1029a9124b1381e54ad23ee88a6adb0f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

1029a9124b1381e54ad23ee88a6adb0f_JaffaCakes118
Size

7.2MB
MD5

1029a9124b1381e54ad23ee88a6adb0f
SHA1

1f3a36d691f877fe83de8bca221d20fa16b1ece3
SHA256

78f03d617612c182d376bd6b10e16412ff204c40b2caf211807066866efc914b
SHA512

c079e9b5fc48d5497465e7d5259970d39f5b072e3af7a07aa0b24430e3f11c2b85a4c1dc677da1d58f3939b89719ec55999e86339799e102f87890683e5cc2aa
SSDEEP

196608:OpMLTLuTs0aiUrAi5C8U65CZavsai1f1vruzU6tWGPiidmL22mlA:BfuTpaiUESxNaR1fpKzUKiemKhlA

Score

3^/10

Malware Config

Signatures

Unsigned PE 2 IoCs

Checks for missing Authenticode signature.

resource
unpack001/mfc80.dll
unpack001/mfc80u.dll

Files

1029a9124b1381e54ad23ee88a6adb0f_JaffaCakes118
.cab
DMON.dll
.dll regsvr32 windows:4 windows x64 arch:x64

c0732a9e399e57b1ea39125d8cfca23d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:aa:58:c1:7a:48:e5:2a:a8:17:43:c9:25:0e:7d:b9:e3:6a:49:00
Signer

Actual PE Digest

6a:aa:58:c1:7a:48:e5:2a:a8:17:43:c9:25:0e:7d:b9:e3:6a:49:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

DMON.pdb

Imports

kernel32

lstrlenA
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
GetVersionExW
CreateEventW
GetCurrentThreadId
SetEvent
TerminateThread
WaitForSingleObject
GetCurrentProcessId
CreateThread
UnmapViewOfFile
ReleaseMutex
MapViewOfFile
OpenFileMappingW
DuplicateHandle
GetCurrentProcess
WaitForMultipleObjects
OpenMutexW
LocalFree
LocalAlloc
lstrcmpA
GetModuleHandleA
GetVersion
SetThreadPriority
GetCurrentThread
lstrcpynA
GetTickCount
Sleep
ReadFile
WriteFile
SetFilePointer
GetFileSize
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetFileAttributesW
GetFullPathNameW
SetLastError
lstrcpynW
GetProcAddress
LoadLibraryW
WideCharToMultiByte
GlobalAlloc
GlobalLock
GetTempPathW
GetTempFileNameW
DeleteFileW
lstrlenW
CreateFileW
CloseHandle
GetThreadLocale
SetThreadLocale
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetSystemTimeAsFileTime
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapAlloc
HeapFree
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
HeapReAlloc
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlCaptureContext
RtlVirtualUnwind
FlsGetValue
TlsFree
FlsFree
TlsSetValue
FlsAlloc

user32

CharNextW
DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects
UnregisterClassA

advapi32

EqualSid
RegOpenKeyA
RegQueryValueExA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteExW
ord680

ole32

CoInitialize
CoUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 102KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DMON.dll_1
.dll regsvr32 windows:4 windows x86 arch:x86

0d381e7d8fbd9948e48fc8f88b70af88

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:b7:f6:9b:19:54:e8:17:34:89:25:c1:97:87:4d:be:f3:0b:d5:ed
Signer

Actual PE Digest

1b:b7:f6:9b:19:54:e8:17:34:89:25:c1:97:87:4d:be:f3:0b:d5:ed

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

DMON.pdb

Imports

kernel32

GetFullPathNameW
GetFileAttributesW
lstrcpynA
lstrlenA
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
GetVersionExW
CreateEventW
GetCurrentThreadId
SetEvent
TerminateThread
WaitForSingleObject
GetCurrentProcessId
CreateThread
UnmapViewOfFile
CreateMutexW
ReleaseMutex
VirtualAlloc
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
DuplicateHandle
WaitForMultipleObjects
OpenMutexW
LocalFree
LocalAlloc
lstrcmpA
GetModuleHandleA
GetVersion
SetThreadPriority
SetLastError
GetSystemTimeAsFileTime
GetTickCount
Sleep
ReadFile
WriteFile
SetFilePointer
GetFileSize
FlushFileBuffers
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
lstrcpynW
GetProcAddress
LoadLibraryW
WideCharToMultiByte
GlobalAlloc
GlobalLock
GetTempPathW
GetTempFileNameW
lstrlenW
DeleteFileW
CreateFileW
CloseHandle
GetCurrentProcess
GetThreadLocale
SetThreadLocale
GetModuleHandleW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
InterlockedDecrement
InterlockedIncrement
GetModuleFileNameW
lstrcmpiW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetCurrentThread
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
LoadLibraryA
InterlockedExchange
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapAlloc
HeapFree
RtlUnwind
HeapReAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree

user32

CharNextW
PeekMessageW
DispatchMessageW
TranslateMessage
MsgWaitForMultipleObjects
UnregisterClassA

advapi32

RegQueryValueExW
EqualSid
RegOpenKeyA
RegQueryValueExA
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteExW
ord680

ole32

CoInitialize
CoUninitialize
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
SysAllocString
SysFreeString
SysStringLen

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EHttpSrv.exe
.exe windows:4 windows x64 arch:x64

18078e0bb93c3c325613d1850477db20

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a8:45:8f:8a:c0:f0:1b:63:5a:2f:cf:1a:f0:c9:a5:4e:f4:49:ba:45
Signer

Actual PE Digest

a8:45:8f:8a:c0:f0:1b:63:5a:2f:cf:1a:f0:c9:a5:4e:f4:49:ba:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

EHttpSrv.pdb

Imports

crypt32

CryptExportPublicKeyInfo
CryptEncodeObject

kernel32

GetTickCount
GetVersionExW
GetCurrentProcess
GetModuleFileNameA
GetModuleHandleA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualProtect
GetModuleFileNameW
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
LoadLibraryW
GetProcAddress
GetFileSize
CreateFileA
SetLastError
GetFullPathNameW
GetFileAttributesW
lstrcpynA
lstrlenA
GetLastError
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
MultiByteToWideChar
Sleep
CloseHandle
WriteFile
CreateFileW
FreeLibrary
GetCommandLineW

user32

DestroyWindow
CreateWindowExW
RegisterClassExW
DefWindowProcW
MessageBoxW

advapi32

CryptGenKey
CryptExportKey
CryptDestroyKey
RegQueryValueExW
DeleteService
OpenServiceW
CloseServiceHandle
StartServiceW
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
CreateServiceW
OpenSCManagerW
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerW
CryptReleaseContext
CryptAcquireContextW

shell32

SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc
SHGetPathFromIDListW

msvcr80

memset
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__crt_debugger_hook
__set_app_type
_fmode
_commode
_wtol
??_U@YAPEAX_K@Z
??3@YAXPEAX@Z
swprintf_s
wcsstr
wcschr
vswprintf_s
wcsncpy_s
wcscat_s
wcscpy_s
wcsrchr
__C_specific_handler
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_stricmp
_amsg_exit
__wgetmainargs
_XcptFilter
_exit
_cexit
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
memcpy

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EHttpSrv.xml
.xml
EpfwTdiR.sys
.sys windows:6 windows x64 arch:x64

90bef0e848ff9812080bfd6ad4882ae3

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:a8:7b:bb:68:6f:1c:02:73:2d:b4:ed:cb:b8:2a:29:fc:ad:b2:ba
Signer

Actual PE Digest

ba:a8:7b:bb:68:6f:1c:02:73:2d:b4:ed:cb:b8:2a:29:fc:ad:b2:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

EpfwTdiR.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
KeClearEvent
IoBuildDeviceIoControlRequest
ExFreePoolWithTag
KeInitializeEvent
IoFreeMdl
KeWaitForSingleObject
MmProbeAndLockPages
MmIsAddressValid
IoAllocateMdl
IofCallDriver
ExInitializeNPagedLookasideList
KeReleaseInStackQueuedSpinLock
ExpInterlockedPushEntrySList
KeAcquireInStackQueuedSpinLock
ExpInterlockedPopEntrySList
ExQueryDepthSList
ExDeleteNPagedLookasideList
wcschr
_wcsicmp
IoDeleteSymbolicLink
KdDebuggerNotPresent
qsort
RtlInitUnicodeString
IoDeleteDevice
PsSetCreateProcessNotifyRoutine
KdDebuggerEnabled
ZwClose
IofCompleteRequest
IoCreateSymbolicLink
PsGetCurrentProcessId
IoCreateDevice
ZwOpenFile
PsGetThreadProcessId
MmSystemRangeStart
sprintf
mbstowcs
ProbeForRead
isspace
ZwQuerySymbolicLinkObject
ZwReadFile
strstr
IoGetRelatedDeviceObject
wcsncpy
ProbeForWrite
MmHighestUserAddress
ZwQuerySystemInformation
ZwOpenSymbolicLinkObject
KeUnstackDetachProcess
ZwSetInformationFile
KeDelayExecutionThread
ObQueryNameString
strncpy
IoFileObjectType
ZwCreateFile
wcsrchr
ZwQueryDirectoryFile
isdigit
_purecall
ObReferenceObjectByHandle
IoAttachDevice
ZwOpenProcess
ZwDeviceIoControlFile
ZwQueryInformationProcess
toupper
RtlCopyUnicodeString
ObfDereferenceObject
wcsncmp
ZwQueryInformationFile
IoQueryFileDosDeviceName
KeStackAttachProcess
KeBugCheckEx
__C_specific_handler

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 478B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EpfwWfpR.inf
EpfwWfpR.sys
.sys windows:6 windows x64 arch:x64

45e4e0f9bd3785f5df14f89b0026c756

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:5a:38:b5:16:0e:78:fc:8b:f3:f3:7f:d1:51:e9:38:66:e6:d4:60
Signer

Actual PE Digest

52:5a:38:b5:16:0e:78:fc:8b:f3:f3:7f:d1:51:e9:38:66:e6:d4:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

EpfwWfpR.pdb

Imports

ntoskrnl.exe

KeInitializeDpc
ZwQuerySystemInformation
KeAcquireInStackQueuedSpinLock
ExpInterlockedPopEntrySList
MmBuildMdlForNonPagedPool
ZwOpenSymbolicLinkObject
IoFreeMdl
KeUnstackDetachProcess
ZwSetInformationFile
KeDelayExecutionThread
ObQueryNameString
strncpy
ZwCreateFile
wcsrchr
ZwQueryValueKey
ZwQueryDirectoryFile
ExEventObjectType
KeInsertQueueDpc
ZwClose
RtlAppendUnicodeStringToString
isdigit
ExQueryDepthSList
_purecall
ObReferenceObjectByHandle
KeWaitForSingleObject
MmHighestUserAddress
ZwOpenProcess
ZwDeviceIoControlFile
ZwQueryInformationProcess
toupper
RtlCopyUnicodeString
ObfDereferenceObject
ZwOpenFile
wcsncmp
ZwQueryInformationFile
KeStackAttachProcess
ExDeleteNPagedLookasideList
IoAllocateMdl
ZwOpenKey
KdDebuggerNotPresent
IoDeleteDevice
PsSetCreateProcessNotifyRoutine
MmMapLockedPagesSpecifyCache
KdDebuggerEnabled
IofCompleteRequest
MmProbeAndLockPages
MmUnlockPages
IoCreateSymbolicLink
PsGetCurrentProcessId
IoCreateDevice
KeBugCheckEx
ExpInterlockedPushEntrySList
ProbeForWrite
wcsncpy
ExGetPreviousMode
KeSetEvent
RtlInitUnicodeString
strstr
ZwReadFile
ZwQuerySymbolicLinkObject
qsort
isspace
KeReleaseInStackQueuedSpinLock
ExInitializeNPagedLookasideList
ExFreePoolWithTag
ProbeForRead
ExAllocatePoolWithTag
mbstowcs
sprintf
wcschr
MmSystemRangeStart
__C_specific_handler

ndis.sys

NdisFreeNetBufferListPool
NdisAllocateNetBufferListPool
NdisAllocateGenericObject
NdisAdvanceNetBufferDataStart
NdisRetreatNetBufferDataStart
NdisGetDataBuffer
NdisFreeGenericObject

fwpkclnt.sys

FwpsFlowRemoveContext0
FwpsInjectionHandleDestroy0
FwpsCloneStreamData0
FwpsAllocateNetBufferAndNetBufferList0
FwpsInjectionHandleCreate0
FwpmTransactionCommit0
FwpsFreeCloneNetBufferList0
FwpsCopyStreamDataToBuffer0
FwpmTransactionAbort0
FwpmFilterAdd0
FwpsStreamInjectAsync0
FwpmTransactionBegin0
FwpsFreeNetBufferList0
FwpmEngineClose0
FwpmEngineOpen0
FwpsCalloutRegister0
FwpmCalloutAdd0
FwpmSubLayerAdd0
FwpsCalloutUnregisterById0
FwpsInjectTransportReceiveAsync0
FwpsFlowAssociateContext0

Sections

.text
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Microsoft.VC80.CRT.manifest
Microsoft.VC80.CRT.manifest_1
Microsoft.VC80.MFC.manifest
Microsoft.VC80.MFCLOC.manifest
.xml
PPESET.dll
.dll regsvr32 windows:4 windows x86 arch:x86

44f215f7c39f26f31f10a5d490726047

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d1:91:35:62:c9:be:ec:78:b8:97:d0:46:f9:ef:9d:08:52:4f:94:8c
Signer

Actual PE Digest

d1:91:35:62:c9:be:ec:78:b8:97:d0:46:f9:ef:9d:08:52:4f:94:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PPESET.pdb

Imports

ws2_32

ntohs
htons
htonl
ntohl

kernel32

CreateDirectoryA
GetVersion
LocalFree
Sleep
GetCurrentProcess
GetVersionExA
GetCurrentThreadId
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
InterlockedIncrement
OpenProcess
DuplicateHandle
InitializeCriticalSection
DeleteCriticalSection
UnmapViewOfFile
CreateMutexA
CreateFileMappingA
MapViewOfFile
VirtualAlloc
TerminateThread
OpenFileMappingA
OpenMutexA
LocalAlloc
GetModuleHandleA
lstrcmpA
GetSystemTimeAsFileTime
SetThreadPriority
GetCurrentThread
GetLocaleInfoA
GetTickCount
FlushFileBuffers
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
GetStringTypeW
GetStringTypeA
SetStdHandle
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
QueryPerformanceCounter
WaitForSingleObject
SetEvent
CreateThread
ResetEvent
WaitForMultipleObjects
CreateEventA
CloseHandle
CreateFileA
lstrcpynA
lstrlenA
GetLastError
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
LoadLibraryA
GetModuleFileNameA
GetPrivateProfileStringA
FreeLibrary
GetProcAddress
DeleteFileA
CopyFileA
ReleaseMutex
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
HeapSize
ExitProcess
LCMapStringW
LCMapStringA
GetLocalTime
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlUnwind
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetConsoleCP
GetConsoleMode
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
VirtualFree

user32

EnableWindow
MsgWaitForMultipleObjects
DispatchMessageA
PeekMessageA
TranslateMessage

advapi32

RegOpenKeyA
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
SetSecurityDescriptorDacl
SetEntriesInAclA
RegCreateKeyExA
RegCloseKey
RegQueryValueExA
RegOpenKeyExA
EqualSid

shell32

ShellExecuteExA
ord680
SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetSpecialFolderLocation

ole32

CoTaskMemFree

Exports

Exports

DllRegisterServer
DllUnregisterServer
processPostureNotification
processPostureRequest
queryPostureStatusChange

Sections

.text
Size: 188KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
PPEset.inf
SysInspector.exe_1
.exe windows:4 windows x64 arch:x64

dc5fc4488eda1edcb77436bb109f7de9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:0b:54:ab:b7:38:31:43:51:5e:bc:8f:41:3b:fa:8e:d8:c9:aa:8c
Signer

Actual PE Digest

4c:0b:54:ab:b7:38:31:43:51:5e:bc:8f:41:3b:fa:8e:d8:c9:aa:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SysInspector.pdb

Imports

msvcr80

?terminate@@YAXXZ
__CxxFrameHandler3
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
memcmp
memset
memcpy
__set_app_type
_encode_pointer
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
__wgetmainargs
_amsg_exit
fread
abort
fprintf
__iob_func
__crt_debugger_hook
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
wcstol
_localtime64_s
wcsrchr
_mkgmtime64
_mktime64
_time64
_gmtime64_s
towlower
wcscat_s
_strnicmp
strcat_s
tolower
wcsncpy_s
strncpy_s
toupper
strcpy_s
wcsncmp
strncmp
memcpy_s
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
longjmp
_vsnwprintf_s
_vsnprintf_s
_snprintf_s
_stricmp
_snwprintf_s
memmove
towupper
_wcsnicmp
_wfindnext64i32
_wunlink
_wchmod
atoi
_wcslwr_s
_wcsupr_s
_findclose
_wfindfirst64i32
realloc
??2@YAPEAX_K@Z
wcscpy_s
free
wcstoul
wcschr
malloc
_strlwr_s
_scprintf
wcsnlen
wcsstr
swscanf_s
swprintf_s
_wcsicmp
??3@YAXPEAX@Z
_setjmp

comctl32

ord17

mpr

WNetGetUserW

mfc80u

ord6318
ord4129
ord5561
ord3373
ord1685
ord3829
ord2113
ord2818
ord6319
ord1686
ord6316
ord3830
ord4922
ord4043
ord5648
ord1812
ord6317
ord4766
ord4067
ord1532
ord4243
ord3458
ord2191
ord5216
ord3679
ord2891
ord2197
ord4269
ord280
ord3272
ord1195
ord2430
ord2111
ord1561
ord2412
ord2410
ord5237
ord1134
ord2428
ord2440
ord4275
ord3315
ord2417
ord1989
ord2433
ord1973
ord2393
ord2438
ord2421
ord2423
ord1292
ord2342
ord2425
ord3712
ord6099
ord3189
ord2419
ord5766
ord3017
ord2435
ord355
ord2415
ord614
ord286
ord946
ord2114
ord769
ord2094
ord1921
ord942
ord617
ord5676
ord786
ord944
ord602
ord4153
ord940
ord3669
ord3858
ord4030
ord935
ord4263
ord1064
ord5267
ord1555
ord338
ord5269
ord2105
ord1288
ord2682
ord1926
ord3238
ord5996
ord1986
ord6102
ord6104
ord1610
ord1952
ord6129
ord2900
ord4313
ord3482
ord2187
ord3431
ord4425
ord4611
ord5842
ord2890
ord2397
ord2897
ord1317
ord3827
ord766
ord3430
ord577
ord3620
ord5907
ord2183
ord1744
ord5868
ord4381
ord670
ord4292
ord753
ord3469
ord6183
ord2179
ord4517
ord1073
ord1193
ord2396
ord2074
ord3365
ord3330
ord788
ord4999
ord721
ord2552
ord2679
ord1173
ord4920
ord1435
ord277
ord874
ord568
ord757
ord6326
ord1189
ord4018
ord5354
ord6042
ord6337
ord5365
ord513
ord2964
ord5750
ord3283
ord4113
ord2289
ord5524
ord1495
ord784
ord3708
ord4357
ord1371
ord4384
ord2082
ord5209
ord2284
ord588
ord2037
ord1982
ord765
ord5618
ord1671
ord574
ord1095
ord296
ord3834
ord3079
ord1670
ord2392
ord3711
ord1022
ord5948
ord1609
ord5134
ord1411
ord5234
ord6074
ord6258
ord4293
ord2562
ord3903
ord583
ord5677
ord5416
ord1601
ord2755
ord772
ord3191
ord3860
ord3080
ord2859
ord2283
ord3199
ord1938
ord5951
ord4338
ord2955
ord1949
ord1636
ord2738
ord2688
ord5924
ord5258
ord1493
ord1633
ord2886
ord3604
ord5260
ord4127
ord3974
ord2565
ord3258
ord3976
ord2108
ord1412
ord2671
ord4599
ord1557
ord4271
ord2558
ord3517
ord598
ord5264
ord4265
ord5186
ord3746
ord2907
ord5672
ord5247
ord5105
ord3747
ord1021
ord362
ord5601
ord6315
ord3737
ord1966
ord4792
ord3615
ord2862
ord4216
ord2669
ord2039
ord2984
ord4512
ord5248
ord3977
ord4753
ord3232
ord4780
ord2195
ord632
ord1216
ord1289
ord512

kernel32

ExpandEnvironmentStringsA
LoadLibraryA
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
SetUnhandledExceptionFilter
GetComputerNameW
GetStartupInfoW
GetCurrentThreadId
CreateFileMappingA
GetModuleHandleA
GetModuleFileNameA
OpenProcess
LoadLibraryExW
GetLogicalDriveStringsW
QueryDosDeviceW
LocalFree
CreateFileA
MoveFileExW
FindResourceExW
VirtualProtect
VirtualFree
VirtualAlloc
GetSystemTimeAsFileTime
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
SetFileTime
GetFileInformationByHandle
SetFileAttributesW
GetFileTime
FlushFileBuffers
GetTempFileNameW
MoveFileW
DeleteFileW
GetFileSize
SetEndOfFile
SetFilePointer
ReadFile
SetErrorMode
FindClose
FindFirstFileW
GetCurrentProcessId
RtlDeleteFunctionTable
RtlAddFunctionTable
GetVersion
GetCurrentThread
GetFileAttributesW
lstrcpynA
lstrlenA
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
SetLastError
LoadLibraryW
GetLocalTime
GetSystemInfo
GetModuleHandleW
GetProcAddress
GetVersionExW
SizeofResource
LockResource
LoadResource
FindResourceW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateThread
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalAlloc
GetWindowsDirectoryW
GetFullPathNameW
FreeLibrary
Sleep
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
CreateEventW
WriteFile
GetTempPathW
CloseHandle
CreateFileW
GetModuleFileNameW
GetCurrentProcess
GetOverlappedResult
GetLastError
DeviceIoControl

user32

IsWindow
SetWindowRgn
wsprintfW
SetRect
LoadImageW
PeekMessageW
DispatchMessageW
TranslateMessage
GetIconInfo
LoadBitmapW
SetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
SetForegroundWindow
GetSubMenu
LoadMenuW
LoadStringW
ExitWindowsEx
DestroyMenu
GetDoubleClickTime
GetDC
EnableWindow
DeferWindowPos
SetTimer
DestroyIcon
CheckMenuItem
GetSysColor
OffsetRect
CallNextHookEx
SetClipboardData
LoadCursorW
LoadIconW
SendMessageW
AppendMenuW
EmptyClipboard
OpenClipboard
CreatePopupMenu
GetSystemMetrics
SystemParametersInfoW
InvalidateRect
UpdateWindow
GetFocus
SetMenuItemBitmaps
ScreenToClient
EnableMenuItem
ReleaseCapture
DestroyCursor
PostMessageW
DrawTextW
SetWindowPos
GetCursorPos
IsWindowEnabled
GetWindow
InsertMenuW
SetCapture
IsWindowVisible
GetClassNameW
LockWindowUpdate
GetWindowRect
SetRectEmpty
GetActiveWindow
GetDesktopWindow
BringWindowToTop
EndDeferWindowPos
FillRect
BeginDeferWindowPos
RemoveMenu
GetClientRect
GetAsyncKeyState
IsRectEmpty
GetClassInfoW
RegisterClassW
TrackMouseEvent
CloseClipboard
UnhookWindowsHookEx
SetCursor
ReleaseDC
PtInRect
RegisterWindowMessageW
GetUpdateRgn
GetParent
GetWindowDC
SetWindowsHookExW

gdi32

DPtoLP
LPtoDP
RectInRegion
EnumFontFamiliesW
CreateRectRgn
CombineRgn
GetPixel
CreateDIBitmap
GetObjectW
GetDIBits
CreateDIBSection
CreateCompatibleBitmap
BitBlt
SelectObject
CreateCompatibleDC
GetViewportExtEx
CreateFontIndirectW
CreateBitmap
CreatePen
DeleteObject
GetWindowExtEx
CreateSolidBrush
DeleteDC
GetMapMode
GetTextExtentPoint32W
StretchBlt
GetDeviceCaps

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

ImpersonateSelf
RegQueryValueExA
RegOpenKeyExA
DuplicateTokenEx
SetThreadToken
DuplicateToken
LookupAccountSidW
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
GetSidSubAuthority
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
RegSetValueExW
RegCreateKeyExW
RevertToSelf
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken
RegDeleteKeyW
RegDeleteKeyA
RegOpenKeyW
RegCreateKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

SHGetDesktopFolder
DragQueryFileW
ShellExecuteW
ShellExecuteExW
DragAcceptFiles
SHGetMalloc

Sections

.text
Size: 572KB - Virtual size: 572KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 166KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 176KB - Virtual size: 176KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SysRescue.exe
.exe windows:4 windows x64 arch:x64

377eba41402674e7fd23814662d5559b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:e2:29:04:7f:11:df:81:fb:ac:eb:37:50:77:59:ec:bc:91:6f:c0
Signer

Actual PE Digest

dd:e2:29:04:7f:11:df:81:fb:ac:eb:37:50:77:59:ec:bc:91:6f:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

SysRescue.pdb

Imports

mfc80u

ord1491
ord1193
ord265
ord6326
ord1189
ord1238
ord5354
ord2284
ord4025
ord2392
ord6337
ord5365
ord286
ord4135
ord280
ord4920
ord774
ord1935
ord1199
ord874
ord6042
ord5751
ord913
ord285
ord4136
ord1498
ord2289
ord3876
ord910
ord2491
ord2958
ord378
ord6040
ord630
ord5748
ord451
ord688
ord1933
ord5747
ord6044
ord6039
ord584
ord773
ord5753
ord6176
ord2475
ord261
ord4109
ord4113
ord566
ord756
ord6350
ord1462
ord5528
ord2727
ord2726
ord3229
ord4062
ord5481
ord4269
ord2111
ord3907
ord3517
ord2984
ord5902
ord3258
ord5931
ord2610
ord670
ord3679
ord2906
ord2890
ord3430
ord4614
ord4147
ord5246
ord2453
ord4986
ord4303
ord1531
ord4311
ord4275
ord1592
ord1336
ord3581
ord2371
ord733
ord537
ord3696
ord668
ord2457
ord3255
ord1578
ord1654
ord6322
ord512
ord721
ord2682
ord4792
ord3482
ord3223
ord632
ord6104
ord4221
ord4876
ord4648
ord5102
ord5103
ord4899
ord6360
ord2183
ord3580
ord2396
ord527
ord730
ord1812
ord3695
ord5104
ord5648
ord4293
ord4751
ord5245
ord1411
ord5948
ord3079
ord1561
ord1685
ord1686
ord2039
ord4611
ord4922
ord4767
ord4244
ord5216
ord4829
ord1422
ord2522
ord3789
ord727
ord5909
ord3232
ord3903
ord2189
ord1133
ord1658
ord1591
ord3320
ord6129
ord2105
ord1555
ord4263
ord3192
ord598
ord2818
ord5738
ord393
ord642
ord3084
ord2040
ord3116
ord1949
ord1493
ord4127
ord2108
ord1557
ord4265
ord3199
ord602
ord6074
ord2492
ord6209
ord6215
ord4384
ord4018
ord2179
ord3283
ord2679
ord5437
ord1921
ord786
ord2397
ord2499
ord5523
ord1435
ord5750
ord1195
ord3790
ord2290
ord757
ord5868
ord568
ord5563
ord1590
ord6203
ord2410
ord788
ord2114
ord2412
ord2430
ord2197
ord3604
ord2191
ord1532
ord6317
ord3830
ord5766
ord6319
ord3373
ord4999
ord1371
ord5762
ord5209
ord3238
ord1601
ord1982
ord3080
ord1671
ord5951
ord1670
ord1636
ord1609
ord1633
ord2886
ord3974
ord4517
ord5924
ord1412
ord4271
ord5186
ord1926
ord1952
ord5105
ord6315
ord1216
ord4216
ord5248
ord2393
ord5677
ord5672
ord1289
ord3431
ord4753
ord4313
ord1610
ord5996
ord5269
ord753
ord5267
ord935
ord940
ord944
ord942
ord583
ord946
ord2415
ord2552
ord2435
ord1288
ord2419
ord4144
ord614
ord2425
ord5234
ord355
ord2423
ord3345
ord2421
ord3712
ord2438
ord2433
ord2417
ord1984
ord2440
ord6099
ord3189
ord6102
ord2428
ord3017
ord2037
ord5618
ord6011
ord3834
ord1064
ord1022
ord3858
ord5134
ord6258
ord5416
ord3860
ord1938
ord2955
ord5258
ord5260
ord2267
ord3976
ord4599
ord5264
ord5247
ord5601
ord2562
ord769
ord2755
ord577
ord2859
ord1134
ord4338
ord2738
ord2862
ord2565
ord3711
ord2671
ord2558
ord2055
ord4572
ord3746
ord3747
ord3737
ord2669
ord3977
ord2342
ord992
ord4512
ord4292
ord4061
ord1095
ord588
ord3361
ord296
ord3160
ord266
ord4067
ord4043
ord6316
ord3829
ord6318
ord4357
ord2082
ord776

msvcr80

_stricmp
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
__set_app_type
_encode_pointer
_fmode
_commode
__setusermatherr
_configthreadlocale
_initterm_e
_initterm
_wcmdln
exit
_cexit
_exit
_XcptFilter
__C_specific_handler
memcpy
_CxxThrowException
__CxxFrameHandler3
__wgetmainargs
_amsg_exit
__crt_debugger_hook
memset
_wcsupr_s
strchr
wcsncmp
fprintf_s
fopen_s
_wchmod
_time32
memmove_s
_wtempnam
fwprintf_s
_wfopen_s
fclose
_wstat64
vswprintf_s
wcscat_s
_wgetenv_s
realloc
_wtol
strrchr
strcpy_s
calloc
_recalloc
iswalnum
_purecall
wcsrchr
wcspbrk
wcsncpy_s
wcschr
strncmp
malloc
wcscpy_s
_wcsnicmp
_wcsicmp
swscanf_s
memcpy_s
_wcsdup
free
_wsetlocale
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
memcmp

kernel32

WaitForMultipleObjects
GetTickCount
CloseHandle
GetCurrentProcess
LocalAlloc
GetVersionExW
LoadLibraryExW
GetModuleFileNameW
SetLastError
GetCurrentProcessId
SizeofResource
LockResource
LoadResource
FindResourceW
GetProcAddress
FreeLibrary
LocalFree
DeleteCriticalSection
FormatMessageW
InitializeCriticalSection
RaiseException
GetModuleHandleW
LoadLibraryW
CreateEventW
GetLogicalDriveStringsW
WritePrivateProfileSectionW
GetPrivateProfileSectionW
GetFullPathNameW
lstrcpynW
GetFileAttributesA
GetFullPathNameA
AreFileApisANSI
lstrcpynA
GetCurrentThread
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
GetLastError
GetModuleFileNameA
GetModuleHandleA
CreateFileA
GetFileSize
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualProtect
Sleep
GetShortPathNameW
GetFileAttributesW
SetFileTime
GetSystemInfo
CreateFileW
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
DeleteFileW
MoveFileW
CopyFileW
GetTempPathW
EnterCriticalSection
LeaveCriticalSection
lstrlenW
lstrlenA
MultiByteToWideChar
WideCharToMultiByte
DosDateTimeToFileTime
LocalFileTimeToFileTime
GetLogicalDrives
DeviceIoControl
WaitForSingleObject
GetExitCodeThread
CreatePipe
DuplicateHandle
CreateProcessW
GetExitCodeProcess
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryW
CopyFileExW
CreateThread
GetDriveTypeW
SetEnvironmentVariableW
RemoveDirectoryW
SetEvent
MoveFileExW

user32

DrawTextW
LoadBitmapW
GetWindowLongW
ReleaseDC
DrawFocusRect
SetCursor
GetCursorPos
GetFocus
FillRect
ReleaseCapture
IsWindowVisible
PtInRect
CopyRect
DestroyCursor
ScreenToClient
SetCapture
SetRectEmpty
LoadCursorW
TrackMouseEvent
GetNextDlgTabItem
GetSysColor
GetDC
GetParent
GetWindowRect
InvalidateRect
GetClientRect
SetRect
UnregisterClassA
EnableWindow
PeekMessageW
DispatchMessageW
MsgWaitForMultipleObjects
PostMessageW
SetWindowPos
GetKeyState
GetSystemMenu
EnableMenuItem
GetAsyncKeyState
InflateRect
OffsetRect
IsWindow
SendMessageW

gdi32

CreateFontW
GetTextExtentExPointW
DeleteDC
GetDeviceCaps
SetDIBits
GetDIBits
CreateDIBitmap
GetTextMetricsW
GetTextColor
GetTextExtentPoint32W
CreateFontIndirectW
DeleteObject
CreateCompatibleDC
LPtoDP
CreateCompatibleBitmap
BitBlt
GetMapMode
GetBkColor
GetObjectW
DPtoLP
SetTextColor
SelectObject
GetCurrentObject

advapi32

OpenThreadToken
EqualSid
GetTokenInformation
OpenProcessToken
FreeSid
AllocateAndInitializeSid
RegOpenKeyExW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW

shell32

SHGetDesktopFolder
DragAcceptFiles
ShellExecuteW
DragQueryFileW
SHGetMalloc

comctl32

InitCommonControlsEx

ole32

CoInitialize
CoUninitialize
CoInitializeEx
CoCreateInstance
CoTaskMemFree

oleaut32

VariantClear
LoadTypeLi
LoadRegTypeLi
SysStringLen
DispCallFunc
VariantCopy
SysAllocString
VariantChangeType
VariantInit
SysFreeString

Sections

.text
Size: 382KB - Virtual size: 381KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 157KB - Virtual size: 157KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 845KB - Virtual size: 845KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
callmsi.exe
.exe windows:4 windows x64 arch:x64

86b299593640406a31b779d7bd538297

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:bc:ef:f3:d2:fc:aa:d9:96:39:22:c3:5a:5a:95:48:64:da:c5:86
Signer

Actual PE Digest

af:bc:ef:f3:d2:fc:aa:d9:96:39:22:c3:5a:5a:95:48:64:da:c5:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

callmsi.pdb

Imports

kernel32

WriteConsoleW
HeapReAlloc
HeapSize
CreateFileA
FlushFileBuffers
GetCurrentProcess
GetProcAddress
GetModuleFileNameW
GetLastError
GetTickCount
SetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
CreateProcessW
GetConsoleOutputCP
GetSystemDirectoryW
HeapFree
HeapAlloc
GetVersionExA
GetProcessHeap
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetModuleHandleA
FlsGetValue
FlsSetValue
TlsFree
FlsFree
GetCurrentThreadId
FlsAlloc
HeapSetInformation
HeapCreate
LCMapStringA
LCMapStringW
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
RtlUnwindEx
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
Sleep
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LoadLibraryA
InitializeCriticalSection
SetStdHandle
WriteConsoleA

user32

GetSystemMetrics

advapi32

RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegDeleteKeyW
CloseServiceHandle
StartServiceW
OpenServiceW
OpenSCManagerW

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
chrome.manifest
eamon.cat
eamon.inf
eamon.sys
.sys windows:6 windows x64 arch:x64

b402aae649d238ec40dc418486e1a591

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:b3:eb:a1:ec:c9:aa:6b:6f:3a:78:a8:86:2b:65:86:93:40:ea:67
Signer

Actual PE Digest

93:b3:eb:a1:ec:c9:aa:6b:6f:3a:78:a8:86:2b:65:86:93:40:ea:67

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

eamon.pdb

Imports

ntoskrnl.exe

vsprintf
ExReleaseFastMutexUnsafe
KeLeaveCriticalRegion
MmMapLockedPages
NtBuildNumber
RtlInitUnicodeString
IoDeleteDevice
MmGetSystemRoutineAddress
KeInitializeEvent
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe
KeDelayExecutionThread
ZwClose
IofCompleteRequest
PsGetVersion
IoCreateSymbolicLink
PsGetCurrentThreadId
PsGetCurrentProcessId
IoCreateDevice
ZwWriteFile
IoRegisterFsRegistrationChange
RtlUnicodeStringToInteger
wcschr
_stricmp
ExAllocatePoolWithTag
ExFreePoolWithTag
KdDebuggerNotPresent
RtlCreateAcl
PsLookupProcessByProcessId
RtlValidSecurityDescriptor
ZwQuerySymbolicLinkObject
_wcsnicmp
RtlSetDaclSecurityDescriptor
KeSetEvent
wcsncpy
RtlAppendUnicodeToString
IoQueryFileInformation
KeReleaseSpinLock
ZwOpenSymbolicLinkObject
RtlAddAccessAllowedAce
ObQueryNameString
ZwWaitForSingleObject
ZwCreateFile
wcsrchr
wcsstr
ExAllocatePool
KdDebuggerEnabled
IoGetCurrentProcess
RtlAppendUnicodeStringToString
ObReferenceObjectByHandle
KeWaitForSingleObject
PsThreadType
ZwDeviceIoControlFile
SeExports
RtlCopyUnicodeString
MmIsAddressValid
ObfDereferenceObject
NtSetSecurityObject
ZwOpenFile
KeWaitForMultipleObjects
ObReferenceObjectByPointer
ObOpenObjectByPointer
sprintf
IofCallDriver
RtlSetOwnerSecurityDescriptor
KeAcquireSpinLockRaiseToDpc
ZwSetValueKey
ZwQueryValueKey
ZwOpenKey
IoAcquireVpbSpinLock
IoGetAttachedDevice
IoDetachDevice
IoAttachDeviceToDeviceStack
ObfReferenceObject
wcsncmp
DbgPrint
IoReleaseVpbSpinLock
PsCreateSystemThread
PsTerminateSystemThread
ZwConnectPort
LpcRequestWaitReplyPort
ZwQueryInformationFile
ExQueueWorkItem
ExGetPreviousMode
ProbeForRead
ProbeForWrite
MmSystemRangeStart
_strnicmp
mbstowcs
RtlAnsiStringToUnicodeString
KeReleaseInStackQueuedSpinLock
isspace
qsort
IoBuildSynchronousFsdRequest
ZwReadFile
strstr
IoGetRelatedDeviceObject
RtlInitAnsiString
MmHighestUserAddress
ZwQuerySystemInformation
KeAcquireInStackQueuedSpinLock
KeUnstackDetachProcess
ZwSetInformationFile
RtlFreeUnicodeString
strncpy
ZwQueryDirectoryFile
_vsnprintf
isdigit
_purecall
IoCreateFileSpecifyDeviceObjectHint
RtlCompareUnicodeString
ZwOpenProcess
ZwQueryInformationProcess
toupper
KeStackAttachProcess
KeBugCheckEx
RtlCreateSecurityDescriptor
_wcsicmp
__C_specific_handler

hal

KeQueryPerformanceCounter

Sections

.text
Size: 136KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 695KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eamonm.cat
eamonm.inf
eamonm.sys
.sys windows:6 windows x64 arch:x64

2d26d7cac32fa175bdffd85fdb7fe630

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

11:33:0a:33:09:6f:b7:c7:6e:4f:d2:9e:01:f9:ad:17:a9:69:4f:c5
Signer

Actual PE Digest

11:33:0a:33:09:6f:b7:c7:6e:4f:d2:9e:01:f9:ad:17:a9:69:4f:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

eamonm.pdb

Imports

ntoskrnl.exe

ZwSetValueKey
IoQueryFileInformation
KeReleaseSpinLock
ZwOpenSymbolicLinkObject
RtlAddAccessAllowedAce
KeEnterCriticalRegion
ExAcquireFastMutexUnsafe
KeDelayExecutionThread
ObQueryNameString
ZwWaitForSingleObject
ZwCreateFile
wcsrchr
wcsstr
PsCreateSystemThread
ZwQueryValueKey
ExAllocatePool
KdDebuggerEnabled
PsTerminateSystemThread
IoGetCurrentProcess
ZwClose
RtlAppendUnicodeStringToString
ObReferenceObjectByHandle
KeWaitForSingleObject
PsThreadType
ZwDeviceIoControlFile
SeExports
ObfReferenceObject
PsGetCurrentThreadId
PsGetCurrentProcessId
RtlCopyUnicodeString
MmIsAddressValid
ObfDereferenceObject
RtlUnicodeStringToInteger
NtSetSecurityObject
ZwOpenFile
wcsncmp
ZwQueryInformationFile
KeWaitForMultipleObjects
LpcRequestWaitReplyPort
ZwWriteFile
ObReferenceObjectByPointer
ObOpenObjectByPointer
DbgPrint
RtlCreateSecurityDescriptor
IofCallDriver
ZwOpenKey
RtlSetOwnerSecurityDescriptor
KeInitializeEvent
IoDeleteSymbolicLink
IoDeleteDevice
ExGetPreviousMode
IofCompleteRequest
PsGetVersion
IoCreateSymbolicLink
IoCreateDevice
MmSystemRangeStart
_strnicmp
mbstowcs
RtlAnsiStringToUnicodeString
KeReleaseInStackQueuedSpinLock
isspace
IoBuildSynchronousFsdRequest
ZwReadFile
strstr
IoGetRelatedDeviceObject
MmGetSystemRoutineAddress
RtlInitAnsiString
MmHighestUserAddress
ZwQuerySystemInformation
KeAcquireInStackQueuedSpinLock
KeUnstackDetachProcess
ZwSetInformationFile
RtlFreeUnicodeString
strncpy
ZwQueryDirectoryFile
_vsnprintf
isdigit
_purecall
IoCreateFileSpecifyDeviceObjectHint
RtlCompareUnicodeString
ZwOpenProcess
ZwQueryInformationProcess
toupper
KeStackAttachProcess
KeBugCheckEx
ProbeForWrite
RtlAppendUnicodeToString
wcsncpy
KeSetEvent
RtlInitUnicodeString
RtlSetDaclSecurityDescriptor
_wcsnicmp
ZwQuerySymbolicLinkObject
RtlValidSecurityDescriptor
qsort
PsLookupProcessByProcessId
RtlCreateAcl
KeLeaveCriticalRegion
KdDebuggerNotPresent
ExFreePoolWithTag
ExReleaseFastMutexUnsafe
vsprintf
ProbeForRead
ExAllocatePoolWithTag
ZwConnectPort
sprintf
_wcsicmp
_stricmp
KeAcquireSpinLockRaiseToDpc
wcschr
__C_specific_handler

hal

KeQueryPerformanceCounter

fltmgr.sys

FltClose
FltCreateFileEx2
FltFindExtraCreateParameter
FltSetEcpListIntoCallbackData
FltSetCallbackDataDirty
FltEnumerateVolumes
FltInsertExtraCreateParameter
FltAllocateExtraCreateParameter
FltAllocateExtraCreateParameterList
FltGetVolumeInformation
FltObjectDereference
FltSetTransactionContext
FltGetEcpListFromCallbackData
FltEnlistInTransaction
FltSetVolumeContext
FltStartFiltering
FltRegisterFilter
FltUnregisterFilter
FltAllocateContext
FltReleaseContext
FltGetVolumeProperties
FltGetVolumeContext
FltFreeExtraCreateParameterList

Sections

.text
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 695KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ecls.exe
.exe windows:4 windows x86 arch:x86

bc446c2384b978c680f7dd31f7b3d195

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f3:62:e8:f0:95:75:02:2a:98:5a:ca:0d:9b:d3:73:53:53:09:a0:10
Signer

Actual PE Digest

f3:62:e8:f0:95:75:02:2a:98:5a:ca:0d:9b:d3:73:53:53:09:a0:10

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ecls.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

WideCharToMultiByte
MoveFileExW
MoveFileW
CreateFileA
SetErrorMode
DeviceIoControl
GetFileSize
SetFileAttributesW
DeleteFileW
Sleep
FindNextFileW
CreateFileW
CreateDirectoryW
QueryDosDeviceW
OpenProcess
GetTempPathW
GetModuleFileNameA
GetModuleHandleA
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
VirtualProtect
GetFileTime
SetFileTime
FileTimeToSystemTime
GetCurrentThread
ReadFile
SetEndOfFile
GetTempFileNameW
FlushFileBuffers
GetFileInformationByHandle
GetSystemInfo
CreateFileMappingW
FileTimeToLocalFileTime
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
ReleaseSemaphore
CreateSemaphoreW
GetDateFormatW
GetTimeFormatW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetVersionExW
CloseHandle
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
lstrcpynA
lstrlenA
AreFileApisANSI
MultiByteToWideChar
GetFullPathNameA
GetFileAttributesA
GetProcAddress
FreeLibrary
GetCurrentThreadId
GetCurrentProcessId
GetTickCount
GetStdHandle
GetConsoleScreenBufferInfo
GetDriveTypeW
GetLogicalDriveStringsW
GetCurrentProcess
GetModuleFileNameW
GetLastError
WriteConsoleW
WriteFile
GetModuleHandleW
LoadLibraryW
GetTimeZoneInformation
GetLocaleInfoW
GetVersion
FindClose
FindFirstFileW
GetConsoleOutputCP
CompareStringA
CompareStringW
SetFilePointer
SetEnvironmentVariableA
RaiseException
HeapSize
LCMapStringW
WriteConsoleA
HeapAlloc
HeapFree
SetStdHandle
GetFileType
ExitProcess
SetConsoleCtrlHandler
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapReAlloc
GetTimeFormatA
GetDateFormatA
GetVersionExA
GetProcessHeap
HeapDestroy
HeapCreate
TerminateProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetHandleCount
GetStartupInfoA
GetConsoleCP
GetConsoleMode
LoadLibraryA
RtlUnwind
LCMapStringA

user32

LoadStringW

advapi32

DuplicateTokenEx
SetThreadToken
DuplicateToken
LookupAccountSidW
RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumValueW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RevertToSelf
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegDeleteKeyW
RegDeleteKeyA

shell32

SHGetDesktopFolder
SHGetMalloc

Sections

.text
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ecmd.exe
.exe windows:4 windows x64 arch:x64

77c78cd091275bf74e99b30a8340e41b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:44:19:47:83:7e:62:a3:4b:ef:ad:81:a5:03:09:31:2c:b3:ab:d8
Signer

Actual PE Digest

10:44:19:47:83:7e:62:a3:4b:ef:ad:81:a5:03:09:31:2c:b3:ab:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ecmd.pdb

Imports

kernel32

MapViewOfFile
ReleaseMutex
OpenFileMappingW
WaitForMultipleObjects
DuplicateHandle
GetCurrentProcess
OpenMutexW
LocalFree
LocalAlloc
lstrcmpA
GetVersion
GetModuleHandleA
SetThreadPriority
GetCurrentThread
GetSystemTimeAsFileTime
UnmapViewOfFile
GetModuleFileNameA
CreateFileA
GetFileSize
CreateFileMappingA
VirtualProtect
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
Sleep
DeleteCriticalSection
InitializeCriticalSection
CreateEventW
TerminateThread
WaitForSingleObject
CloseHandle
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
SetEvent
GetCurrentThreadId
CreateThread
GetVersionExW
MultiByteToWideChar
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
lstrcpynA
lstrlenA
FreeLibrary
GetLastError
AreFileApisANSI
GetProcAddress
LoadLibraryW
GetTickCount

user32

MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
LoadStringW

advapi32

RegOpenKeyA
EqualSid
RegQueryValueExA
GetTokenInformation
OpenProcessToken
FreeSid
AllocateAndInitializeSid
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyA

shell32

ShellExecuteExW
ord680
SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetPathFromIDListA

msvcr80

memcpy
memset
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?terminate@@YAXXZ
__crt_debugger_hook
__set_app_type
_fmode
_commode
wprintf
free
wcscpy_s
wcsncpy_s
wcscat_s
malloc
_snwprintf_s
memmove
__CxxFrameHandler3
_stricmp
realloc
??3@YAXPEAX@Z
_purecall
??2@YAPEAX_K@Z
wcsrchr
srand
__C_specific_handler
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_XcptFilter
_exit
_cexit
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr

Sections

.text
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
eeclnt.exe
.exe windows:4 windows x64 arch:x64

2df5745ea1b158fb69352a572af086ba

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7f:9a:a3:e8:82:29:f1:77:13:52:43:39:c4:fc:7a:9b:e0:b2:d5:be
Signer

Actual PE Digest

7f:9a:a3:e8:82:29:f1:77:13:52:43:39:c4:fc:7a:9b:e0:b2:d5:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

eeclnt.pdb

Imports

kernel32

GetVersionExW
GetCurrentThread
GetCurrentProcess
CreateThread
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
TerminateThread
ResetEvent
InitializeCriticalSection
DeleteCriticalSection
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
MapViewOfFile
VirtualAlloc
ReleaseMutex
OpenFileMappingW
WaitForMultipleObjects
DuplicateHandle
OpenMutexW
GetProcAddress
LocalFree
GetVersion
GetModuleHandleA
lstrcmpA
GetSystemTimeAsFileTime
SetThreadPriority
GetTickCount
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetStartupInfoW
Sleep
lstrcpynA
LoadLibraryW
lstrlenA
FreeLibrary
GetLastError
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
MultiByteToWideChar
CreateEventW
SetEvent
GetCurrentProcessId
CloseHandle
WaitForSingleObject
LocalAlloc

user32

DispatchMessageW
TranslateMessage
PeekMessageW
MsgWaitForMultipleObjects

advapi32

RegCloseKey
RegQueryValueExA
RegOpenKeyA
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetEntriesInAclW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken

shell32

SHGetMalloc
SHGetDesktopFolder

msvcr80

??3@YAXPEAX@Z
memset
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
malloc
_snwprintf_s
free
_purecall
memcpy
??2@YAPEAX_K@Z
srand
__C_specific_handler
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_amsg_exit
__wgetmainargs
_XcptFilter
_exit
_cexit
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
__set_app_type
__crt_debugger_hook
?terminate@@YAXXZ

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
egui.exe
.exe windows:4 windows x64 arch:x64

2f2b25092388d094f6492be15effaca9

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f4:ea:d2:86:49:40:ac:67:d0:d1:d9:3e:1a:14:d5:08:f0:da:3c:94
Signer

Actual PE Digest

f4:ea:d2:86:49:40:ac:67:d0:d1:d9:3e:1a:14:d5:08:f0:da:3c:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

egui.pdb

Imports

mfc80u

ord1238
ord1435
ord4330
ord4984
ord4018
ord6321
ord6323
ord1933
ord5563
ord2168
ord4281
ord2491
ord4476
ord3676
ord5750
ord3315
ord3191
ord1288
ord5672
ord4153
ord4030
ord5676
ord513
ord5675
ord332
ord795
ord757
ord589
ord568
ord316
ord3345
ord4271
ord1601
ord1986
ord4025
ord614
ord1984
ord355
ord3469
ord753
ord598
ord1021
ord2393
ord2392
ord2114
ord3192
ord4263
ord1555
ord2105
ord4147
ord3433
ord733
ord539
ord3322
ord4303
ord1531
ord4311
ord1592
ord619
ord367
ord1985
ord2055
ord3160
ord3098
ord1336
ord4614
ord5246
ord4986
ord2453
ord3696
ord2371
ord1590
ord261
ord5871
ord1289
ord3189
ord1173
ord3712
ord3365
ord1808
ord4155
ord1893
ord4595
ord6005
ord2891
ord3911
ord5904
ord2908
ord3199
ord4265
ord1557
ord2108
ord4127
ord1493
ord1949
ord2923
ord3669
ord6081
ord992
ord4351
ord663
ord1948
ord3424
ord6365
ord6363
ord1317
ord2195
ord2395
ord424
ord1574
ord2818
ord5523
ord4113
ord4133
ord2311
ord5903
ord1899
ord5438
ord2500
ord1492
ord1898
ord309
ord2959
ord4144
ord5247
ord3829
ord3711
ord874
ord320
ord1082
ord769
ord3361
ord4512
ord2862
ord5601
ord5264
ord4599
ord3976
ord5260
ord5258
ord2289
ord1938
ord3860
ord5416
ord6258
ord5134
ord1022
ord3834
ord5618
ord2037
ord2082
ord4357
ord6318
ord6316
ord4043
ord4067
ord2267
ord1185
ord577
ord6011
ord3858
ord379
ord1109
ord1137
ord6204
ord3787
ord3116
ord3330
ord2284
ord6099
ord5924
ord721
ord2552
ord512
ord2492
ord2460
ord5187
ord2494
ord5188
ord4135
ord687
ord450
ord2150
ord6246
ord4076
ord4136
ord5439
ord1036
ord1254
ord1253
ord1102
ord5766
ord5440
ord1270
ord796
ord920
ord921
ord5657
ord6022
ord3377
ord3378
ord6023
ord6021
ord2174
ord3376
ord5687
ord4920
ord2252
ord2964
ord2907
ord2897
ord5905
ord2094
ord2253
ord3823
ord6183
ord277
ord5762
ord6042
ord3113
ord784
ord5677
ord6216
ord6210
ord727
ord3320
ord1591
ord1658
ord3624
ord632
ord3223
ord290
ord4349
ord5751
ord2189
ord5738
ord364
ord362
ord3862
ord4033
ord3604
ord2074
ord338
ord5224
ord6074
ord3517
ord1656
ord1290
ord1987
ord3430
ord2610
ord3679
ord3356
ord3013
ord766
ord2900
ord3827
ord3708
ord654
ord2902
ord3335
ord1597
ord743
ord3242
ord4267
ord1568
ord1652
ord2109
ord1608
ord6094
ord2974
ord1818
ord1817
ord537
ord2265
ord1931
ord2640
ord5041
ord5044
ord4340
ord4165
ord2965
ord4936
ord955
ord5390
ord3018
ord2450
ord2449
ord4048
ord3973
ord5182
ord2192
ord1315
ord4308
ord403
ord647
ord6337
ord5365
ord6326
ord5354
ord1189
ord3283
ord5524
ord1495
ord4959
ord4625
ord2743
ord3429
ord4940
ord4373
ord286
ord2290
ord1989
ord1567
ord3786
ord1404
ord2396
ord266
ord6154
ord280
ord602
ord4904
ord5239
ord4296
ord5199
ord6100
ord3494
ord1193
ord1020
ord574
ord765
ord3232
ord1952
ord1134
ord3238
ord4384
ord3695
ord1068
ord4221
ord5909
ord1891
ord527
ord6360
ord5103
ord5104
ord5102
ord4829
ord4648
ord4899
ord4876
ord4244
ord4767
ord2039
ord5245
ord4751
ord3321
ord730
ord2149
ord3064
ord908
ord6203
ord3085
ord2958
ord285
ord1498
ord5597
ord1910
ord788
ord1491
ord393
ord3084
ord2040
ord786
ord642
ord2890
ord5781
ord2520
ord1811
ord5902
ord2187
ord611
ord1560
ord3017
ord3206
ord6276
ord4611
ord2179
ord6102
ord6129
ord2183
ord3903
ord5648
ord4061
ord2499
ord5437
ord2341
ord2682
ord2342
ord6104
ord3790
ord2679
ord265
ord5868
ord5907
ord2906
ord3961
ord913
ord910
ord469
ord2925
ord884
ord1349
ord5794
ord2337
ord1812
ord5216
ord4243
ord4766
ord4922
ord1686
ord1685
ord1561
ord3079
ord5948
ord1411
ord4275
ord5237
ord4293
ord3210
ord296
ord588
ord3907
ord670
ord2111
ord3080
ord5951
ord1636
ord1633
ord3974
ord1412
ord4269
ord5186
ord1926
ord5105
ord6315
ord4216
ord5248
ord3431
ord4753
ord4313
ord1610
ord5996
ord5269
ord5267
ord935
ord940
ord944
ord942
ord946
ord2415
ord2435
ord2419
ord2425
ord2423
ord2421
ord2438
ord2433
ord2417
ord2440
ord2428
ord2410
ord2412
ord2430
ord2197
ord2191
ord1532
ord6317
ord3830
ord6319
ord3373
ord4999
ord1371
ord5209
ord1982
ord1671
ord1670
ord1609
ord5234
ord2562
ord2755
ord2859
ord4338
ord2738
ord2886
ord2565
ord2671
ord2558
ord2984
ord3746
ord3747

msvcr80

?_type_info_dtor_internal_method@type_info@@QEAAXXZ
_decode_pointer
_onexit
_lock
__dllonexit
_unlock
?terminate@@YAXXZ
__CxxFrameHandler3
wcscpy_s
free
malloc
swscanf_s
wcschr
memcpy_s
memmove_s
memset
memcpy
qsort
_wcsicmp
_wcsnicmp
memcmp
__C_specific_handler
_difftime64
_time64
_localtime64_s
_tzset
wcsrchr
__RTDynamicCast
_wcsdup
ceilf
floorf
_wtoi
bsearch_s
qsort_s
_purecall
bsearch
_wcstoi64
_wtol
_mktime64
memmove
_stricmp
realloc
_CxxThrowException
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
strncpy_s
strcpy_s
wcsncpy_s
strcat_s
wcscat_s
strstr
wcspbrk
_vsnprintf_s
wcsstr
strncmp
_wcsupr_s
wcsncmp
_snwprintf_s
towupper
toupper
_strnicmp
tolower
towlower
isalnum
sprintf_s
isdigit
isalpha
isspace
atan2
sqrt
cos
sin
_snwscanf_s
swprintf_s
srand
wcstol
_gmtime64_s
_mkgmtime64
ceil
floor
_amsg_exit
__wgetmainargs
_XcptFilter
_exit
_cexit
exit
_wcmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
__crt_debugger_hook

kernel32

GetDateFormatW
GetLogicalDriveStringsW
WaitForSingleObject
GetCommandLineW
GetCurrentProcessId
CreateMutexW
GetModuleFileNameW
GetLastError
SetLastError
GetModuleHandleW
GetVersionExW
FindFirstFileW
FindNextFileW
FindClose
GetVersion
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
GetSystemTime
SystemTimeToFileTime
WriteFile
EnterCriticalSection
LeaveCriticalSection
GlobalHandle
LoadLibraryW
FileTimeToSystemTime
FreeLibrary
SetEvent
CreateEventW
GetCurrentProcess
GetTickCount
CreateFileW
GetFileSize
ReadFile
CloseHandle
FindResourceW
LoadResource
LockResource
SizeofResource
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GetStartupInfoW
SetUnhandledExceptionFilter
QueryPerformanceCounter
TerminateProcess
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
FileTimeToLocalFileTime
FindNextChangeNotification
GetTimeFormatW
CompareFileTime
ResetEvent
FindCloseChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationW
MulDiv
GetSystemTimeAsFileTime
WideCharToMultiByte
CopyFileExW
TerminateThread
CreateThread
GetSystemDirectoryW
CopyFileW
DeleteFileW
GetNumberFormatW
VirtualFreeEx
ReadProcessMemory
VirtualAllocEx
OpenProcess
GetCurrentThread
MultiByteToWideChar
GetLocalTime
lstrcpynW
lstrlenW
GetFullPathNameW
GetFileAttributesW
lstrcpynA
lstrlenA
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
GetCurrentDirectoryW
SetCurrentDirectoryW
lstrcpyW
FindResourceExW
Sleep
SetFileAttributesW
MoveFileW
CreateFileA
DeviceIoControl
LocalFree
ExpandEnvironmentStringsW
UnmapViewOfFile
ReleaseMutex
VirtualAlloc
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
DuplicateHandle
OpenMutexW
QueryDosDeviceW
LocalAlloc
lstrcmpA
GetModuleHandleA
SetThreadPriority
GetPrivateProfileStringW
GetPrivateProfileIntW
GetLocaleInfoW
LoadLibraryExW
CreateFileMappingA
GetModuleFileNameA
VirtualProtect
SetFilePointer
FlushFileBuffers
GetFileTime
GetFileInformationByHandle
SetEndOfFile
VirtualFree
CreateSemaphoreW
ReleaseSemaphore
GetProcAddress
RtlAddFunctionTable
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
RtlDeleteFunctionTable

user32

FindWindowExW
GetMenuItemCount
AppendMenuW
CreatePopupMenu
DestroyCursor
GetWindowTextW
FrameRect
GetMenuState
DestroyWindow
wsprintfW
GetWindowInfo
ClientToScreen
GetWindowRgn
SetWindowRgn
EqualRect
PeekMessageW
TranslateMessage
DispatchMessageW
SetMenuDefaultItem
GetSubMenu
CheckMenuItem
DrawFocusRect
IsRectEmpty
DrawTextW
ValidateRect
GetUpdateRgn
UpdateWindow
GetDlgCtrlID
SetWindowPos
ShowWindow
UnhookWindowsHookEx
SetWindowsHookExW
WindowFromPoint
GetActiveWindow
CallNextHookEx
GetParent
OffsetRect
LoadIconW
GetWindowLongW
GetDesktopWindow
InvalidateRect
ReleaseDC
GetWindowDC
GetDC
GetWindowThreadProcessId
DrawIconEx
CreateIconFromResourceEx
InflateRect
SetRect
RegisterWindowMessageW
MessageBoxW
SetFocus
MessageBeep
LoadImageW
DestroyIcon
AdjustWindowRectEx
IsWindow
GetClassInfoW
RegisterClassW
SystemParametersInfoW
IsWindowVisible
IsZoomed
IsIconic
GetSystemMenu
SetMenu
GetMenu
PostMessageW
RemoveMenu
ModifyMenuW
InsertMenuW
FindWindowW
SetActiveWindow
GetWindow
GetNextDlgTabItem
KillTimer
SetTimer
GetSysColor
GetSystemMetrics
ReleaseCapture
GetCursorPos
SetCursor
GetAsyncKeyState
LoadCursorW
SendMessageW
EnableWindow
SetForegroundWindow
GetFocus
SetCapture
RedrawWindow
MsgWaitForMultipleObjects
GetMenuItemID
GetMenuItemInfoW
ScreenToClient
GetClientRect
SetRectEmpty
PtInRect
EnableMenuItem
LoadMenuW
GetWindowRect
GetForegroundWindow
LoadBitmapW
GetScrollPos
GetKeyState
DrawFrameControl
FillRect
CopyRect
SetMenuItemInfoW

gdi32

SetBkColor
SetDIBits
GetPixel
CreateICW
CreateDIBitmap
SetTextColor
GetTextColor
CreateDIBSection
GetDIBits
StretchBlt
Polygon
Pie
Polyline
Arc
CreateSolidBrush
CreatePen
EnumFontFamiliesW
GetCurrentObject
GetBkColor
CreateDCW
CombineRgn
DeleteDC
SetMapMode
RoundRect
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
SelectObject
RectInRegion
GetRgnBox
CreateRectRgn
ExtCreatePen
DeleteObject
GetDeviceCaps
CreateCompatibleBitmap
CreateFontIndirectW
GetTextExtentPoint32W
GetTextMetricsW
ExtTextOutW
BitBlt
Ellipse
CreateCompatibleDC
GetStockObject
GetObjectW
GetTextExtentExPointW

advapi32

RegOpenKeyA
RegQueryValueExA
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegCreateKeyExW
AdjustTokenPrivileges
SetSecurityDescriptorDacl
RegDeleteValueW
RegEnumValueW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
OpenThreadToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
RegDeleteKeyA
RegEnumKeyW
RegDeleteKeyW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW

shell32

ShellExecuteExW
SHGetDesktopFolder
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHGetMalloc
ShellExecuteW

comctl32

ord17

ole32

CoCreateInstance
CoTaskMemFree

oleaut32

SysAllocString
VariantInit
VariantChangeType
VariantCopy
SystemTimeToVariantTime
VariantTimeToSystemTime

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 521KB - Virtual size: 521KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 769KB - Virtual size: 768KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
eguiAmon.dll
.dll windows:4 windows x64 arch:x64

74f03674a195d18cd64bee38aa3304fc

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:71:bd:70:d9:32:c7:67:66:43:96:75:cf:fa:1f:e7:fd:54:5c:f8
Signer

Actual PE Digest

06:71:bd:70:d9:32:c7:67:66:43:96:75:cf:fa:1f:e7:fd:54:5c:f8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eguiAmon.pdb

Imports

mfc80u

ord6316
ord4043
ord4067
ord3361
ord4292
ord4512
ord2862
ord5601
ord5247
ord5264
ord4599
ord3976
ord5260
ord5258
ord2955
ord1938
ord2342
ord6326
ord1189
ord5354
ord266
ord6337
ord5365
ord265
ord3283
ord3080
ord5951
ord1412
ord5248
ord772
ord583
ord2974
ord574
ord765
ord367
ord619
ord4033
ord4611
ord2679
ord6318
ord1020
ord617
ord5237
ord1952
ord3191
ord1289
ord1134
ord4351
ord3238
ord577
ord769
ord3858
ord3711
ord5924
ord512
ord721
ord2552
ord355
ord3013
ord614
ord1288
ord6099
ord766
ord4144
ord2610
ord2179
ord2900
ord3189
ord3708
ord2371
ord261
ord1590
ord5672
ord3356
ord4357
ord2082
ord2037
ord5618
ord3834
ord1022
ord5134
ord6258
ord5416
ord3860
ord1073
ord3911
ord1574
ord2395
ord1812
ord2492
ord424
ord1270
ord2891
ord6363
ord5904
ord2902
ord3827
ord5437
ord774
ord1193
ord280
ord1686
ord1671
ord1685
ord1670
ord588
ord1561
ord1609
ord3079
ord1218
ord1935
ord1187
ord1185
ord1209
ord1131
ord1179
ord379
ord1109
ord1217
ord1215
ord1103
ord1048
ord321
ord777
ord5234
ord5948
ord2562
ord1636
ord2755
ord4061
ord1633
ord2859
ord3974
ord4338
ord1411
ord2738
ord4275
ord2886
ord5186
ord2565
ord1926
ord2671
ord5105
ord2558
ord6315
ord4216
ord3746
ord3747
ord3737
ord2669
ord3977
ord4517
ord4293
ord3210
ord788
ord3431
ord4753
ord4313
ord1610
ord5996
ord6129
ord5269
ord5267
ord2183
ord935
ord940
ord944
ord942
ord946
ord2415
ord2435
ord2419
ord2425
ord2423
ord2421
ord4243
ord2438
ord4766
ord2433
ord3669
ord2417
ord2440
ord2397
ord2428
ord2410
ord2412
ord786
ord2430
ord2197
ord6104
ord2191
ord1901
ord6365
ord1532
ord2682
ord6317
ord3790
ord2149
ord320
ord3830
ord1811
ord5216
ord6319
ord3373
ord4999
ord4922
ord1371
ord663
ord5209
ord6276
ord296
ord2039
ord1982
ord1095
ord364
ord776
ord592

msvcr80

__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__CppXcptFilter
_amsg_exit
memcpy
memset
_encoded_null
_initterm_e
_initterm
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
?terminate@@YAXXZ
__CxxFrameHandler3
_purecall
memmove
towupper
wcscat_s
wcsncpy_s
wcsncmp
wcscpy_s
wcschr
memcpy_s
memmove_s
_wcsicmp
swscanf_s
realloc
free
wcsstr
wcsrchr
malloc
__clean_type_info_names_internal
memcmp

kernel32

SetFilePointer
SetEndOfFile
WriteFile
Sleep
CloseHandle
lstrcpynA
lstrlenA
AreFileApisANSI
GetFullPathNameA
lstrcpynW
lstrlenW
GetFullPathNameW
GetFileAttributesW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
GetLogicalDriveStringsW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
QueryDosDeviceW
GetDriveTypeW
RtlCaptureContext
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
LocalFree
GetVersionExW
LoadLibraryExW
LocalAlloc
GetCurrentProcess
GetTickCount
GetModuleFileNameW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetFileAttributesA
RtlLookupFunctionEntry
RtlVirtualUnwind

user32

GetWindowRect
PostMessageW
GetParent
InvalidateRect
SetForegroundWindow
GetNextDlgTabItem
DestroyIcon
LoadImageW
ScreenToClient
GetCursorPos
EnableWindow
IsWindow
SendMessageW

gdi32

BitBlt
LPtoDP
CreateCompatibleDC
DPtoLP
GetMapMode
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap

advapi32

RegEnumKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyA

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetPathFromIDListA
SHGetFileInfoW
SHGetDesktopFolder

Exports

Exports

SetIOCtlExtProc

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eguiDmon.dll
.dll windows:4 windows x64 arch:x64

3c12f425567484659ba9acafdbb2e7fd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

55:0a:4b:6a:45:fc:e9:c9:87:bf:c3:5a:c4:84:67:40:20:bb:08:50
Signer

Actual PE Digest

55:0a:4b:6a:45:fc:e9:c9:87:bf:c3:5a:c4:84:67:40:20:bb:08:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eguiDmon.pdb

Imports

mfc80u

ord2955
ord1938
ord3860
ord5416
ord6258
ord5134
ord1022
ord3834
ord5618
ord2037
ord2082
ord4357
ord6318
ord6316
ord4043
ord4067
ord364
ord2679
ord617
ord1020
ord5237
ord574
ord765
ord367
ord5258
ord4033
ord4611
ord2974
ord266
ord577
ord769
ord3858
ord3711
ord1095
ord1218
ord1935
ord1187
ord1185
ord5260
ord3976
ord4599
ord5264
ord5247
ord5601
ord2862
ord4512
ord4292
ord3361
ord774
ord4766
ord5209
ord4922
ord1982
ord2039
ord1671
ord592
ord6365
ord1686
ord1670
ord1685
ord1609
ord320
ord1561
ord5234
ord3079
ord2562
ord5948
ord2755
ord1209
ord1131
ord1179
ord379
ord1109
ord1217
ord1215
ord1103
ord1048
ord321
ord777
ord1636
ord2859
ord1633
ord4338
ord2397
ord3974
ord2738
ord1411
ord2886
ord4275
ord2565
ord788
ord5186
ord2671
ord1926
ord2558
ord5105
ord3746
ord6315
ord3747
ord4216
ord3737
ord2669
ord3977
ord4517
ord4293
ord3669
ord3431
ord2682
ord4753
ord2183
ord4313
ord3210
ord1610
ord5996
ord5269
ord1811
ord5267
ord935
ord940
ord944
ord942
ord946
ord6276
ord2415
ord2435
ord2419
ord2425
ord4061
ord2423
ord2421
ord2438
ord2433
ord2417
ord2440
ord2428
ord2410
ord2412
ord2430
ord2197
ord2191
ord1532
ord6317
ord3830
ord6319
ord3373
ord5216
ord4999
ord4243
ord1371
ord2342
ord588
ord296
ord913
ord908
ord619
ord776

msvcr80

__clean_type_info_names_internal
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
memset
memcpy
__C_specific_handler
__CxxFrameHandler3
wcsrchr
_purecall
wcscat_s
wcsncmp
wcsstr
wcscpy_s
memcpy_s
memmove_s
memmove
towupper
_wcsnicmp
realloc
wcschr
_wcsicmp
free
malloc
swscanf_s
wcsncpy_s
memcmp

kernel32

LocalFree
Sleep
GetLastError
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
lstrcpynA
GetProcAddress
LoadLibraryW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
WriteFile
SetEndOfFile
SetFilePointer
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
CloseHandle
GetCurrentProcess
GetTickCount
GetModuleFileNameW
LoadLibraryExW
LocalAlloc
lstrlenA

user32

EnableWindow
GetNextDlgTabItem
SetForegroundWindow
SendMessageW

advapi32

RegEnumKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyA

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
SHGetMalloc
SHGetPathFromIDListA

Exports

Exports

SetIOCtlExtProc

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eguiEmon.dll
.dll windows:4 windows x64 arch:x64

87fd495d200698ad073ca4e774bd93da

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a2:16:e9:79:27:91:bc:ce:8c:20:5f:b7:ba:16:df:cd:1e:75:3b:a2
Signer

Actual PE Digest

a2:16:e9:79:27:91:bc:ce:8c:20:5f:b7:ba:16:df:cd:1e:75:3b:a2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eguiEmon.pdb

Imports

mfc80u

ord2974
ord574
ord765
ord367
ord619
ord4033
ord4611
ord2679
ord364
ord1020
ord617
ord5237
ord577
ord769
ord3858
ord3711
ord1095
ord1218
ord1935
ord1187
ord266
ord4067
ord4043
ord6316
ord6318
ord4357
ord2082
ord2037
ord5618
ord3834
ord1022
ord5134
ord6258
ord5416
ord3860
ord1938
ord2955
ord5258
ord5260
ord3976
ord4599
ord5264
ord5247
ord5601
ord2862
ord4512
ord4292
ord3361
ord774
ord1811
ord3977
ord4517
ord4293
ord3669
ord1185
ord1209
ord1131
ord1179
ord379
ord1109
ord1217
ord1215
ord1103
ord1048
ord321
ord777
ord3431
ord2682
ord4753
ord2183
ord4313
ord3210
ord1610
ord1910
ord5996
ord1891
ord5269
ord5267
ord935
ord940
ord944
ord942
ord6276
ord946
ord2415
ord2435
ord4061
ord2419
ord2425
ord2423
ord2421
ord2438
ord2433
ord2417
ord2440
ord2428
ord2410
ord2412
ord2430
ord2197
ord2191
ord6365
ord1532
ord6317
ord320
ord3830
ord6319
ord3373
ord5216
ord4999
ord4243
ord1371
ord4766
ord5209
ord4922
ord1982
ord2039
ord1671
ord1686
ord1670
ord2397
ord1685
ord1609
ord1561
ord5234
ord3079
ord2562
ord5948
ord2755
ord1636
ord2859
ord1633
ord4338
ord3974
ord2738
ord1411
ord2886
ord4275
ord2565
ord5186
ord2671
ord1926
ord2558
ord5105
ord3746
ord6315
ord3747
ord4216
ord3737
ord2669
ord588
ord2492
ord296
ord788
ord776
ord592

msvcr80

__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__CppXcptFilter
_amsg_exit
_encoded_null
memset
memcpy
_initterm_e
_initterm
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
__C_specific_handler
__CxxFrameHandler3
wcsrchr
_purecall
realloc
_wcsicmp
memmove
towupper
wcsncmp
malloc
wcsstr
wcscat_s
wcsncpy_s
wcscpy_s
free
wcschr
memcpy_s
memmove_s
__clean_type_info_names_internal
memcmp

kernel32

SetFilePointer
SetEndOfFile
WriteFile
Sleep
CloseHandle
lstrcpynA
lstrlenA
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
GetProcAddress
LoadLibraryW
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetACP
LocalFree
GetModuleFileNameW
LoadLibraryExW
LocalAlloc
GetCurrentProcess
GetTickCount
TerminateProcess
UnhandledExceptionFilter
GetLastError
RtlVirtualUnwind
SetUnhandledExceptionFilter

user32

SetForegroundWindow
GetNextDlgTabItem
SendMessageW
EnableWindow

advapi32

RegDeleteValueW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyA

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder

Exports

Exports

SetIOCtlExtProc

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eguiEpfw.dll
.dll windows:4 windows x64 arch:x64

f81a12043b809c0b609917bdd2dc1355

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:ca:30:38:2a:e1:8a:9f:2e:2c:1b:52:a3:3c:c6:9c:93:a3:d5:3d
Signer

Actual PE Digest

12:ca:30:38:2a:e1:8a:9f:2e:2c:1b:52:a3:3c:c6:9c:93:a3:d5:3d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eguiEpfw.pdb

Imports

mpr

WNetGetUserW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

crypt32

CertFindCertificateInStore
CryptImportPublicKeyInfo
CertGetNameStringW
CryptEncodeObject
CryptDecodeObject

mfc80u

ord4127
ord2108
ord1557
ord4265
ord3199
ord602
ord4303
ord1531
ord4311
ord1592
ord2397
ord6363
ord4155
ord1564
ord286
ord3581
ord1948
ord4350
ord2189
ord2452
ord4147
ord992
ord1574
ord6365
ord3980
ord4648
ord4829
ord5102
ord5104
ord5103
ord6360
ord669
ord5245
ord3580
ord527
ord2341
ord730
ord1406
ord6306
ord1951
ord1494
ord4128
ord2110
ord1580
ord4268
ord4751
ord3257
ord2039
ord4767
ord4244
ord4221
ord4876
ord4899
ord4096
ord6276
ord3116
ord1910
ord393
ord642
ord2040
ord2958
ord285
ord1498
ord2923
ord2149
ord2499
ord5437
ord280
ord574
ord765
ord367
ord619
ord4033
ord2679
ord1020
ord364
ord2974
ord3862
ord362
ord5871
ord3322
ord1021
ord5246
ord2453
ord3433
ord4986
ord3696
ord539
ord733
ord1985
ord4614
ord535
ord3098
ord3160
ord2055
ord1336
ord4512
ord2862
ord5601
ord5247
ord5264
ord4599
ord3976
ord5260
ord5258
ord2955
ord1938
ord3860
ord5416
ord6258
ord5134
ord1022
ord3834
ord5618
ord577
ord2037
ord769
ord2082
ord4357
ord6318
ord6316
ord4043
ord4067
ord3858
ord3711
ord320
ord3361
ord5924
ord5762
ord6099
ord1134
ord4144
ord2552
ord5677
ord3272
ord1973
ord1292
ord4792
ord336
ord600
ord6183
ord5868
ord4129
ord2113
ord3903
ord3429
ord1068
ord1073
ord2396
ord1238
ord4025
ord4135
ord5750
ord6203
ord4920
ord4018
ord5563
ord2290
ord5523
ord2371
ord1590
ord1435
ord2179
ord6074
ord2610
ord2897
ord2289
ord1493
ord3013
ord3708
ord766
ord261
ord3827
ord2900
ord3356
ord5786
ord6094
ord1597
ord6021
ord2902
ord2908
ord3335
ord2891
ord3911
ord5904
ord1608
ord6158
ord4020
ord3376
ord743
ord4595
ord2521
ord1036
ord1811
ord2491
ord1933
ord2492
ord5597
ord1254
ord392
ord641
ord2770
ord2743
ord4136
ord2311
ord1808
ord3434
ord5453
ord874
ord2890
ord2520
ord5902
ord5781
ord5842
ord1891
ord3956
ord1893
ord1661
ord1598
ord3340
ord6005
ord748
ord6022
ord3469
ord541
ord734
ord6041
ord5891
ord5749
ord290
ord3695
ord3321
ord4109
ord435
ord880
ord676
ord4780
ord2253
ord6023
ord1386
ord2818
ord5738
ord3786
ord5737
ord5524
ord3787
ord1901
ord777
ord321
ord1048
ord1103
ord1215
ord1217
ord1109
ord379
ord1179
ord1131
ord1209
ord1185
ord1187
ord1935
ord1218
ord592
ord4292
ord3017
ord4061
ord5248
ord3431
ord1412
ord4753
ord5951
ord4313
ord2393
ord3080
ord910
ord1610
ord5996
ord1581
ord5269
ord5267
ord588
ord5648
ord935
ord913
ord940
ord944
ord942
ord946
ord2342
ord296
ord2415
ord914
ord2435
ord2419
ord2425
ord2423
ord2421
ord2438
ord2433
ord2417
ord5909
ord2440
ord6129
ord2428
ord788
ord4611
ord2410
ord2412
ord4351
ord2430
ord1982
ord2197
ord2191
ord3669
ord3232
ord1532
ord1812
ord5216
ord6317
ord4243
ord3830
ord4766
ord6319
ord4922
ord3373
ord4999
ord617
ord1686
ord1371
ord1685
ord5209
ord1921
ord5365
ord6337
ord1195
ord265
ord266
ord5354
ord1189
ord6326
ord1193
ord774
ord3283
ord776
ord1949
ord1491
ord6204
ord3790
ord1578
ord1654
ord753
ord3345
ord4271
ord1601
ord2114
ord598
ord2457
ord4133
ord2183
ord2682
ord668
ord3192
ord4263
ord1555
ord2105
ord3255
ord3189
ord721
ord512
ord2284
ord5672
ord1495
ord2109
ord3907
ord332
ord6159
ord5674
ord786
ord5623
ord2906
ord1288
ord614
ord355
ord3517
ord2278
ord2328
ord2395
ord1984
ord5558
ord4030
ord4153
ord1575
ord5676
ord663
ord424
ord654
ord1652
ord1568
ord4267
ord3315
ord3242
ord513
ord5766
ord757
ord568
ord3330
ord3191
ord3365
ord3712
ord2111
ord4269
ord3258
ord5907
ord3679
ord2392
ord670
ord2984
ord1561
ord1671
ord632
ord1670
ord1609
ord5234
ord2562
ord1095
ord3079
ord2755
ord4384
ord583
ord3238
ord5948
ord2859
ord1952
ord772
ord1636
ord4338
ord1633
ord2738
ord3974
ord2886
ord1411
ord2565
ord4275
ord2671
ord5186
ord2558
ord1926
ord3746
ord1289
ord5105
ord3747
ord789
ord6315
ord3737
ord4216
ord2669
ord5237
ord3977
ord4517
ord4293
ord6104
ord3223
ord3210
ord3430
ord884
ord6102
ord6295

msvcr80

realloc
_wcsnicmp
towupper
memmove
_snwprintf_s
_wcsicmp
strchr
memmove_s
memcpy_s
strncmp
strcpy_s
malloc
free
wcschr
memcpy
memset
memcmp
swscanf_s
sscanf_s
strncpy_s
_wcsupr_s
wcscpy_s
wcsncpy_s
wcsstr
strcat_s
wcsncmp
wcscat_s
wcspbrk
wcscspn
_vsnprintf_s
_wtol
wcstoul
calloc
strtoul
wcsrchr
sprintf_s
_purecall
qsort
bsearch
_wtoi
swprintf_s
_wcslwr_s
_wcsdup
vswprintf_s
rand
srand
_time32
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
__CxxFrameHandler3
_itow_s
rand_s

kernel32

GetVersionExA
GetLocaleInfoA
GetACP
GetCurrentThreadId
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GlobalFree
GlobalAlloc
LoadLibraryA
GetSystemDirectoryA
GetEnvironmentVariableW
LoadLibraryExW
SetThreadPriority
OpenProcess
LocalAlloc
GetDriveTypeW
QueryDosDeviceW
ExpandEnvironmentStringsW
LocalFree
WaitForSingleObject
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetSystemTimeAsFileTime
GetFileInformationByHandle
GetShortPathNameW
GetFileSize
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
CreateFileW
Sleep
LockResource
LoadResource
SizeofResource
FindResourceW
GetDateFormatW
GlobalHandle
SetEvent
ResetEvent
CreateEventW
GetModuleFileNameW
GetCurrentProcessId
GetTickCount
CloseHandle
GetCurrentProcess
GetCurrentThread
GetVersionExW
lstrcpynA
lstrlenA
GetLastError
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
GetModuleHandleW
GetProcAddress
LoadLibraryW
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
FileTimeToSystemTime
GetThreadLocale

user32

RemoveMenu
DeferWindowPos
BeginDeferWindowPos
EndDeferWindowPos
TranslateAcceleratorW
DestroyAcceleratorTable
LoadAcceleratorsW
LoadIconW
CheckMenuItem
DeleteMenu
MessageBoxW
MsgWaitForMultipleObjects
LoadImageW
PeekMessageW
ClientToScreen
SystemParametersInfoW
GetKeyState
DispatchMessageW
TranslateMessage
DrawFrameControl
GetAsyncKeyState
DrawFocusRect
GetFocus
ScreenToClient
ReleaseCapture
SetCapture
DestroyCursor
SetRectEmpty
GetWindowLongW
LoadCursorW
IsWindowVisible
SetCursor
GetCursorPos
SetMenuDefaultItem
AdjustWindowRect
LockWindowUpdate
wsprintfW
UpdateWindow
FillRect
ReleaseDC
SendMessageW
EnableWindow
GetWindowRect
GetSysColorBrush
GetSysColor
GetScrollPos
GetSubMenu
LoadMenuW
EnableMenuItem
PtInRect
AppendMenuW
InvalidateRect
CopyRect
DrawTextW
GetClientRect
GetParent
DestroyIcon
GetNextDlgTabItem
SetForegroundWindow
IsWindow
PostMessageW
SetRect
InflateRect
GetSystemMetrics
CreatePopupMenu
GetDC

gdi32

GetTextExtentExPointW
CreateDIBitmap
SelectObject
SetTextColor
GetTextColor
DeleteObject
SetPixel
GetTextExtentPoint32W
LPtoDP
DPtoLP
GetBkColor
GetMapMode
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush
DeleteDC
CreateRectRgnIndirect
GetTextMetricsW
CreateFontIndirectW
GetObjectW
GetCurrentObject

advapi32

AllocateAndInitializeSid
CryptReleaseContext
CryptDestroyHash
CryptDestroyKey
CryptVerifySignatureW
CryptHashData
CryptCreateHash
CryptAcquireContextW
LookupAccountSidW
RegCreateKeyExW
RegOpenKeyExW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyA
RegDeleteKeyW
OpenThreadToken
OpenProcessToken
GetTokenInformation
EqualSid
FreeSid

shell32

ShellExecuteExW
ExtractIconW
SHGetMalloc
SHGetDesktopFolder
ExtractIconExW

oleaut32

SysAllocString
VariantCopy
VariantChangeType
VariantInit

ws2_32

recv
send
connect
setsockopt
socket
closesocket
shutdown
htonl
getservbyname
htons
WSAGetLastError
gethostbyname
inet_addr
gethostbyaddr
WSAStartup
WSASetLastError
inet_ntoa
getservbyport
ntohs
WSACleanup

Exports

Exports

RAEditExtProc
SetIOCtlExtProc

Sections

.text
Size: 953KB - Virtual size: 952KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 328KB - Virtual size: 328KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eguiMailPlugins.dll
.dll windows:4 windows x64 arch:x64

7f891718da25e92289588b23c670d8b0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

12:1f:0a:50:3b:de:08:73:0c:41:70:15:05:8a:37:1f:68:21:b4:af
Signer

Actual PE Digest

12:1f:0a:50:3b:de:08:73:0c:41:70:15:05:8a:37:1f:68:21:b4:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eguiMailPlugins.pdb

Imports

mfc80u

ord4292
ord4512
ord2862
ord5601
ord5247
ord5264
ord4599
ord3976
ord5260
ord5258
ord2955
ord1938
ord3860
ord5416
ord6258
ord5134
ord774
ord1022
ord3834
ord5618
ord2037
ord2082
ord4357
ord6318
ord6316
ord4043
ord4067
ord1095
ord367
ord619
ord4033
ord4611
ord364
ord3361
ord617
ord2679
ord1020
ord5237
ord574
ord765
ord266
ord3858
ord3711
ord577
ord769
ord1218
ord1935
ord4753
ord4313
ord1610
ord5996
ord5269
ord5267
ord3210
ord935
ord940
ord6365
ord944
ord942
ord320
ord592
ord946
ord2415
ord2435
ord2419
ord2425
ord2423
ord2421
ord2438
ord2433
ord2397
ord2417
ord2440
ord2428
ord2410
ord1187
ord1185
ord1209
ord1131
ord1179
ord379
ord1109
ord1217
ord1215
ord1103
ord1048
ord321
ord777
ord2412
ord2430
ord2197
ord2191
ord1532
ord6317
ord3830
ord6319
ord5216
ord3373
ord4243
ord4999
ord4766
ord1371
ord4922
ord5209
ord1982
ord2039
ord1671
ord1686
ord1670
ord1685
ord1609
ord1561
ord5234
ord3669
ord3079
ord2562
ord5948
ord2755
ord1636
ord2859
ord2682
ord1633
ord4338
ord2183
ord3974
ord2738
ord6276
ord1411
ord2886
ord1811
ord4275
ord2565
ord5186
ord2671
ord1926
ord2558
ord5105
ord3746
ord6315
ord3747
ord4216
ord3737
ord2669
ord4061
ord3977
ord4517
ord4293
ord3431
ord588
ord296
ord788
ord2974
ord776

msvcr80

__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
?terminate@@YAXXZ
memcpy
memset
__CxxFrameHandler3
_vsnwprintf_s
wcscat_s
wcsncpy_s
wcscpy_s
towupper
memmove
realloc
wcsstr
wcsncmp
wcsrchr
memmove_s
wcschr
_wcsicmp
_purecall
memcpy_s
free
malloc
memcmp

kernel32

Sleep
GetCurrentProcess
LocalAlloc
LoadLibraryExW
GetModuleFileNameW
GetLastError
GetTickCount
CloseHandle
LocalFree
SetLastError
FreeLibrary
LoadLibraryW
GetFileAttributesA
GetFullPathNameA
MultiByteToWideChar
AreFileApisANSI
lstrlenA
lstrcpynA
WideCharToMultiByte
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
SetEndOfFile
SetFilePointer
DeleteFileW
GetFileAttributesW
GetWindowsDirectoryW
GetFullPathNameW
GetProcAddress
lstrcpynW
lstrlenW

user32

SendMessageW
SetForegroundWindow
GetNextDlgTabItem
EnableWindow

advapi32

RegDeleteKeyW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegDeleteKeyA

shell32

SHGetPathFromIDListA
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetMalloc

Exports

Exports

SetIOCtlExtProc

Sections

.text
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eguiProductRcd.dll
.dll windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e2:a7:d7:08:94:84:2c:23:70:4d:89:eb:d0:78:1c:10:23:f0:ef:6b
Signer

Actual PE Digest

e2:a7:d7:08:94:84:2c:23:70:4d:89:eb:d0:78:1c:10:23:f0:ef:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

eguiProduct.pdb

Sections

.text
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 68B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 736KB - Virtual size: 733KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eguiScan.dll
.dll windows:4 windows x64 arch:x64

798073bb214eecc2a5bfdb654da362f2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c1:6d:da:07:26:5e:1d:48:c2:94:73:a4:5b:e0:5f:52:9e:8e:43:79
Signer

Actual PE Digest

c1:6d:da:07:26:5e:1d:48:c2:94:73:a4:5b:e0:5f:52:9e:8e:43:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eguiScan.pdb

Imports

mfc80u

ord4271
ord6129
ord5248
ord2183
ord3911
ord2958
ord3017
ord4292
ord5437
ord5481
ord266
ord2682
ord5751
ord3345
ord286
ord4025
ord3361
ord4512
ord2862
ord5601
ord774
ord5247
ord5264
ord4599
ord3976
ord5260
ord5258
ord2955
ord1938
ord3860
ord5416
ord6258
ord5134
ord1022
ord3834
ord5618
ord2037
ord2082
ord4357
ord6318
ord6316
ord4043
ord4067
ord2520
ord2111
ord4269
ord2984
ord3258
ord670
ord3907
ord5781
ord5902
ord2890
ord2341
ord1199
ord1989
ord1973
ord4129
ord2113
ord3272
ord1095
ord2396
ord1349
ord5794
ord2337
ord469
ord4611
ord2679
ord1020
ord5237
ord364
ord617
ord2974
ord367
ord619
ord4033
ord1952
ord1289
ord3191
ord4351
ord1134
ord3238
ord577
ord769
ord3858
ord3711
ord3903
ord3429
ord2818
ord261
ord3356
ord3013
ord5672
ord4144
ord2179
ord5924
ord766
ord512
ord721
ord2552
ord355
ord614
ord6099
ord1288
ord2610
ord3189
ord3708
ord2499
ord1412
ord5365
ord1021
ord5951
ord3080
ord1491
ord6337
ord1601
ord2908
ord6102
ord2114
ord910
ord2891
ord602
ord3283
ord1921
ord2900
ord1495
ord5354
ord280
ord1189
ord1263
ord6326
ord1933
ord1193
ord2395
ord2371
ord2289
ord1195
ord2923
ord3199
ord5904
ord265
ord4113
ord1574
ord6363
ord2149
ord765
ord574
ord4265
ord663
ord1557
ord4109
ord6042
ord424
ord2108
ord1542
ord1068
ord1073
ord753
ord4127
ord1493
ord874
ord1590
ord1949
ord757
ord6202
ord5750
ord568
ord5648
ord1910
ord583
ord4384
ord592
ord1218
ord1812
ord772
ord4135
ord6104
ord1498
ord5597
ord5786
ord2393
ord285
ord3827
ord3669
ord1811
ord6365
ord3431
ord4753
ord320
ord4313
ord3210
ord1610
ord5996
ord5269
ord5267
ord935
ord940
ord944
ord942
ord946
ord2415
ord2435
ord2419
ord2425
ord2423
ord2421
ord2438
ord2433
ord2417
ord6276
ord2440
ord2428
ord2410
ord2412
ord786
ord2430
ord4061
ord2197
ord2191
ord1532
ord6317
ord3830
ord6319
ord3373
ord5216
ord4999
ord4243
ord1371
ord4766
ord5209
ord4922
ord1982
ord2039
ord1671
ord1686
ord1670
ord1685
ord1609
ord1561
ord5234
ord3079
ord2562
ord2397
ord5948
ord2755
ord1636
ord2859
ord1633
ord4338
ord3974
ord2738
ord1411
ord2886
ord4275
ord2565
ord5186
ord2671
ord1926
ord2558
ord5105
ord3746
ord6315
ord3747
ord4216
ord3737
ord2669
ord3977
ord4517
ord4293
ord788
ord908
ord2342
ord588
ord1935
ord1187
ord296
ord913
ord1292
ord777
ord321
ord1048
ord1103
ord1215
ord1217
ord1109
ord379
ord1179
ord1131
ord1209
ord1185
ord776

msvcr80

__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
?terminate@@YAXXZ
__C_specific_handler
__CxxFrameHandler3
wcsrchr
_wtol
_purecall
realloc
__clean_type_info_names_internal
memmove
towupper
wcscat_s
_snwprintf_s
wcsncpy_s
wcscpy_s
wcsstr
wcschr
_mktime64
_localtime64_s
_time32
qsort
memcpy
_wcsdup
malloc
memmove_s
memcpy_s
wcsncmp
_wcsicmp
_wcsnicmp
free
swscanf_s
memset
memcmp

kernel32

lstrlenW
GetFullPathNameW
GetFileAttributesW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
GlobalUnlock
GlobalLock
GlobalAlloc
GetTickCount
FileTimeToLocalFileTime
FileTimeToSystemTime
GetCurrentThreadId
WaitForMultipleObjects
Sleep
GetCurrentProcessId
TryEnterCriticalSection
ResetEvent
LoadLibraryW
GetVersion
GetLastError
SetLastError
LeaveCriticalSection
EnterCriticalSection
FindClose
FindNextFileW
FindFirstFileW
InitializeCriticalSection
GetDriveTypeW
GetLogicalDriveStringsW
CreateThread
CreateEventW
lstrcpynW
GetProcAddress
CloseHandle
TerminateThread
WaitForSingleObject
SetEvent
CreateFileW
WriteFile
SetEndOfFile
SetFilePointer
LocalFree
GetModuleFileNameW
LoadLibraryExW
LocalAlloc
OpenProcess
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
GetFileAttributesA
GetFullPathNameA
AreFileApisANSI
lstrlenA
lstrcpynA
GetVersionExW
GetCurrentThread
GetCurrentProcess
GetTimeFormatW
GetDateFormatW
DeleteCriticalSection
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetVersionExA
GetThreadLocale
GetLocaleInfoA
GetModuleHandleW
GetACP

user32

DrawFrameControl
GetWindowDC
ReleaseDC
GetClientRect
EnableWindow
LoadIconW
GetWindowRect
PostMessageW
GetParent
IsWindow
GetNextDlgTabItem
EnableMenuItem
GetSubMenu
LoadMenuW
CheckMenuItem
SetForegroundWindow
ScreenToClient
GetCursorPos
DestroyIcon
GetSystemMetrics
SendMessageW
InvalidateRect
LoadCursorW
SetCursor
SetRect
LoadImageW

gdi32

ExtTextOutW
GetBkColor
SetBkColor
SelectObject
LPtoDP
BitBlt
CreateCompatibleDC
DPtoLP
GetMapMode
CreateCompatibleBitmap
CreateSolidBrush
DeleteObject
DeleteDC

advapi32

FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegDeleteKeyW
RegDeleteKeyA
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegEnumKeyW
RegEnumValueW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumKeyExW
LookupAccountSidW

shell32

SHGetDesktopFolder
SHGetMalloc
ExtractIconExW
SHGetSpecialFolderLocation

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime

Exports

Exports

SetIOCtlExtProc

Sections

.text
Size: 263KB - Virtual size: 262KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eguiUpdate.dll
.dll windows:4 windows x64 arch:x64

d3a83976ed2d3d1e8cd4c025d8234e5b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:17:8e:83:cd:af:49:af:9c:ac:87:f6:67:08:ef:7f:1d:ec:54:38
Signer

Actual PE Digest

6a:17:8e:83:cd:af:49:af:9c:ac:87:f6:67:08:ef:7f:1d:ec:54:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eguiUpdate.pdb

Imports

mfc80u

ord5601
ord5247
ord5264
ord4599
ord3976
ord5260
ord5258
ord2955
ord1938
ord3860
ord5416
ord6258
ord5134
ord1022
ord3834
ord5618
ord2037
ord2082
ord4357
ord6318
ord6316
ord4043
ord4067
ord774
ord1901
ord285
ord2149
ord1498
ord1102
ord913
ord910
ord2958
ord908
ord1949
ord1493
ord4127
ord2108
ord2289
ord1557
ord4265
ord5248
ord3017
ord874
ord3199
ord789
ord5868
ord772
ord583
ord602
ord293
ord2923
ord1495
ord3283
ord2111
ord4269
ord2984
ord6326
ord1189
ord5354
ord3258
ord266
ord6337
ord5365
ord3907
ord670
ord265
ord1195
ord2906
ord1933
ord2499
ord5437
ord3669
ord3580
ord3695
ord1921
ord527
ord3903
ord3429
ord2818
ord2862
ord4920
ord632
ord3223
ord3712
ord5224
ord2679
ord1020
ord5246
ord2453
ord4986
ord3696
ord539
ord733
ord1336
ord574
ord765
ord3098
ord3160
ord2055
ord4614
ord4147
ord1289
ord1134
ord1952
ord3238
ord367
ord619
ord4033
ord5237
ord2974
ord364
ord617
ord3191
ord4351
ord1021
ord1985
ord3433
ord5871
ord577
ord769
ord3858
ord3711
ord4512
ord4292
ord3361
ord1899
ord777
ord321
ord1048
ord1103
ord1215
ord1217
ord1109
ord379
ord1179
ord1131
ord1209
ord1185
ord1187
ord1935
ord1218
ord592
ord1491
ord4243
ord4766
ord286
ord6129
ord2290
ord2395
ord4113
ord3911
ord6363
ord663
ord1193
ord424
ord1095
ord280
ord2891
ord1073
ord1574
ord5904
ord2902
ord1811
ord4876
ord4221
ord4244
ord4767
ord2183
ord3956
ord5245
ord4751
ord5931
ord730
ord6360
ord5103
ord5104
ord4611
ord5102
ord4829
ord4648
ord4899
ord2492
ord6276
ord1812
ord1910
ord1686
ord1685
ord1561
ord3079
ord5948
ord1411
ord4313
ord1532
ord4293
ord2342
ord3790
ord6104
ord2682
ord3210
ord786
ord2397
ord788
ord5216
ord4922
ord2039
ord942
ord3322
ord946
ord2415
ord2435
ord2419
ord2425
ord2423
ord2421
ord2438
ord2433
ord2417
ord2440
ord2428
ord2410
ord2412
ord2430
ord2197
ord2191
ord6317
ord3830
ord6319
ord3373
ord4999
ord1371
ord5209
ord1982
ord1671
ord1670
ord1636
ord1609
ord1633
ord5234
ord3974
ord2562
ord2755
ord4275
ord2859
ord5186
ord4338
ord1926
ord2738
ord5105
ord2886
ord6315
ord2565
ord4216
ord2671
ord6365
ord2558
ord320
ord3746
ord3747
ord588
ord3737
ord2669
ord3977
ord4517
ord296
ord3431
ord1592
ord3080
ord5951
ord1610
ord992
ord1412
ord5996
ord5269
ord6081
ord4753
ord5267
ord4311
ord935
ord4061
ord1531
ord940
ord4303
ord944
ord1068
ord776

msvcr80

__clean_type_info_names_internal
__crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__CppXcptFilter
_amsg_exit
_encoded_null
memset
memcpy
_purecall
_wtoi
_wcsdup
wcsrchr
_localtime64_s
free
memcpy_s
malloc
memmove
_wcsicmp
wcschr
realloc
memmove_s
wcscpy_s
wcsstr
wcsncpy_s
wcsncmp
_initterm_e
_initterm
_malloc_crt
?terminate@@YAXXZ
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
__CxxFrameHandler3
_wtol
toupper
towupper
wcscat_s
memcmp

kernel32

SetFilePointer
SetEndOfFile
WriteFile
Sleep
lstrcpyW
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
WideCharToMultiByte
CloseHandle
GetCurrentProcess
GetCurrentThread
lstrlenW
GetFullPathNameW
lstrcpynA
lstrlenA
AreFileApisANSI
MultiByteToWideChar
GetFullPathNameA
GetFileAttributesA
lstrcpynW
FreeLibrary
GetCurrentProcessId
SystemTimeToFileTime
GetTickCount
GetModuleFileNameW
GetVersionExW
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetLastError
SetLastError
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
CreateEventW
ResetEvent
SetEvent
GlobalHandle
LocalFree
LocalAlloc
LoadLibraryExW
GetFileAttributesW
UnhandledExceptionFilter
GetACP
GetLocaleInfoA
GetThreadLocale
GetVersionExA
TerminateProcess

user32

EnableWindow
SetForegroundWindow
LoadStringW
GetWindowRect
GetParent
InvalidateRect
GetNextDlgTabItem
GetClientRect
GetSystemMetrics
IsWindow
SetWindowLongW
GetWindowLongW
PostMessageW
SetRect
SetWindowLongPtrW
GetWindowLongPtrW
MapWindowPoints
GetMessagePos
LoadIconW
SendMessageW
KillTimer
SetTimer

gdi32

DeleteObject
CreateSolidBrush

advapi32

RegEnumKeyExW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegDeleteKeyW
RegDeleteKeyA
RegEnumValueW

shell32

SHGetMalloc
SHGetDesktopFolder

ole32

CoTaskMemFree

Exports

Exports

SetIOCtlExtProc

Sections

.text
Size: 186KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eh64.exe
.exe windows:4 windows x64 arch:x64

756a15a1acbf845b39a6df26f19b2f35

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:e0:4f:a4:a9:82:01:9f:47:05:28:05:4a:6e:88:a3:2a:19:be:27
Signer

Actual PE Digest

09:e0:4f:a4:a9:82:01:9f:47:05:28:05:4a:6e:88:a3:2a:19:be:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

eh64.pdb

Imports

kernel32

UnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetCurrentProcessId
Sleep
QueryPerformanceCounter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetTickCount
GetCurrentProcess
GetVersionExW
RtlCaptureContext
GetSystemTimeAsFileTime
GetCurrentThreadId
SetUnhandledExceptionFilter

advapi32

RegEnumValueW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

ole32

CoCreateInstance
CoUninitialize
CoInitialize

msvcr80

__crt_debugger_hook
_wcsicmp
wcscat_s
memset
wcscpy_s
wcsncpy_s
swprintf_s
wcstoul
wcsrchr
_amsg_exit
__wgetmainargs
__C_specific_handler
_XcptFilter
_exit
_cexit
exit
__winitenv
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_encode_pointer
__set_app_type
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_decode_pointer

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 540B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ehdrv.cat
ehdrv.inf
ehdrv.sys
.sys windows:6 windows x64 arch:x64

7b9016c913d73935e1f65e4519415b3b

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f2:28:49:71:7d:93:9c:bc:8a:e1:cc:8f:03:60:3a:83:d1:97:8a:4d
Signer

Actual PE Digest

f2:28:49:71:7d:93:9c:bc:8a:e1:cc:8f:03:60:3a:83:d1:97:8a:4d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

ehdrv.pdb

Imports

ntoskrnl.exe

ExAllocatePoolWithTag
ProbeForRead
IoDeleteSymbolicLink
ExFreePoolWithTag
KdDebuggerNotPresent
RtlInitUnicodeString
IoDeleteDevice
KeSetEvent
ExGetPreviousMode
ProbeForWrite
MmGetSystemRoutineAddress
KeInitializeEvent
KdDebuggerEnabled
IoGetCurrentProcess
InitSafeBootMode
IofCompleteRequest
IoCreateSymbolicLink
PsGetCurrentProcessId
IoCreateDevice
RtlCreateAcl
RtlValidSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlAddAccessAllowedAce
ZwClose
SeExports
NtSetSecurityObject
ObOpenObjectByPointer
RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
MmSystemRangeStart
wcschr
sprintf
_strnicmp
mbstowcs
RtlAnsiStringToUnicodeString
isspace
qsort
IoBuildSynchronousFsdRequest
ZwQuerySymbolicLinkObject
ZwReadFile
strstr
IoGetRelatedDeviceObject
wcsncpy
RtlInitAnsiString
MmHighestUserAddress
ZwQuerySystemInformation
KeReleaseSpinLock
ZwOpenSymbolicLinkObject
IoFreeMdl
KeUnstackDetachProcess
ZwSetInformationFile
KeDelayExecutionThread
RtlFreeUnicodeString
ObQueryNameString
strncpy
ZwCreateFile
wcsrchr
ZwQueryValueKey
ZwQueryDirectoryFile
_vsnprintf
RtlAppendUnicodeStringToString
isdigit
_purecall
ObReferenceObjectByHandle
KeWaitForSingleObject
IoCreateFileSpecifyDeviceObjectHint
MmProbeAndLockPages
RtlCompareUnicodeString
ZwOpenProcess
MmUnlockPages
ZwQueryInformationProcess
toupper
RtlCopyUnicodeString
MmIsAddressValid
ObfDereferenceObject
ZwOpenFile
wcsncmp
ZwQueryInformationFile
KeWaitForMultipleObjects
ZwWriteFile
KeStackAttachProcess
IoAllocateMdl
IofCallDriver
ZwOpenKey
KeAcquireSpinLockRaiseToDpc
KeBugCheckEx
__C_specific_handler

Sections

.text
Size: 103KB - Virtual size: 102KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 532B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ekrn.exe
.exe windows:4 windows x86 arch:x86

e66368fc4a6b44785619384bfcf922d7

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:fa:54:cb:26:e4:0d:84:4b:97:69:95:f2:2d:c6:df:68:a9:07:de
Signer

Actual PE Digest

0f:fa:54:cb:26:e4:0d:84:4b:97:69:95:f2:2d:c6:df:68:a9:07:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

ekrn.pdb

Imports

ws2_32

connect
WSACleanup
socket
inet_addr
setsockopt
WSASetLastError
__WSAFDIsSet
select
ioctlsocket
send
WSAStartup
WSAGetLastError
recv
gethostname
htons
closesocket
gethostbyaddr
gethostbyname

kernel32

GetLastError
GetShortPathNameW
CreateProcessW
FileTimeToSystemTime
WriteFile
WaitForMultipleObjects
GetVersion
GetModuleFileNameW
AreFileApisANSI
lstrlenA
lstrcpynA
GetFileAttributesW
GetFullPathNameW
lstrlenW
lstrcpynW
GetFileAttributesA
GetFullPathNameA
MultiByteToWideChar
WideCharToMultiByte
ResetEvent
FindResourceW
FindResourceExW
SetFileAttributesW
MoveFileExW
MoveFileW
CreateFileA
LocalFree
FileTimeToLocalFileTime
GetComputerNameA
GetLocalTime
GetACP
ReleaseMutex
OpenFileMappingW
DuplicateHandle
OpenProcess
CreateMutexW
CreateFileMappingW
MapViewOfFile
VirtualAlloc
OpenMutexW
GetLogicalDriveStringsW
GetDriveTypeW
QueryDosDeviceW
LoadResource
LockResource
FreeResource
SizeofResource
LocalAlloc
ReadProcessMemory
ResumeThread
GlobalMemoryStatus
GetModuleHandleA
lstrcmpA
InterlockedExchangeAdd
GetLocaleInfoW
LoadLibraryExW
GetSystemPowerStatus
GetTempPathW
GetLogicalDrives
GetModuleFileNameA
CreateFileMappingA
VirtualProtect
GetFileTime
SetFileTime
SetFilePointer
SetEndOfFile
GetTempFileNameW
FlushFileBuffers
GetFileInformationByHandle
GetDiskFreeSpaceW
GetSystemInfo
VirtualFree
CreateSemaphoreW
ReleaseSemaphore
GetExitCodeProcess
InterlockedExchange
CreateDirectoryW
InterlockedIncrement
GetSystemTimeAsFileTime
GetModuleHandleW
GetCurrentThreadId
LocalFileTimeToFileTime
GetCurrentProcess
GetVersionExW
DeviceIoControl
DeleteFileW
DeleteCriticalSection
CopyFileW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
FindClose
CreateEventW
WaitForSingleObject
ReadFile
FindNextFileW
SystemTimeToFileTime
CompareFileTime
GetFileSize
GetSystemTime
CreateFileW
GetDateFormatW
SetThreadPriority
GetComputerNameW
Sleep
CloseHandle
InterlockedDecrement
GetCurrentThread
FreeLibrary
FindFirstFileW
SetEvent
GetTimeZoneInformation
GetCurrentProcessId
LoadLibraryW
GetProcAddress
CreateThread
GetTickCount
ExpandEnvironmentStringsW
SetLastError
SetErrorMode
GetTimeFormatW
TerminateThread
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
GetVersionExA
InterlockedCompareExchange
GetStartupInfoA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
QueryPerformanceCounter
UnmapViewOfFile

user32

DefWindowProcW
RegisterClassW
UnregisterClassA
CreateWindowExW
KillTimer
wsprintfW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
DestroyIcon
GetIconInfo
GetDC
LoadStringW
PostMessageW
SetTimer
SendMessageW

gdi32

GetObjectW
DeleteDC
DeleteObject
GetDIBits
SelectObject
CreateCompatibleDC

advapi32

GetTokenInformation
RegDeleteKeyW
RegDeleteKeyA
DeleteService
QueryServiceStatus
ControlService
StartServiceCtrlDispatcherW
CreateServiceW
RegisterServiceCtrlHandlerW
SetServiceStatus
CreateProcessAsUserW
LookupAccountSidW
DuplicateTokenEx
EqualSid
RegOpenKeyW
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
GetSidSubAuthority
SetThreadToken
DuplicateToken
OpenProcessToken
OpenThreadToken
CloseServiceHandle
RegEnumKeyW
StartServiceW
RegOpenKeyExW
OpenServiceW
RegQueryInfoKeyW
OpenSCManagerW
RegEnumKeyExW
RegCloseKey
RevertToSelf
FreeSid
RegQueryValueExW
RegCreateKeyExW
SetSecurityDescriptorDacl
RegSetValueExW
RegEnumValueW
RegDeleteValueW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
GetKernelObjectSecurity
SetKernelObjectSecurity
RegOpenKeyA
RegQueryValueExA
RegUnLoadKeyW
RegLoadKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
LookupAccountNameW
AllocateAndInitializeSid

shell32

SHGetMalloc
SHGetDesktopFolder

ole32

CoUninitialize
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

SysAllocString
VariantClear
SysFreeString

msvcp80

??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

msvcr80

?terminate@@YAXXZ
__CxxFrameHandler3
_amsg_exit
__getmainargs
_cexit
_exit
_XcptFilter
_ismbblead
exit
_acmdln
_initterm
_initterm_e
_configthreadlocale
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_decode_pointer
_crt_debugger_hook
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_invoke_watson
_controlfp_s
memcpy
_unlock
memset
_mktime32
_tzset
wcstoul
_scprintf
??1exception@std@@UAE@XZ
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
_invalid_parameter_noinfo
_onexit
_lock
_encode_pointer
__dllonexit
_except_handler4_common
_CxxThrowException
??3@YAXPAX@Z
_time32
srand
_wtoi
_localtime32_s
malloc
realloc
_wcsicmp
free
??_V@YAXPAX@Z
wcsstr
wcschr
wcsrchr
_snwprintf_s
wcsnlen
memmove
_time64
_localtime64_s
_vsnwprintf_s
wcscpy_s
_vsnprintf_s
memcpy_s
??2@YAPAXI@Z
swscanf_s
_wcslwr_s
_i64toa_s
strchr
_atoi64
strstr
_strupr_s
_stricmp
_snprintf_s
sscanf_s
calloc
printf
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
memmove_s
strncmp
_wcsupr_s
wcsncmp
towupper
toupper
tolower
_strnicmp
strcspn
wcscspn
towlower
strcpy_s
strncpy_s
wcsncpy_s
strcat_s
wcscat_s
wcspbrk
_wcsnicmp
qsort
sprintf_s
bsearch
_purecall
isdigit
isspace
isalpha
swprintf_s
vswprintf_s
rand
_recalloc
_wfopen_s
fclose
fgetws
feof
wcsspn
qsort_s
_wstat64
_vscwprintf
wcstol
_gmtime64_s
strftime
_mktime64
_mkgmtime64

Exports

Exports

??4_Init_locks@std@@QAEAAV01@ABV01@@Z

Sections

.text
Size: 612KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 124KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 4KB - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ekrnAmon.dll
.dll windows:4 windows x86 arch:x86

cde0c4c713505c3815c437a8a380b789

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a2:45:e5:ba:81:2b:30:75:06:be:32:94:aa:82:64:d3:99:ef:0a:ce
Signer

Actual PE Digest

a2:45:e5:ba:81:2b:30:75:06:be:32:94:aa:82:64:d3:99:ef:0a:ce

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ekrnAmon.pdb

Imports

kernel32

GetFileAttributesW
GetFullPathNameW
WriteFile
SetEndOfFile
SetFilePointer
GetSystemTimeAsFileTime
VirtualAlloc
lstrcpynA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetThreadPriority
DuplicateHandle
WaitForMultipleObjects
GetModuleFileNameW
LoadLibraryExW
GetCurrentThreadId
QueryPerformanceCounter
UnhandledExceptionFilter
TerminateProcess
InterlockedExchange
lstrlenA
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
SetLastError
GetProcAddress
LoadLibraryW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
ReleaseSemaphore
CreateSemaphoreW
InterlockedIncrement
CreateThread
GetCurrentThread
GetTickCount
InterlockedCompareExchange
InterlockedDecrement
VirtualProtect
VirtualQuery
SetUnhandledExceptionFilter
Sleep
DeviceIoControl
SuspendThread
SetEvent
CreateEventW
DisableThreadLibraryCalls
GetCurrentProcess
CreateFileW
GetLastError
LocalFree
LocalAlloc
QueryDosDeviceW
CloseHandle
TerminateThread
WaitForSingleObject
GetDriveTypeW
GetLogicalDriveStringsW
GetVersionExW
GetCurrentProcessId
ResumeThread
VirtualFree

user32

wsprintfW
LoadStringW

advapi32

DuplicateToken
RegEnumKeyExW
RegCreateKeyExW
RegDeleteValueW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
FreeSid
RegDeleteKeyW
RegDeleteKeyA
RegCloseKey
RegOpenKeyExW
OpenThreadToken
RevertToSelf
SetThreadToken
ControlService
StartServiceW
OpenServiceW
CloseServiceHandle
OpenSCManagerW
QueryServiceConfigW
DuplicateTokenEx

shell32

SHGetMalloc
SHGetDesktopFolder

msvcr80

memcpy
memset
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_wcsupr_s
wcsrchr
??3@YAXPAX@Z
vswprintf_s
swprintf_s
wcsstr
_wcsicmp
wcscat_s
rand
free
malloc
strcpy_s
??2@YAPAXI@Z
_purecall
calloc
srand
_time64
??_V@YAXPAX@Z
??_U@YAPAXI@Z
towupper
_wcsnicmp
realloc
swscanf_s
wcschr
memmove
wcscpy_s
wcsncpy_s
__CxxFrameHandler3
_vsnwprintf_s
memmove_s
memcpy_s
wcsncmp
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit

Exports

Exports

NODIoctl

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ekrnDmon.dll
.dll windows:4 windows x86 arch:x86

bdb6f41caeba14374ef047260d5de6c8

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fb:a9:42:61:74:5f:8e:38:0c:69:0b:9a:04:e6:76:ea:0e:72:2b:58
Signer

Actual PE Digest

fb:a9:42:61:74:5f:8e:38:0c:69:0b:9a:04:e6:76:ea:0e:72:2b:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ekrnDmon.pdb

Imports

kernel32

GetModuleFileNameW
LoadLibraryExW
GetTickCount
WriteFile
SetEndOfFile
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
Sleep
CloseHandle
GetCurrentThread
GetVersionExW
GetLastError
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
GetCurrentProcess
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
lstrcpynA
lstrlenA
GetProcAddress
LoadLibraryW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
DisableThreadLibraryCalls

user32

SetTimer
KillTimer
LoadStringW

advapi32

RegEnumKeyW
RevertToSelf
SetThreadToken
DuplicateToken
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumKeyExW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegDeleteKeyW
RegDeleteKeyA
DuplicateTokenEx

shell32

SHGetMalloc
SHGetDesktopFolder

ole32

CoInitialize
CoCreateInstance
CoUninitialize

msvcr80

memcpy
__CxxFrameHandler3
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
??3@YAXPAX@Z
_vsnwprintf_s
free
malloc
_wcsicmp
wcschr
realloc
swscanf_s
towupper
memmove
memmove_s
memcpy_s
wcsstr
wcsncmp
wcscpy_s
wcsncpy_s
memset
wcscat_s
wcsrchr
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm

Exports

Exports

NODIoctl

Sections

.text
Size: 60KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ekrnEmon.dll
.dll windows:4 windows x86 arch:x86

df85f29af7a2fe0e4fb559409c437ce1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:c9:4b:e7:54:a4:d3:21:30:f3:aa:b4:9a:b6:8c:5e:74:2e:27:7b
Signer

Actual PE Digest

8b:c9:4b:e7:54:a4:d3:21:30:f3:aa:b4:9a:b6:8c:5e:74:2e:27:7b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ekrnEmon.pdb

Imports

kernel32

WriteFile
GetSystemTimeAsFileTime
GetTickCount
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
SetFilePointer
SetEndOfFile
GetCurrentProcess
Sleep
CloseHandle
GetCurrentThread
GetVersionExW
lstrcpynA
lstrlenA
GetLastError
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
GetProcAddress
LoadLibraryW
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
DisableThreadLibraryCalls

user32

LoadStringW

advapi32

RegQueryValueExW
DuplicateTokenEx
RegEnumKeyExW
RegDeleteValueW
RegEnumKeyW
RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
RegDeleteKeyW
RegDeleteKeyA
DuplicateToken
SetThreadToken
RevertToSelf

shell32

SHGetMalloc
SHGetDesktopFolder

msvcr80

memcpy
memset
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
??3@YAXPAX@Z
_wcsicmp
wcschr
free
malloc
realloc
towupper
memmove
memmove_s
memcpy_s
wcsstr
wcsncmp
wcscpy_s
wcsncpy_s
wcscat_s
__CxxFrameHandler3
wcsrchr
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv

Exports

Exports

NODIoctl

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ekrnEpfw.dll
.dll windows:4 windows x86 arch:x86

e90acc740efdec52b870644869b2ff94

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:52:21:e0:a4:b3:46:20:fd:7c:61:3b:46:b1:3d:a5:17:f5:2b:1c
Signer

Actual PE Digest

74:52:21:e0:a4:b3:46:20:fd:7c:61:3b:46:b1:3d:a5:17:f5:2b:1c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ekrnEpfw.pdb

Imports

ws2_32

getpeername
setsockopt
WSAGetLastError
gethostbyaddr
WSAIoctl
recv
send
WSASocketW
getservbyport
ntohs
inet_ntoa
getservbyname
gethostbyname
inet_addr
WSACleanup
socket
WSAStartup
WSAEventSelect
accept
connect
WSASetLastError
listen
bind
htons
htonl
WSAAsyncSelect
ioctlsocket
shutdown
WSARecv
WSASend
closesocket

mpr

WNetGetUserW

crypt32

CertStrToNameW
CertCreateSelfSignCertificate
CertSetCertificateContextProperty
CryptMemFree
CertDeleteCertificateFromStore
CryptDecodeObjectEx
CryptDecodeObject
CryptImportPublicKeyInfo
CertDuplicateCertificateContext
CertGetNameStringW
CryptAcquireCertificatePrivateKey
CertFindCertificateInStore
CryptExportPublicKeyInfo
CryptEncodeObjectEx
CryptSignCertificate
CryptMemAlloc

kernel32

GetVersionExW
LoadLibraryW
GetProcAddress
FreeLibrary
DisableThreadLibraryCalls
WideCharToMultiByte
MultiByteToWideChar
GetFileAttributesW
GetFullPathNameW
lstrlenW
lstrcpynW
GetFileAttributesA
GetFullPathNameA
AreFileApisANSI
lstrlenA
lstrcpynA
GetShortPathNameW
MoveFileW
GetVersion
DeleteFileW
LocalFree
ExpandEnvironmentStringsW
QueryDosDeviceW
GetLogicalDriveStringsW
SetLastError
OpenProcess
GetSystemTime
DuplicateHandle
TerminateThread
SetThreadPriority
GetModuleFileNameW
LoadLibraryExW
GetTempPathW
FindResourceW
GetFileSize
LoadResource
LockResource
GetTempFileNameW
FlushFileBuffers
GetFileInformationByHandle
VirtualAlloc
VirtualFree
VirtualProtect
GetEnvironmentVariableW
FindResourceExW
GetVersionExA
RaiseException
GetProcessHeap
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
CreateFileW
ResetEvent
CopyFileW
WaitForMultipleObjects
CreateIoCompletionPort
GetModuleHandleW
SetFilePointer
GetDiskFreeSpaceW
GetCurrentThreadId
Sleep
GetTickCount
DeleteCriticalSection
CancelIo
WriteFileEx
SetEndOfFile
WaitForSingleObjectEx
GetCurrentThread
GetSystemTimeAsFileTime
CreateThread
SetEvent
WaitForSingleObject
InterlockedDecrement
InterlockedIncrement
CloseHandle
CreateEventW
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
DeviceIoControl
WriteFile
GetExitCodeProcess
CreateProcessW
GetCurrentProcessId
GetCurrentProcess
ReadFile
GetQueuedCompletionStatus
PostQueuedCompletionStatus
GetSystemInfo
SizeofResource
GetLastError
LocalAlloc

user32

CreateWindowExW
UnregisterClassA
RegisterClassW
DestroyWindow
UnregisterClassW
PostMessageW
LoadStringW
DefWindowProcW

advapi32

RegDeleteKeyA
CryptExportKey
CryptGetProvParam
CryptGetKeyParam
CryptGenRandom
CryptGetHashParam
CryptDecrypt
CryptEncrypt
CryptSetKeyParam
CryptImportKey
CryptSetHashParam
CryptDestroyHash
CryptVerifySignatureW
CryptHashData
CryptCreateHash
ChangeServiceConfigW
QueryServiceConfigW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
QueryServiceStatus
ControlService
StartServiceW
DuplicateTokenEx
SetThreadToken
DuplicateToken
LookupAccountSidW
CryptReleaseContext
CryptDestroyKey
CryptGenKey
CryptAcquireContextW
RegQueryInfoKeyW
RegDeleteValueW
RegEnumKeyW
RegCreateKeyExW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegDeleteKeyW
RegEnumKeyExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RevertToSelf
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenThreadToken
ImpersonateSelf

shell32

SHGetMalloc
SHGetDesktopFolder

ole32

CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitialize

msvcr80

__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_crt_debugger_hook
rand_s
_vscwprintf
atoi
vsprintf_s
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
?terminate@@YAXXZ
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
memset
__CxxFrameHandler3
memcpy
_CxxThrowException
_mkgmtime64
_gmtime64_s
_purecall
??3@YAXPAX@Z
_aligned_malloc
_aligned_free
??2@YAPAXI@Z
memmove
_snwprintf_s
_wcsupr_s
??_U@YAPAXI@Z
??_V@YAXPAX@Z
free
malloc
_time32
memcpy_s
_wcsdup
wcsrchr
wcsncmp
_time64
_localtime64_s
wcscat_s
swprintf_s
bsearch
_wcsnicmp
_wcsicmp
wcschr
_wcstoui64
_i64tow_s
_stricmp
realloc
_wcslwr_s
towupper
swscanf_s
strchr
memmove_s
_snprintf_s
strncmp
sscanf_s
wcsstr
strstr
toupper
strcpy_s
tolower
strncpy_s
_strnicmp
wcscpy_s
strcspn
wcsncpy_s
wcscspn
strcat_s
towlower
strpbrk
_vsnprintf_s
_wtol
wcstoul
calloc
strtoul
isdigit
sprintf_s
qsort
vswprintf_s
rand
srand
memchr
strrchr
_itoa_s

msvcp80

??Y?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??4?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV01@PBD@Z
??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ

Exports

Exports

NODIoctl

Sections

.text
Size: 408KB - Virtual size: 406KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ekrnMailPlugins.dll
.dll windows:4 windows x86 arch:x86

fe736b98f1936938f348d7fba58371a0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

40:26:f0:e8:0d:86:d3:6e:82:7e:92:59:95:1e:47:e8:c7:54:3b:c0
Signer

Actual PE Digest

40:26:f0:e8:0d:86:d3:6e:82:7e:92:59:95:1e:47:e8:c7:54:3b:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ekrnMailPlugins.pdb

Imports

kernel32

GetWindowsDirectoryW
GetShortPathNameW
GetVersionExW
LocalAlloc
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
SetThreadPriority
GetCurrentThread
InitializeCriticalSection
SetEvent
CreateEventW
CreateThread
DuplicateHandle
WaitForMultipleObjects
DeleteCriticalSection
GetModuleFileNameW
LoadLibraryExW
WriteFile
SetEndOfFile
SetFilePointer
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
LocalFree
DeleteFileW
lstrcpynA
lstrlenA
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcess
OpenProcess
Sleep
FindClose
FindFirstFileW
FreeLibrary
GetProcAddress
LoadLibraryW
UnmapViewOfFile
CloseHandle
TerminateProcess
WaitForSingleObject
GetTickCount
CreateProcessW
GetSystemDirectoryW
MapViewOfFile
GetLastError
CreateFileMappingW
GetCurrentProcessId
GetCurrentThreadId
DisableThreadLibraryCalls
TerminateThread

user32

LoadStringW

advapi32

RegDeleteValueW
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
GetTokenInformation
RegEnumKeyExW
RegOpenKeyExW
SetSecurityDescriptorDacl
RegEnumValueW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyA
CreateProcessAsUserW
DuplicateTokenEx
OpenProcessToken

shell32

SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc

msvcr80

__CxxFrameHandler3
memset
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
??3@YAXPAX@Z
wcscpy_s
malloc
free
??2@YAPAXI@Z
_wcsicmp
wcschr
realloc
towupper
memmove
wcsstr
wcsncmp
wcsncpy_s
wcscat_s
_vsnwprintf_s
memcpy
memmove_s
memcpy_s
wcsrchr
rand
srand
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer

Exports

Exports

NODIoctl

Sections

.text
Size: 72KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ekrnScan.dll
.dll windows:4 windows x86 arch:x86

a06c4bfc2f2b48c62cf2ea33bb514b5c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b6:d9:e2:69:38:4f:93:72:02:27:67:ba:02:70:21:11:1c:ff:4a:11
Signer

Actual PE Digest

b6:d9:e2:69:38:4f:93:72:02:27:67:ba:02:70:21:11:1c:ff:4a:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ekrnScan.pdb

Imports

kernel32

GetVersionExW
Sleep
FindFirstFileW
FindNextFileW
FindClose
CreateFileW
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
DeleteFileW
FlushFileBuffers
GetFileTime
GetSystemTimeAsFileTime
DeviceIoControl
lstrcpynW
GetLogicalDriveStringsW
GetDriveTypeW
FindResourceW
GetModuleFileNameW
LoadLibraryExW
GetCurrentProcessId
GetCurrentThreadId
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
lstrcpynA
lstrlenA
GetLastError
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
GetModuleHandleW
GetProcAddress
LoadLibraryW
GetCurrentProcess
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
TerminateThread
GetCurrentThread
ResumeThread
GetTickCount
SuspendThread
CreateDirectoryW
TryEnterCriticalSection
CloseHandle
SetThreadPriority
SystemTimeToFileTime
GetThreadPriority
InterlockedDecrement
GetSystemTime
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CreateThread
DisableThreadLibraryCalls
GetVersion

user32

KillTimer
LoadStringW
SetTimer

advapi32

GetTokenInformation
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegEnumKeyW
RevertToSelf
EqualSid
AllocateAndInitializeSid
OpenProcessToken
FreeSid
RegDeleteKeyW
RegDeleteKeyA
SetThreadToken
DuplicateToken
OpenThreadToken

shell32

SHGetDesktopFolder
SHGetMalloc

msvcr80

memcpy
memset
__clean_type_info_names_internal
_except_handler4_common
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
??3@YAXPAX@Z
realloc
malloc
_wcsicmp
free
??_U@YAPAXI@Z
??_V@YAXPAX@Z
srand
_time32
wcschr
_snwprintf_s
swprintf_s
memmove
vswprintf_s
wcsncpy_s
??2@YAPAXI@Z
_wcsupr_s
_wcsnicmp
towupper
_wcslwr_s
wcscat_s
memmove_s
memcpy_s
__CxxFrameHandler3
wcsstr
wcsncmp
wcscpy_s
wcsrchr
rand
calloc
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit

Exports

Exports

NODIoctl

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ekrnUpdate.dll
.dll windows:4 windows x86 arch:x86

75f242fce4c2584c25384dbd298dddb6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:2a:46:e6:0c:bb:3e:b7:f7:09:60:a6:cd:af:27:90:c0:f0:bd:2c
Signer

Actual PE Digest

54:2a:46:e6:0c:bb:3e:b7:f7:09:60:a6:cd:af:27:90:c0:f0:bd:2c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ekrnUpdate.pdb

Imports

kernel32

SetFileAttributesW
GetFileInformationByHandle
CreateFileW
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
GetFileSize
DeleteFileW
MoveFileW
CopyFileW
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateThread
MoveFileExW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
LocalFree
RemoveDirectoryW
LoadLibraryExW
QueryPerformanceCounter
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
InterlockedCompareExchange
InterlockedExchange
GetShortPathNameW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
Sleep
GetTickCount
GetSystemTimeAsFileTime
lstrcpynA
lstrlenA
GetLastError
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
GetCurrentProcess
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
SetEvent
GetProcAddress
LoadLibraryW
WaitForSingleObject
ResetEvent
GetCurrentThread
SetThreadPriority
GetModuleFileNameW
CloseHandle
CreateEventW
GetVersionExW
GetCurrentThreadId
GetWindowsDirectoryW

user32

DispatchMessageW
TranslateMessage
PeekMessageW
LoadStringW

advapi32

RegQueryValueExW
RegDeleteValueW
RegSetValueExW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegEnumKeyExW
RegOpenKeyExW
RegCloseKey
RegCreateKeyExW
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken
RegDeleteKeyW
RegDeleteKeyA
RegEnumValueW
RegEnumKeyW
RegUnLoadKeyW
RegLoadKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
DuplicateToken
SetThreadToken
RevertToSelf

shell32

SHGetMalloc
SHGetDesktopFolder

msvcr80

memmove_s
memcpy
memset
__clean_type_info_names_internal
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?terminate@@YAXXZ
_except_handler4_common
_crt_debugger_hook
__CppXcptFilter
_adjust_fdiv
_time64
??3@YAXPAX@Z
_wcsicmp
calloc
qsort
??_V@YAXPAX@Z
vswprintf_s
free
bsearch
??_U@YAPAXI@Z
sprintf_s
malloc
wcsrchr
wcschr
swprintf_s
wcsstr
wcsncmp
strstr
strcpy_s
_snwprintf_s
strncpy_s
towupper
wcscpy_s
wcsncpy_s
strcat_s
memmove
wcscat_s
wcspbrk
__CxxFrameHandler3
memcpy_s
realloc
??2@YAPAXI@Z
_purecall
isdigit
isspace
isalpha
_mkgmtime64
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_malloc_crt
_encoded_null
_initterm
_initterm_e
_amsg_exit

Exports

Exports

NODIoctl

Sections

.text
Size: 200KB - Virtual size: 198KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
epfwtdir.cat
epfwtdir.inf
epfwwfpr.cat
eplgHooks.dll
.dll windows:4 windows x64 arch:x64

7c3c0c212571bf880848245d7b4fe725

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

49:e1:e6:87:34:70:1c:b8:b8:31:0c:87:48:61:93:44:32:68:5f:e8
Signer

Actual PE Digest

49:e1:e6:87:34:70:1c:b8:b8:31:0c:87:48:61:93:44:32:68:5f:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eplgHooks.pdb

Imports

kernel32

GetLastError
SetErrorMode
GetModuleFileNameW
LoadLibraryW
GetProcAddress
DisableThreadLibraryCalls
GetCommandLineW

user32

SetWindowsHookExW
UnhookWindowsHookEx
CallNextHookEx

Exports

Exports

InstallHooks
UninstallHooks

Sections

.text
Size: 1024B - Virtual size: 868B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 774B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
eplgOE.dll
.dll windows:4 windows x86 arch:x86

c18b3f06adceb3a8bb2b71e3495afb65

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:bd:04:37:a2:2b:af:15:0f:6a:dc:55:00:f7:ac:28:d2:d0:2d:44
Signer

Actual PE Digest

2a:bd:04:37:a2:2b:af:15:0f:6a:dc:55:00:f7:ac:28:d2:d0:2d:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

eplgOE.pdb

Imports

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
ImageList_GetIconSize

kernel32

CreateFileA
GetFileAttributesA
FindFirstFileA
GetVersion
DeleteFileW
LocalFree
FindClose
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
TerminateThread
ResetEvent
CreateEventW
SetEvent
InitializeCriticalSection
DeleteCriticalSection
CreateMutexW
CreateFileMappingW
VirtualAlloc
ReleaseMutex
InterlockedIncrement
WaitForMultipleObjects
DuplicateHandle
OpenMutexW
FindResourceW
LocalAlloc
GetModuleHandleA
lstrcmpA
lstrlenA
GetSystemTimeAsFileTime
SetThreadPriority
GetCurrentThread
LoadLibraryExW
GetTickCount
GetTimeZoneInformation
FileTimeToSystemTime
GetTempFileNameW
FlushFileBuffers
GetFileInformationByHandle
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
IsBadStringPtrA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
lstrcpynA
GetFullPathNameW
lstrlenW
lstrcpynW
GetFullPathNameA
AreFileApisANSI
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
RtlUnwind
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
RaiseException
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapDestroy
VirtualFree
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
SetUnhandledExceptionFilter
InterlockedDecrement
MoveFileW
GetFileAttributesW
CopyFileW
CreateDirectoryW
CreateFileW
GetCurrentThreadId
VirtualProtect
GetCurrentProcessId
CreateThread
SetLastError
GetTempPathW
LoadLibraryW
SetErrorMode
DisableThreadLibraryCalls
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetProcAddress
GetModuleHandleW
CloseHandle
VirtualFreeEx
ReadProcessMemory
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
GetCurrentProcess
VirtualAllocEx
GetLastError
OpenProcess
Sleep
FreeLibrary
GetModuleFileNameW
UnhandledExceptionFilter
TerminateProcess
GetProcessHeap
GetVersionExA
GetCommandLineA
HeapReAlloc
HeapFree
HeapAlloc
DeleteFileA
FindNextFileA
FileTimeToLocalFileTime

user32

GetClassNameW
PostMessageW
GetWindowThreadProcessId
FindWindowW
TrackPopupMenuEx
SendMessageW
IsDlgButtonChecked
CheckDlgButton
CheckRadioButton
DialogBoxParamW
EndDialog
SetWindowPos
GetDesktopWindow
SetWindowTextW
GetDlgItem
MsgWaitForMultipleObjects
UnhookWindowsHookEx
GetMenuItemID
KillTimer
IsMenu
PostThreadMessageW
MapWindowPoints
DestroyMenu
TrackPopupMenu
CreatePopupMenu
SetTimer
CallWindowProcW
GetClientRect
EnumChildWindows
SetWindowsHookExW
GetMenuItemInfoW
GetMenuItemCount
InsertMenuItemW
AppendMenuW
MessageBoxW
LoadStringW
DestroyWindow
DispatchMessageW
TranslateMessage
PeekMessageW
LoadImageW
FindWindowExW
CreateWindowExW
GetWindowRect
IsWindow
CallNextHookEx
SetWindowLongW

gdi32

DeleteObject
GetObjectW

advapi32

RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteKeyA
EqualSid
RegQueryValueExA
RegOpenKeyA
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
FreeSid
RegDeleteKeyW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW

shell32

SHGetMalloc
ShellExecuteExW
ord680
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetPathFromIDListW

ole32

CoUninitialize
CoTaskMemFree
PropVariantClear
CoInitializeEx

Exports

Exports

CallFncW
GetAddresses
InitEplgOE
InjectDll

Sections

.text
Size: 232KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eplgOE.dll_1
.dll windows:4 windows x64 arch:x64

904454e05c86c474719108727bba248c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c6:db:80:86:dd:09:3f:96:4c:a1:cf:f7:d1:fb:8e:6c:47:47:5c
Signer

Actual PE Digest

09:c6:db:80:86:dd:09:3f:96:4c:a1:cf:f7:d1:fb:8e:6c:47:47:5c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eplgOE.pdb

Imports

comctl32

ImageList_Add
ImageList_Create
ImageList_Destroy
ImageList_GetIconSize

kernel32

CreateDirectoryW
CopyFileW
GetFileAttributesW
MoveFileW
CreateFileA
GetFileAttributesA
GetVersionExW
LeaveCriticalSection
TerminateThread
ResetEvent
CreateEventW
SetEvent
EnterCriticalSection
WaitForMultipleObjects
DuplicateHandle
GetCurrentProcess
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
OpenMutexW
FindResourceW
LocalAlloc
GetModuleHandleA
lstrcmpA
lstrlenA
GetSystemTimeAsFileTime
SetThreadPriority
GetCurrentThread
GetTimeZoneInformation
LoadLibraryExW
GetTickCount
FileTimeToSystemTime
GetTempFileNameW
FlushFileBuffers
GetFileInformationByHandle
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
LocalFree
CreateFileW
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetFullPathNameW
lstrlenW
lstrcpynW
GetFullPathNameA
AreFileApisANSI
lstrcpynA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
SetEnvironmentVariableA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapDestroy
HeapCreate
HeapSetInformation
GetModuleFileNameA
GetStdHandle
RtlPcToFileHeader
RaiseException
RtlUnwindEx
ExitProcess
HeapSize
FlsAlloc
TlsSetValue
FlsFree
TlsFree
IsBadStringPtrA
FindClose
GetVersion
DeleteFileW
FindFirstFileA
GetCurrentThreadId
VirtualProtect
GetCurrentProcessId
CreateThread
SetLastError
GetTempPathW
LoadLibraryW
SetErrorMode
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetProcAddress
GetModuleHandleW
CloseHandle
VirtualFreeEx
ReadProcessMemory
WaitForSingleObject
CreateRemoteThread
WriteProcessMemory
VirtualAllocEx
GetLastError
OpenProcess
Sleep
FreeLibrary
GetModuleFileNameW
DisableThreadLibraryCalls
FlsGetValue
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetProcessHeap
GetVersionExA
GetCommandLineA
FlsSetValue
HeapReAlloc
HeapFree
FileTimeToLocalFileTime
FindNextFileA
DeleteFileA
HeapAlloc

user32

IsMenu
TrackPopupMenuEx
GetWindowThreadProcessId
FindWindowW
SetTimer
KillTimer
IsDlgButtonChecked
CheckDlgButton
CheckRadioButton
GetDlgItem
DialogBoxParamW
EndDialog
SetWindowPos
GetDesktopWindow
SetWindowTextW
MsgWaitForMultipleObjects
MapWindowPoints
DestroyMenu
TrackPopupMenu
CreatePopupMenu
EnumChildWindows
CallWindowProcW
GetClientRect
PostThreadMessageW
SetWindowsHookExW
GetMenuItemInfoW
GetMenuItemCount
InsertMenuItemW
AppendMenuW
MessageBoxW
LoadStringW
DestroyWindow
DispatchMessageW
TranslateMessage
PeekMessageW
LoadImageW
FindWindowExW
CreateWindowExW
GetWindowRect
IsWindow
CallNextHookEx
SetWindowLongPtrW
SendMessageW
GetClassNameW
PostMessageW
UnhookWindowsHookEx
GetMenuItemID

gdi32

DeleteObject
GetObjectW

advapi32

RegDeleteKeyA
EqualSid
RegQueryValueExA
RegOpenKeyA
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegDeleteKeyW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

shell32

SHGetPathFromIDListA
ShellExecuteExW
ord680
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetMalloc

ole32

CoInitializeEx
CoUninitialize
CoTaskMemFree
PropVariantClear

Exports

Exports

CallFncW
GetAddresses
InitEplgOE
InjectDll

Sections

.text
Size: 284KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eplgOEEmon.dll
.dll windows:4 windows x64 arch:x64

805391c74244e111b567718a2e70a3da

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ca:67:6c:1e:fb:e0:94:5e:7e:2d:10:b2:14:d5:88:25:a2:be:1a:0d
Signer

Actual PE Digest

ca:67:6c:1e:fb:e0:94:5e:7e:2d:10:b2:14:d5:88:25:a2:be:1a:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eplgOEEmon.pdb

Imports

kernel32

CreateFileW
CloseHandle
CreateFileA
GetVersionExW
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
ResetEvent
CreateEventW
SetEvent
DeleteCriticalSection
VirtualAlloc
WaitForMultipleObjects
GetCurrentProcess
InitializeCriticalSection
GetModuleHandleA
GetSystemTimeAsFileTime
GetModuleFileNameW
LoadLibraryExW
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
GetTempPathW
GetTempFileNameW
FlushFileBuffers
VirtualFree
GetCommandLineW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryA
GetCurrentProcessId
Sleep
GetFileSize
DeleteFileW
SetErrorMode
GetFileAttributesW
lstrcpynA
lstrlenA
GetLastError
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetProcAddress
LoadLibraryW
FreeLibrary
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
DisableThreadLibraryCalls
GetCurrentThreadId
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
HeapAlloc
HeapFree
HeapReAlloc
FlsSetValue
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
TlsFree
FlsFree
TlsSetValue
FlsAlloc
RtlUnwindEx
HeapSize
ExitProcess
RaiseException
RtlPcToFileHeader
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA

user32

LoadStringW
MessageBoxW
PeekMessageW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage

advapi32

RegOpenKeyExW
EqualSid
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegEnumKeyW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyA
RegCloseKey
RegQueryValueExW

shell32

SHGetPathFromIDListW
SHGetMalloc
SHGetPathFromIDListA
ord680
ShellExecuteExW
SHGetDesktopFolder

ole32

CoUninitialize
CoInitializeEx

Exports

Exports

GetActionsTable
GetNewActionsTable

Sections

.text
Size: 180KB - Virtual size: 179KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eplgOEEmon.dll_1
.dll windows:4 windows x86 arch:x86

ba57c9421103fc524f914e8d3caf47af

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:a4:15:d7:49:dd:e8:53:74:f4:35:6d:74:e1:be:6f:01:c3:66:95
Signer

Actual PE Digest

0f:a4:15:d7:49:dd:e8:53:74:f4:35:6d:74:e1:be:6f:01:c3:66:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

eplgOEEmon.pdb

Imports

kernel32

CloseHandle
CreateFileA
SetErrorMode
GetVersionExW
CreateEventW
SetEvent
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
ResetEvent
VirtualAlloc
InterlockedIncrement
InitializeCriticalSection
DeleteCriticalSection
GetModuleHandleA
GetSystemTimeAsFileTime
CreateFileW
GetModuleFileNameW
LoadLibraryExW
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
GetTempPathW
GetTempFileNameW
FlushFileBuffers
VirtualFree
InterlockedDecrement
GetCommandLineW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryA
Sleep
GetFileSize
DeleteFileW
lstrcpynA
lstrlenA
GetLastError
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
GetProcAddress
LoadLibraryW
FreeLibrary
GetTickCount
MultiByteToWideChar
WideCharToMultiByte
DisableThreadLibraryCalls
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
RtlUnwind
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
ExitProcess
RaiseException
HeapDestroy
HeapCreate
GetStdHandle
GetModuleFileNameA
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings

user32

LoadStringW
MessageBoxW
PeekMessageW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage

advapi32

FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegEnumKeyW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteKeyA
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
EqualSid

shell32

SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListA
ord680
ShellExecuteExW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitializeEx

Exports

Exports

GetActionsTable
GetNewActionsTable

Sections

.text
Size: 132KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eplgOutlook.dll
.dll windows:4 windows x86 arch:x86

c5eb7bebe3022d11b2cc8fbc103a4617

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

93:6f:81:16:10:c0:92:7e:ec:3d:8e:84:07:75:d5:cd:f6:5b:2a:32
Signer

Actual PE Digest

93:6f:81:16:10:c0:92:7e:ec:3d:8e:84:07:75:d5:cd:f6:5b:2a:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

eplgOutlook.pdb

Imports

kernel32

CreateFileA
LocalFree
Sleep
CreateFileW
GetVersionExW
SetEvent
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
TerminateThread
ResetEvent
CreateEventW
CreateThread
InitializeCriticalSection
DeleteCriticalSection
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
MapViewOfFile
VirtualAlloc
ReleaseMutex
OpenFileMappingW
WaitForMultipleObjects
DuplicateHandle
OpenMutexW
FindResourceW
LocalAlloc
lstrcmpA
GetSystemTimeAsFileTime
SetThreadPriority
GetCurrentThread
GetTimeZoneInformation
LoadLibraryExW
FlushFileBuffers
WriteFile
SetEndOfFile
SetFilePointer
GlobalSize
HeapFree
GetProcessHeap
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
GetLocaleInfoA
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetEnvironmentVariableA
SetHandleCount
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
CreateDirectoryW
CloseHandle
lstrcpynA
lstrlenA
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
GetFullPathNameW
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
FileTimeToSystemTime
GetTempPathW
GetCurrentThreadId
GlobalFree
GlobalUnlock
GlobalLock
GetCurrentProcess
DisableThreadLibraryCalls
InterlockedDecrement
InterlockedIncrement
OutputDebugStringA
LoadLibraryW
GetLastError
GetModuleHandleW
GetModuleHandleA
SetLastError
SetErrorMode
GetFileAttributesW
GetModuleFileNameW
GetVersion
GetTickCount
FreeLibrary
GetProcAddress
VirtualFree
HeapCreate
HeapDestroy
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RaiseException
RtlUnwind
GetVersionExA
GetCommandLineA
HeapReAlloc
HeapAlloc

user32

ReleaseDC
FindWindowExW
GetWindowLongW
GetDC
EnumChildWindows
IsDlgButtonChecked
CheckDlgButton
CheckRadioButton
EndDialog
SetWindowPos
GetWindowRect
GetDesktopWindow
SetWindowTextW
GetDlgItem
GetClipboardData
CloseClipboard
OpenClipboard
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
LoadImageW
KillTimer
SendMessageW
SetTimer
MessageBoxW
EnumClipboardFormats
CountClipboardFormats
LoadStringW
GetSysColor
SetClipboardData
EmptyClipboard
DialogBoxParamW

gdi32

DeleteObject
GetObjectW
CreateBitmap
DeleteDC
GetDIBColorTable
SelectObject
CreateCompatibleDC
CreateDIBSection

advapi32

RegQueryValueExA
RegOpenKeyA
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyA
EqualSid

shell32

ord680
SHGetPathFromIDListW
SHGetMalloc
SHGetPathFromIDListA
SHGetDesktopFolder
ShellExecuteExW

ole32

CoInitializeEx
CoUninitialize
WriteClassStg
StgCreateDocfile

oleaut32

VariantInit
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantChangeType
VariantClear
VariantCopy
OleCreatePictureIndirect

Exports

Exports

DllCanUnloadNow
DllGetClassObject
ExchEntryPoint

Sections

.text
Size: 200KB - Virtual size: 196KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eplgOutlook.dll_1
.dll windows:4 windows x64 arch:x64

8b70fb2c61abec8fafdec3c2c4d5ddc0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fc:e1:46:a2:a1:54:68:67:6d:95:94:bc:cd:c6:37:cd:b5:d0:67:f0
Signer

Actual PE Digest

fc:e1:46:a2:a1:54:68:67:6d:95:94:bc:cd:c6:37:cd:b5:d0:67:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eplgOutlook.pdb

Imports

kernel32

GetVersion
LocalFree
Sleep
CreateFileW
CloseHandle
CreateDirectoryW
GetVersionExW
CreateThread
SetEvent
GetCurrentProcessId
EnterCriticalSection
LeaveCriticalSection
WaitForSingleObject
TerminateThread
ResetEvent
CreateEventW
InitializeCriticalSection
DeleteCriticalSection
UnmapViewOfFile
MapViewOfFile
ReleaseMutex
OpenFileMappingW
WaitForMultipleObjects
DuplicateHandle
GetCurrentProcess
OpenMutexW
FindResourceW
LocalAlloc
GetModuleHandleA
lstrcmpA
GetSystemTimeAsFileTime
SetThreadPriority
GetCurrentThread
GetTimeZoneInformation
LoadLibraryExW
WriteFile
SetEndOfFile
SetFilePointer
FlushFileBuffers
GlobalSize
HeapFree
GetProcessHeap
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
SetEnvironmentVariableA
LCMapStringW
LCMapStringA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapDestroy
CreateFileA
lstrcpynW
lstrlenW
GetFullPathNameW
GetFileAttributesW
lstrcpynA
lstrlenA
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
MultiByteToWideChar
WideCharToMultiByte
GlobalLock
GlobalAlloc
FileTimeToSystemTime
GetTempPathW
GetCurrentThreadId
GlobalFree
GlobalUnlock
DisableThreadLibraryCalls
QueryActCtxW
GetModuleHandleExW
CreateActCtxW
FindActCtxSectionStringW
GetTickCount
ActivateActCtx
LoadLibraryW
GetLastError
DeactivateActCtx
FreeLibrary
SetLastError
GetProcAddress
SetErrorMode
GetModuleFileNameW
OutputDebugStringA
HeapCreate
HeapSetInformation
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapSize
FlsAlloc
TlsSetValue
FlsFree
TlsFree
FlsGetValue
RtlCaptureContext
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
RtlPcToFileHeader
RaiseException
RtlUnwindEx
RtlLookupFunctionEntry
GetVersionExA
GetCommandLineA
FlsSetValue
HeapReAlloc
HeapAlloc

user32

EnumChildWindows
ReleaseDC
FindWindowExW
GetWindowLongPtrW
EmptyClipboard
IsDlgButtonChecked
CheckDlgButton
CheckRadioButton
EndDialog
SetWindowPos
GetWindowRect
GetDesktopWindow
GetDlgItem
DialogBoxParamW
GetClipboardData
CloseClipboard
OpenClipboard
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
GetDC
LoadImageW
KillTimer
SetTimer
SendMessageW
MessageBoxW
EnumClipboardFormats
CountClipboardFormats
LoadStringW
GetSysColor
SetClipboardData
SetWindowTextW

gdi32

DeleteObject
GetObjectW
CreateBitmap
DeleteDC
GetDIBColorTable
SelectObject
CreateCompatibleDC
CreateDIBSection

advapi32

RegQueryValueExA
RegOpenKeyA
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegDeleteValueW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyA
EqualSid

shell32

ord680
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetMalloc
ShellExecuteExW

ole32

CoInitializeEx
CoUninitialize
WriteClassStg
StgCreateDocfile

oleaut32

VariantChangeType
VariantClear
OleCreatePictureIndirect
VariantCopy
VariantInit
SysFreeString
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
ExchEntryPoint

Sections

.text
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eplgOutlookEmon.dll
.dll windows:4 windows x86 arch:x86

ba5e23e9c3bb373fdee4e9fb04323902

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:22:d6:7a:75:5f:2a:98:5b:00:72:71:b2:b7:ee:29:0f:13:9b:b6
Signer

Actual PE Digest

78:22:d6:7a:75:5f:2a:98:5b:00:72:71:b2:b7:ee:29:0f:13:9b:b6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

eplgOutlookEmon.pdb

Imports

mapi32

ord183
ord136
ord17
ord135
ord140
ord13
ord15
ord59
ord198
ord185

kernel32

AreFileApisANSI
GetLastError
Sleep
CreateFileW
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
GetFileSize
CloseHandle
DeleteFileW
GetTempPathW
GetTempFileNameW
FlushFileBuffers
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
GetFullPathNameA
GetVersionExW
InterlockedIncrement
GetModuleHandleA
GetTickCount
GetModuleFileNameW
LoadLibraryExW
HeapFree
GetProcessHeap
GetCPInfo
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
GetFileAttributesA
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
lstrcpynA
lstrlenA
GetProcAddress
LoadLibraryW
FreeLibrary
WideCharToMultiByte
DisableThreadLibraryCalls
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId
GetACP
FileTimeToSystemTime
MultiByteToWideChar
InterlockedDecrement
GetDateFormatW
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapDestroy
HeapCreate
ExitProcess
CreateFileA
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
HeapSize
GetModuleFileNameA
HeapAlloc
HeapReAlloc
GetCommandLineA
GetVersionExA
RtlUnwind
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStdHandle

user32

LoadStringW
MessageBoxW

advapi32

FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegEnumKeyW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyA
EqualSid

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
ord680
ShellExecuteExW
SHGetPathFromIDListA
SHGetMalloc

ole32

StgOpenStorage

oleaut32

SysFreeString
SysStringByteLen
SysAllocStringByteLen
SysAllocString
VariantChangeType
VariantClear
SysAllocStringLen
SafeArrayDestroy
SafeArrayCreateVector
VariantInit

Exports

Exports

GetActionsTable
GetNewActionsTable

Sections

.text
Size: 128KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eplgOutlookEmon.dll_1
.dll windows:4 windows x64 arch:x64

d9dbdf40a277462a8f984c14553c900a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f6:cf:46:35:37:67:1c:53:89:63:7b:5e:5d:12:c8:39:79:da:ee:44
Signer

Actual PE Digest

f6:cf:46:35:37:67:1c:53:89:63:7b:5e:5d:12:c8:39:79:da:ee:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

eplgOutlookEmon.pdb

Imports

mapi32

ord17
ord135
ord140
ord13
ord15
ord59
ord198
ord185
ord136
ord183

kernel32

Sleep
FlushFileBuffers
CreateFileW
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
GetFileSize
CloseHandle
DeleteFileW
GetTempPathW
GetTempFileNameW
GetSystemTimeAsFileTime
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
lstrcpynA
CreateFileA
GetVersionExW
GetCurrentProcess
GetModuleHandleA
GetTickCount
GetModuleFileNameW
LoadLibraryExW
HeapFree
GetProcessHeap
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LoadLibraryA
IsValidCodePage
GetConsoleMode
lstrlenA
GetLastError
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
GetProcAddress
LoadLibraryW
FreeLibrary
WideCharToMultiByte
DisableThreadLibraryCalls
GetCurrentThreadId
GetCurrentProcessId
MultiByteToWideChar
GetDateFormatW
GetACP
FileTimeToSystemTime
FlsGetValue
TlsFree
FlsFree
TlsSetValue
FlsAlloc
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSetInformation
GetConsoleCP
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
HeapSize
HeapDestroy
HeapAlloc
HeapReAlloc
FlsSetValue
GetCommandLineA
GetVersionExA
RtlLookupFunctionEntry
RtlUnwindEx
RaiseException
RtlPcToFileHeader
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetOEMCP
HeapCreate

user32

LoadStringW
MessageBoxW

advapi32

EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
FreeSid
RegEnumKeyW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyA

shell32

SHGetDesktopFolder
SHGetPathFromIDListW
ord680
ShellExecuteExW
SHGetPathFromIDListA
SHGetMalloc

ole32

StgOpenStorage

oleaut32

SysAllocStringByteLen
SysAllocString
VariantChangeType
VariantClear
SysAllocStringLen
SafeArrayDestroy
SafeArrayCreateVector
VariantInit
SysFreeString
SysStringByteLen

Exports

Exports

GetActionsTable
GetNewActionsTable

Sections

.text
Size: 171KB - Virtual size: 171KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eplgTb.dll
.dll windows:4 windows x86 arch:x86

e58755ae47d8703a270ae1ac1d5cc39d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:98:89:3d:7b:57:9f:e9:25:65:71:c6:f9:f8:38:34:a2:94:e6:06
Signer

Actual PE Digest

e7:98:89:3d:7b:57:9f:e9:25:65:71:c6:f9:f8:38:34:a2:94:e6:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

eplgTb.pdb

Imports

kernel32

SetEvent
EnterCriticalSection
LeaveCriticalSection
TerminateThread
ResetEvent
InitializeCriticalSection
DeleteCriticalSection
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
MapViewOfFile
VirtualAlloc
ReleaseMutex
OpenFileMappingW
InterlockedIncrement
WaitForMultipleObjects
DuplicateHandle
OpenMutexW
SetLastError
FindResourceW
LoadResource
LockResource
FreeResource
SizeofResource
LocalAlloc
GetModuleHandleA
GetProcAddress
lstrcmpA
lstrlenA
GetSystemTimeAsFileTime
SetThreadPriority
GetCurrentThread
GetModuleFileNameW
GetModuleHandleW
LoadLibraryExW
FreeLibrary
OutputDebugStringA
LoadLibraryW
GetTickCount
GetTimeZoneInformation
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
GetTempPathW
GetTempFileNameW
FlushFileBuffers
DisableThreadLibraryCalls
VirtualProtect
GetFullPathNameW
lstrlenW
lstrcpynW
GetCurrentThreadId
MultiByteToWideChar
AreFileApisANSI
lstrcpynA
WideCharToMultiByte
HeapAlloc
HeapFree
HeapReAlloc
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCommandLineA
GetVersionExA
GetProcessHeap
VirtualFree
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
RaiseException
HeapSize
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
RtlUnwind
LoadLibraryA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateThread
CreateEventW
GetVersionExW
GetCurrentProcess
GetVersion
DeleteFileW
SetErrorMode
GetFileAttributesA
CreateFileA
GetFileAttributesW
CreateDirectoryW
GetLastError
CreateFileW
LocalFree
GetFileSize
Sleep
WaitForSingleObject
GetCurrentProcessId
GetFullPathNameA
CloseHandle

user32

CheckRadioButton
DialogBoxParamW
EndDialog
SetWindowPos
GetWindowRect
GetDesktopWindow
SetWindowTextW
GetDlgItem
CheckDlgButton
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW
IsDlgButtonChecked
GetParent
FindWindowExW
SetTimer
KillTimer
LoadStringW

advapi32

RegCreateKeyExW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegEnumKeyW
RegDeleteKeyW
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
FreeSid
RegOpenKeyA
RegQueryValueExA
EqualSid
RegDeleteKeyA
RegOpenKeyExW

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder
ShellExecuteExW
ord680
SHGetPathFromIDListA

Exports

Exports

NSGetModule

Sections

.text
Size: 334KB - Virtual size: 333KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eplgTbEmon.dll
.dll windows:4 windows x86 arch:x86

9a3999dbe1f861e912a898e9877dcad0

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:c2:7f:68:dc:84:9a:a5:09:b0:7b:28:af:19:f9:42:48:bc:f0:ab
Signer

Actual PE Digest

43:c2:7f:68:dc:84:9a:a5:09:b0:7b:28:af:19:f9:42:48:bc:f0:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

eplgTbEmon.pdb

Imports

kernel32

CloseHandle
DeleteFileW
CopyFileW
GetTempPathW
GetTempFileNameW
FlushFileBuffers
SetFileAttributesW
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WaitForSingleObject
CreateFileA
GetCurrentProcess
GetFileSize
ResetEvent
CreateEventW
GetCurrentThreadId
GetCurrentProcessId
InterlockedIncrement
WaitForMultipleObjects
GetModuleHandleA
GetModuleFileNameW
LoadLibraryExW
DisableThreadLibraryCalls
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
SetFilePointer
SetEndOfFile
WriteFile
ReadFile
CreateFileW
CreateDirectoryW
Sleep
lstrcpynW
lstrlenW
SetLastError
GetFullPathNameW
GetFileAttributesW
lstrcpynA
lstrlenA
GetLastError
AreFileApisANSI
GetFullPathNameA
GetFileAttributesA
GetProcAddress
LoadLibraryW
FreeLibrary
GetTickCount
MultiByteToWideChar
GetVersionExW
WideCharToMultiByte
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
LoadLibraryA
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
GetVersionExA
GetProcessHeap
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapDestroy
HeapCreate
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
LCMapStringA
LCMapStringW
HeapSize
RaiseException
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
RtlUnwind

user32

MessageBoxW
LoadStringW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW

advapi32

FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegEnumKeyW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteKeyA
EqualSid

shell32

ord680
ShellExecuteExW
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetPathFromIDListA
SHGetMalloc

Exports

Exports

GetActionsTable
GetNewActionsTable

Sections

.text
Size: 136KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
http_dll.dll
.dll windows:4 windows x64 arch:x64

1ce38d7f8aacfb4c2a9c6b5128087a4a

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:a8:4f:75:be:a7:b1:aa:30:99:56:a8:1a:76:fd:b7:73:40:7b:c6
Signer

Actual PE Digest

62:a8:4f:75:be:a7:b1:aa:30:99:56:a8:1a:76:fd:b7:73:40:7b:c6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

http_dll.pdb

Imports

ws2_32

send
recv
closesocket
socket
select
__WSAFDIsSet
accept
listen
bind
gethostbyaddr
getservbyport
ntohs
inet_ntoa
htonl
getservbyname
htons
WSAGetLastError
gethostbyname
inet_addr
getsockopt
setsockopt
WSACleanup
WSAStartup

crypt32

CryptDecodeObject

kernel32

GetCurrentThreadId
DeleteCriticalSection
CloseHandle
LoadLibraryW
GetProcAddress
FreeLibrary
WideCharToMultiByte
MultiByteToWideChar
SetLastError
lstrlenW
lstrcpynW
GetFileAttributesA
GetFullPathNameA
AreFileApisANSI
GetLastError
lstrlenA
lstrcpynA
GetFileAttributesW
GetFullPathNameW
GetCurrentProcessId
GetTickCount
Sleep
SetFilePointer
GetFileSize
GetFileInformationByHandle
QueryPerformanceCounter
ReadFile
WriteFile
SetEndOfFile
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
CreateFileW
WaitForSingleObject
CreateThread
GetExitCodeThread
GetCurrentProcess
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess

advapi32

CryptDestroyKey
CryptDestroyHash
CryptSignHashW
CryptHashData
CryptCreateHash
CryptImportKey
CryptAcquireContextW
CryptReleaseContext
RevertToSelf
SetThreadToken
LogonUserW

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder

msvcr80

_decode_pointer
_malloc_crt
_initterm
memcmp
_initterm_e
_encoded_null
_amsg_exit
__CppXcptFilter
__crt_debugger_hook
?terminate@@YAXXZ
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__clean_type_info_names_internal
swprintf_s
memchr
__C_specific_handler
_unlock
__dllonexit
_onexit
_encode_pointer
memcpy
memset
__CxxFrameHandler3
_lock
strtoul
??2@YAPEAX_K@Z
malloc
??3@YAXPEAX@Z
free
_purecall
strchr
wcschr
_stricmp
strstr
sscanf_s
sprintf_s
_time64
_gmtime64_s
_snprintf
realloc
_strnicmp
toupper
strncmp
memcpy_s
memmove
memmove_s
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
srand
rand
_wcsicmp
wcstol
wcsncmp
_wcsnicmp
towupper
abort
strrchr
isspace
_strlwr_s
strcpy_s
strncpy_s
wcscpy_s
wcsncpy_s
strcat_s
_vsnprintf_s
calloc

Exports

Exports

StartHttpServer
StopHttpServer

Sections

.text
Size: 76KB - Virtual size: 75KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
install.rdf
.xml
mfc80.dll
.dll windows:4 windows x64 arch:x64

3984e4689b00ba94b372c08f846b91f8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFC80.AMD64.pdb

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
?terminate@@YAXXZ
_mbsnbicmp
_itoa_s
wcsncpy_s
_ultoa_s
_ltoa_s
_ismbcdigit
ceil
_snwprintf_s
_mbsnbcmp
_fullpath
atol
__argv
__argc
sscanf_s
_beginthreadex
_endthreadex
_mbsdec
_strdup
_expand
atoi
strtod
strtoul
strtol
_makepath_s
_splitpath_s
_vsnprintf_s
_mbspbrk
_snscanf_s
labs
abs
_ismbblead
_msize
strcat_s
_snprintf_s
_errno
strncpy_s
_purecall
_localtime64_s
_mktime64
realloc
fclose
fflush
ftell
fseek
fgets
fputs
fwrite
clearerr_s
ferror
feof
fread
__doserrno
_fdopen
_open_osfhandle
_fileno
_get_osfhandle
strcpy_s
abort
memcmp
sprintf_s
_mbsnbcpy_s
_mbscspn
_mbscmp
_vscprintf
wcscpy_s
wcscmp
wcscspn
wcsspn
iswspace
_mbsinc
_mbsupr_s
_wcsrev
memcpy_s
_mbsspn
_mbscoll
wcspbrk
memset
_recalloc
_wcsicoll
wcsstr
wcsrchr
_mbsrchr
_mbschr
vsprintf_s
_wcsupr_s
wcslen
_wcslwr_s
_ismbcspace
vswprintf_s
_mbsstr
_mbsicoll
_resetstkoflw
_mbsrev
strlen
malloc
calloc
free
wcscoll
memmove
_vscwprintf
_mbsicmp
_wcsicmp
memmove_s
_mbslwr_s
wcschr
memcpy
__CxxFrameHandler3
__clean_type_info_names_internal
_CxxThrowException

kernel32

GetSystemTimeAsFileTime
QueryPerformanceCounter
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
SetUnhandledExceptionFilter
GetEnvironmentVariableW
FindResourceA
lstrlenA
LoadResource
FormatMessageA
FindResourceExA
WideCharToMultiByte
SizeofResource
GetStringTypeExW
GetEnvironmentVariableA
CompareStringW
MultiByteToWideChar
lstrlenW
GetStringTypeExA
GetLastError
lstrcmpiA
LockResource
lstrcmpiW
CompareStringA
GetVersion
LocalFree
SetLastError
GetAtomNameA
GlobalGetAtomNameA
lstrcmpA
DuplicateHandle
GetCurrentProcess
CreateFileA
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
CloseHandle
LockFile
UnlockFile
SetEndOfFile
GetFileSize
MoveFileA
DeleteFileA
LoadLibraryA
GetProcAddress
GetFullPathNameA
GetVolumeInformationA
FindFirstFileA
FindClose
GetThreadLocale
GetModuleFileNameA
GetShortPathNameA
GlobalLock
GlobalSize
GlobalAlloc
GlobalUnlock
GlobalReAlloc
GlobalFree
GetFileTime
GetFileAttributesA
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileAttributesA
SetFileTime
GetCPInfo
GetOEMCP
FreeLibrary
GetModuleHandleA
GetModuleFileNameW
LocalAlloc
TlsAlloc
InitializeCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
LocalReAlloc
TlsSetValue
WaitForSingleObject
CreateSemaphoreA
ReleaseSemaphore
CreateMutexA
ReleaseMutex
CreateEventA
WaitForMultipleObjects
lstrcmpW
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomA
GlobalAddAtomA
GetCurrentThreadId
GetCurrentProcessId
MulDiv
GetProfileIntA
VirtualProtect
RaiseException
GlobalFlags
GetDiskFreeSpaceA
GetTempFileNameA
LocalLock
LocalUnlock
GetTempPathA
SearchPathA
SetEvent
SetThreadPriority
ResumeThread
SuspendThread
GetLocaleInfoA
ConvertDefaultLocale
EnumResourceLanguagesA
GetCurrentThread
SetErrorMode
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
FindNextFileA
GetTickCount
CopyFileA
GetUserDefaultLCID
IsDBCSLeadByte
lstrcpyW
lstrcpyA
GetSystemTime
LoadLibraryExA
Sleep
TerminateProcess
UnhandledExceptionFilter
GetACP

gdi32

GetTextAlign
OffsetRgn
SetBrushOrgEx
GetRgnBox
CreateMetaFileA
CopyMetaFileA
LPtoDP
Ellipse
CreateEllipticRgn
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
DPtoLP
SetRectRgn
CombineRgn
GetMapMode
GetPixel
CreateDIBPatternBrushPt
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
EnumMetaFile
PlayMetaFile
PlayMetaFileRecord
GetObjectType
ExtSelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SelectClipRgn
OffsetWindowOrgEx
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
StartDocA
EnumFontFamiliesExA
CreateDCA
BitBlt
CreateRectRgnIndirect
PatBlt
UnrealizeObject
Rectangle
CreatePen
CreatePatternBrush
CreateBitmap
TextOutA
DeleteMetaFile
CloseMetaFile
RectVisible
PtVisible
IntersectClipRect
SetWindowOrgEx
GetWindowOrgEx
GetViewportOrgEx
GetDeviceCaps
Escape
ExtTextOutA
MoveToEx
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetNearestColor
GetViewportExtEx
GetWindowExtEx
CreateFontIndirectA
GetTextFaceA
GetTextColor
GetStretchBltMode
GetPolyFillMode
GetBkMode
GetROP2
RestoreDC
SaveDC
GetStockObject
GetTextMetricsA
GetTextExtentPoint32A
DeleteObject
GetCharWidthA
CreateFontA
DeleteDC
StretchDIBits
SelectObject
GetBkColor
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
SetBkColor
GetObjectA
GetClipBox

user32

GetWindowPlacement
GetWindowRect
SystemParametersInfoA
OffsetRect
IntersectRect
RegisterWindowMessageA
GetWindowLongA
SetWindowLongA
SetWindowPos
IsWindow
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetMessageTime
GetMessagePos
DefWindowProcA
GetPropA
CallWindowProcA
SetWindowLongPtrA
RemovePropA
CallNextHookEx
GetClassLongA
GetClassInfoExA
GetClassLongPtrA
GetClassNameA
GetWindowLongPtrA
SetPropA
SetWindowsHookExA
CreateWindowExA
DestroyWindow
GetKeyState
GetDlgCtrlID
SendMessageA
GetWindowTextLengthA
GetWindowTextA
GetDlgItem
SetWindowPlacement
TrackPopupMenu
TrackPopupMenuEx
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetMenu
GetClassInfoA
RegisterClassA
WinHelpA
GetCapture
GetParent
GetWindow
IsChild
MessageBoxA
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
IsWindowVisible
ScrollWindow
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScreenToClient
EqualRect
DeferWindowPos
AdjustWindowRectEx
GetFocus
SetActiveWindow
SetFocus
PtInRect
PeekMessageA
DispatchMessageA
GetSysColor
GetClientRect
MapWindowPoints
SendDlgItemMessageA
UpdateWindow
PostMessageA
LoadIconA
EnableWindow
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
ReleaseCapture
SetCursor
GetDesktopWindow
IsWindowEnabled
ShowWindow
GetWindowThreadProcessId
GetActiveWindow
LoadMenuA
DestroyMenu
SetMenu
UnpackDDElParam
ReuseDDElParam
InvalidateRect
IsIconic
InsertMenuItemA
BringWindowToTop
LoadCursorA
GetCursorPos
WaitMessage
WindowFromPoint
SetCapture
ClientToScreen
GetMessageA
TranslateMessage
DefFrameProcA
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcA
RedrawWindow
InflateRect
KillTimer
SetTimer
SetRect
GetDC
ReleaseDC
IsZoomed
SetParent
IsRectEmpty
GetSystemMenu
DeleteMenu
AppendMenuA
GetDCEx
LockWindowUpdate
GetTabbedTextExtentA
DrawTextA
DrawTextExA
GrayStringA
UnionRect
MapVirtualKeyA
GetKeyNameTextA
LoadBitmapA
DrawFocusRect
FillRect
CreateDialogIndirectParamA
EndDialog
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
GetDialogBaseUnits
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutA
GetMenuStringA
GetMenuItemInfoA
GetSysColorBrush
SetWindowTextA
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextA
SetDlgItemInt
SetDlgItemTextA
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageA
MoveWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
ModifyMenuA
GetMenuCheckMarkDimensions
DestroyIcon
SetCursorPos
DestroyCursor
FindWindowA
SetWindowRgn
DrawIcon
IsClipboardFormatAvailable
MessageBeep
RemoveMenu
ValidateRect
PostQuitMessage
UnregisterClassA
ShowOwnedPopups
InsertMenuA
RegisterClipboardFormatA
SendNotifyMessageA
CopyAcceleratorTableA
InSendMessage
PostThreadMessageA
CreateMenu
WindowFromDC
CountClipboardFormats
SetWindowContextHelpId
CharNextA
InvalidateRgn
GetNextDlgGroupItem
ClipCursor
DrawEdge
EnumChildWindows
MsgWaitForMultipleObjects
UnhookWindowsHookEx
GetSystemMetrics
CharToOemBuffA
CharUpperA
CharLowerW
CreatePopupMenu
CharUpperW
OemToCharBuffA
CharLowerA

shlwapi

UrlUnescapeA
PathFindFileNameA
PathRemoveExtensionA
PathFindExtensionA
PathStripToRootA
PathIsUNCA

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
mfc80u.dll
.dll windows:4 windows x64 arch:x64

393dbb53ccecfe155d1188ff9d9e826a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

MFC80U.AMD64.pdb

Imports

msvcr80

?_type_info_dtor_internal_method@type_info@@QEAAXXZ
__crt_debugger_hook
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
?terminate@@YAXXZ
_wcsnicmp
strcpy_s
_itow_s
_ultow_s
_ltow_s
iswdigit
ceil
wcsncmp
_wfullpath
_wtol
__wargv
__argc
swscanf_s
_beginthreadex
_endthreadex
_wcsdup
_expand
_wtoi
_recalloc
wcstod
wcstoul
wcstol
_resetstkoflw
_wmakepath_s
_mbspbrk
_wsplitpath_s
_vsnwprintf_s
_snwscanf_s
labs
abs
calloc
_msize
wcscat_s
_snwprintf_s
_errno
_purecall
_localtime64_s
_mktime64
realloc
fclose
fflush
ftell
fseek
fgetws
fputws
fwrite
clearerr_s
ferror
feof
fread
__doserrno
_fdopen
_open_osfhandle
_fileno
_get_osfhandle
wcscpy_s
abort
memcmp
swprintf_s
wcsncpy_s
_mbscspn
_mbscmp
_vscprintf
wcscmp
wcscspn
wcsspn
iswspace
_mbsinc
_mbsupr_s
_wcsrev
memcpy_s
_mbsspn
_mbscoll
wcspbrk
memset
_wcsicoll
wcsstr
wcsrchr
_mbsrchr
_mbschr
vsprintf_s
_wcsupr_s
wcslen
_wcslwr_s
_ismbcspace
vswprintf_s
_mbsstr
_mbsicoll
_mbsrev
strlen
malloc
free
wcscoll
memmove
_vscwprintf
_mbsicmp
_wcsicmp
memmove_s
_mbslwr_s
wcschr
__CxxFrameHandler3
memcpy
__clean_type_info_names_internal
_CxxThrowException

kernel32

GetLocaleInfoA
GetEnvironmentVariableW
FindResourceExW
FindResourceW
LoadResource
FormatMessageA
WideCharToMultiByte
SizeofResource
FormatMessageW
GetEnvironmentVariableA
MultiByteToWideChar
GetLastError
LockResource
LocalFree
SetLastError
GetAtomNameW
GlobalGetAtomNameW
lstrlenW
lstrcmpA
lstrlenA
DuplicateHandle
GetCurrentProcess
CreateFileW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
CloseHandle
LockFile
UnlockFile
SetEndOfFile
GetFileSize
MoveFileW
DeleteFileW
LoadLibraryW
GetProcAddress
GetFullPathNameW
GetVolumeInformationW
FindFirstFileW
FindClose
lstrcmpiW
GetThreadLocale
GetStringTypeExW
GetModuleFileNameW
GetShortPathNameW
GlobalLock
GlobalSize
GlobalAlloc
GlobalUnlock
GlobalReAlloc
GlobalFree
GetFileTime
GetFileAttributesW
FileTimeToSystemTime
FileTimeToLocalFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
SetFileAttributesW
SetFileTime
FreeLibrary
GetModuleHandleW
LocalAlloc
TlsAlloc
InitializeCriticalSection
TlsFree
GlobalHandle
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
TlsGetValue
LocalReAlloc
TlsSetValue
WaitForSingleObject
CreateSemaphoreW
ReleaseSemaphore
CreateMutexW
ReleaseMutex
CreateEventW
WaitForMultipleObjects
lstrcmpW
GetVersionExA
GlobalDeleteAtom
GlobalFindAtomW
CompareStringW
GlobalAddAtomW
GetCurrentThreadId
GetVersion
GetCurrentProcessId
GetVersionExW
MulDiv
GetProfileIntW
LoadLibraryA
VirtualProtect
GetModuleHandleA
RaiseException
GlobalFlags
GetDiskFreeSpaceW
GetTempFileNameW
LocalLock
LocalUnlock
GetTempPathW
SearchPathW
SetEvent
SetThreadPriority
ResumeThread
SuspendThread
GetLocaleInfoW
ConvertDefaultLocale
EnumResourceLanguagesW
GetCurrentThread
CompareStringA
SetErrorMode
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetCurrentDirectoryW
FindNextFileW
GetTickCount
CopyFileW
GetUserDefaultLCID
IsDBCSLeadByte
lstrcpyW
lstrcpyA
GetSystemTime
LoadLibraryExW
Sleep
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetACP

gdi32

Escape
OffsetRgn
SetBrushOrgEx
GetRgnBox
CreateMetaFileW
CopyMetaFileW
LPtoDP
Ellipse
CreateEllipticRgn
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
DPtoLP
SetRectRgn
CombineRgn
GetMapMode
GetPixel
CreateDIBPatternBrushPt
CreateHatchBrush
CreateSolidBrush
ExtCreatePen
EnumMetaFile
PlayMetaFile
PlayMetaFileRecord
GetObjectType
ExtSelectClipRgn
GetClipRgn
CreateRectRgn
SelectClipPath
PolyBezierTo
SetColorAdjustment
PolylineTo
PolyDraw
SetArcDirection
ArcTo
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
SetTextAlign
LineTo
OffsetClipRgn
ExcludeClipRect
SelectClipRgn
OffsetWindowOrgEx
ModifyWorldTransform
SetWorldTransform
SetGraphicsMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
StartDocW
EnumFontFamiliesExW
CreateDCW
BitBlt
CreateRectRgnIndirect
PatBlt
UnrealizeObject
Rectangle
CreatePen
CreatePatternBrush
CreateBitmap
TextOutW
DeleteMetaFile
CloseMetaFile
RectVisible
PtVisible
IntersectClipRect
SetWindowOrgEx
GetWindowOrgEx
GetViewportOrgEx
GetDeviceCaps
ExtTextOutW
MoveToEx
GetCurrentPositionEx
GetTextAlign
GetTextExtentPoint32A
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
GetNearestColor
GetViewportExtEx
GetWindowExtEx
CreateFontIndirectW
GetTextFaceW
GetTextColor
GetStretchBltMode
GetPolyFillMode
GetBkMode
GetROP2
RestoreDC
SaveDC
GetStockObject
GetTextMetricsW
GetTextExtentPoint32W
DeleteObject
GetCharWidthW
CreateFontW
DeleteDC
StretchDIBits
SelectObject
GetBkColor
CreateCompatibleBitmap
CreateCompatibleDC
SetTextColor
SetBkColor
GetObjectW
GetClipBox

user32

IntersectRect
RegisterWindowMessageW
GetWindowLongW
SetWindowLongW
SetWindowPos
IsWindow
GetLastActivePopup
GetForegroundWindow
SetForegroundWindow
GetMessageTime
GetMessagePos
DefWindowProcW
GetPropW
CallWindowProcW
SetWindowLongPtrW
RemovePropW
CallNextHookEx
GetClassInfoExW
GetClassLongPtrW
GetClassNameW
GetWindowLongPtrW
SetPropW
SetWindowsHookExW
CreateWindowExW
DestroyWindow
GetKeyState
GetDlgCtrlID
SendMessageW
GetWindowTextLengthW
GetWindowTextW
GetDlgItem
SetWindowPlacement
TrackPopupMenu
TrackPopupMenuEx
GetMenuItemCount
GetSubMenu
GetMenuItemID
GetMenu
GetClassInfoW
RegisterClassW
WinHelpW
GetCapture
GetParent
GetWindow
IsChild
MessageBoxW
GetTopWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetScrollInfo
GetScrollInfo
IsWindowVisible
ScrollWindow
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScreenToClient
EqualRect
DeferWindowPos
AdjustWindowRectEx
GetFocus
SetActiveWindow
SetFocus
PtInRect
PeekMessageW
DispatchMessageW
GetSysColor
GetClientRect
MapWindowPoints
SendDlgItemMessageW
SendDlgItemMessageA
UpdateWindow
PostMessageW
LoadIconW
EnableWindow
SetRectEmpty
LoadAcceleratorsW
TranslateAcceleratorW
ReleaseCapture
SetCursor
GetDesktopWindow
IsWindowEnabled
ShowWindow
GetWindowThreadProcessId
GetActiveWindow
LoadMenuW
DestroyMenu
SetMenu
UnpackDDElParam
ReuseDDElParam
InvalidateRect
CreatePopupMenu
InsertMenuItemW
BringWindowToTop
OffsetRect
GetCursorPos
WaitMessage
WindowFromPoint
SetCapture
ClientToScreen
GetMessageW
TranslateMessage
DefFrameProcW
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
RedrawWindow
InflateRect
KillTimer
SetTimer
SetRect
GetDC
ReleaseDC
IsZoomed
SetParent
IsRectEmpty
GetSystemMenu
DeleteMenu
AppendMenuW
GetDCEx
LockWindowUpdate
GetTabbedTextExtentA
DrawTextW
DrawTextExW
GrayStringW
UnionRect
MapVirtualKeyW
GetKeyNameTextW
LoadBitmapW
DrawFocusRect
FillRect
CreateDialogIndirectParamW
EndDialog
GetNextDlgTabItem
GetAsyncKeyState
MapDialogRect
GetDialogBaseUnits
GetWindowDC
BeginPaint
EndPaint
TabbedTextOutW
GetMenuStringW
SystemParametersInfoW
GetMenuItemInfoW
GetSysColorBrush
SetWindowTextW
CheckDlgButton
CheckRadioButton
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
IsDlgButtonChecked
ScrollWindowEx
IsDialogMessageW
MoveWindow
EnableMenuItem
CheckMenuItem
SetMenuItemBitmaps
GetMenuState
ModifyMenuW
GetMenuCheckMarkDimensions
DestroyIcon
SetCursorPos
DestroyCursor
FindWindowW
SetWindowRgn
DrawIcon
GetTabbedTextExtentW
IsClipboardFormatAvailable
MessageBeep
RemoveMenu
ValidateRect
PostQuitMessage
UnregisterClassW
ShowOwnedPopups
InsertMenuW
RegisterClipboardFormatW
SendNotifyMessageW
CopyAcceleratorTableW
InSendMessage
PostThreadMessageW
CreateMenu
WindowFromDC
CountClipboardFormats
SetWindowContextHelpId
CharNextW
InvalidateRgn
GetNextDlgGroupItem
ClipCursor
DrawEdge
EnumChildWindows
SystemParametersInfoA
GetWindowRect
GetWindowPlacement
IsIconic
MsgWaitForMultipleObjects
UnhookWindowsHookEx
LoadCursorW
CharUpperW
CharToOemBuffA
UnregisterClassA
OemToCharBuffA
GetSystemMetrics

shlwapi

UrlUnescapeW
PathFindFileNameW
PathRemoveExtensionW
PathFindExtensionW
PathStripToRootW
PathIsUNCW

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcp80.dll
.dll windows:4 windows x86 arch:x86

6488997e312be12f8300ea7b1c34d497

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f3:a8:5f:22:7e:72:2b:5b:ca:3e:f0:ec:95:7a:c0:45:66:72:e6:ca
Signer

Actual PE Digest

f3:a8:5f:22:7e:72:2b:5b:ca:3e:f0:ec:95:7a:c0:45:66:72:e6:ca

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcp80.i386.pdb

Imports

msvcr80

setvbuf
fwrite
??0exception@std@@QAE@XZ
_Getdays
_Getmonths
fgetpos
fseek
fsetpos
fclose
??0bad_cast@std@@QAE@PBD@Z
??1bad_cast@std@@UAE@XZ
??0bad_cast@std@@QAE@ABV01@@Z
__iob_func
_invoke_watson
_fsopen
wcstombs_s
_wfsopen
_get_osplatform
mbstowcs_s
atan2
cos
exp
ldexp
log
pow
sin
sqrt
tan
fgetwc
fputwc
ungetwc
_Strftime
strcspn
_strtoi64
_strtoui64
sprintf_s
abort
??0exception@std@@QAE@ABQBDH@Z
_realloc_crt
setlocale
_malloc_crt
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
fputs
fflush
towlower
towupper
strcmp
_create_locale
_ui64toa_s
_free_locale
__pctype_func
_errno
___mb_cur_max_l_func
___lc_codepage_func
___lc_handle_func
__crtCompareStringA
___lc_collate_cp_func
__crtLCMapStringA
memcpy
isupper
_calloc_crt
islower
__crtGetStringTypeW
__crtLCMapStringW
__crtCompareStringW
isspace
tolower
strtod
isdigit
isalnum
?terminate@@YAXXZ
_unlock
__dllonexit
_encode_pointer
_lock
_onexit
_decode_pointer
_encoded_null
_initterm
_initterm_e
_amsg_exit
_adjust_fdiv
__CppXcptFilter
?_type_info_dtor_internal_method@type_info@@QAEXXZ
_except_handler4_common
_crt_debugger_hook
__clean_type_info_names_internal
ungetc
fputc
fgetc
__CxxFrameHandler3
??0exception@std@@QAE@ABV01@@Z
_CxxThrowException
??2@YAPAXI@Z
_invalid_parameter_noinfo
??_V@YAXPAX@Z
_Gettnames
localeconv
free
memset
memchr
strlen
memcmp
wcslen
memmove_s
memcpy_s
??3@YAXPAX@Z
??1exception@std@@UAE@XZ
?what@exception@std@@UBEPBDXZ
__uncaught_exception
??0exception@std@@QAE@ABQBD@Z

kernel32

GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
Sleep
InterlockedDecrement
InterlockedIncrement
GetLocaleInfoA
WideCharToMultiByte
MultiByteToWideChar
InterlockedExchange
InterlockedCompareExchange
GetSystemTimeAsFileTime

Exports

Exports

??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAD@Z
??$?5DU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAD@Z
??$?5DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAG@Z
??$?5GU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@PAG@Z
??$?5GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?5MDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5MGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@M@0@@Z
??$?5NDU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5NGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@N@0@@Z
??$?5ODU?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5OGU?$char_traits@G@std@@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$complex@O@0@@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAC@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAE@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAC@Z
??$?5U?$char_traits@D@std@@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@PAE@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AA_W@Z
??$?5_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@PA_W@Z
??$?5_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?6DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@G@Z
??$?6GU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@PBG@Z
??$?6GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?6MDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6MGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6M_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@M@0@@Z
??$?6NDU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6NGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6N_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@N@0@@Z
??$?6ODU?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6OGU?$char_traits@G@std@@@std@@YAAAV?$basic_ostream@GU?$char_traits@G@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6O_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$complex@O@0@@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@C@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@D@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@E@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBC@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBD@Z
??$?6U?$char_traits@D@std@@@std@@YAAAV?$basic_ostream@DU?$char_traits@D@std@@@0@AAV10@PBE@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@PB_W@Z
??$?6_WU?$char_traits@_W@std@@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@_W@Z
??$?6_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YAAAV?$basic_ostream@_WU?$char_traits@_W@std@@@0@AAV10@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?8DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?8GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?8M@std@@YA_NABMABV?$complex@M@0@@Z
??$?8M@std@@YA_NABV?$complex@M@0@0@Z
??$?8M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?8N@std@@YA_NABNABV?$complex@N@0@@Z
??$?8N@std@@YA_NABV?$complex@N@0@0@Z
??$?8N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?8O@std@@YA_NABOABV?$complex@O@0@@Z
??$?8O@std@@YA_NABV?$complex@O@0@0@Z
??$?8O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?8_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?9DU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?9GU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?9M@std@@YA_NABMABV?$complex@M@0@@Z
??$?9M@std@@YA_NABV?$complex@M@0@0@Z
??$?9M@std@@YA_NABV?$complex@M@0@ABM@Z
??$?9N@std@@YA_NABNABV?$complex@N@0@@Z
??$?9N@std@@YA_NABV?$complex@N@0@0@Z
??$?9N@std@@YA_NABV?$complex@N@0@ABN@Z
??$?9O@std@@YA_NABOABV?$complex@O@0@@Z
??$?9O@std@@YA_NABV?$complex@O@0@0@Z
??$?9O@std@@YA_NABV?$complex@O@0@ABO@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?9_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?DM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?DN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?DN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?DO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?DO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?GM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?GM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?GN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?GN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?GO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?GO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@0@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@D@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@ABV10@PBD@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@DABV10@@Z
??$?HDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBDABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@0@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@G@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@ABV10@PBG@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@GABV10@@Z
??$?HGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA?AV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBGABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@@Z
??$?HM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?HN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@@Z
??$?HN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?HO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@@Z
??$?HO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@0@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@PB_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@ABV10@_W@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_WABV10@@Z
??$?H_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_WABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$?KM@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$?KN@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$?KN@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$?KO@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$?KO@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?MDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?MGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?M_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?NDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?NGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?N_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?ODU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?OGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?O_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@0@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@PBD@Z
??$?PDU?$char_traits@D@std@@V?$allocator@D@1@@std@@YA_NPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@0@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@PBG@Z
??$?PGU?$char_traits@G@std@@V?$allocator@G@1@@std@@YA_NPBGABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@0@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@PB_W@Z
??$?P_WU?$char_traits@_W@std@@V?$allocator@_W@1@@std@@YA_NPB_WABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$_Fabs@M@std@@YAMABV?$complex@M@0@PAH@Z
??$_Fabs@N@std@@YANABV?$complex@N@0@PAH@Z
??$_Fabs@O@std@@YAOABV?$complex@O@0@PAH@Z
??$abs@M@std@@YAMABV?$complex@M@0@@Z
??$abs@N@std@@YANABV?$complex@N@0@@Z
??$abs@O@std@@YAOABV?$complex@O@0@@Z
??$arg@M@std@@YAMABV?$complex@M@0@@Z
??$arg@N@std@@YANABV?$complex@N@0@@Z
??$arg@O@std@@YAOABV?$complex@O@0@@Z
??$conj@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$conj@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$conj@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cos@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cos@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cos@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$cosh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$cosh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$cosh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$exp@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$exp@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$exp@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@@Z
??$getline@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@YAAAV?$basic_istream@DU?$char_traits@D@std@@@0@AAV10@AAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@0@D@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@@Z
??$getline@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@YAAAV?$basic_istream@GU?$char_traits@G@std@@@0@AAV10@AAV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@0@G@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@@Z
??$getline@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@YAAAV?$basic_istream@_WU?$char_traits@_W@std@@@0@AAV10@AAV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@0@_W@Z
??$imag@M@std@@YAMABV?$complex@M@0@@Z
??$imag@N@std@@YANABV?$complex@N@0@@Z
??$imag@O@std@@YAOABV?$complex@O@0@@Z
??$log10@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log10@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log10@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$log@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$log@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$log@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$norm@M@std@@YAMABV?$complex@M@0@@Z
??$norm@N@std@@YANABV?$complex@N@0@@Z
??$norm@O@std@@YAOABV?$complex@O@0@@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM0@Z
??$polar@M@std@@YA?AV?$complex@M@0@ABM@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN0@Z
??$polar@N@std@@YA?AV?$complex@N@0@ABN@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO0@Z
??$polar@O@std@@YA?AV?$complex@O@0@ABO@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABMABV10@@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@0@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@ABM@Z
??$pow@M@std@@YA?AV?$complex@M@0@ABV10@H@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABNABV10@@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@0@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@ABN@Z
??$pow@N@std@@YA?AV?$complex@N@0@ABV10@H@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABOABV10@@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@0@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@ABO@Z
??$pow@O@std@@YA?AV?$complex@O@0@ABV10@H@Z
??$real@M@std@@YAMABV?$complex@M@0@@Z
??$real@N@std@@YANABV?$complex@N@0@@Z
??$real@O@std@@YAOABV?$complex@O@0@@Z
??$sin@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sin@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sin@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sinh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sinh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sinh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$sqrt@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$sqrt@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$sqrt@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tan@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tan@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tan@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??$tanh@M@std@@YA?AV?$complex@M@0@ABV10@@Z
??$tanh@N@std@@YA?AV?$complex@N@0@ABV10@@Z
??$tanh@O@std@@YA?AV?$complex@O@0@ABV10@@Z
??0?$_Complex_base@MU_C_float_complex@@@std@@QAE@ABM0@Z
??0?$_Complex_base@NU_C_double_complex@@@std@@QAE@ABN0@Z
??0?$_Complex_base@OU_C_ldouble_complex@@@std@@QAE@ABO0@Z
??0?$_Mpunct@D@std@@IAE@PBDI_N@Z
??0?$_Mpunct@D@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@D@std@@QAE@I_N@Z
??0?$_Mpunct@G@std@@IAE@PBDI_N@Z
??0?$_Mpunct@G@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@G@std@@QAE@I_N@Z
??0?$_Mpunct@_W@std@@IAE@PBDI_N@Z
??0?$_Mpunct@_W@std@@QAE@ABV_Locinfo@1@I_N@Z
??0?$_Mpunct@_W@std@@QAE@I_N@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@IAE@V?$allocator@D@1@@Z
??0?$_String_val@DV?$allocator@D@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@IAE@V?$allocator@G@1@@Z
??0?$_String_val@GV?$allocator@G@std@@@std@@QAE@ABV01@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@IAE@V?$allocator@_W@1@@Z
??0?$_String_val@_WV?$allocator@_W@std@@@std@@QAE@ABV01@@Z
??0?$allocator@D@std@@QAE@ABV01@@Z
??0?$allocator@D@std@@QAE@XZ
??0?$allocator@G@std@@QAE@ABV01@@Z
??0?$allocator@G@std@@QAE@XZ
??0?$allocator@X@std@@QAE@ABV01@@Z
??0?$allocator@X@std@@QAE@XZ
??0?$allocator@_W@std@@QAE@ABV01@@Z
??0?$allocator@_W@std@@QAE@XZ
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_filebuf@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_fstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ifstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_ios@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_ios@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_ios@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N1@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N1@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_istream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N1@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_istringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_istringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_istringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@DU?$char_traits@D@std@@@std@@QAE@XZ
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@GU?$char_traits@G@std@@@std@@QAE@XZ
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PAU_iobuf@@@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PBDHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PBGHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@PB_WHH@Z
??0?$basic_ofstream@_WU?$char_traits@_W@std@@@std@@QAE@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@PAV?$basic_streambuf@GU?$char_traits@G@std@@@1@_N@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@GU?$char_traits@G@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@@Z
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@W4_Uninitialized@1@_N@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_ostringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_ostringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_ostringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@GU?$char_traits@G@std@@@std@@IAE@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@W4_Uninitialized@1@@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV01@IIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ID@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@IDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBD@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDI@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@PBDIABV?$allocator@D@1@@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@V?$_String_const_iterator@DU?$char_traits@D@std@@V?$allocator@D@2@@1@0@Z
??0?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV01@IIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@IGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBG@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGI@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@PBGIABV?$allocator@G@1@@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@V?$_String_const_iterator@GU?$char_traits@G@std@@V?$allocator@G@2@@1@0@Z
??0?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@XZ
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@II@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV01@IIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@I_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_W@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WI@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@PB_WIABV?$allocator@_W@1@@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@V?$_String_const_iterator@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@0@Z
??0?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@XZ
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringbuf@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringbuf@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringbuf@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@1@H@Z
??0?$basic_stringstream@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@ABV?$basic_string@GU?$char_traits@G@std@@V?$allocator@G@2@@1@H@Z
??0?$basic_stringstream@GU?$char_traits@G@std@@V?$allocator@G@2@@std@@QAE@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@ABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@1@H@Z
??0?$basic_stringstream@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@QAE@H@Z
??0?$codecvt@DDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@DDH@std@@QAE@I@Z
??0?$codecvt@GDH@std@@IAE@PBDI@Z
??0?$codecvt@GDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@GDH@std@@QAE@I@Z
??0?$codecvt@_WDH@std@@QAE@ABV_Locinfo@1@I@Z
??0?$codecvt@_WDH@std@@QAE@I@Z
??0?$collate@D@std@@IAE@PBDI@Z
??0?$collate@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@D@std@@QAE@I@Z
??0?$collate@G@std@@IAE@PBDI@Z
??0?$collate@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@G@std@@QAE@I@Z
??0?$collate@_W@std@@IAE@PBDI@Z
??0?$collate@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$collate@_W@std@@QAE@I@Z
??0?$complex@M@std@@QAE@ABM0@Z
??0?$complex@M@std@@QAE@ABU_C_float_complex@@@Z
??0?$complex@M@std@@QAE@ABV?$complex@N@1@@Z
??0?$complex@M@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@N@std@@QAE@ABN0@Z
??0?$complex@N@std@@QAE@ABU_C_double_complex@@@Z
??0?$complex@N@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@N@std@@QAE@ABV?$complex@O@1@@Z
??0?$complex@O@std@@QAE@ABO0@Z
??0?$complex@O@std@@QAE@ABU_C_ldouble_complex@@@Z
??0?$complex@O@std@@QAE@ABV?$complex@M@1@@Z
??0?$complex@O@std@@QAE@ABV?$complex@N@1@@Z
??0?$ctype@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@D@std@@QAE@PBF_NI@Z
??0?$ctype@G@std@@IAE@PBDI@Z
??0?$ctype@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@G@std@@QAE@I@Z
??0?$ctype@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$ctype@_W@std@@QAE@I@Z
??0?$messages@D@std@@IAE@PBDI@Z
??0?$messages@D@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@D@std@@QAE@I@Z
??0?$messages@G@std@@IAE@PBDI@Z
??0?$messages@G@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@G@std@@QAE@I@Z
??0?$messages@_W@std@@IAE@PBDI@Z
??0?$messages@_W@std@@QAE@ABV_Locinfo@1@I@Z
??0?$messages@_W@std@@QAE@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@GV?$ostreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$money_put@_WV?$ostreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@I@Z
??0?$moneypunct@D$00@std@@IAE@PBDI@Z
??0?$moneypunct@D$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$00@std@@QAE@I@Z
??0?$moneypunct@D$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@D$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@D$0A@@std@@QAE@I@Z
??0?$moneypunct@G$00@std@@IAE@PBDI@Z
??0?$moneypunct@G$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$00@std@@QAE@I@Z
??0?$moneypunct@G$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@G$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@G$0A@@std@@QAE@I@Z
??0?$moneypunct@_W$00@std@@IAE@PBDI@Z
??0?$moneypunct@_W$00@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@_W$00@std@@QAE@I@Z
??0?$moneypunct@_W$0A@@std@@IAE@PBDI@Z
??0?$moneypunct@_W$0A@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$moneypunct@_W$0A@@std@@QAE@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QAE@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z
??0?$num_get@GV?$istreambuf_iterator@GU?$char_traits@G@std@@@std@@@std@@QAE@I@Z
??0?$num_get@_WV?$istreambuf_iterator@_WU?$char_traits@_W@std@@@std@@@std@@QAE@ABV_Locinfo@1@I@Z

Sections

.text
Size: 208KB - Virtual size: 207KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 292KB - Virtual size: 290KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcr80.dll
.dll windows:4 windows x64 arch:x64

6c31ff1756690f37d3e2c95f96fa9b5a

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cc:57:24:74:61:c9:3a:e4:93:6c:6b:58:d1:a3:b5:e9:1f:32:cc:73
Signer

Actual PE Digest

cc:57:24:74:61:c9:3a:e4:93:6c:6b:58:d1:a3:b5:e9:1f:32:cc:73

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

msvcr80.AMD64.pdb

Imports

msvcrt

_getdrives

kernel32

GetStringTypeW
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetSystemDirectoryW
GetLongPathNameW
GetCurrentThreadId
FlsSetValue
FlsGetValue
DebugBreak
OutputDebugStringA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsFree
FlsFree
SetLastError
TlsSetValue
GetCurrentThread
FlsAlloc
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
Sleep
HeapSetInformation
HeapCreate
HeapDestroy
HeapReAlloc
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RtlUnwindEx
SetConsoleCtrlHandler
FreeLibrary
LoadLibraryA
InitializeCriticalSection
MultiByteToWideChar
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
GetStringTypeA
SetLocalTime
LoadLibraryW
GetLocaleInfoA
GetLocaleInfoW
SetEnvironmentVariableA
SetEnvironmentVariableW
RtlVirtualUnwind
RtlLookupFunctionEntry
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
GetDateFormatA
GetTimeFormatA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
Beep
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
RaiseException
RtlPcToFileHeader
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
IsDBCSLeadByteEx
ReadConsoleA
ReadConsoleW
SetConsoleMode
SetEndOfFile
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
LockFile
UnlockFile
CreatePipe
ReadFile
CreateFileW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@std@@QEAA@AEBV01@@Z
??0__non_rtti_object@std@@QEAA@PEBD@Z
??0bad_cast@std@@AEAA@PEBQEBD@Z
??0bad_cast@std@@QEAA@AEBV01@@Z
??0bad_cast@std@@QEAA@PEBD@Z
??0bad_typeid@std@@QEAA@AEBV01@@Z
??0bad_typeid@std@@QEAA@PEBD@Z
??0exception@std@@QEAA@AEBQEBD@Z
??0exception@std@@QEAA@AEBQEBDH@Z
??0exception@std@@QEAA@AEBV01@@Z
??0exception@std@@QEAA@XZ
??1__non_rtti_object@std@@UEAA@XZ
??1bad_cast@std@@UEAA@XZ
??1bad_typeid@std@@UEAA@XZ
??1exception@std@@UEAA@XZ
??1type_info@@UEAA@XZ
??2@YAPEAX_K@Z
??2@YAPEAX_KHPEBDH@Z
??3@YAXPEAX@Z
??4__non_rtti_object@std@@QEAAAEAV01@AEBV01@@Z
??4bad_cast@std@@QEAAAEAV01@AEBV01@@Z
??4bad_typeid@std@@QEAAAEAV01@AEBV01@@Z
??4exception@std@@QEAAAEAV01@AEBV01@@Z
??8type_info@@QEBA_NAEBV0@@Z
??9type_info@@QEBA_NAEBV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_Fbad_cast@std@@QEAAXXZ
??_Fbad_typeid@std@@QEAAXXZ
??_U@YAPEAX_K@Z
??_U@YAPEAX_KHPEBDH@Z
??_V@YAXPEAX@Z
?_Name_base@type_info@@CAPEBDPEBV1@PEAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPEBDPEBV1@PEAU__type_info_node@@@Z
?_Type_info_dtor@type_info@@CAXPEAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPEAV1@@Z
?_ValidateExecute@@YAHP6A_JXZ@Z
?_ValidateRead@@YAHPEBXI@Z
?_ValidateWrite@@YAHPEAXI@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPEBG00I_K@Z
?_is_exception_typeof@@YAHAEBVtype_info@@PEAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
?_open@@YAHPEBDHH@Z
?_query_new_handler@@YAP6AH_K@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AH_K@ZH@Z
?_set_new_handler@@YAP6AH_K@ZP6AH0@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPEAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPEBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QEAAXXZ
?_wopen@@YAHPEB_WHH@Z
?_wsopen@@YAHPEB_WHHH@Z
?before@type_info@@QEBAHAEBV1@@Z
?name@type_info@@QEBAPEBDPEAU__type_info_node@@@Z
?raw_name@type_info@@QEBAPEBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?terminate@@YAXXZ
?unexpected@@YAXXZ
?what@exception@std@@UEBAPEBDXZ
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_FindAndUnlinkFrame
_GetImageBase
_GetThrowImageBase
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_SetImageBase
_SetThrowImageBase
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__C_specific_handler
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__NLG_Dispatch2
__NLG_Return2
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__crt_debugger_hook
__daylight
__dllonexit
__doserrno
__dstbias
__fls_getvalue
__fls_setvalue
__fpecode
__free_locale
__get_app_type
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv
__lconv_init
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osplatform
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abs64
_access
_access_s
_acmdln
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chgsignf
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_copysignf
_cprintf
_cprintf_l
_cprintf_p
_cprintf_p_l
_cprintf_s
_cprintf_s_l
_cputs
_cputws
_creat
_create_locale
_cscanf
_cscanf_l
_cscanf_s
_cscanf_s_l
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_cwprintf
_cwprintf_l
_cwprintf_p
_cwprintf_p_l
_cwprintf_s
_cwprintf_s_l
_cwscanf
_cwscanf_l
_cwscanf_s
_cwscanf_s_l
_daylight
_decode_pointer
_difftime32
_difftime64
_dosmaperr
_dstbias
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_encode_pointer
_encoded_null
_endthread
_endthreadex
_environ
_eof
_errno
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fdopen
_fflush_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filbuf
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_finitef
_flsbuf
_flushall
_fmode
_fpclass
_fpclassf
_fpieee_flt
_fpreset
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_locale
_freea
_freea_s
_freefls
_fscanf_l
_fscanf_s_l
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_fullpath
_futime32
_futime64
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwrite_nolock
_fwscanf_l
_fwscanf_s_l
_gcvt
_gcvt_s
_get_amblksiz
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_invalid_parameter_handler
_get_osfhandle
_get_osplatform
_get_osver
_get_output_format
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_sbh_threshold
_get_terminate
_get_timezone
_get_tzname
_get_unexpected
_get_winmajor
_get_winminor
_get_winver
_get_wpgmptr
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdcwd_nolock
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getptd
_getsystime
_getw
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_gmtime32
_gmtime32_s
_gmtime64
_gmtime64_s
_heapadd
_heapchk
_heapmin
_heapset
_heapused
_heapwalk
_hypot
_hypotf
_i64toa
_i64toa_s
_i64tow
_i64tow_s
_initptd
_initterm
_initterm_e
_invalid_parameter
_invalid_parameter_noinfo
_invoke_watson
_iob
_isalnum_l
_isalpha_l
_isatty
_iscntrl_l
_isctype
_isctype_l
_isdigit_l
_isgraph_l
_isleadbyte_l
_islower_l
_ismbbalnum
_ismbbalnum_l
_ismbbalpha
_ismbbalpha_l
_ismbbgraph
_ismbbgraph_l
_ismbbkalnum
_ismbbkalnum_l
_ismbbkana
_ismbbkana_l
_ismbbkprint
_ismbbkprint_l
_ismbbkpunct

Sections

.text
Size: 620KB - Virtual size: 620KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 30KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
msvcr80.dll_1
.dll windows:4 windows x86 arch:x86

7fecbc4a16a5dc85a5394a1df6217680

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:27:81:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 21:24

Not After

22/01/2010, 21:34

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

33:c3:5f:8b:90:a4:1a:da:8a:31:e2:15:e8:8b:ff:62:ff:95:6b:8d
Signer

Actual PE Digest

33:c3:5f:8b:90:a4:1a:da:8a:31:e2:15:e8:8b:ff:62:ff:95:6b:8d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr80.i386.pdb

Imports

msvcrt

_getdrives

kernel32

GetStringTypeA
GetLocalTime
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleA
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetSystemDirectoryW
GetLongPathNameW
GetCurrentThreadId
TlsGetValue
DebugBreak
OutputDebugStringA
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
Sleep
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapReAlloc
VirtualAlloc
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteConsoleW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSection
MultiByteToWideChar
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
WideCharToMultiByte
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringA
LCMapStringW
SetLocalTime
GetStringTypeW
LoadLibraryW
GetLocaleInfoA
GetLocaleInfoW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
RtlUnwind
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
FlushFileBuffers
SetFilePointer
WriteConsoleA
GetConsoleOutputCP
SetStdHandle
CreateFileA
CompareStringA
CompareStringW
Beep
GetDiskFreeSpaceA
GetLogicalDrives
SetErrorMode
GetFileAttributesA
GetCurrentDirectoryA
SetCurrentDirectoryA
SetFileAttributesA
GetFullPathNameA
GetDriveTypeA
CreateDirectoryA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
DeleteFileW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
MoveFileA
RaiseException
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
CreateProcessW
HeapValidate
HeapCompact
HeapWalk
VirtualProtect
GetSystemInfo
VirtualQuery
IsDBCSLeadByteEx
ReadConsoleA
ReadConsoleW
SetConsoleMode
SetEndOfFile
DuplicateHandle
GetFileInformationByHandle
PeekNamedPipe
ReadConsoleInputA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
LockFile
UnlockFile
CreatePipe
ReadFile
CreateFileW
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1exception@std@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@std@@UBEPBDXZ
@_calloc_crt@8
@_malloc_crt@4
@_realloc_crt@8
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_app_type
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__osplatform
__p__osver
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__winmajor
__p__winminor
__p__winver
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p
_cprintf_p_l
_cprintf_s
_cprintf_s_l
_cputs
_cputws
_creat
_create_locale
_crt_debugger_hook
_cscanf
_cscanf_l
_cscanf_s
_cscanf_s_l
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_cwprintf
_cwprintf_l
_cwprintf_p
_cwprintf_p_l
_cwprintf_s
_cwprintf_s_l
_cwscanf
_cwscanf_l
_cwscanf_s
_cwscanf_s_l
_daylight
_decode_pointer
_difftime32
_difftime64
_dosmaperr
_dstbias
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_encode_pointer
_encoded_null
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_except_handler4_common
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fdopen
_fflush_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filbuf
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_locale
_freea
_freea_s
_freefls
_fscanf_l
_fscanf_s_l
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_ftol
_fullpath
_futime32
_futime64
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwrite_nolock
_fwscanf_l
_fwscanf_s_l
_gcvt
_gcvt_s
_get_amblksiz
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_invalid_parameter_handler
_get_osfhandle
_get_osplatform
_get_osver
_get_output_format
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_sbh_threshold
_get_terminate
_get_timezone
_get_tzname
_get_unexpected
_get_winmajor
_get_winminor
_get_winver
_get_wpgmptr
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdcwd_nolock
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp

Sections

.text
Size: 396KB - Virtual size: 393KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 172KB - Virtual size: 171KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shellExt.dll
.dll windows:4 windows x64 arch:x64

853b3815fba63b823b4b08cc5a9931d6

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

15:b5:bf:7a:a3:37:a1:4a:7b:42:18:b6:b5:08:8f:ff:16:cb:57:5d
Signer

Actual PE Digest

15:b5:bf:7a:a3:37:a1:4a:7b:42:18:b6:b5:08:8f:ff:16:cb:57:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

mpr

WNetGetUserW

advapi32

RegCreateKeyW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegQueryValueExA
RegOpenKeyA
EqualSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountSidW
OpenThreadToken
RegDeleteKeyA
RegOpenKeyW

kernel32

FindClose
FindFirstFileW
GetFileAttributesW
CreateFileA
GetFileAttributesA
GetVersion
LocalFree
GetVersionExW
CreateEventW
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
SetEvent
TerminateThread
CreateThread
InitializeCriticalSection
UnmapViewOfFile
ReleaseMutex
DeleteCriticalSection
MapViewOfFile
OpenFileMappingW
DuplicateHandle
GetCurrentProcess
OpenProcess
WaitForMultipleObjects
OpenMutexW
SetLastError
FindResourceW
LocalAlloc
GetLastError
lstrcmpA
GetProcAddress
GetModuleHandleA
SetThreadPriority
GetCurrentThread
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
LoadLibraryW
GetModuleFileNameW
GetModuleHandleExW
OutputDebugStringA
LoadLibraryExW
FreeLibrary
lstrlenW
FileTimeToSystemTime
WriteFile
SetFilePointer
FlushFileBuffers
FileTimeToLocalFileTime
SetEnvironmentVariableA
TlsFree
TlsSetValue
lstrcpynW
GetFullPathNameW
lstrcpynA
MultiByteToWideChar
AreFileApisANSI
GetFullPathNameA
WideCharToMultiByte
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
HeapSize
RtlPcToFileHeader
RaiseException
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
FlsAlloc
FlsFree
FlsGetValue
RtlCaptureContext
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetModuleFileNameA
GetStdHandle
ExitProcess
Sleep
WaitForSingleObject
CloseHandle
GetCurrentProcessId
CompareStringW
lstrlenA
HeapDestroy
HeapCreate
HeapSetInformation
GetProcessHeap
GetVersionExA
GetCommandLineA
FlsSetValue
HeapReAlloc
RtlLookupFunctionEntry
RtlUnwindEx
HeapFree
HeapAlloc

user32

LoadCursorW
GetWindowTextW
SetWindowTextW
CloseWindow
DestroyWindow
CreateDialogParamW
CreateWindowExW
RegisterClassExW
UnregisterClassW
LoadIconW
GetClientRect
SetWindowPos
ShowWindow
SendMessageW
UpdateWindow
SetDlgItemTextW
GetDlgItem
SetFocus
DefWindowProcW
GetDlgItemTextW
GetWindowThreadProcessId
GetMenuItemCount
GetMenuStringW
GetMenuItemID
GetSubMenu
DeleteMenu
InsertMenuW
SetMenuItemInfoW
CreateMenu
WaitMessage
MessageBoxW
LoadStringW
GetSysColor
LoadBitmapW
GetDC
wsprintfW
GetSystemMetrics
EnableWindow
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
DispatchMessageW

gdi32

DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
GetDIBits
SetDIBits
DeleteDC
CreateDIBSection

shell32

DragQueryFileW
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetMalloc
ord680
ShellExecuteExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
ESS_ShellExtension_install
ESS_ShellExtension_uninstall

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
shellExt.dll_1
.dll windows:4 windows x86 arch:x86

5e36b1fa405a2161ae5b7ceee9ab9900

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a7:59:d7:16:2c:69:c3:56:fc:12:05:fe:50:83:e0:17:1c:ba:c3:3a
Signer

Actual PE Digest

a7:59:d7:16:2c:69:c3:56:fc:12:05:fe:50:83:e0:17:1c:ba:c3:3a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

nodshex.pdb

Imports

mpr

WNetGetUserW

advapi32

RegCreateKeyW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteKeyW
RegEnumKeyExW
FreeSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
RegQueryValueExA
RegOpenKeyA
EqualSid
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountSidW
OpenThreadToken
RegDeleteKeyA
RegOpenKeyW

kernel32

FindClose
FindFirstFileW
GetFileAttributesW
CreateFileA
GetFileAttributesA
GetVersion
LocalFree
GetCurrentProcess
GetVersionExW
CreateEventW
EnterCriticalSection
LeaveCriticalSection
GetCurrentThreadId
SetEvent
TerminateThread
CreateThread
InitializeCriticalSection
UnmapViewOfFile
CreateMutexW
ReleaseMutex
VirtualAlloc
InterlockedIncrement
DeleteCriticalSection
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
DuplicateHandle
OpenProcess
WaitForMultipleObjects
OpenMutexW
SetLastError
FindResourceW
GetLastError
LocalAlloc
lstrlenA
lstrcmpA
GetProcAddress
GetModuleHandleA
SetThreadPriority
GetCurrentThread
GetSystemTimeAsFileTime
GetTickCount
GetTimeZoneInformation
GetModuleHandleW
LoadLibraryW
GetModuleFileNameW
OutputDebugStringA
LoadLibraryExW
FreeLibrary
lstrlenW
FileTimeToSystemTime
WriteFile
SetFilePointer
FlushFileBuffers
SetEnvironmentVariableA
FileTimeToLocalFileTime
VirtualFree
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
lstrcpynW
GetFullPathNameW
lstrcpynA
MultiByteToWideChar
AreFileApisANSI
GetFullPathNameA
WideCharToMultiByte
InterlockedDecrement
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetConsoleMode
GetConsoleCP
LoadLibraryA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
LCMapStringW
LCMapStringA
HeapSize
RaiseException
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
HeapDestroy
GetProcessHeap
GetVersionExA
GetCommandLineA
Sleep
WaitForSingleObject
CloseHandle
GetCurrentProcessId
CompareStringW
HeapReAlloc
RtlUnwind
HeapAlloc
HeapFree

user32

LoadCursorW
GetWindowTextW
SetWindowTextW
DestroyWindow
CloseWindow
CreateDialogParamW
CreateWindowExW
RegisterClassExW
UnregisterClassW
LoadIconW
GetClientRect
SetWindowPos
ShowWindow
SendMessageW
UpdateWindow
SetDlgItemTextW
GetDlgItem
DispatchMessageW
DefWindowProcW
GetDlgItemTextW
GetWindowThreadProcessId
GetMenuItemCount
GetMenuStringW
GetMenuItemID
GetSubMenu
DeleteMenu
InsertMenuW
SetMenuItemInfoW
CreateMenu
WaitMessage
MessageBoxW
LoadStringW
GetSysColor
LoadBitmapW
GetDC
wsprintfW
GetSystemMetrics
EnableWindow
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
SetFocus

gdi32

DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
GetDIBits
SetDIBits
DeleteDC
CreateDIBSection

shell32

DragQueryFileW
SHGetPathFromIDListA
SHGetDesktopFolder
SHGetPathFromIDListW
SHGetMalloc
ord680
ShellExecuteExW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
ESS_ShellExtension_install
ESS_ShellExtension_uninstall

Sections

.text
Size: 100KB - Virtual size: 96KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updater.dll
.dll windows:4 windows x86 arch:x86

cd28fb39450a18a97fa73844b95840f2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8f:dc:cb:0a:36:5b:95:8e:11:36:b7:3d:03:2e:2a:86:11:91:67:94
Signer

Actual PE Digest

8f:dc:cb:0a:36:5b:95:8e:11:36:b7:3d:03:2e:2a:86:11:91:67:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

updater.pdb

Imports

mpr

WNetCancelConnectionW
WNetAddConnection2W

ws2_32

recv
WSASetLastError
send
__WSAFDIsSet
select
htons
WSAGetLastError
socket
gethostbyname
inet_addr
closesocket
connect
ioctlsocket

kernel32

DeviceIoControl
CloseHandle
GetEnvironmentVariableW
CreateProcessW
GetExitCodeProcess
FreeLibrary
GetFileAttributesW
GetFullPathNameW
SetLastError
lstrlenW
lstrcpynW
GetFileAttributesA
GetFullPathNameA
MultiByteToWideChar
AreFileApisANSI
lstrlenA
lstrcpynA
WideCharToMultiByte
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetCurrentProcessId
FindFirstFileW
FindNextFileW
FindClose
CreateDirectoryW
GetFileSize
DeleteFileW
MoveFileW
GetTempPathW
GetTempFileNameW
FlushFileBuffers
CreateFileW
ReadFile
WriteFile
SetEndOfFile
SetFilePointer
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
VirtualProtect
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LocalFree
RemoveDirectoryW
OpenProcess
GetTickCount
GetVersionExW
LoadLibraryW
GetProcAddress
Sleep
GetLastError
CopyFileW
SetFileAttributesW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetCurrentProcess
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileStringW
SetUnhandledExceptionFilter
GetPrivateProfileIntW
InterlockedCompareExchange
QueryPerformanceCounter
GetCurrentThreadId
TerminateProcess
UnhandledExceptionFilter
GetFileInformationByHandle

user32

GetWindowThreadProcessId
FindWindowW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW
TranslateMessage

advapi32

SetNamedSecurityInfoW
RegDeleteValueW
RegEnumKeyW
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
SetThreadToken
LogonUserW
RevertToSelf
DuplicateToken
RegOpenKeyExW
GetNamedSecurityInfoW
RegDeleteKeyW
RegDeleteKeyA
OpenProcessToken

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder

msvcr80

memcpy
memset
_crt_debugger_hook
__clean_type_info_names_internal
_except_handler4_common
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_encoded_null
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__CxxFrameHandler3
strftime
calloc
free
wcsstr
wcschr
swprintf_s
swscanf_s
malloc
??2@YAPAXI@Z
??_V@YAXPAX@Z
??_U@YAPAXI@Z
_wcsicmp
??3@YAXPAX@Z
_wcsnicmp
_time64
wcscspn
wcstol
realloc
wcsrchr
rand
_stricmp
strchr
sprintf_s
srand
towupper
memchr
_strnicmp
iswdigit
_wcsdup
_purecall
_except_handler3
sscanf_s
wcsncmp
toupper
strcpy_s
memmove
strncpy_s
wcscpy_s
wcsncpy_s
strcat_s
towlower
wcscat_s
_vsnprintf_s
_vsnwprintf_s
memmove_s
memcpy_s
_gmtime64_s

Exports

Exports

UpdAbortUpdate
UpdCheckSetupEngines
UpdCopyPCUs2Mirror
UpdDownloadVERFile
UpdFindBestNUPS
UpdGetAllPCUs
UpdGetListPCUInTempFolder
UpdGetProductTypes
UpdGetScannerVersion
UpdGetScannerVersionEx
UpdGetUpdateLastAttemptTime
UpdGetUpdateLastTime
UpdInitialize
UpdIsProductRegistered
UpdLoadUpdateAttemptTime
UpdPerformUpdate
UpdRegisterNewUser
UpdResetUpdate
UpdRunSetup
UpdSaveUpdateAttemptTime
UpdSetName
UpdSetupEngines
UpdSwitchDevelModules
UpdSwitchUpdateGroup
UpdUninitialize

Sections

.text
Size: 176KB - Virtual size: 175KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updater.dll_1
.dll windows:4 windows x64 arch:x64

2f141a9a2ba3a092fed71241fcc95c36

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

06/05/2010, 00:00

Not After

12/06/2013, 23:59

Subject

CN=ESET\, spol. s r.o.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=ESET\, spol. s r.o.,L=Bratislava,ST=Slovakia,C=SK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:25:b0:40:d0:e0:14:6b:09:f5:fa:3a:dd:d7:df:32:3b:6b:e0:6a
Signer

Actual PE Digest

74:25:b0:40:d0:e0:14:6b:09:f5:fa:3a:dd:d7:df:32:3b:6b:e0:6a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

updater.pdb

Imports

mpr

WNetCancelConnectionW
WNetAddConnection2W

ws2_32

WSASetLastError
__WSAFDIsSet
select
connect
ioctlsocket
recv
htons
WSAGetLastError
inet_addr
closesocket
socket
gethostbyname
send

kernel32

GetVersionExW
GetTickCount
GetEnvironmentVariableW
CreateProcessW
GetExitCodeProcess
FreeLibrary
GetFileAttributesW
GetFullPathNameW
SetLastError
lstrlenW
lstrcpynW
GetFileAttributesA
GetFullPathNameA
MultiByteToWideChar
AreFileApisANSI
lstrlenA
lstrcpynA
WideCharToMultiByte
RtlAddFunctionTable
RtlDeleteFunctionTable
GetCurrentProcessId
FindNextFileW
FindClose
CreateDirectoryW
FindFirstFileW
ReadFile
CloseHandle
SetEndOfFile
SetFilePointer
GetFileSize
DeleteFileW
MoveFileW
GetTempPathW
GetTempFileNameW
FlushFileBuffers
GetFileInformationByHandle
GetSystemTimeAsFileTime
VirtualAlloc
VirtualFree
VirtualProtect
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
LocalFree
RemoveDirectoryW
OpenProcess
DeviceIoControl
CreateFileW
GetProcAddress
LoadLibraryW
Sleep
GetLastError
CopyFileW
SetFileAttributesW
GetPrivateProfileSectionW
WritePrivateProfileSectionW
GetCurrentProcess
GetCurrentThreadId
GetPrivateProfileSectionNamesW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
QueryPerformanceCounter
WriteFile

user32

GetWindowThreadProcessId
FindWindowW
MsgWaitForMultipleObjects
DispatchMessageW
TranslateMessage
PeekMessageW

advapi32

RegDeleteKeyA
RegOpenKeyExW
RevertToSelf
DuplicateToken
SetThreadToken
LogonUserW
OpenProcessToken
SetNamedSecurityInfoW
GetNamedSecurityInfoW
RegDeleteKeyW
RegCloseKey
RegQueryValueExW
RegSetValueExW
RegEnumKeyW
RegDeleteValueW
RegCreateKeyExW

shell32

SHGetPathFromIDListA
SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder

msvcr80

memcpy
memset
__clean_type_info_names_internal
__CppXcptFilter
_amsg_exit
_encoded_null
_initterm_e
_initterm
_malloc_crt
_decode_pointer
_onexit
_lock
_encode_pointer
__dllonexit
_unlock
__C_specific_handler
__CxxFrameHandler3
strftime
_gmtime64_s
_vsnwprintf_s
_vsnprintf_s
towlower
calloc
free
wcschr
wcsstr
swscanf_s
malloc
??2@YAPEAX_K@Z
??_V@YAXPEAX@Z
??_U@YAPEAX_K@Z
_wcsicmp
??3@YAXPEAX@Z
swprintf_s
_wcsnicmp
_time64
wcscspn
wcstol
realloc
rand
wcsrchr
_stricmp
strchr
sprintf_s
srand
towupper
memchr
_strnicmp
iswdigit
memcmp
_purecall
_wcsdup
memmove_s
memcpy_s
sscanf_s
wcsncmp
strcpy_s
strncpy_s
toupper
wcscpy_s
wcsncpy_s
memmove
strcat_s
wcscat_s

Exports

Exports

UpdAbortUpdate
UpdCheckSetupEngines
UpdCopyPCUs2Mirror
UpdDownloadVERFile
UpdFindBestNUPS
UpdGetAllPCUs
UpdGetListPCUInTempFolder
UpdGetProductTypes
UpdGetScannerVersion
UpdGetScannerVersionEx
UpdGetUpdateLastAttemptTime
UpdGetUpdateLastTime
UpdInitialize
UpdIsProductRegistered
UpdLoadUpdateAttemptTime
UpdPerformUpdate
UpdRegisterNewUser
UpdResetUpdate
UpdRunSetup
UpdSaveUpdateAttemptTime
UpdSetName
UpdSetupEngines
UpdSwitchDevelModules
UpdSwitchUpdateGroup
UpdUninitialize

Sections

.text
Size: 247KB - Virtual size: 247KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

c0732a9e399e57b1ea39125d8cfca23d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

6a:aa:58:c1:7a:48:e5:2a:a8:17:43:c9:25:0e:7d:b9:e3:6a:49:00Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 102KB - Virtual size: 102KB

.rdata Size: 33KB - Virtual size: 33KB

.data Size: 8KB - Virtual size: 16KB

.pdata Size: 8KB - Virtual size: 7KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 2KB - Virtual size: 1KB

0d381e7d8fbd9948e48fc8f88b70af88

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

1b:b7:f6:9b:19:54:e8:17:34:89:25:c1:97:87:4d:be:f3:0b:d5:edSigner

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 88KB - Virtual size: 86KB

.rdata Size: 24KB - Virtual size: 22KB

.data Size: 8KB - Virtual size: 13KB

.rsrc Size: 4KB - Virtual size: 3KB

.reloc Size: 16KB - Virtual size: 12KB

18078e0bb93c3c325613d1850477db20

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

6a:aa:58:c1:7a:48:e5:2a:a8:17:43:c9:25:0e:7d:b9:e3:6a:49:00
Signer

.text
Size: 102KB - Virtual size: 102KB

.rdata
Size: 33KB - Virtual size: 33KB

.data
Size: 8KB - Virtual size: 16KB

.pdata
Size: 8KB - Virtual size: 7KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 2KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

1b:b7:f6:9b:19:54:e8:17:34:89:25:c1:97:87:4d:be:f3:0b:d5:ed
Signer

.text
Size: 88KB - Virtual size: 86KB

.rdata
Size: 24KB - Virtual size: 22KB

.data
Size: 8KB - Virtual size: 13KB

.rsrc
Size: 4KB - Virtual size: 3KB

.reloc
Size: 16KB - Virtual size: 12KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

a8:45:8f:8a:c0:f0:1b:63:5a:2f:cf:1a:f0:c9:a5:4e:f4:49:ba:45
Signer

.text
Size: 19KB - Virtual size: 19KB

.rdata
Size: 9KB - Virtual size: 8KB

.data
Size: 2KB - Virtual size: 3KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

ba:a8:7b:bb:68:6f:1c:02:73:2d:b4:ed:cb:b8:2a:29:fc:ad:b2:ba
Signer

.text
Size: 93KB - Virtual size: 93KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 3KB

.pdata
Size: 3KB - Virtual size: 3KB

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 478B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

4c:61:ad:da:e2:e6:a4:fc:5e:52:a2:f8:cd:38:e3:83
Certificate