItem
PhSetProcessItemPagePriority
PhRegisterCallback
PhGetProcessPriority
PhGetSelectedProcessItem
PhUnloadMappedImage
PhPluginAddTreeNewColumn
PhRegisterPlugin
PhGetPluginCallback
PhCreateProcessPropPageContextEx
PhShowMessage
PhPluginGetObjectExtension
PhLoadMappedImage
PhSetProcessItemThrottlingState
PhDuplicateProcessNodeList
PhSetProcessItemAffinityMask
PhSetProcessItemPriorityBoost
PhIntegerToString64
PhFormatToBuffer
PhSaveXmlObjectToFile
PhConcatStringRef3
PhGetXmlNodeOpaqueText
PhHashStringRefEx
PhConvertUtf16ToUtf8Ex
PhRemoveEntryHashtable
PhSetXmlNodeAttributeText
PhCreateXmlOpaqueNode
PhDoesFileExist
PhAddEntryHashtableEx
PhFreeXmlObject
PhCreateKey
PhStringToInteger64
PhfWakeForReleaseQueuedLock
PhGetXmlNodeNextChild
PhCreateHashtable
PhCreateStringEx
PhGetXmlNodeFirstChild
PhDeleteFile
PhCreateXmlNode
PhConcatStringRef2
PhConvertUtf8ToUtf16
PhfAcquireQueuedLockExclusive
PhEnumHashtable
PhQueryRegistryUlong
PhGetOwnTokenAttributes
PhLoadXmlObjectFromFile
PhDeleteValueKey
PhOpenKey
PhFindEntryHashtable
PhGetXmlNodeAttributeCount
PhSetValueKey
PhGetXmlNodeAttributeByIndex
PhSetWindowContext
PhWindowThemeControlColor
PhInitializeLayoutManager
PhDeleteLayoutManager
PhAllocate
PhEqualStringRef
PhGetWindowText
PhPropPageDlgProcHeader
PhInitializeWindowTheme
PhGetIntegerStringRefSetting
PhReferenceEmptyString
PhGetWindowContext
PhSetDialogItemText
PhDoPropPageLayout
PhAddLayoutItem
PhFormatString_V
PhAutoDereferenceObject
PhCenterWindow
PhFree
PhReferenceObject
PhLayoutManagerLayout
PhDereferenceObject
PhRemoveWindowContext
PhGetStatusMessage
PhAddPropPageLayoutItem

ntdll

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext
NtQueryInformationProcess
NtClose
NtDeleteKey

user32

EnableWindow
GetParent
GetDlgItem
SendMessageW
SetWindowLongPtrW
MessageBoxW
SetWindowTextW

comctl32

ord345
CreatePropertySheetPageW

kernel32

LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
GetProcessHeap
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
GetLastError
RaiseException
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
TlsGetValue
GetFileType
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
GetStdHandle

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/plugins/UserNotes.sig
CSASASDSACSA/plugins/WindowExplorer.dll
.dll windows:6 windows x64 arch:x64

5b1b8e3ff7b301f7b761e97c537799b3

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2023 00:00

Not After

15-09-2026 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:48:d9:8d:5e:ce:24:99:da:bd:e1:7e:9e:44:c4:67:a4:8b:a2:c3:c7:75:ed:30:b2:bf:a0:92:95:d7:ab:cc
Signer

Actual PE Digest

91:48:d9:8d:5e:ce:24:99:da:bd:e1:7e:9e:44:c4:67:a4:8b:a2:c3:c7:75:ed:30:b2:bf:a0:92:95:d7:ab:cc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

WindowExplorer.pdb

Imports

systeminformer.exe

PhFindProcessNode
PhCreateSearchControl
PhSetSelectThreadIdProcessPropContext
PhfWaitForEvent
PhFormatString
PhOpenProcess
PhGetTreeNewText
PhWindowThemeControlColor
PhDestroyWindowRemote
PhCreateThreadEx
PhModalPropertySheet
PhCopyListView
PhCreateSymbolProvider
PhAppendStringBuilder
PhHandleListViewNotifyBehaviors
PhfAcquireQueuedLockExclusive
PhAppResolverGetAppIdForWindow
PhDeleteStringBuilder
PhGetListViewContextMenuPoint
PhDosErrorToNtStatus
PhAppendCharStringBuilder
PhFormatString_V
PhAddListViewItem
PhCreateThread2
PhSaveListViewColumnsToSetting
PhFinalStringBuilderString
PhGetListViewItemParam
PhQueueItemWorkQueue
PhLoadSymbolProviderOptions
PhRemoveStringBuilder
PhGetImageListIcon
PhGetGlobalWorkQueue
PhShowMessage2
PhLoadModulesForVirtualSymbolProvider
PhGetModuleProcAddress
PhLoadListViewColumnsFromSetting
PhfWakeForReleaseQueuedLock
PhAddListViewGroupItem
PhGetSymbolFromAddress
PhAddListViewColumn
PhAppendFormatStringBuilder
PhCreateEMenuItem
PhInitializeStringBuilder
PhSetExtendedListView
PhDialogBox
PhEqualStringRef
PhSetControlTheme
PhFindListViewItemByFlags
PhSetListViewSubItem
PhFormatSize
PhShowConfirmMessage
PhAddListViewGroup
PhfInitializeInitOnce
PhInsertCopyListViewEMenuItem
PhHandleCopyListViewEMenuItem
PhGetStockApplicationIcon
PhGetSelectedListViewItemParams
PhFindEntryHashtable
PhImageListCreate
PhDeleteTreeNewFilterSupport
PhCmSaveSettings
PhRemoveTreeNewFilter
PhSearchControlMatch
PhSetStringRefSetting
PhGetProcessSmallImageList
PhCreateHashtable
PhClearHashtable
PhImageListSetBkColor
PhAddTreeNewFilter
PhHandleTreeNewColumnMenu
PhInitializeTreeNewColumnMenuEx
PhGetStringRefSetting
PhDeleteTreeNewColumnMenu
PhCompareStringRef
PhCmLoadSettings
PhClearList
PhImageListDestroy
PhInitializeTreeNewFilterSupport
PhImageListAddIcon
PhSearchControlMatchLongHintZ
PhAddEntryHashtable
PhPluginInvokeWindowCallback
PhSetFlagsAllEMenuItems
PhPropPageDlgProcHeader
PhConcatStrings2
PhCreateEMenu
PhCreateDialog
PhStringToInteger64
PhHandleCopyCellEMenuItem
PhfEndInitOnce
PhGetProcessMappedFileName
PhDeleteAutoPool
PhInitializeWindowTheme
PhUnregisterCallback
PhShowStatus
PhSetClipboardString
PhGetProcedureAddress
PhReferenceEmptyString
PhApplyTreeNewFiltersToNode
PhGetBaseName
PhSetApplicationWindowIcon
PhShowProcessProperties
PhAddProcessPropPage
PhDrainAutoPool
PhfSetEvent
PhDoPropPageLayout
PhApplyTreeNewFilters
PhShellExecuteUserString
PhShowEMenu
PhSelectAndEnsureVisibleProcessNode
PhLoadLibrary
PhGetWindowTextEx
PhDoesFileExistWin32
PhInitializeAutoPool
PhCenterWindow
PhDestroyEMenu
PhReferenceProcessItem
PhInsertCopyCellEMenuItem
PhSetWindowText
PhHungWindowFromGhostWindow
PhGetClientIdName
PhGetFileName
PhCreateProcessPropPageContextEx
PhShowMessage
PhCreateProcessPropContext
PhfBeginInitOnce
PhSetFlagsEMenuItem
PhfResetEvent
PhAddPropPageLayoutItem
PhCountStringZ
PhGetWindowDpi
PhGetSystemMetrics
PhSetWindowContext
PhInitializeLayoutManager
PhDeleteLayoutManager
PhCreateObjectType
PhEnumChildWindows
PhAllocate
PhSaveWindowPlacementToSetting
PhAddLayoutItemEx
PhGetWindowContext
PhSetDialogItemText
PhLoadWindowPlacementFromSetting
PhAddLayoutItem
PhCreateObject
PhFree
PhGetIntegerPairStringRefSetting
PhLayoutManagerLayout
PhDereferenceObject
PhRemoveWindowContext
PhInsertEMenuItem
PhCreateList
PhCreateString
PhaChoiceDialog
PhPluginCreateEMenuItem
PhFindEMenuItem
PhAddItemList
PhAddSettings
PhGetIntegerStringRefSetting
PhGetGeneralCallback
PhIndexOfEMenuItem
PhAutoDereferenceObject
PhRegisterCallback
PhRegisterPlugin
PhReferenceObject
PhGetWindowText
PhGetPluginCallback

ntdll

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
RtlPcToFileHeader
NtClose

kernel32

GetConsoleMode
WriteFile
FlushFileBuffers
SetStdHandle
HeapReAlloc
HeapSize
GetStringTypeW
GetFileType
GetStdHandle
GetProcessHeap
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
SetFilePointerEx
GetLastError
GetProcAddress
CreateFileW
CloseHandle
WriteConsoleW
GetConsoleOutputCP

Sections

.text
Size: 108KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 4KB - Virtual size: 840B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 4KB - Virtual size: 500B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/plugins/WindowExplorer.sig
CSASASDSACSA/x86/SystemInformer.exe
.exe windows:6 windows x86 arch:x86

07d15768a5f7dc052a07df948b23e635

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2023 00:00

Not After

15-09-2026 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c2:da:dd:20:8d:1d:44:cb:99:61:12:7e:37:d9:6f:32:d7:4d:36:ee:09:36:fd:93:9f:02:bd:da:76:36:0a:b0
Signer

Actual PE Digest

c2:da:dd:20:8d:1d:44:cb:99:61:12:7e:37:d9:6f:32:d7:4d:36:ee:09:36:fd:93:9f:02:bd:da:76:36:0a:b0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

SystemInformer.pdb

Imports

comctl32

CreatePropertySheetPageW
InitCommonControlsEx
ord345
ImageList_CoCreateInstance
ord381
PropertySheetW

ntdll

NtSetInformationToken
NtPowerInformation
NtTestAlert
NtSetInformationThread
RtlSizeHeap
NtIsProcessInJob
NtQuerySystemInformationEx
RtlRegisterWait
RtlDeregisterWaitEx
RtlCreateSecurityDescriptor
RtlCreateAcl
RtlAddAccessAllowedAce
NtAcceptConnectPort
NtReplyWaitReceivePort
RtlSetDaclSecurityDescriptor
NtCreatePort
RtlValidRelativeSecurityDescriptor
RtlSelfRelativeToAbsoluteSD2
NtConnectPort
NtRequestWaitReplyPort
RtlAbsoluteToSelfRelativeSD
NtCreateSection
RtlQueryElevationFlags
NtDeleteKey
NtReleaseSemaphore
NtFreeVirtualMemory
RtlExitUserProcess
NtSuspendThread
NtQueryInformationProcess
NtRemoveProcessDebug
NtSetSystemPowerState
NtSetHighEventPair
NtAdjustGroupsToken
NtQuerySemaphore
RtlQueryPerformanceFrequency
RtlNtStatusToDosErrorNoTeb
NtCreateDirectoryObject
RtlTimeFieldsToTime
RtlGUIDFromString
NtDuplicateToken
RtlRandomEx
RtlTimeToTimeFields
RtlCreateProcessReflection
RtlGetAce
RtlGetFullPathName_UEx
NtDelayExecution
RtlFindMessage
RtlStringFromGUID
RtlQueryPerformanceCounter
RtlCreateProcessParameters
NtQueryDefaultLocale
RtlCreateUserProcess
RtlGetDaclSecurityDescriptor
NtTerminateProcess
RtlExpandEnvironmentStrings_U
RtlFirstEntrySList
RtlUnicodeToMultiByteN
RtlDowncaseUnicodeChar
NtCreateThreadEx
NtAllocateVirtualMemory
RtlReAllocateHeap
TpSimpleTryPost
RtlUTF8ToUnicodeN
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
RtlUnicodeToMultiByteSize
RtlUnicodeToUTF8N
RtlFindClearBitsAndSet
RtlInterlockedPopEntrySList
RtlGetVersion
NtUnlockFile
NtSetInformationFile
NtLockFile
NtFlushBuffersFile
NtQueryInformationFile
NtGetContextThread
NtQueryKey
NtOpenProcessToken
NtOpenThread
NtOpenSymbolicLinkObject
NtEnumerateKey
NtGetNextProcess
NtUnloadDriver
NtEnumerateValueKey
NtQueueApcThread
NtOpenKey
RtlGetSaclSecurityDescriptor
RtlDosPathNameToNtPathName_U_WithStatus
RtlConvertSidToUnicodeString
NtQuerySymbolicLinkObject
NtOpenProcess
NtTerminateThread
NtCreateNamedPipeFile
NtGetNextThread
NtQueryInformationJobObject
NtSetSecurityObject
NtDeleteValueKey
NtQueryAttributesFile
NtDeviceIoControlFile
NtOpenDirectoryObject
RtlGetUnloadEventTraceEx
NtFsControlFile
NtQueryDirectoryObject
NtQueryEvent
NtSetSystemEnvironmentValueEx
NtOpenThreadToken
NtTraceControl
NtQuerySystemEnvironmentValueEx
RtlInitializeBitMap
RtlNumberOfSetBits
NtLoadKeyEx
NtCreateKey
NtEnumerateSystemEnvironmentValuesEx
NtQueueApcThreadEx
NtQuerySecurityAttributesToken
NtQueryObject
NtCreateFile
NtQueryDirectoryFile
NtOpenSection
NtQuerySecurityObject
NtSetValueKey
RtlQueryEnvironmentVariable
NtOpenFile
NtQueryValueKey
NtQueryFullAttributesFile
NtReleaseKeyedEvent
NtWaitForKeyedEvent
NtCreateKeyedEvent
LdrFindResource_U
LdrAccessResource
RtlLengthSecurityDescriptor
RtlValidSecurityDescriptor
NtClearEvent
NtCreateSemaphore
NtFlushInstructionCache
RtlSetOwnerSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlGetGroupSecurityDescriptor
RtlSetControlSecurityDescriptor
RtlSetGroupSecurityDescriptor
TpWaitForIoCompletion
TpAllocIoCompletion
TpReleasePool
TpReleaseIoCompletion
TpAllocPool
TpSetPoolMinThreads
TpCancelAsyncIoOperation
TpStartAsyncIoOperation
TpSetPoolMaxThreads
NtSetTimer
NtAlertThread
NtCreateTimer
RtlUnwind
NtCancelTimer
NtPulseEvent
NtSetLowEventPair
NtQueryTimer
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlInterlockedFlushSList
RtlInterlockedPushEntrySList
RtlCreateHeap
RtlFreeHeap
RtlAllocateHeap
RtlDestroyHeap
RtlCreateQueryDebugBuffer
RtlQueryProcessDebugInformation
RtlDestroyQueryDebugBuffer
NtSetSystemInformation
NtQuerySystemInformation
NtWriteVirtualMemory
NtCreateMutant
RtlSetCurrentDirectory_U
RtlSetUnhandledExceptionFilter
NtAdjustPrivilegesToken
NtOpenMutant
NtSystemDebugControl
NtTerminateJobObject
NtAssignProcessToJobObject
NtQueryMutant
NtQueryVolumeInformationFile
NtMapViewOfSection
NtQuerySection
NtQueryOpenSubKeysEx
NtQueryVirtualMemory
NtResetEvent
NtProtectVirtualMemory
RtlSetHeapInformation
RtlInitializeCriticalSection
RtlDeleteCriticalSection
RtlLeaveCriticalSection
RtlEnterCriticalSection
RtlUpcaseUnicodeChar
NtWaitForMultipleObjects
NtSetEvent
NtCreateEvent
NtAlpcQueryInformation
NtReadVirtualMemory
NtReadFile
NtWriteFile
NtQueryInformationThread
NtSuspendProcess
NtResumeThread
NtWaitForSingleObject
NtSetInformationDebugObject
NtUnmapViewOfSection
RtlRaiseStatus
NtSetInformationProcess
NtShutdownSystem
NtDuplicateObject
NtInitiatePowerAction
NtClose
NtQueryInformationToken
NtResumeProcess

kernel32

LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
GetCPInfo
MultiByteToWideChar
IsValidCodePage
GetACP
GetOEMCP
SetStdHandle
GetLastError
SetConsoleCtrlHandler
FreeConsole
GetConsoleWindow
AllocConsole
LoadLibraryExW
LocalFree
SearchPathW
GetTimeFormatEx
GetLocaleInfoW
GetDateFormatEx
FormatMessageW
GetNumberFormatW
TlsSetValue
SetLastError
TlsAlloc
TlsGetValue
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
IsProcessorFeaturePresent
FreeLibrary
GetCurrentProcess
LocalAlloc
GlobalSize
WideCharToMultiByte
SetEndOfFile
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetCommandLineW
GetProcessHeap
FlushFileBuffers
WriteConsoleW
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
SetFilePointerEx
GetFileSizeEx
GetModuleHandleExW
ExitProcess
GetModuleFileNameW
GetStdHandle
GetFileType
CreateFileW
GetConsoleOutputCP
WriteFile
CloseHandle
ReadConsoleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RaiseException
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsFree
GetProcAddress
ReadFile
CreateProcessW
GetConsoleMode
DecodePointer

user32

DrawIconEx
FrameRect
TrackMouseEvent
GetCapture
RegisterClassExW
UnregisterClassW
GetDC
GetFocus
CallWindowProcW
DefWindowProcW
LoadImageW
PostQuitMessage
KillTimer
SetCursor
TranslateMessage
IsDialogMessageW
SetTimer
DispatchMessageW
GetMessageW
TranslateAcceleratorW
IsChild
LoadAcceleratorsW
SendMessageTimeoutW
UpdateWindow
OpenWindowStationW
OpenDesktopW
CreateMenu
EndDeferWindowPos
ChangeWindowMessageFilterEx
IntersectRect
SetMenu
CloseDesktop
BeginDeferWindowPos
IsWindow
GetWindowPlacement
CreateWindowExW
CloseWindowStation
GetWindow
ShowWindowAsync
DeferWindowPos
MoveWindow
GetMonitorInfoW
IsHungAppWindow
SetActiveWindow
MonitorFromWindow
MonitorFromPoint
GetForegroundWindow
GetDoubleClickTime
CreateIconIndirect
GetProcessWindowStation
SetWindowTextW
EnumDesktopsW
ReleaseCapture
PtInRect
SetCapture
GetAsyncKeyState
SetWindowPlacement
GetGUIThreadInfo
PeekMessageW
MsgWaitForMultipleObjects
MonitorFromRect
MessageBoxW
GetScrollBarInfo
GetWindowDC
SetMenuInfo
GetIconInfo
FindWindowExW
GetWindowTextW
SystemParametersInfoW
CreateDialogIndirectParamW
GetDesktopWindow
LookupIconIdFromDirectoryEx
IsClipboardFormatAvailable
GetUserObjectInformationW
SetClipboardData
GetClipboardData
EnumWindows
LoadMenuIndirectW
DialogBoxIndirectParamW
InternalGetWindowText
EmptyClipboard
CloseClipboard
GetWindowInfo
OpenClipboard
GetActiveWindow
GetThreadDesktop
GetSystemMetrics
GetGuiResources
EnumChildWindows
GetPropW
CreateIconFromResourceEx
GetWindowTextLengthW
DestroyMenu
TrackPopupMenu
CreatePopupMenu
InsertMenuItemW
SetScrollPos
ShowCaret
EnableScrollBar
DestroyCaret
DragDetect
CreateCaret
SetCaretPos
GetScrollInfo
RegisterClipboardFormatW
SetScrollInfo
SetCursorPos
ScrollWindowEx
GetUpdateRect
GetMessageTime
DrawFocusRect
InvalidateRgn
WaitMessage
MessageBeep
GetMessagePos
GetClassInfoExW
GetUpdateRgn
DrawFrameControl
GetAncestor
GetDCEx
ReleaseDC
BeginPaint
EndPaint
GetSystemMenu
DeleteMenu
BringWindowToTop
EnableMenuItem
SetFocus
MapDialogRect
GetWindowRect
SetWindowPos
MapWindowPoints
FillRect
GetSysColor
DrawTextW
GetSysColorBrush
GetWindowLongW
GetMenuItemInfoW
GetKeyState
PostMessageW
GetMenu
GetMenuItemCount
ScreenToClient
GetSubMenu
RedrawWindow
DestroyIcon
ClientToScreen
SetLayeredWindowAttributes
FindWindowW
SetWindowLongW
GetClientRect
InvalidateRect
GetCursorPos
GetClassNameW
EndDialog
IsWindowEnabled
GetParent
EnableWindow
GetWindowThreadProcessId
GetShellWindow
AllowSetForegroundWindow
IsWindowVisible
ExitWindowsEx
LockWorkStation
DestroyWindow
SendMessageW
ShowWindow
GetDlgItem
SetForegroundWindow
IsIconic
DrawEdge

gdi32

CreateSolidBrush
SetBkMode
SetTextColor
DeleteDC
CreateCompatibleDC
SelectObject
CreateCompatibleBitmap
BitBlt
SetDCBrushColor
GetStockObject
RectVisible
GetObjectW
GetTextExtentPoint32W
SetBkColor
GetTextColor
GetTextMetricsW
SetDCPenColor
Polyline
CreateFontW
CreateDIBSection
ExcludeClipRect
PatBlt
CombineRgn
CreateRectRgn
GdiAlphaBlend
GetDeviceCaps
GetDIBits
Rectangle
GetCharWidthW
TextOutW
SetBoundsRect
IntersectClipRect
RestoreDC
SelectClipRgn
GetClipRgn
SaveDC
DeleteObject
CreateFontIndirectW

advapi32

CloseServiceHandle
GetEffectiveRightsFromAclW
LsaSetSecurityObject
OpenSCManagerW
LsaClose
LsaAddAccountRights
CreateServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
CreateProcessAsUserW
LogonUserW
CreateProcessWithLogonW
InitiateShutdownW
QueryServiceObjectSecurity
QueryServiceStatusEx
OpenServiceW
QueryServiceConfig2W
ChangeServiceConfigW
QueryServiceConfigW
EnumServicesStatusExW
StartServiceW
EnumDependentServicesW
ControlService
SetServiceObjectSecurity
DeleteService
ChangeServiceConfig2W
LsaQuerySecurityObject
LsaLookupPrivilegeName
LsaEnumeratePrivileges
LsaOpenPolicy
LsaLookupNames2
LsaLookupPrivilegeDisplayName
LsaLookupPrivilegeValue
LsaFreeMemory
LsaLookupSids
GetInheritanceSourceW
GetSecurityInfo
SetSecurityInfo

ole32

CoSetProxyBlanket
CoUninitialize
CoTaskMemFree
CoInitializeEx

Exports

Exports

KphEnumerateProcessHandles2
KphLevel
KphQueryHashInformationFile
PhAddElementAvlTree
PhAddEntryHashtable
PhAddEntryHashtableEx
PhAddItemArray
PhAddItemList
PhAddItemPointerList
PhAddItemSimpleHashtable
PhAddItemsArray
PhAddItemsList
PhAddJsonArrayObject
PhAddJsonObject
PhAddJsonObject2
PhAddJsonObjectInt64
PhAddJsonObjectUInt64
PhAddJsonObjectValue
PhAddLayoutItem
PhAddLayoutItemEx
PhAddListViewColumn
PhAddListViewGroup
PhAddListViewGroupItem
PhAddListViewItem
PhAddPlusMaxMemorySingles
PhAddSetting
PhAddSettings
PhAddTabControlTab
PhAdjustPrivilege
PhAdjustRectangleToBounds
PhAdjustRectangleToWorkingArea
PhAllocate
PhAllocateExSafe
PhAllocateFromFreeList
PhAllocatePage
PhAllocateSafe
PhAppResolverGetAppIdForWindow
PhAppendBytesBuilder
PhAppendBytesBuilder2
PhAppendBytesBuilderEx
PhAppendCharStringBuilder
PhAppendCharStringBuilder2
PhAppendFormatStringBuilder
PhAppendFormatStringBuilder_V
PhAppendStringBuilder
PhAppendStringBuilderEx
PhAutoDereferenceObject
PhBitmapSetAlpha
PhBoostProvider
PhBufferToHexString
PhBufferToHexStringEx
PhCallKphQueryFileInformationWithTimeout
PhCenterRectangle
PhCenterWindow
PhChangeServiceConfig2
PhClearArray
PhClearCacheDirectory
PhClearCircularBuffer_FLOAT
PhClearCircularBuffer_PVOID
PhClearCircularBuffer_ULONG
PhClearCircularBuffer_ULONG64
PhClearHashtable
PhClearIgnoredSettings
PhClearList
PhCloseServiceHandle
PhCompareStringRef
PhCompareStringZNatural
PhCompareUnicodeStringZIgnoreMenuPrefix
PhConcatStringRef2
PhConcatStringRef3
PhConcatStrings
PhConcatStrings2
PhConcatStrings_V
PhConnectPipe
PhConvertIgnoredSettings
PhConvertMultiByteToUtf16
PhConvertMultiByteToUtf16Ex
PhConvertUtf16ToAsciiEx
PhConvertUtf16ToMultiByte
PhConvertUtf16ToMultiByteEx
PhConvertUtf16ToUtf8
PhConvertUtf16ToUtf8Buffer
PhConvertUtf16ToUtf8Ex
PhConvertUtf16ToUtf8Size
PhConvertUtf8ToUtf16
PhConvertUtf8ToUtf16Buffer
PhConvertUtf8ToUtf16Ex
PhConvertUtf8ToUtf16Size
PhCopyBytesZ
PhCopyCircularBuffer_FLOAT
PhCopyCircularBuffer_PVOID
PhCopyCircularBuffer_ULONG
PhCopyCircularBuffer_ULONG64
PhCopyConvertCircularBufferULONG
PhCopyStringZ
PhCopyStringZFromBytes
PhCopyStringZFromMultiByte
PhCountStringZ
PhCreateAlloc
PhCreateBytes
PhCreateBytesEx
PhCreateCacheFile
PhCreateDialog
PhCreateDirectoryFullPathWin32
PhCreateDirectoryWin32
PhCreateEMenu
PhCreateEMenuItem
PhCreateFile
PhCreateFileStream
PhCreateFileStream2
PhCreateFileWin32
PhCreateFileWin32Ex
PhCreateHashtable
PhCreateJsonArray
PhCreateJsonObject
PhCreateJsonParser
PhCreateJsonParserEx
PhCreateKey
PhCreateList
PhCreateNamedPipe
PhCreateObject
PhCreateObjectType
PhCreateObjectTypeEx
PhCreateOpenFileDialog
PhCreatePipe
PhCreatePointerList
PhCreateProcess
PhCreateProcessAsUser
PhCreateProcessRedirection
PhCreateProcessWin32
PhCreateProcessWin32Ex
PhCreateSaveFileDialog
PhCreateSecurityPage
PhCreateSimpleHashtable
PhCreateString
PhCreateString3
PhCreateStringEx
PhCreateSymbolProvider
PhCreateThread
PhCreateThread2
PhCreateThreadEx
PhCreateXmlNode
PhCreateXmlOpaqueNode
PhDecodeUnicodeDecoder
PhDelayExecution
PhDeleteArray
PhDeleteAutoPool
PhDeleteBytesBuilder
PhDeleteCacheFile
PhDeleteCallback
PhDeleteCircularBuffer_FLOAT
PhDeleteCircularBuffer_PVOID
PhDeleteCircularBuffer_ULONG
PhDeleteCircularBuffer_ULONG64
PhDeleteDirectoryWin32
PhDeleteFastLock
PhDeleteFile
PhDeleteFileWin32
PhDeleteFreeList
PhDeleteGraphState
PhDeleteImageVersionInfo
PhDeleteLayoutManager
PhDeleteProviderThread
PhDeleteStringBuilder
PhDeleteValueKey
PhDeleteWorkQueue
PhDereferenceObject
PhDereferenceObjectDeferDelete
PhDereferenceObjectEx
PhDestroyEMenu
PhDestroyEMenuItem
PhDestroyWindowRemote
PhDetermineDosPathNameType
PhDevFreeObjects
PhDevGetObjects
PhDeviceIoControlFile
PhDialogBox
PhDisconnectNamedPipe
PhDivideSinglesBySingle
PhDnsFree
PhDnsQuery
PhDnsQuery2
PhDoesFileExist
PhDoesFileExistWin32
PhDosErrorToNtStatus
PhDosPathNameToNtPathName
PhDrainAutoPool
PhDrawGraphDirect
PhDrawTrayIconText
PhDuplicateBytesZ
PhDuplicateBytesZSafe
PhDuplicateStringZ
PhEditSecurity
PhEllipsisString
PhEllipsisStringPath
PhEncodeUnicode
PhEnumAvlTree
PhEnumChildWindows
PhEnumDependentServices
PhEnumDirectoryFile
PhEnumDirectoryObjects
PhEnumFileStreams
PhEnumFirmwareEnvironmentValues
PhEnumGenericModules
PhEnumHashtable
PhEnumKernelModules
PhEnumNextProcess
PhEnumNextThread
PhEnumObjectIdInformation
PhEnumObjectTypes
PhEnumPagefiles
PhEnumPointerListEx
PhEnumProcessEnvironmentVariables
PhEnumProcesses
PhEnumProcessesEx
PhEnumReparsePointInformation
PhEnumWindows
PhEnumerateKey
PhEnumeratePrivileges
PhEnumerateValueKey
PhEqualStringRef
PhEscapeCommandLinePart
PhEscapeStringForMenuPrefix
PhExpandEnvironmentStrings
PhExponentiate
PhExponentiate64
PhExtractIcon
PhExtractIconEx
PhFillMemoryUlong
PhFinalArrayItems
PhFinalBytesBuilderBytes
PhFinalHash
PhFinalStringBuilderString
PhFindCharInStringRef
PhFindEMenuItem
PhFindElementAvlTree
PhFindEntryHashtable
PhFindItemList
PhFindItemPointerList
PhFindItemSimpleHashtable
PhFindLastCharInStringRef
PhFindListViewItemByFlags
PhFindListViewItemByParam
PhFindProcessInformation
PhFindProcessInformationByImageName
PhFindStringInStringRef
PhFindXmlObject
PhFlushFileStream
PhFormat
PhFormatBytes
PhFormatBytes_V
PhFormatDate
PhFormatDateTime
PhFormatDecimal
PhFormatGuid
PhFormatImageVersionInfo
PhFormatNativeKeyName
PhFormatSize
PhFormatString
PhFormatString_V
PhFormatTime
PhFormatTimeSpan
PhFormatTimeSpanRelative
PhFormatToBuffer
PhFormatUInt64
PhFree
PhFreeFileDialog
PhFreeJsonObject
PhFreeLibrary
PhFreeLibraryAsImageResource
PhFreePage
PhFreeToFreeList
PhFreeXmlObject
PhGenerateGuid
PhGenerateGuidFromName
PhGenerateRandomAlphaString
PhGenerateRandomNumber64
PhGetAccessEntries
PhGetAccessString
PhGetActiveProcessorCount
PhGetApplicationDataFileName
PhGetApplicationDirectory
PhGetApplicationDirectoryFileName
PhGetApplicationDirectoryWin32
PhGetApplicationFileNameWin32
PhGetBaseDirectory
PhGetBaseName
PhGetClassObject
PhGetComboBoxString
PhGetDeviceType
PhGetDialogItemValue
PhGetDllFileName
PhGetDllHandle
PhGetDpi
PhGetDpiValue
PhGetDrawInfoGraphBuffers
PhGetEnabledProvider
PhGetEtwPublisherName
PhGetFileDialogFileName
PhGetFileDialogFilterIndex
PhGetFileDialogOptions
PhGetFileFullAttributesInformation
PhGetFileName
PhGetFilePosition
PhGetFileSize
PhGetFileVersionFixedInfo
PhGetFileVersionInfo
PhGetFileVersionInfoEx
PhGetFileVersionInfoLangCodePage
PhGetFileVersionInfoString
PhGetFileVersionInfoString2
PhGetFirmwareEnvironmentVariable
PhGetFullPath
PhGetGenericTreeNewLines
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetHandleInformationEx
PhGetIntegerPairStringRefSetting
PhGetIntegerStringRefSetting
PhGetJobProcessIdList
PhGetJsonArrayIndexObject
PhGetJsonArrayLength
PhGetJsonArrayLong64
PhGetJsonArrayString
PhGetJsonObject
PhGetJsonObjectAsArrayList
PhGetJsonObjectBool
PhGetJsonObjectLength
PhGetJsonObjectType
PhGetJsonValueAsInt64
PhGetJsonValueAsString
PhGetJsonValueAsUInt64
PhGetKernelFileName
PhGetKernelFileName2
PhGetKnownFolderPath
PhGetKnownLocation
PhGetLineFromAddress
PhGetListBoxString
PhGetListViewItemImageIndex
PhGetListViewItemParam
PhGetListViewItemText
PhGetListViewSelectedItemText
PhGetMessage
PhGetModuleFromAddress
PhGetModuleProcAddress
PhGetMonitorDpi
PhGetNamedPipeClientComputerName
PhGetNamedPipeClientProcessId
PhGetNamedPipeServerProcessId
PhGetNtMessage
PhGetObjectSecurity
PhGetObjectType
PhGetObjectTypeInformation
PhGetObjectTypeName
PhGetOwnTokenAttributes
PhGetPositionFileStream
PhGetPrimeNumber
PhGetProcedureAddress
PhGetProcedureAddressRemote
PhGetProcessCommandLine
PhGetProcessDepStatus
PhGetProcessDeviceMap
PhGetProcessEnvironment
PhGetProcessImageFileName
PhGetProcessImageFileNameByProcessId
PhGetProcessImageFileNameWin32
PhGetProcessIsDotNet
PhGetProcessIsDotNetEx
PhGetProcessMappedFileName
PhGetProcessPackageFullName
PhGetProcessPebString
PhGetProcessPriority
PhGetProcessUnloadedDlls
PhGetProcessWindowTitle
PhGetProcessWorkingSetInformation
PhGetProcessWsCounters
PhGetScalableIntegerPairStringRefSetting
PhGetSeObjectSecurity
PhGetSelectedListViewItemParam
PhGetSelectedListViewItemParams
PhGetServiceConfig
PhGetServiceConfigFileName
PhGetServiceDescription
PhGetServiceDllParameter
PhGetServiceErrorControlInteger
PhGetServiceErrorControlString
PhGetServiceFileName
PhGetServiceNameFromTag
PhGetServiceStartTypeInteger
PhGetServiceStartTypeString
PhGetServiceStateString
PhGetServiceTypeInteger
PhGetServiceTypeString
PhGetSidFullName
PhGetSizeDpiValue
PhGetStatusMessage
PhGetStockApplicationIcon
PhGetStringRefSetting
PhGetSymbolFromAddress
PhGetSymbolFromName
PhGetSystemDirectory
PhGetSystemDpi
PhGetSystemMetrics
PhGetSystemParametersInfo
PhGetSystemRoot
PhGetTaskbarDpi
PhGetTemporaryDirectoryRandomAlphaFileName
PhGetThreadServiceTag
PhGetTokenGroups
PhGetTokenIntegrityLevel
PhGetTokenIntegrityLevelRID
PhGetTokenOwner
PhGetTokenPrimaryGroup
PhGetTokenPrivileges
PhGetTokenUser
PhGetTreeNewText
PhGetWin32Message
PhGetWindowContext
PhGetWindowDpi
PhGetWindowText
PhGetWindowTextEx
PhGetXmlInterface
PhGetXmlNodeAttributeByIndex
PhGetXmlNodeAttributeCount
PhGetXmlNodeAttributeText
PhGetXmlNodeElementText
PhGetXmlNodeFirstChild
PhGetXmlNodeNextChild
PhGetXmlNodeOpaqueText
PhGetXmlObject
PhGraphStateGetDrawInfo
PhHashBytes
PhHashStringRef
PhHashStringRefEx
PhHexStringToBuffer
PhHexStringToBufferEx
PhHttpDnsQuery
PhHttpSocketAddRequestHeaders
PhHttpSocketBeginRequest
PhHttpSocketClose
PhHttpSocketConnect
PhHttpSocketCreate
PhHttpSocketDestroy
PhHttpSocketDownloadString
PhHttpSocketEndRequest
PhHttpSocketGetErrorMessage
PhHttpSocketParseUrl
PhHttpSocketQueryHeaderString
PhHttpSocketQueryHeaderUlong
PhHttpSocketQueryHeaderUlong64
PhHttpSocketQueryHeaders
PhHttpSocketQueryOptionString
PhHttpSocketReadData
PhHttpSocketReadDataToBuffer
PhHttpSocketSendRequest
PhHttpSocketSetCredentials
PhHttpSocketSetFeature
PhHttpSocketSetSecurity
PhHttpSocketWriteData
PhHungWindowFromGhostWindow
PhIconToBitmap
PhImageListAddBitmap
PhImageListAddIcon
PhImageListCreate
PhImageListDestroy
PhImageListDrawEx
PhImageListDrawIcon
PhImageListGetIcon
PhImageListRemoveIcon
PhImageListReplace
PhImageListSetBkColor
PhImageListSetIconSize
PhImageListSetImageCount
PhImpersonateToken
PhIndexOfEMenuItem
PhInitializeArray
PhInitializeAutoPool
PhInitializeAvlTree
PhInitializeBytesBuilder
PhInitializeCallback
PhInitializeCircularBuffer_FLOAT
PhInitializeCircularBuffer_PVOID
PhInitializeCircularBuffer_ULONG
PhInitializeCircularBuffer_ULONG64
PhInitializeFastLock
PhInitializeFreeList
PhInitializeGraphState
PhInitializeHash
PhInitializeImageVersionInfo
PhInitializeImageVersionInfoEx
PhInitializeLayoutManager
PhInitializeProviderThread
PhInitializeStringBuilder
PhInitializeWindowTheme
PhInitializeWorkQueue
PhInitializeWorkQueueEnvironment
PhInsertEMenuItem
PhInsertItemList
PhInsertItemsList
PhInsertStringBuilder

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 552KB - Virtual size: 549KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 4KB - Virtual size: 256B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.si3rc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.si3rd
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 292KB - Virtual size: 289KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/x86/SystemInformer.sig
CSASASDSACSA/x86/plugins/DotNetTools.dll
.dll windows:6 windows x86 arch:x86

8614ae319b0f5442050c0c1e4d6275f8

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2023 00:00

Not After

15-09-2026 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

97:7f:88:b1:ff:1e:9e:9a:fc:a1:ea:ae:80:31:60:31:4d:6f:e0:b3:93:66:74:66:f4:72:4a:88:9f:d0:40:f8
Signer

Actual PE Digest

97:7f:88:b1:ff:1e:9e:9a:fc:a1:ea:ae:80:31:60:31:4d:6f:e0:b3:93:66:74:66:f4:72:4a:88:9f:d0:40:f8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DotNetTools.pdb

Imports

systeminformer.exe

PhFreeLibraryAsImageResource
PhLoadLibrary
PhOpenThread
PhVerifyFileIsChainedToMicrosoft
PhLoadResource
PhEnumDirectoryFile
PhImpersonateToken
PhCreateFileWin32
PhGetTemporaryDirectoryRandomAlphaFileName
PhGetBaseName
PhGetJsonArrayString
PhReferenceEmptyString
PhGetProcedureAddress
PhRevertImpersonationToken
PhFreeLibrary
PhAddJsonArrayObject
PhGetProcessMappedFileName
PhDeleteImageVersionInfo
PhAddJsonObjectUInt64
PhCreateFileWin32Ex
PhConvertUtf16ToUtf8Ex
PhEqualStringRef
PhDeleteFileWin32
PhFreeJsonObject
PhAddJsonObject2
PhDeleteDirectoryWin32
PhBufferToHexString
PhOpenProcess
PhAddJsonObjectValue
PhConcatStringRef3
PhGetSystemRoot
PhLoadLibraryAsImageResource
PhOpenProcessToken
PhConcatStringRef2
PhQueryTokenVariableSize
PhAutoDereferenceObject
PhFormatString_V
_PhPluginInvokeWindowCallback@12
_PhGetPluginCallback@8
_PhRegisterPlugin@12
PhRegisterCallback
_PhPluginSetObjectExtension@20
_PhGetGeneralCallback@4
PhAddSettings
_PhCopyListView@4
PhLoadListViewGroupStatesFromSetting
_PhHandleListViewNotifyBehaviors@12
PhLoadListViewSortColumnsFromSetting
_PhGetListViewContextMenuPoint@8
PhSaveListViewColumnsToSetting
PhSaveListViewGroupStatesToSetting
PhUnregisterCallback
PhLoadListViewColumnsFromSetting
PhAddListViewGroupItem
PhAddListViewColumn
PhSetExtendedListView
PhSaveListViewSortColumnsToSetting
PhAddListViewGroup
_PhInsertCopyListViewEMenuItem@12
PhWindowThemeControlColor
PhFormatToBuffer
_PhHandleCopyListViewEMenuItem@4
PhGetSelectedListViewItemParams
PhCreateSimpleHashtable
PhfAcquireQueuedLockExclusive
PhFindItemSimpleHashtable
PhfWakeForReleaseQueuedLock
PhRemoveItemSimpleHashtable
PhAddItemSimpleHashtable
_PhPluginGetObjectExtension@12
_PhPluginAddTreeNewColumn@24
PhInitializeImageVersionInfoEx
PhEnumGenericModules
PhNtStatusToDosError
PhGetFileName
PhGetBaseDirectory
PhCreateJsonObject
PhExpandEnvironmentStrings
PhLoadMappedImage
PhCreateJsonArray
PhGetProcessImageFileNameByProcessId
PhFindLastCharInStringRef
PhCreateThreadEx
PhInsertEMenuItem
PhCreateList
PhCreateString
PhGetTreeNewText
PhFormat
PhCreateObjectType
PhUnloadMappedImage
_PhInitializeTreeNewFilterSupport@12
PhSetControlTheme
PhFormatString
_PhCreateSearchControl@20
PhAllocate
PhCountStringZ
PhCreateEMenuItem
PhClearList
PhInitializeStringBuilder
_PhCmLoadSettings@8
_PhPropPageDlgProcHeader@24
PhCompareStringRef
PhConcatStrings2
_PhDeleteTreeNewColumnMenu@4
PhCreateEMenu
PhFormatGuid
_PhHandleCopyCellEMenuItem@4
PhAddItemList
PhGetStringRefSetting
PhGetWin32Message
PhfEndInitOnce
PhAddItemsList
PhInitializeWindowTheme
_PhInitializeTreeNewColumnMenuEx@8
_PhHandleTreeNewColumnMenu@4
PhGetIntegerStringRefSetting
PhSetIntegerStringRefSetting
PhSetClipboardString
_PhAddTreeNewFilter@12
PhGetProcessIsDotNetEx
PhSetIntegerPairStringRefSetting
PhGetGlobalWorkQueue
PhSplitStringRefAtChar
PhSetStringRefSetting
_PhAddProcessPropPage@8
PhRemoveStringBuilder
PhCreateStringEx
PhQueueItemWorkQueue
_PhDoPropPageLayout@4
PhFinalStringBuilderString
_PhApplyTreeNewFilters@4
_PhSearchControlMatch@8
_PhShellExecuteUserString@20
PhShowEMenu
PhCreateObject
PhDoesFileExistWin32
_PhRemoveTreeNewFilter@8
PhDestroyEMenu
PhFree
PhConcatStrings
_PhCmSaveSettings@4
PhReferenceObject
_PhInsertCopyCellEMenuItem@16
PhGetIntegerPairStringRefSetting
_PhDeleteTreeNewFilterSupport@4
_PhCreateProcessPropPageContextEx@16
PhAppendStringBuilder
PhDereferenceObject
PhfBeginInitOnce
PhSetFlagsEMenuItem
_PhAddPropPageLayoutItem@16
PhFormatUInt64

ntdll

NtMapViewOfSection
NtOpenSection
RtlAddSIDToBoundaryDescriptor
NtOpenPrivateNamespace
NtUnmapViewOfSection
RtlFreeHeap
RtlCreateBoundaryDescriptor
NtReadVirtualMemory
NtQueryInformationProcess
NtWriteFile
NtGetContextThread
NtWaitForSingleObject
NtClose
RtlUnwind

kernel32

DecodePointer
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
HeapFree
HeapAlloc
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
EncodePointer
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
SetLastError
InterlockedFlushSList
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
LoadLibraryExA
GetProcAddress
GetModuleHandleW
FreeLibrary
VirtualQuery
VirtualProtect
GetSystemInfo
RaiseException
LCMapStringW
GetProcessHeap
GetStdHandle
GetLastError
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW

user32

PostMessageW
UpdateWindow
GetKeyState
GetDlgItem
SendMessageW
SetFocus
SetWindowLongW
GetWindowRect

Sections

.text
Size: 84KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 4KB - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/x86/plugins/DotNetTools.sig
CSASASDSACSA/x86/plugins/ExtendedTools.dll
.dll windows:6 windows x86 arch:x86

97dc781c6a92c28679ad1fadbeccebaf

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2013 12:00

Not After

15-01-2038 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

21-09-2023 00:00

Not After

15-09-2026 23:59

Subject

CN=Winsider Seminars & Solutions Inc.,O=Winsider Seminars & Solutions Inc.,L=Montréal,ST=Quebec,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

23:db:19:61:23:49:cc:fe:54:4f:8e:e5:3f:17:92:2a:69:0d:a5:be:5a:c6:a3:dd:fe:b4:34:ab:2b:00:7e:fc
Signer

Actual PE Digest

23:db:19:61:23:49:cc:fe:54:4f:8e:e5:3f:17:92:2a:69:0d:a5:be:5a:c6:a3:dd:fe:b4:34:ab:2b:00:7e:fc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ExtendedTools.pdb

Imports

systeminformer.exe

_PhHandleListViewNotifyForCopy@8
PhSaveListViewColumnsToSetting
PhFinalStringBuilderString
PhGetListViewItemParam
PhRemoveStringBuilder
PhLoadWindowPlacementFromSetting
_PhSetApplicationWindowIcon@4
PhGetWindowContext
PhRemoveListViewItem
PhShowStatus
PhLoadListViewColumnsFromSetting
PhFormatGuid
PhAddListViewColumn
PhGetSelectedListViewItemParam
PhInitializeStringBuilder
PhSetExtendedListView
PhDialogBox
PhEqualStringRef
PhSetFirmwareEnvironmentVariable
PhSaveWindowPlacementToSetting
PhFindListViewItemByFlags
PhSetListViewSubItem
PhDeleteLayoutManager
PhInitializeLayoutManager
PhFormatSize
PhCreateString
_PhInsertCopyListViewEMenuItem@12
PhWindowThemeControlColor
PhSetWindowContext
_PhHandleCopyListViewEMenuItem@4
PhGetSelectedListViewItemParams
PhSetWindowText
PhSetScalableIntegerPairStringRefSetting2
PhInitializeAutoPool
PhFormatString_V
PhDrainAutoPool
PhCreateFileStream
PhCreateSaveFileDialog
PhSetFileDialogFileName
PhSetIntegerStringRefSetting
PhGetFileDialogFileName
PhDeleteAutoPool
PhAdjustRectangleToWorkingArea
PhSetFileDialogFilter
PhGetWindowText
PhSelectComboBoxString
PhGetScalableIntegerPairStringRefSetting
PhCreateDialog
PhGetFirmwareEnvironmentVariable
PhShowFileDialog
PhFreeFileDialog
PhGetMonitorDpi
PhWriteFileStream
_PhGetStatisticsTimeString@8
_PhAddPropPageLayoutItem@16
PhSetGroupBoxText
PhMaxMemorySingles
_PhCreateProcessPropPageContextEx@16
PhSetGraphText
PhGetWindowDpi
PhGetDpi
PhCopyCircularBuffer_FLOAT
_PhDoPropPageLayout@4
_PhAddProcessPropPage@8
PhGraphStateGetDrawInfo
PhDeleteGraphState
PhUnregisterCallback
_PhSiSetColorsGraphDrawInfo@16
_PhPropPageDlgProcHeader@24
PhInitializeGraphState
PhDivideSinglesBySingle
PhfBeginInitOnce
PhInitializeWorkQueue
PhDnsQuery
PhGetSidFullName
PhHashBytes
PhLoadLibrary
PhQueueItemWorkQueue
_PhFindPlugin2@4
PhGenerateGuid
PhGetBaseName
PhGetProcedureAddress
_PhEnumProcessItems@8
PhfEndInitOnce
_PhGetPluginInformation@4
PhAppendFormatStringBuilder
PhDnsFree
PhDnsQuery2
PhHashStringRefEx
PhGetSystemMetrics
PhFormatDateTime
PhImageListDrawIcon
PhAddItemsList
PhDoesFileExist
PhInsertItemList
PhLargeIntegerToLocalSystemTime
PhFormatUInt64
PhfResetEvent
PhShowMessage
PhfSetEvent
PhAddListViewGroupItem
PhfWaitForEvent
PhAddListViewGroup
PhCreateThreadEx
_PhReferenceProcessRecordForStatistics@4
PhQueryRegistryUlong
PhInitializeCircularBuffer_FLOAT
PhFormatDate
PhQueryValueKey
PhAddListViewItem
PhInitializeCircularBuffer_ULONG
PhQueryRegistryUlong64
_PhSiDoubleLabelYFunction@16
PhGetSizeDpiValue
PhCopyConvertCircularBufferULONG
_PhSiSizeLabelYFunction@16
_PhGetStatisticsTime@12
PhGetDrawInfoGraphBuffers
_PhFindProcessRecord@8
PhSetDialogItemText
PhAddLayoutItemEx
PhDrawTrayIconText
PhBitmapSetAlpha
PhNfGetTrayIconFont
_PhShowSystemInformationDialog@4
PhStringToGuid
PhDrawGraphDirect
PhGetGlobalWorkQueue
PhGetHandleInformation
PhGetDeviceType
PhEnumProcesses
PhStdGetClientIdName
PhCallKphQueryFileInformationWithTimeout
PhEnumDirectoryFile
KphEnumerateProcessHandles2
KphLevel
PhGetNamedPipeServerProcessId
PhGetAccessEntries
PhGetAccessString
PhOpenProcess
PhOpenFile
PhImageListCreate
PhLoadIcon
PhConcatStringRef2
PhDosErrorToNtStatus
PhOpenDriver
PhGetModuleProcAddress
PhEnumDirectoryObjects
PhImageListDestroy
PhEditSecurity
PhConcatStringRef3
PhSetListViewItemImageIndex
PhImageListAddIcon
PhZeroExtendToUtf16Ex
PhExpandEnvironmentStrings
PhConvertUtf16ToUtf8Buffer
PhGetApplicationDirectoryFileName
PhSplitStringRefAtString
PhCreateString3
PhClearList
PhCreateFile
PhGetFileSize
_PhDeleteTreeNewFilterSupport@4
PhZeroExtendToUtf16Buffer
_PhSearchControlMatch@8
_PhCreateSearchControl@20
_PhSearchControlMatchLongHintZ@8
PhfReleaseFastLockExclusive
PhfAcquireFastLockExclusive
PhQueryObjectName
PhConcatStrings
PhOpenFileById
PhEnumReparsePointInformation
PhDeviceIoControlFile
PhShowConfirmMessage
PhEnumObjectIdInformation
PhGetProcessUnloadedDlls
PhBufferToHexString
_PhPluginGetObjectExtension@12
_PhPluginAddTreeNewColumn@24
PhGetClassObject
_PhPluginEnableTreeNewNotify@8
_PhDuplicateProcessInformation@4
_PhReferenceNetworkItem@16
PhIsExecutingInWow64
PhDeleteCircularBuffer_FLOAT
_PhGetPluginCallback@8
_PhRegisterPlugin@12
PhIndexOfEMenuItem
PhSetListViewItemParam
_PhPluginSetObjectExtension@20
PhDeleteCircularBuffer_ULONG
PhAddSettings
_PhPluginCreateEMenuItem@20
PhDeleteCircularBuffer_ULONG64
_PhCreateServiceListControl@12
_PhReferenceServiceItem@4
PhCreateSymbolProvider
PhCreateAlloc
PhEnumGenericModules
_PhLoadSymbolProviderOptions@4
PhGetSymbolFromAddress
PhLoadModuleSymbolProvider
PhOpenThread
PhSecondsSince1970ToTime
PhCopyStringZ
_PhCreateProcessPropContext@8
PhEnumNextThread
_PhShowProcessProperties@4
PhFreeLibrary
PhFormatTime
_PhSetSelectThreadIdProcessPropContext@8
PhGetListViewItemText
PhFindItemSimpleHashtable
PhSystemBasicInformation
PhGetModuleFromAddress
PhAddItemSimpleHashtable
PhAdjustPrivilege
PhCenterWindow
_PhGetListViewContextMenuPoint@8
PhFindListViewItemByParam
PhAppendStringBuilder
PhLayoutManagerLayout
PhRemoveWindowContext
PhEnumFirmwareEnvironmentValues
_PhCopyListView@4
PhIsFirmwareSupported
PhSetThreadName
PhCreateThread2
PhDelayExecution
PhGetOwnTokenAttributes
PhAutoDereferenceObject
PhCreateObjectType
PhQueryPerformanceCounter
PhAddEntryHashtableEx
PhInvokeCallback
_PhGetGeneralCallback@4
PhAllocateFromFreeList
PhInitializeFreeList
_PhDereferenceProcessRecord@4
PhCreateObject
_PhReferenceProcessItem@4
PhGetFileName
PhFreeToFreeList
_PhReferenceProcessRecord@4
PhCreateSimpleHashtable
PhQueryPerformanceFrequency
PhFindLastCharInStringRef
PhMainWndHandle
PhInsertEMenuItem
PhAddLayoutItem
PhFormatToBuffer
PhCreateList
PhGetStatusMessage
_PhGetPluginInterface@8
PhGetTreeNewText
_PhShowProcessRecordDialog@8
PhFormat
_PhInitializeTreeNewFilterSupport@12
PhSetControlTheme
PhFormatString
_PhFindProcessNode@4
PhCreateEMenuItem
PhRemoveEntryHashtable
_PhPluginInvokeWindowCallback@12
PhSetFlagsAllEMenuItems
_PhCmLoadSettings@8
PhAddItemArray
PhCompareStringRef
_PhDeleteTreeNewColumnMenu@4
PhFindEMenuItem
PhCreateEMenu
_PhHandleCopyCellEMenuItem@4
PhAddItemList
PhGetStringRefSetting
_PhReferenceProcessItemForRecord@4
PhShellExploreFile
PhInitializeWindowTheme
_PhInitializeTreeNewColumnMenuEx@8
_PhHandleTreeNewColumnMenu@4
_PhPluginCreateTabPage@4
PhInitializeArray
PhRemoveItemList
PhGetIntegerStringRefSetting
PhSetClipboardString
_PhAddTreeNewFilter@12
PhReferenceEmptyString
_PhApplyTreeNewFiltersToNode@8
PhShowMessage2
_PhGetProcessSmallImageList@0
PhSetIntegerPairStringRefSetting
PhSetStringRefSetting
PhCreateStringEx
_PhApplyTreeNewFilters@4
PhFindItemList
_PhShellExecuteUserString@20
PhShowEMenu
PhRegisterCallback
PhRemoveItemsArray
_PhSelectAndEnsureVisibleProcessNode@4
PhDoesFileExistWin32
PhDestroyEMenu
_PhCmSaveSettings@4
PhReferenceObject
_PhInsertCopyCellEMenuItem@16
PhGetIntegerPairStringRefSetting
PhWriteStringAsUtf8FileStream
PhGetGenericTreeNewLines
PhShellProperties
PhSetFlagsEMenuItem
PhAddEntryHashtable
PhfReleaseQueuedLockShared
PhAllocate
PhCountStringZ
PhStringToInteger64
PhfWakeForReleaseQueuedLock
PhClearHashtable
PhCreateHashtable
PhfAcquireQueuedLockShared
PhSplitStringRefAtChar
PhFree
PhfAcquireQueuedLockExclusive
PhEnumHashtable
PhDereferenceObject
PhInitializeCircularBuffer_ULONG64
PhFindEntryHashtable

ntdll

NtSetInformationProcess
NtQueryInformationProcess
NtQueryInformationThread
NtCancelSynchronousIoFile
NtDuplicateObject
NtQueryInformationWorkerFactory
RtlValidSecurityDescriptor
RtlGetOwnerSecurityDescriptor
NtQuerySystemInformation
NtReadFile
NtOpenSection
NtOpenJobObject
NtOpenDirectoryObject
NtOpenSession
NtOpenKeyedEvent
RtlUnwind
NtOpenEvent
NtOpenKey
NtOpenSymbolicLinkObject
NtOpenMutant
NtQueryInformationFile
RtlSetBits
RtlInitializeBitMap
NtClose
RtlIpv6AddressToStringExW
RtlIpv4AddressToStringExW
RtlInterlockedFlushSList
RtlRaiseStatus
RtlInterlockedPushEntrySList
NtAlpcConnectPort

kernel32

RaiseException
GetSystemInfo
VirtualProtect
VirtualQuery
FreeLibrary
GetCurrentProcess
GetModuleHandleW
GetProcAddress
LoadLibraryExA
UnhandledExceptionFilter
DecodePointer
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
InterlockedFlushSList
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
HeapFree
HeapAlloc
HeapReAlloc
HeapSize
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
LocalFree
GetLastError
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
SetFilePointerEx
CreateFileW
CloseHandle
WriteConsoleW
SetUnhandledExceptionFilter

user32

SetTimer
KillTimer
MapWindowPoints
EnableWindow
GetCursorPos
SetWindowTextW
GetWindowRect
DestroyIcon
SetCursor
LoadImageW
SetWindowPos
PostQuitMessage
IsIconic
DrawTextW
GetParent
GetWindowLongW
DeferWindowPos
PostMessageW
BeginDeferWindowPos
EndDeferWindowPos
MapDialogRect
SetWindowLongW
GetClientRect
GetMessageW
DestroyWindow
ShowWindow
DispatchMessageW
IsDialogMessageW
MoveWindow
TranslateMessage
SetForegroundWindow
EndDialog
GetDlgItem
GetKeyState
CreateWindowExW
SendMessageW
SetFocus
InvalidateRect

gdi32

D3DKMTCloseAdapter
D3DKMTQueryStatistics
D3DKMTQueryAdapterInfo
SelectObject
D3DKMTOpenAdapterFromDeviceName

advapi32

CloseThreadWaitChainSession
CloseTrace
ProcessTrace
StartTraceW
ConvertSecurityDescriptorToStringSecurityDescriptorW
PerfCloseQueryHandle
PerfQueryCounterData
PerfOpenQueryHandle
PerfAddCounters
EnableTraceEx2
OpenTraceW
ControlTraceW
GetThreadWaitChain
OpenThreadWaitChainSession
RegisterWaitChainCOMCallback

comctl32

CreatePropertySheetPageW

Sections

.text
Size: 328KB - Virtual size: 327KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 184KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 596KB - Virtual size: 594KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CSASASDSACSA/x86/plugins/ExtendedTools.sig
MediaGet 3.01.4319.exe
.exe windows:1 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Sections

CODE
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

DATA
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: - Virtual size: 3KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 8B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
_About.txt
_Readme.txt
_Silent Install.cmd
_Unpack Portable.cmd
Описание.txt

Sharing

General

Malware Config

Signatures

Files

027166c97025b87b2219a54ea593c913

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

34:a3:55:ba:42:bd:46:d2:68:b0:96:a7:9e:cf:07:98:02:6e:48:1a:ba:87:54:f5:df:b6:61:ab:8b:00:13:9fSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

ntdll

kernel32

user32

gdi32

advapi32

ole32

Exports

Exports

Sections

.text Size: 2.0MB - Virtual size: 2.0MB

.rdata Size: 708KB - Virtual size: 706KB

.data Size: 36KB - Virtual size: 64KB

.pdata Size: 80KB - Virtual size: 76KB

.didat Size: 4KB - Virtual size: 512B

_RDATA Size: 4KB - Virtual size: 640B

.si3rc Size: 12KB - Virtual size: 8KB

.si3rd Size: 4KB - Virtual size: 24B

.rsrc Size: 292KB - Virtual size: 289KB

.reloc Size: 12KB - Virtual size: 11KB

9f3845c4018003a0646180dea2b687ad

Code Sign

33:00:00:00:68:64:82:c2:f9:11:1a:c8:76:00:00:00:00:00:68Certificate

Extended Key Usages

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0dCertificate

Key Usages

3a:c5:e8:63:fc:65:de:3e:07:74:3b:23:3d:86:c9:5e:9d:4c:03:c4:73:97:0d:3c:ae:84:02:91:15:25:a9:22Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ksi

fltmgr.sys

ksecdd.sys

ntoskrnl.exe

hal

Sections

.text Size: 32KB - Virtual size: 29KB

.rdata Size: 16KB - Virtual size: 13KB

.data Size: 4KB - Virtual size: 2KB

.pdata Size: 8KB - Virtual size: 5KB

KSIRO Size: 16KB - Virtual size: 12KB

KSIDATA Size: 4KB - Virtual size: 864B

PAGE Size: 112KB - Virtual size: 111KB

PAGEDATA Size: 4KB - Virtual size: 25B

INIT Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 4KB

7aa58473975a85b44e72574ad135628e

Code Sign

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

34:a3:55:ba:42:bd:46:d2:68:b0:96:a7:9e:cf:07:98:02:6e:48:1a:ba:87:54:f5:df:b6:61:ab:8b:00:13:9f
Signer

.text
Size: 2.0MB - Virtual size: 2.0MB

.rdata
Size: 708KB - Virtual size: 706KB

.data
Size: 36KB - Virtual size: 64KB

.pdata
Size: 80KB - Virtual size: 76KB

.didat
Size: 4KB - Virtual size: 512B

_RDATA
Size: 4KB - Virtual size: 640B

.si3rc
Size: 12KB - Virtual size: 8KB

.si3rd
Size: 4KB - Virtual size: 24B

.rsrc
Size: 292KB - Virtual size: 289KB

.reloc
Size: 12KB - Virtual size: 11KB

33:00:00:00:68:64:82:c2:f9:11:1a:c8:76:00:00:00:00:00:68
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

3a:c5:e8:63:fc:65:de:3e:07:74:3b:23:3d:86:c9:5e:9d:4c:03:c4:73:97:0d:3c:ae:84:02:91:15:25:a9:22
Signer

.text
Size: 32KB - Virtual size: 29KB

.rdata
Size: 16KB - Virtual size: 13KB

.data
Size: 4KB - Virtual size: 2KB

.pdata
Size: 8KB - Virtual size: 5KB

KSIRO
Size: 16KB - Virtual size: 12KB

KSIDATA
Size: 4KB - Virtual size: 864B

PAGE
Size: 112KB - Virtual size: 111KB

PAGEDATA
Size: 4KB - Virtual size: 25B

INIT
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 4KB

33:00:00:00:68:64:82:c2:f9:11:1a:c8:76:00:00:00:00:00:68
Certificate

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

56:7b:e2:d3:14:b1:a4:79:e2:51:5c:59:5b:3d:f8:b7:64:10:c6:80:fd:85:f6:29:0c:2b:3f:a9:57:60:cc:c1
Signer

.text
Size: 4KB - Virtual size: 1KB

.rdata
Size: 4KB - Virtual size: 928B

.data
Size: 4KB - Virtual size: 25B

.pdata
Size: 4KB - Virtual size: 180B

KSIDATA
Size: 4KB - Virtual size: 24B

.edata
Size: 4KB - Virtual size: 284B

INIT
Size: 4KB - Virtual size: 338B

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 168B

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

f8:bc:ba:6d:d9:82:03:94:e6:43:76:4d:3b:26:e9:3f:ec:53:5a:e9:01:10:c5:91:3a:b8:d5:d0:37:61:a3:ab
Signer

.text
Size: 912KB - Virtual size: 910KB

.rdata
Size: 432KB - Virtual size: 429KB

.data
Size: 12KB - Virtual size: 21KB

.pdata
Size: 32KB - Virtual size: 28KB

.didat
Size: 4KB - Virtual size: 1KB

_RDATA
Size: 4KB - Virtual size: 640B

.si3rc
Size: 12KB - Virtual size: 8KB

.si3rd
Size: 4KB - Virtual size: 24B

.rsrc
Size: 184KB - Virtual size: 181KB

.reloc
Size: 8KB - Virtual size: 5KB

05:9b:1b:57:9e:8e:21:32:e2:39:07:bd:a7:77:75:5c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

05:0a:5a:39:6d:03:ea:60:cd:53:68:b3:d7:ba:f7:a6
Certificate