13dd6357cdfbce65b74225fa6fa8f549_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

13dd6357cdfbce65b74225fa6fa8f549_JaffaCakes118
Size

1.6MB
MD5

13dd6357cdfbce65b74225fa6fa8f549
SHA1

52b3d8be99aa29feef563f90a0e73a3f6504b282
SHA256

fabed020a1738bfd688115afa14988c452a3e778f688eca2e9c53d4b7914a77e
SHA512

7d7cd7a09ac30dd8cb7c3b443344201d32ddc3c6b88285028d735986b7d5d2e9d080884fff4a08bcfec6543d6bd5da02449f722295c85f5fcc8058eb4fbff66c
SSDEEP

24576:xtmRgSWthQHWKaOvDH7moUtu27AyrMVEe3Nb4ZLkopK6siA6v7i/8NOEdo77Nrn:xNnhSWiHxOu2YVnd4Z3p3sh6v7uNL

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/md5dll.dll	acprotect
static1/unpack001/$PLUGINSDIR/nsResize.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/md5dll.dll	upx
static1/unpack001/$PLUGINSDIR/nsResize.dll	upx

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack002/out.upx
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack003/out.upx

NSIS installer 1 IoCs

installer

resource	yara_rule
sample	nsis_installer_2

Files

13dd6357cdfbce65b74225fa6fa8f549_JaffaCakes118
.exe windows:4 windows x86 arch:x86

28a099a911237a28521d8b7ea250f089

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

85:bc:71:77:76:bc:5c:6b:2f:d6:e8:3f:8f:04:01:e0:74:27:d1:3c
Signer

Actual PE Digest

85:bc:71:77:76:bc:5c:6b:2f:d6:e8:3f:8f:04:01:e0:74:27:d1:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

advapi32

RegCloseKey
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegQueryValueExA
RegSetValueExA

comctl32

ImageList_AddMasked
ImageList_Create
ImageList_Destroy
InitCommonControls

gdi32

CreateBrushIndirect
CreateFontIndirectA
DeleteObject
GetDeviceCaps
SelectObject
SetBkColor
SetBkMode
SetTextColor

kernel32

CloseHandle
CompareFileTime
CopyFileA
CreateDirectoryA
CreateFileA
CreateProcessA
CreateThread
DeleteFileA
ExitProcess
ExpandEnvironmentStringsA
FindClose
FindFirstFileA
FindNextFileA
FreeLibrary
GetCommandLineA
GetCurrentProcess
GetDiskFreeSpaceA
GetExitCodeProcess
GetFileAttributesA
GetFileSize
GetFullPathNameA
GetLastError
GetModuleFileNameA
GetModuleHandleA
GetPrivateProfileStringA
GetProcAddress
GetShortPathNameA
GetSystemDirectoryA
GetTempFileNameA
GetTempPathA
GetTickCount
GetVersion
GetWindowsDirectoryA
GlobalAlloc
GlobalFree
GlobalLock
GlobalUnlock
LoadLibraryA
LoadLibraryExA
MoveFileA
MulDiv
MultiByteToWideChar
ReadFile
RemoveDirectoryA
SearchPathA
SetCurrentDirectoryA
SetErrorMode
SetFileAttributesA
SetFilePointer
SetFileTime
Sleep
WaitForSingleObject
WriteFile
WritePrivateProfileStringA
lstrcatA
lstrcmpA
lstrcmpiA
lstrcpynA
lstrlenA

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

shell32

SHBrowseForFolderA
SHFileOperationA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
ShellExecuteA

user32

AppendMenuA
BeginPaint
CallWindowProcA
CharNextA
CharPrevA
CheckDlgButton
CloseClipboard
CreateDialogParamA
CreatePopupMenu
CreateWindowExA
DefWindowProcA
DestroyWindow
DialogBoxParamA
DispatchMessageA
DrawTextA
EmptyClipboard
EnableMenuItem
EnableWindow
EndDialog
EndPaint
ExitWindowsEx
FillRect
FindWindowExA
GetClassInfoA
GetClientRect
GetDC
GetDlgItem
GetDlgItemTextA
GetMessagePos
GetSysColor
GetSystemMenu
GetSystemMetrics
GetWindowLongA
GetWindowRect
InvalidateRect
IsWindow
IsWindowEnabled
IsWindowVisible
LoadBitmapA
LoadCursorA
LoadImageA
MessageBoxIndirectA
OpenClipboard
PeekMessageA
PostQuitMessage
RegisterClassA
ScreenToClient
SendMessageA
SendMessageTimeoutA
SetClassLongA
SetClipboardData
SetCursor
SetDlgItemTextA
SetForegroundWindow
SetTimer
SetWindowLongA
SetWindowPos
SetWindowTextA
ShowWindow
SystemParametersInfoA
TrackPopupMenu
wsprintfA

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

Sections

.text
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 106KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: 1024B - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/BgWorker.dll
.dll windows:4 windows x86 arch:x86

db2755f409b81c4dbfc04f648cfb80b9

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

b1:6b:51:8e:83:95:72:2a:15:4e:b1:97:01:17:f0:60:77:e0:07:77
Signer

Actual PE Digest

b1:6b:51:8e:83:95:72:2a:15:4e:b1:97:01:17:f0:60:77:e0:07:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpiA
GetModuleHandleA
CloseHandle
SetThreadPriority
CreateThread

user32

IsWindowUnicode
PostMessageA
DispatchMessageA
TranslateMessage
PeekMessageA
MsgWaitForMultipleObjects

Exports

Exports

CallAndWait

Sections

.text
Size: 1024B - Virtual size: 987B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 66B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ShellLink.dll
.dll windows:5 windows x86 arch:x86

50112fdd20200a51dbedeae8f1f33cdb

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

95:af:a4:40:20:0a:94:ed:fd:91:ec:ea:bc:18:07:43:32:f5:ea:e6
Signer

Actual PE Digest

95:af:a4:40:20:0a:94:ed:fd:91:ec:ea:bc:18:07:43:32:f5:ea:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
MultiByteToWideChar
LocalAlloc
GlobalFree
lstrcpyA
lstrcpynA
GlobalAlloc

user32

wsprintfA

ole32

CoCreateInstance

Exports

Exports

GetShortCutArgs
GetShortCutDescription
GetShortCutHotkey
GetShortCutIconIndex
GetShortCutIconLocation
GetShortCutShowMode
GetShortCutTarget
GetShortCutWorkingDirectory
SetRunAsAdministrator
SetShortCutArgs
SetShortCutDescription
SetShortCutHotkey
SetShortCutIconIndex
SetShortCutIconLocation
SetShortCutShowMode
SetShortCutTarget
SetShortCutWorkingDirectory

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 1014B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 262B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

ea0aa0a9e9dc166e514586b9219c0789

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

DeleteCriticalSection
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLastError
GetModuleHandleA
GetProcAddress
GetSystemTimeAsFileTime
GetTickCount
GlobalAlloc
GlobalFree
GlobalSize
InitializeCriticalSection
InterlockedCompareExchange
LeaveCriticalSection
LoadLibraryA
LoadLibraryW
MultiByteToWideChar
QueryPerformanceCounter
SetUnhandledExceptionFilter
Sleep
TerminateProcess
TlsGetValue
UnhandledExceptionFilter
VirtualAlloc
VirtualProtect
VirtualQuery
WideCharToMultiByte
lstrcatA
lstrcpyA
lstrcpynA
lstrlenA

msvcrt

__dllonexit
_amsg_exit
_initterm
_iob
_lock
_onexit
_unlock
_winmajor
abort
calloc
free
fwrite
malloc
memcpy
strlen
strncmp
vfprintf

ole32

CLSIDFromString
StringFromGUID2

user32

wsprintfA

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 52B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 1024B - Virtual size: 828B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System3.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8e:5d:ea:a3:0e:69:33:a0:b1:75:5a:c9:69:5d:5d:16:5b:2a:08:43
Signer

Actual PE Digest

8e:5d:ea:a3:0e:69:33:a0:b1:75:5a:c9:69:5d:5d:16:5b:2a:08:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 851B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 610B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:5 windows x86 arch:x86

09a3e096fa98fc82beb9603daab2ea15

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a2:e7:70:c2:f0:b6:9b:ed:a3:e6:e7:a5:ab:e1:77:99:04:9f:a4:15
Signer

Actual PE Digest

a2:e7:70:c2:f0:b6:9b:ed:a3:e6:e7:a5:ab:e1:77:99:04:9f:a4:15

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Z:\Projects\ABHTMLv6\ABHTML\Components\Installer\Windows\UAC\Release\UAC.pdb

Imports

kernel32

CreateProcessW
lstrlenW
GetVersionExW
SetLastError
GetProcAddress
lstrcmpiW
GetCurrentThreadId
GetCommandLineW
UnmapViewOfFile
WaitForSingleObject
GetCurrentProcessId
SetEvent
DuplicateHandle
SetCurrentDirectoryW
GetLastError
CreateFileMappingW
CreateEventW
GetExitCodeThread
CreateThread
Sleep
OpenProcess
GetExitCodeProcess
GetModuleHandleW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
FormatMessageW
LocalFree
CloseHandle
GetModuleFileNameW
lstrcatW
GetPrivateProfileIntW
IsProcessorFeaturePresent
GetPrivateProfileStringW
LoadLibraryA
GlobalFree
MapViewOfFile
GlobalAlloc

user32

SetWindowsHookExW
DispatchMessageW
TranslateMessage
IsDialogMessageW
PeekMessageW
MsgWaitForMultipleObjects
DefWindowProcW
PostMessageW
CreateWindowExW
GetWindowThreadProcessId
CallWindowProcW
SetWindowPos
GetWindowRect
GetClientRect
GetClassNameW
LoadIconW
CreateDialogParamW
SetForegroundWindow
CallNextHookEx
UnhookWindowsHookEx
CharNextW
DialogBoxIndirectParamW
MessageBoxW
EndDialog
SetWindowLongW
LoadImageW
DestroyWindow
EnableWindow
FindWindowExW
IsWindowVisible
SendMessageW
GetDlgItem
ShowWindow
wsprintfW
LoadStringW
GetWindowLongW

advapi32

GetUserNameW
QueryServiceStatus
OpenServiceW
OpenSCManagerW
EqualSid
GetTokenInformation
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
CloseServiceHandle

shell32

ShellExecuteExW

ole32

CoInitialize

Exports

Exports

_

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

87911d4ed7691bf75373ec9593ae9132

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

advapi32

AllocateAndInitializeSid
EqualSid
FreeSid
GetTokenInformation
GetUserNameA
OpenProcessToken
OpenThreadToken

kernel32

CloseHandle
GetCurrentProcess
GetCurrentThread
GetLastError
GetModuleHandleA
GetProcAddress
GetVersion
GlobalAlloc
GlobalFree
lstrcpyA
lstrcpynA

user32

wsprintfA

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 16B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 129B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

5bdcdde5acd7b395f3f3d19ebbb8c6cd

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

59:40:11:53:4c:c8:a2:4f:94:3f:6a:77:9f:f7:73:39:db:e2:0f:49
Signer

Actual PE Digest

59:40:11:53:4c:c8:a2:4f:94:3f:6a:77:9f:f7:73:39:db:e2:0f:49

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_mbschr
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
_mbsrchr
strtoul
memset
_mbsstr
strtol

kernel32

GlobalFree
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc
LoadLibraryA
GetProcAddress
lstrcmpiA
CreateFileA
GetFileSize
lstrlenA
WriteFile
ReadFile
lstrcmpA
lstrcpynA
lstrcatA
GetLastError
DeleteFileA
CloseHandle
SleepEx
SetFilePointer
GetTickCount

user32

MessageBoxA
GetParent
ShowWindow
SetWindowLongA
IsWindow
SetWindowTextA
SendDlgItemMessageA
GetDlgItem
PostMessageA
GetWindowTextA
SendMessageA
SetDlgItemTextA
SetWindowPos
SystemParametersInfoA
GetClientRect
GetWindowRect
SetTimer
LoadIconA
UpdateWindow
DestroyWindow
KillTimer
RedrawWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
IsWindowVisible
EnableWindow
CreateDialogParamA
FindWindowExA
wsprintfA
GetWindowLongA

wininet

HttpSendRequestA
HttpSendRequestExA
HttpQueryInfoA
FtpCreateDirectoryA
FtpOpenFileA
InternetGetLastResponseInfoA
InternetSetFilePointer
InternetSetOptionA
InternetQueryOptionA
InternetCloseHandle
InternetErrorDlg
HttpOpenRequestA
HttpAddRequestHeadersA
HttpEndRequestA
InternetConnectA
InternetCrackUrlA
InternetOpenA
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

81:8a:bb:a3:9c:14:91:ec:1d:c6:b5:6b:d8:06:7b:c9:a6:6c:01:ac
Signer

Actual PE Digest

81:8a:bb:a3:9c:14:91:ec:1d:c6:b5:6b:d8:06:7b:c9:a6:6c:01:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

4fb4d15e957b6564bf15c23e80f0202a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Imports

comdlg32

CommDlgExtendedError
GetOpenFileNameA
GetSaveFileNameA

gdi32

SetTextColor

kernel32

GetCurrentDirectoryA
GetFileAttributesA
GetProcessHeap
GlobalAlloc
GlobalFree
HeapAlloc
HeapFree
HeapReAlloc
MulDiv
SetCurrentDirectoryA
lstrcmpiA
lstrcpyA
lstrcpynA
lstrlenA

ole32

CoTaskMemFree

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

user32

CallWindowProcA
CharNextA
CharPrevA
CreateDialogParamA
CreateWindowExA
DestroyWindow
DispatchMessageA
DrawFocusRect
DrawTextA
GetClientRect
GetDlgItem
GetMessageA
GetPropA
GetWindowLongA
GetWindowRect
GetWindowTextA
IsDialogMessageA
IsWindow
KillTimer
LoadCursorA
MapDialogRect
MapWindowPoints
RemovePropA
SendMessageA
SetCursor
SetPropA
SetTimer
SetWindowLongA
SetWindowPos
ShowWindow
TranslateMessage
wsprintfA

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 4KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 363B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 140B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsProcess.dll
.dll windows:5 windows x86 arch:x86

a49b0342971aa199fc6349725b90146d

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:0b:cd:4b:71:6f:43:f0:52:b3:e7:ae:e3:92:59:10:94:2f:72:16
Signer

Actual PE Digest

70:0b:cd:4b:71:6f:43:f0:52:b3:e7:ae:e3:92:59:10:94:2f:72:16

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
TerminateProcess
WaitForSingleObject
GetExitCodeProcess
OpenProcess
lstrcpynA
lstrlenA
LoadLibraryA
lstrcmpiA
WideCharToMultiByte
FreeLibrary
LocalFree
LocalAlloc
GetProcAddress
LoadLibraryW
GetVersionExA
GlobalFree
GlobalAlloc

user32

GetWindowThreadProcessId
EnumWindows
wsprintfA
PostMessageA

Exports

Exports

_CloseProcess
_FindProcess
_KillProcess
_Unload

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 910B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 250B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsResize.dll
.dll windows:6 windows x86 arch:x86

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:0d:8a:ca:6d:e2:ec:83:e7:72:a9:02:e8:7a:aa:d6:11:7d:62:a4
Signer

Actual PE Digest

2e:0d:8a:ca:6d:e2:ec:83:e7:72:a9:02:e8:7a:aa:d6:11:7d:62:a4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Add
GetPos
GetPosPx
GetSize
GetSizePx
Set
SetRTL
Top

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 602B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/picLeft.bmp
$PLUGINSDIR/registry.dll
.dll windows:4 windows x86 arch:x86

421a02aae559045e04759aae146087eb

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e4:ed:db:de:10:2a:bb:26:cc:50:94:76:a1:7e:10:d4:e4:d6:9d:eb
Signer

Actual PE Digest

e4:ed:db:de:10:2a:bb:26:cc:50:94:76:a1:7e:10:d4:e4:d6:9d:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateProcessA
CreateProcessW
GlobalAlloc
SearchPathA
SearchPathW
GetFileAttributesA
GetFileAttributesW
CreateFileA
CreateFileW
WriteFile
WideCharToMultiByte
GetWindowsDirectoryW
lstrlenA
lstrlenW
MultiByteToWideChar
GlobalFree

user32

FindWindowExA
SetWindowTextA
SetWindowTextW
MessageBoxW
GetDlgItem

advapi32

RegQueryValueExA
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
RegCreateKeyExA
RegCreateKeyExW
RegEnumValueA
RegEnumValueW
RegEnumKeyExA
RegEnumKeyExW
RegCloseKey
RegSetValueExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegSetValueExW

Exports

Exports

_Close
_CopyKey
_CopyValue
_CreateKey
_DeleteKey
_DeleteKeyEmpty
_DeleteValue
_Find
_HexToStrA
_HexToStrW
_KeyExists
_MoveKey
_MoveValue
_Open
_Read
_ReadExtra
_RestoreKey
_SaveKey
_StrToHexA
_StrToHexW
_Unload
_Write
_WriteExtra

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_2_/Chromium.dll
.dll windows:6 windows x86 arch:x86

f2358c15a68c5e7ba6256467178b2b1b

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:43:54:70:ae:59:5d:1e:dd:3a:c8:fa:80:61:f5:a1:85:92:c6:85
Signer

Actual PE Digest

57:43:54:70:ae:59:5d:1e:dd:3a:c8:fa:80:61:f5:a1:85:92:c6:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

nss3

PK11_GetInternalSlot
PK11_FreeSymKey
PK11_ImportSymKey
PK11_DestroyContext
PK11_FreeSlot
NSS_NoDB_Init
PK11_DigestFinal
PK11_DigestOp
PK11_DigestBegin
PK11_CreateContextBySymKey

kernel32

UnhandledExceptionFilter
GetCPInfo
GetCommandLineA
ExitProcess
HeapReAlloc
GetSystemDirectoryW
GetWindowsDirectoryW
GetModuleFileNameW
LocalFree
GetCurrentDirectoryW
CreateFileW
GetFileAttributesW
GetVolumeInformationW
ReadFile
WriteFile
GetTempPathW
CloseHandle
GetLastError
SetLastError
GetCurrentProcess
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FlushFileBuffers
GetFileSizeEx
SetEndOfFile
SetFilePointerEx
GetModuleHandleW
GetProcAddress
SetUnhandledExceptionFilter
GetCurrentProcessId
MultiByteToWideChar
WideCharToMultiByte
Sleep
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
IsDebuggerPresent
RaiseException
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetVersionExW
GetNativeSystemInfo
GetComputerNameW
WriteConsoleW
GetModuleHandleExW
GetStdHandle
IsProcessorFeaturePresent
GetFileType
SetStdHandle
GetFullPathNameW
GetProcessHeap
HeapAlloc
HeapFree
RtlUnwind
GetStringTypeW
DecodePointer
EncodePointer
TerminateProcess
GetStartupInfoW
LCMapStringW
HeapSize
GetConsoleCP
GetConsoleMode
ReadConsoleW
OutputDebugStringW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetDriveTypeW
QueryPerformanceCounter

advapi32

CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
LookupAccountNameW
ConvertSidToStringSidW

shell32

SHGetFolderPathW

winmm

timeGetTime

Exports

Exports

?GenerateDeviceIdLikePrefMetricsServiceDid@hash_calculation@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV23@@Z
?GetChromeHashSeed@hash_calculation@@YA_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PB_W10@Z
?GetDeviceId@hash_calculation@@YA_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetDigestString@hash_calculation@@YA_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@111@Z
?GetHashSeed@hash_calculation@@YA_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PB_W10I@Z
?GetYandexHashSeed@hash_calculation@@YA_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PB_W10@Z

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 2B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_2_/DownloadHelper.dll
.dll windows:5 windows x86 arch:x86

b48431691ead7ee714d0c5b64e5a9920

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6a:bc:4b:1e:9b:f9:97:2f:a9:60:35:d3:6e:c6:6d:81:16:ed:30:0d
Signer

Actual PE Digest

6a:bc:4b:1e:9b:f9:97:2f:a9:60:35:d3:6e:c6:6d:81:16:ed:30:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
MultiByteToWideChar
WideCharToMultiByte
InterlockedDecrement
GetLastError
lstrlenA
CloseHandle
LocalFree
GetProcessHeap
SetEndOfFile
CreateFileW
WriteConsoleW
SetStdHandle
InterlockedIncrement
InterlockedExchange
GetStringTypeW
Sleep
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
EncodePointer
DecodePointer
HeapFree
RaiseException
RtlUnwind
HeapAlloc
GetCPInfo
GetCurrentThreadId
GetCommandLineA
LCMapStringW
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
ExitProcess
HeapSize
HeapReAlloc
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetStartupInfoW
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
ReadFile
SetFilePointer
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
LoadLibraryW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysAllocString
GetErrorInfo

Exports

Exports

SendReqFromFile
encodeForRequest
getChromeExtensions
getFirefoxExtensions

Sections

.text
Size: 149KB - Virtual size: 149KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_2_/InstallerHelper.dll
.dll windows:5 windows x86 arch:x86

eedd1bc7185c5bcc455534c5db3adf55

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8f:69:d6:d2:f2:81:ce:39:0e:43:48:be:1a:03:4b:05:04:7e:81:31
Signer

Actual PE Digest

8f:69:d6:d2:f2:81:ce:39:0e:43:48:be:1a:03:4b:05:04:7e:81:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

chromium

?GetHashSeed@hash_calculation@@YA_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PB_W10I@Z
?GetDeviceId@hash_calculation@@YA_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GenerateDeviceIdLikePrefMetricsServiceDid@hash_calculation@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV23@@Z
?GetDigestString@hash_calculation@@YA_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@111@Z

kompexsqlitewrapper

??1SQLiteStatement@Kompex@@UAE@XZ
??0SQLiteStatement@Kompex@@QAE@PAVSQLiteDatabase@1@@Z
?SaveDatabaseFromMemoryToFile@SQLiteDatabase@Kompex@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Close@SQLiteDatabase@Kompex@@QAEXXZ
??1SQLiteDatabase@Kompex@@UAE@XZ
??0SQLiteDatabase@Kompex@@QAE@PB_W@Z
?GetSqlResultCString@SQLiteStatement@Kompex@@QAEPBEPBDPBE@Z

kernel32

WideCharToMultiByte
MultiByteToWideChar
lstrlenW
GetLastError
GetFileSize
GetNativeSystemInfo
FindResourceExW
FindResourceW
LoadResource
CreateDirectoryW
WriteFile
OpenProcess
LoadLibraryW
SizeofResource
GetFileAttributesW
ReadFile
CreateFileW
lstrlenA
Process32FirstW
LockResource
WaitForMultipleObjects
Process32NextW
GetModuleHandleA
CreateToolhelp32Snapshot
CloseHandle
WaitForSingleObject
CreateProcessA
GetSystemDirectoryA
GetCurrentProcess
Thread32First
Sleep
Thread32Next
GetModuleFileNameW
LocalAlloc
LocalFree
DeleteFileW
InterlockedDecrement
GetLocaleInfoW
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetProcAddress
SetEndOfFile
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
ExitProcess
SetLastError
TlsFree
TlsSetValue
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
InitializeCriticalSection
MoveFileA
DeleteFileA
GetCPInfo
VirtualProtect
VirtualAlloc
GetModuleHandleW
GetSystemInfo
VirtualQuery
CreateDirectoryA
GetCurrentThreadId
GetCommandLineA
RtlUnwind
LCMapStringW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue

user32

SendMessageW
EnumThreadWindows

advapi32

RegOpenKeyExA
RegCloseKey
OpenProcessToken
GetTokenInformation
DuplicateTokenEx
LookupAccountSidW
CreateProcessAsUserW
RegQueryValueExA

shell32

SHFileOperationW
SHGetFolderPathW

ole32

CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

GetErrorInfo
VariantClear
SysFreeString
VariantInit
SysAllocStringLen
SysAllocString

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_2_/InstallerHomepageHelper.dll
.dll windows:5 windows x86 arch:x86

14f9048f1870dffad00cd1d524a6bce1

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

be:ea:e9:27:88:eb:19:3c:68:e2:dd:25:6c:ce:fc:50:75:38:77:a7
Signer

Actual PE Digest

be:ea:e9:27:88:eb:19:3c:68:e2:dd:25:6c:ce:fc:50:75:38:77:a7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

chromium

?GenerateDeviceIdLikePrefMetricsServiceDid@hash_calculation@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV23@@Z
?GetDigestString@hash_calculation@@YA_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@111@Z

kernel32

GetLastError
FindResourceExW
FindResourceW
lstrlenW
SizeofResource
LockResource
GetProcAddress
GetModuleHandleA
WritePrivateProfileStringA
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
LoadResource
CreateFileA
LoadLibraryW
WriteConsoleW
SetStdHandle
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
GetCPInfo
GetCurrentThreadId
GetCommandLineA
RtlUnwind
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
ReadFile
WriteFile
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
SetFilePointer
CloseHandle
GetModuleHandleW
ExitProcess
GetModuleFileNameW
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetACP
GetOEMCP
IsValidCodePage
FlushFileBuffers
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
CreateFileW
SetEndOfFile

advapi32

RegSetValueExA
RegCreateKeyExA
RegCloseKey

ole32

CoUninitialize
CoInitialize

shlwapi

PathFileExistsA

Sections

.text
Size: 192KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 25KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_2_/InstallerSearchHelper.dll
.dll windows:5 windows x86 arch:x86

d0e4d126b4bee2e7809b065fb6f9883a

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:4e:a2:96:0d:ce:ba:ed:c5:38:1d:f1:4b:3e:0e:f7:8d:b1:fb:d0
Signer

Actual PE Digest

21:4e:a2:96:0d:ce:ba:ed:c5:38:1d:f1:4b:3e:0e:f7:8d:b1:fb:d0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

chromium

?GenerateDeviceIdLikePrefMetricsServiceDid@hash_calculation@@YAXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAV23@@Z
?GetDigestString@hash_calculation@@YA_NAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV23@111@Z

kernel32

LoadLibraryW
SizeofResource
GetFileAttributesW
ReadFile
CreateFileW
GetProcAddress
LockResource
GetModuleHandleA
CloseHandle
WaitForSingleObject
CreateProcessA
WriteFile
LocalAlloc
LocalFree
WritePrivateProfileSectionA
GetPrivateProfileStringA
WritePrivateProfileStringA
CreateFileA
WriteConsoleW
SetStdHandle
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStringsW
CreateDirectoryW
LoadResource
FindResourceW
FindResourceExW
GetNativeSystemInfo
GetFileSize
GetLastError
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
lstrlenA
GetSystemDirectoryA
FreeEnvironmentStringsW
GetModuleFileNameA
GetModuleFileNameW
GetLocaleInfoW
FlushFileBuffers
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
Sleep
InitializeCriticalSection
GetCPInfo
GetCurrentThreadId
GetCommandLineA
RtlUnwind
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
GetConsoleCP
GetConsoleMode
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
SetFilePointer
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
ExitProcess
SetEndOfFile

kompexsqlitewrapper

?Prepare@SQLiteStatement@Kompex@@IAEXPB_W@Z
?GetSqlResultInt@SQLiteStatement@Kompex@@QAEHPB_WH@Z
?ExecuteAndFree@SQLiteStatement@Kompex@@QAEXXZ
?GetColumnInt@SQLiteStatement@Kompex@@QBEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
??0SQLiteDatabase@Kompex@@QAE@PB_W@Z
??1SQLiteDatabase@Kompex@@UAE@XZ
?Close@SQLiteDatabase@Kompex@@QAEXXZ
??0SQLiteStatement@Kompex@@QAE@PAVSQLiteDatabase@1@@Z
??1SQLiteStatement@Kompex@@UAE@XZ
?FetchRow@SQLiteStatement@Kompex@@QBE_NXZ
?FreeQuery@SQLiteStatement@Kompex@@QAEXXZ
?GetColumnCString@SQLiteStatement@Kompex@@QBEPBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z

advapi32

RegOpenKeyExA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegSetKeySecurity
RegEnumValueA
RegQueryInfoKeyA
SetSecurityDescriptorDacl
RegEnumKeyExA
InitializeSecurityDescriptor
RegDeleteKeyA
RegQueryValueExA

shell32

SHFileOperationW

ole32

CoInitialize
CoUninitialize

Sections

.text
Size: 231KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_2_/KompexSQLiteWrapper.dll
.dll windows:5 windows x86 arch:x86

b79ba4ab2edf6a6d884a8363550f0fa8

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:1f:ca:d8:34:ae:48:10:59:d9:30:50:39:c9:6b:fa:a0:7d:8a:86
Signer

Actual PE Digest

9f:1f:ca:d8:34:ae:48:10:59:d9:30:50:39:c9:6b:fa:a0:7d:8a:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFullPathNameW
GetFullPathNameA
HeapReAlloc
CreateFileA
GetFileSize
CreateMutexW
SetFilePointer
MapViewOfFile
UnmapViewOfFile
SetEndOfFile
FreeLibrary
HeapAlloc
SystemTimeToFileTime
QueryPerformanceCounter
HeapFree
WaitForSingleObject
InterlockedCompareExchange
UnlockFile
LockFile
OutputDebugStringW
GetTickCount
UnlockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
FormatMessageW
HeapDestroy
LeaveCriticalSection
GetFileAttributesA
HeapCreate
HeapValidate
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
HeapSize
LockFileEx
EnterCriticalSection
GetDiskFreeSpaceW
LoadLibraryA
CreateFileMappingA
CreateFileMappingW
GetDiskFreeSpaceA
GetSystemInfo
GetFileAttributesExW
DeleteCriticalSection
OutputDebugStringA
GetVersionExA
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
LocalFree
GetSystemTime
AreFileApisANSI
DeleteFileA
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
GetStringTypeW
EncodePointer
DecodePointer
GetCurrentThreadId
GetCommandLineA
GetCPInfo
RaiseException
RtlUnwind
LCMapStringW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
ExitProcess
GetStdHandle
GetModuleFileNameW
GetTimeZoneInformation
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetLocaleInfoW
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetConsoleCP
GetConsoleMode
WriteConsoleW
SetStdHandle
CompareStringW
SetEnvironmentVariableA

Exports

Exports

??0SQLiteBlob@Kompex@@QAE@ABV01@@Z
??0SQLiteBlob@Kompex@@QAE@PAVSQLiteDatabase@1@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@11_JW4BLOB_ACCESS_MODE@1@@Z
??0SQLiteBlob@Kompex@@QAE@XZ
??0SQLiteDatabase@Kompex@@QAE@ABV01@@Z
??0SQLiteDatabase@Kompex@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HPBD@Z
??0SQLiteDatabase@Kompex@@QAE@PBDH0@Z
??0SQLiteDatabase@Kompex@@QAE@PB_W@Z
??0SQLiteDatabase@Kompex@@QAE@XZ
??0SQLiteException@Kompex@@QAE@ABV01@@Z
??0SQLiteException@Kompex@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IPBD@Z
??0SQLiteException@Kompex@@QAE@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@IV23@@Z
??0SQLiteStatement@Kompex@@QAE@ABV01@@Z
??0SQLiteStatement@Kompex@@QAE@PAVSQLiteDatabase@1@@Z
??1SQLiteBlob@Kompex@@UAE@XZ
??1SQLiteDatabase@Kompex@@UAE@XZ
??1SQLiteException@Kompex@@QAE@XZ
??1SQLiteStatement@Kompex@@UAE@XZ
??4SQLiteBlob@Kompex@@QAEAAV01@ABV01@@Z
??4SQLiteDatabase@Kompex@@QAEAAV01@ABV01@@Z
??4SQLiteException@Kompex@@QAEAAV01@ABV01@@Z
??4SQLiteStatement@Kompex@@QAEAAV01@ABV01@@Z
??_7SQLiteBlob@Kompex@@6B@
??_7SQLiteDatabase@Kompex@@6B@
??_7SQLiteStatement@Kompex@@6B@
?ActivateProfiling@SQLiteDatabase@Kompex@@QBEXXZ
?ActivateTracing@SQLiteDatabase@Kompex@@QBEXXZ
?AssignColumnNumberToColumnName@SQLiteStatement@Kompex@@ABEXXZ
?BeginTransaction@SQLiteStatement@Kompex@@QAEXXZ
?BindBlob@SQLiteStatement@Kompex@@QBEXHPBXH@Z
?BindBool@SQLiteStatement@Kompex@@QBEXH_N@Z
?BindDouble@SQLiteStatement@Kompex@@QBEXHN@Z
?BindInt64@SQLiteStatement@Kompex@@QBEXH_J@Z
?BindInt@SQLiteStatement@Kompex@@QBEXHH@Z
?BindNull@SQLiteStatement@Kompex@@QBEXH@Z
?BindString16@SQLiteStatement@Kompex@@QBEXHPB_W@Z
?BindString@SQLiteStatement@Kompex@@QBEXHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?BindZeroBlob@SQLiteStatement@Kompex@@QBEXHH@Z
?CheckColumnNumber@SQLiteStatement@Kompex@@IBEXHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?CheckDatabase@SQLiteStatement@Kompex@@IBEXXZ
?CheckStatement@SQLiteStatement@Kompex@@IBEXXZ
?CleanUpFailedMemoryDatabase@SQLiteDatabase@Kompex@@AAEXPAUsqlite3@@0_N1PAUsqlite3_stmt@@ABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?CleanUpTransaction@SQLiteStatement@Kompex@@IAEXXZ
?ClearBindings@SQLiteStatement@Kompex@@QBEXXZ
?Close@SQLiteDatabase@Kompex@@QAEXXZ
?CloseBlob@SQLiteBlob@Kompex@@QAEXXZ
?CommitTransaction@SQLiteStatement@Kompex@@QAEXXZ
?CreateModule@SQLiteDatabase@Kompex@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBUsqlite3_module@@PAXP6AX2@Z@Z
?Execute@SQLiteStatement@Kompex@@QBEXXZ
?ExecuteAndFree@SQLiteStatement@Kompex@@QAEXXZ
?FetchRow@SQLiteStatement@Kompex@@QBE_NXZ
?FreeQuery@SQLiteStatement@Kompex@@QAEXXZ
?GetAssignedColumnNumber@SQLiteStatement@Kompex@@ABEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetAutoCommit@SQLiteDatabase@Kompex@@QBEHXZ
?GetBlobHandle@SQLiteBlob@Kompex@@IBEPAUsqlite3_blob@@XZ
?GetBlobSize@SQLiteBlob@Kompex@@QBEHXZ
?GetColumnBlob@SQLiteStatement@Kompex@@QBEPBXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnBlob@SQLiteStatement@Kompex@@QBEPBXH@Z
?GetColumnBool@SQLiteStatement@Kompex@@QBE_NABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnBool@SQLiteStatement@Kompex@@QBE_NH@Z
?GetColumnBytes16@SQLiteStatement@Kompex@@QBEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnBytes16@SQLiteStatement@Kompex@@QBEHH@Z
?GetColumnBytes@SQLiteStatement@Kompex@@QBEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnBytes@SQLiteStatement@Kompex@@QBEHH@Z
?GetColumnCString@SQLiteStatement@Kompex@@QBEPBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnCString@SQLiteStatement@Kompex@@QBEPBEH@Z
?GetColumnCount@SQLiteStatement@Kompex@@QBEHXZ
?GetColumnDatabaseName16@SQLiteStatement@Kompex@@QBEPA_WABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnDatabaseName16@SQLiteStatement@Kompex@@QBEPA_WH@Z
?GetColumnDatabaseName@SQLiteStatement@Kompex@@QBEPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnDatabaseName@SQLiteStatement@Kompex@@QBEPBDH@Z
?GetColumnDeclaredDatatype16@SQLiteStatement@Kompex@@QBEPA_WABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnDeclaredDatatype16@SQLiteStatement@Kompex@@QBEPA_WH@Z
?GetColumnDeclaredDatatype@SQLiteStatement@Kompex@@QBEPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnDeclaredDatatype@SQLiteStatement@Kompex@@QBEPBDH@Z
?GetColumnDouble@SQLiteStatement@Kompex@@QBENABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnDouble@SQLiteStatement@Kompex@@QBENH@Z
?GetColumnInt64@SQLiteStatement@Kompex@@QBE_JABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnInt64@SQLiteStatement@Kompex@@QBE_JH@Z
?GetColumnInt@SQLiteStatement@Kompex@@QBEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnInt@SQLiteStatement@Kompex@@QBEHH@Z
?GetColumnName16@SQLiteStatement@Kompex@@QBEPA_WABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnName16@SQLiteStatement@Kompex@@QBEPA_WH@Z
?GetColumnName@SQLiteStatement@Kompex@@QBEPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnName@SQLiteStatement@Kompex@@QBEPBDH@Z
?GetColumnOriginName16@SQLiteStatement@Kompex@@QBEPA_WABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnOriginName16@SQLiteStatement@Kompex@@QBEPA_WH@Z
?GetColumnOriginName@SQLiteStatement@Kompex@@QBEPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnOriginName@SQLiteStatement@Kompex@@QBEPBDH@Z
?GetColumnString16@SQLiteStatement@Kompex@@QBEPA_WABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnString16@SQLiteStatement@Kompex@@QBEPA_WH@Z
?GetColumnString@SQLiteStatement@Kompex@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@@Z
?GetColumnString@SQLiteStatement@Kompex@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?GetColumnTableName16@SQLiteStatement@Kompex@@QBEPA_WABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnTableName16@SQLiteStatement@Kompex@@QBEPA_WH@Z
?GetColumnTableName@SQLiteStatement@Kompex@@QBEPBDABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnTableName@SQLiteStatement@Kompex@@QBEPBDH@Z
?GetColumnType@SQLiteStatement@Kompex@@QBEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?GetColumnType@SQLiteStatement@Kompex@@QBEHH@Z
?GetDataCount@SQLiteStatement@Kompex@@QBEHXZ
?GetDatabaseChanges@SQLiteDatabase@Kompex@@QBEHXZ
?GetDatabaseHandle@SQLiteDatabase@Kompex@@QBEPAUsqlite3@@XZ
?GetLastInsertRowId@SQLiteDatabase@Kompex@@QBE_JXZ
?GetLibVersionNumber@SQLiteDatabase@Kompex@@QBEHXZ
?GetMemoryHighwaterMark@SQLiteDatabase@Kompex@@QBE_J_N@Z
?GetMemoryUsage@SQLiteDatabase@Kompex@@QBE_JXZ
?GetNumberOfRows@SQLiteStatement@Kompex@@QAEIXZ
?GetSqlResultBlob@SQLiteStatement@Kompex@@QAEPBXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBX@Z
?GetSqlResultBlob@SQLiteStatement@Kompex@@QAEPBXPBDPBX@Z
?GetSqlResultBlob@SQLiteStatement@Kompex@@QAEPBXPB_WPBX@Z
?GetSqlResultCString@SQLiteStatement@Kompex@@QAEPBEABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBE@Z
?GetSqlResultCString@SQLiteStatement@Kompex@@QAEPBEPBDPBE@Z
?GetSqlResultCString@SQLiteStatement@Kompex@@QAEPBEPB_WPBE@Z
?GetSqlResultDouble@SQLiteStatement@Kompex@@QAENABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@N@Z
?GetSqlResultDouble@SQLiteStatement@Kompex@@QAENPBDN@Z
?GetSqlResultDouble@SQLiteStatement@Kompex@@QAENPB_WN@Z
?GetSqlResultInt64@SQLiteStatement@Kompex@@QAE_JABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@_J@Z
?GetSqlResultInt64@SQLiteStatement@Kompex@@QAE_JPBD_J@Z
?GetSqlResultInt64@SQLiteStatement@Kompex@@QAE_JPB_W_J@Z
?GetSqlResultInt@SQLiteStatement@Kompex@@QAEHABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@H@Z
?GetSqlResultInt@SQLiteStatement@Kompex@@QAEHPBDH@Z
?GetSqlResultInt@SQLiteStatement@Kompex@@QAEHPB_WH@Z
?GetSqlResultString16@SQLiteStatement@Kompex@@QAEPA_WABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PA_W@Z
?GetSqlResultString16@SQLiteStatement@Kompex@@QAEPA_WPBDPA_W@Z
?GetSqlResultString16@SQLiteStatement@Kompex@@QAEPA_WPB_WPA_W@Z
?GetSqlResultString@SQLiteStatement@Kompex@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@ABV34@0@Z
?GetSqlResultString@SQLiteStatement@Kompex@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDABV34@@Z
?GetSqlResultString@SQLiteStatement@Kompex@@QAE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PB_WABV34@@Z
?GetStatementHandle@SQLiteStatement@Kompex@@IBEPAUsqlite3_stmt@@XZ
?GetString@SQLiteException@Kompex@@QBE?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetTable@SQLiteStatement@Kompex@@QBEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@G@Z
?GetTableColumnMetadata@SQLiteStatement@Kompex@@QBEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
?GetTotalDatabaseChanges@SQLiteDatabase@Kompex@@QBEHXZ
?InterruptDatabaseOperation@SQLiteDatabase@Kompex@@QBEXXZ
?IsDatabaseReadOnly@SQLiteDatabase@Kompex@@QAE_NXZ
?MoveDatabaseToMemory@SQLiteDatabase@Kompex@@QAEXW4UtfEncoding@12@@Z
?Mprintf@SQLiteStatement@Kompex@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDZZ
?Open@SQLiteDatabase@Kompex@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@HPBD@Z
?Open@SQLiteDatabase@Kompex@@QAEXPBDH0@Z
?Open@SQLiteDatabase@Kompex@@QAEXPB_W@Z
?OpenBlob@SQLiteBlob@Kompex@@QAEXPAVSQLiteDatabase@2@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@11_JW4BLOB_ACCESS_MODE@2@@Z
?Prepare@SQLiteStatement@Kompex@@IAEXPBD@Z
?Prepare@SQLiteStatement@Kompex@@IAEXPB_W@Z
?ProcessDDLRow@SQLiteDatabase@Kompex@@KAHPAXHPAPAD1@Z
?ProcessDMLRow@SQLiteDatabase@Kompex@@KAHPAXHPAPAD1@Z
?ProfileOutput@SQLiteDatabase@Kompex@@KAXPAXPBD_K@Z
?ReadBlob@SQLiteBlob@Kompex@@QAEXPAXHH@Z
?ReleaseMemory@SQLiteDatabase@Kompex@@QAEXXZ
?ReleaseMemory@SQLiteDatabase@Kompex@@QBEHH@Z
?Reset@SQLiteStatement@Kompex@@QBEXXZ
?RollbackTransaction@SQLiteStatement@Kompex@@QAEXXZ
?SaveDatabaseFromMemoryToFile@SQLiteDatabase@Kompex@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SaveDatabaseFromMemoryToFile@SQLiteDatabase@Kompex@@QAEXPB_W@Z
?SecureTransaction@SQLiteStatement@Kompex@@QAEXPBD@Z
?SecureTransaction@SQLiteStatement@Kompex@@QAEXPB_W@Z
?SecureTransaction@SQLiteStatement@Kompex@@QAEXV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SetSoftHeapLimit@SQLiteDatabase@Kompex@@QBEXH@Z
?Show@SQLiteException@Kompex@@QBEXXZ
?Sql@SQLiteStatement@Kompex@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Sql@SQLiteStatement@Kompex@@QAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?Sql@SQLiteStatement@Kompex@@QAEXPBD@Z
?Sql@SQLiteStatement@Kompex@@QAEXPB_W@Z
?SqlAggregateFuncResult@SQLiteStatement@Kompex@@QAEMABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SqlAggregateFuncResult@SQLiteStatement@Kompex@@QAEMPA_W@Z
?SqlAggregateFuncResult@SQLiteStatement@Kompex@@QAEMPBD@Z
?SqlResultBlob@SQLiteStatement@Kompex@@IAEPBXPBX@Z
?SqlResultCString@SQLiteStatement@Kompex@@IAEPBEPBE@Z
?SqlResultString16@SQLiteStatement@Kompex@@IAEPA_WPA_W@Z
?SqlStatement@SQLiteStatement@Kompex@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?SqlStatement@SQLiteStatement@Kompex@@QAEXABV?$basic_string@_WU?$char_traits@_W@std@@V?$allocator@_W@2@@std@@@Z
?SqlStatement@SQLiteStatement@Kompex@@QAEXPBD@Z
?SqlStatement@SQLiteStatement@Kompex@@QAEXPB_W@Z
?Step@SQLiteStatement@Kompex@@IBE_NXZ
?TakeSnapshot@SQLiteDatabase@Kompex@@IAEXPAUsqlite3@@@Z
?TraceOutput@SQLiteDatabase@Kompex@@KAXPAXPBD@Z
?Transaction@SQLiteStatement@Kompex@@QAEXABV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?Transaction@SQLiteStatement@Kompex@@QAEXPBD@Z
?Transaction@SQLiteStatement@Kompex@@QAEXPB_W@Z
?Vmprintf@SQLiteStatement@Kompex@@SA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@PBDPAD@Z
?WriteBlob@SQLiteBlob@Kompex@@QAEXPBXHH@Z

Sections

.text
Size: 424KB - Virtual size: 424KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_2_/freebl3.dll
.dll windows:6 windows x86 arch:x86

68765e49af812cea06653c4ddee9320d

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

19:42:36:a0:22:2b:e7:a8:5c:29:85:fd:8d:be:30:95:21:fe:0d:ab
Signer

Actual PE Digest

19:42:36:a0:22:2b:e7:a8:5c:29:85:fd:8d:be:30:95:21:fe:0d:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

nssutil3

SECITEM_ZfreeItem_Util
SECITEM_CompareItem_Util
SECOID_FindOIDTag_Util
PORT_ArenaAlloc_Util
SECITEM_FreeItem_Util
SECITEM_CopyItem_Util
SECITEM_AllocItem_Util
PORT_FreeArena_Util
PORT_ArenaZAlloc_Util
PORT_NewArena_Util
NSS_SecureMemcmp
PORT_GetError_Util
PORT_ZFree_Util
PORT_ZAlloc_Util
PORT_SetError_Util
PORT_Free_Util
PORT_Alloc_Util

nspr4

PR_Free
PR_Seek
PR_Read
PR_Close
PR_Open
PR_GetLibraryFilePathname
PR_NotifyAllCondVar
PR_NotifyCondVar
PR_WaitCondVar
PR_DestroyCondVar
PR_NewCondVar
PR_Unlock
PR_Lock
PR_DestroyLock
PR_NewLock
PR_CallOnce

advapi32

SystemFunction036

kernel32

CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapSize
HeapReAlloc
LCMapStringW
CompareStringW
CreateFileW
GetStringTypeW
OutputDebugStringW
LoadLibraryExW
RtlUnwind
SetEnvironmentVariableA
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
InitializeCriticalSectionAndSpinCount
GetDiskFreeSpaceA
GetLogicalDrives
QueryPerformanceCounter
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
GlobalMemoryStatus
GetVolumeInformationA
GetComputerNameA
GetSystemTimeAsFileTime
GetLastError
HeapFree
HeapAlloc
IsProcessorFeaturePresent
GetCommandLineA
IsDebuggerPresent
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
WideCharToMultiByte
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
SetLastError
GetProcessHeap
GetStdHandle
WriteFile
GetModuleFileNameW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetFileType
GetStartupInfoW
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter

Exports

Exports

FREEBL_GetVector

Sections

.text
Size: 284KB - Virtual size: 284KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_2_/nspr4.dll
.dll windows:6 windows x86 arch:x86

a6070e3824e66675bb029a2cf7952a4f

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

84:9a:47:07:62:b9:90:a9:ed:b1:68:a9:1a:08:8e:c6:c5:1b:b4:99
Signer

Actual PE Digest

84:9a:47:07:62:b9:90:a9:ed:b1:68:a9:1a:08:8e:c6:c5:1b:b4:99

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

OpenProcessToken
AddAccessAllowedAce
AllocateAndInitializeSid
CopySid
FreeSid
GetLengthSid
GetTokenInformation
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner

ws2_32

socket
shutdown
setsockopt
sendto
send
select
recvfrom
recv
listen
getsockname
getpeername
ioctlsocket
connect
closesocket
accept
__WSAFDIsSet
WSAStartup
WSACleanup
gethostname
WSAGetLastError
getsockopt
getprotobyname
getprotobynumber
gethostbyname
gethostbyaddr
ntohs
ntohl
htons
htonl
bind

winmm

timeGetTime

kernel32

SetEndOfFile
ReadConsoleW
CreateFileW
GetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
FileTimeToLocalFileTime
HeapSize
OutputDebugStringW
SetEnvironmentVariableA
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStringTypeW
WriteConsoleW
SetFilePointerEx
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetModuleFileNameA
GetFileAttributesExW
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
DebugBreak
OutputDebugStringA
EnterCriticalSection
WideCharToMultiByte
GetLastError
FreeLibrary
GetModuleFileNameW
GetModuleHandleA
GetModuleHandleW
GetProcAddress
LoadLibraryExW
MultiByteToWideChar
GetSystemInfo
GlobalMemoryStatusEx
CloseHandle
CreatePipe
GetStdHandle
TlsGetValue
DeleteCriticalSection
TlsSetValue
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
WaitForSingleObject
TerminateProcess
GetExitCodeProcess
CreateProcessA
GetSystemTime
GetVersionExA
MapViewOfFile
FlushViewOfFile
UnmapViewOfFile
FormatMessageA
CreateFileMappingA
SystemTimeToFileTime
GetCurrentProcess
ReleaseSemaphore
CreateSemaphoreA
GetThreadContext
IsDebuggerPresent
DuplicateHandle
RaiseException
Sleep
GetCurrentThread
SetThreadPriority
SuspendThread
ResumeThread
TlsAlloc
TlsFree
CreateDirectoryA
CreateFileA
DeleteFileA
FindClose
FindFirstFileA
FindNextFileA
GetFileAttributesExA
GetFileInformationByHandle
LockFile
ReadFile
RemoveDirectoryA
SetFilePointer
UnlockFile
WriteFile
GetHandleInformation
SetHandleInformation
MoveFileA
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
OpenSemaphoreA
QueryPerformanceCounter
GetTickCount
OpenFileMappingA
IsProcessorFeaturePresent
HeapFree
HeapAlloc
HeapReAlloc
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
AreFileApisANSI
CreateThread
GetCurrentThreadId
ExitThread
GetSystemTimeAsFileTime
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
GetStartupInfoW
GetProcessHeap
GetConsoleCP
GetConsoleMode
RtlUnwind
GetFileType
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetTimeZoneInformation
FindFirstFileExW
SetEnvironmentVariableW

Exports

Exports

GetExecutionEnvironment
LL_MaxInt
LL_MaxUint
LL_MinInt
LL_Zero
PRP_DestroyNakedCondVar
PRP_NakedBroadcast
PRP_NakedNotify
PRP_NakedWait
PRP_NewNakedCondVar
PRP_TryLock
PR_Abort
PR_Accept
PR_AcceptRead
PR_Access
PR_AddToCounter
PR_AddWaitFileDesc
PR_AllocFileDesc
PR_Assert
PR_AssertCurrentThreadInMonitor
PR_AssertCurrentThreadOwnsLock
PR_AtomicAdd
PR_AtomicDecrement
PR_AtomicIncrement
PR_AtomicSet
PR_AttachSharedMemory
PR_AttachThread
PR_AttachThreadGCAble
PR_Available
PR_Available64
PR_Bind
PR_BlockClockInterrupts
PR_BlockInterrupt
PR_CEnterMonitor
PR_CExitMonitor
PR_CNotify
PR_CNotifyAll
PR_CSetOnMonitorRecycle
PR_CWait
PR_CallOnce
PR_CallOnceWithArg
PR_Calloc
PR_CancelJob
PR_CancelWaitFileDesc
PR_CancelWaitGroup
PR_CeilingLog2
PR_ChangeFileDescNativeHandle
PR_Cleanup
PR_ClearInterrupt
PR_ClearThreadGCAble
PR_Close
PR_CloseDir
PR_CloseFileMap
PR_CloseSemaphore
PR_CloseSharedMemory
PR_Connect
PR_ConnectContinue
PR_ConvertIPv4AddrToIPv6
PR_CreateAlarm
PR_CreateCounter
PR_CreateFileMap
PR_CreateIOLayer
PR_CreateIOLayerStub
PR_CreateMWaitEnumerator
PR_CreateOrderedLock
PR_CreatePipe
PR_CreateProcess
PR_CreateProcessDetached
PR_CreateSocketPollFd
PR_CreateStack
PR_CreateThread
PR_CreateThreadGCAble
PR_CreateThreadPool
PR_CreateTrace
PR_CreateWaitGroup
PR_DecrementCounter
PR_Delete
PR_DeleteSemaphore
PR_DeleteSharedMemory
PR_DestroyAlarm
PR_DestroyCondVar
PR_DestroyCounter
PR_DestroyLock
PR_DestroyMWaitEnumerator
PR_DestroyMonitor
PR_DestroyOrderedLock
PR_DestroyPollableEvent
PR_DestroyProcessAttr
PR_DestroyRWLock
PR_DestroySem
PR_DestroySocketPollFd
PR_DestroyStack
PR_DestroyTrace
PR_DestroyWaitGroup
PR_DetachProcess
PR_DetachSharedMemory
PR_DetachThread
PR_DisableClockInterrupts
PR_EmulateAcceptRead
PR_EmulateSendFile
PR_EnableClockInterrupts
PR_EnterMonitor
PR_EnumerateAddrInfo
PR_EnumerateHostEnt
PR_EnumerateThreads
PR_EnumerateWaitGroup
PR_ErrorInstallCallback
PR_ErrorInstallTable
PR_ErrorLanguages
PR_ErrorToName
PR_ErrorToString
PR_ExitMonitor
PR_ExplodeTime
PR_ExportFileMapAsString
PR_FD_CLR
PR_FD_ISSET
PR_FD_NCLR
PR_FD_NISSET
PR_FD_NSET
PR_FD_SET
PR_FD_ZERO
PR_FileDesc2NativeHandle
PR_FindFunctionSymbol
PR_FindFunctionSymbolAndLibrary
PR_FindNextCounterQname
PR_FindNextCounterRname
PR_FindNextTraceQname
PR_FindNextTraceRname
PR_FindSymbol
PR_FindSymbolAndLibrary
PR_FloorLog2
PR_FormatTime
PR_FormatTimeUSEnglish
PR_Free
PR_FreeAddrInfo
PR_FreeFileDesc
PR_FreeLibraryName
PR_GMTParameters
PR_GetAddrInfoByName
PR_GetCanonNameFromAddrInfo
PR_GetConnectStatus
PR_GetCounter
PR_GetCounterHandleFromName
PR_GetCounterNameFromHandle
PR_GetCurrentThread
PR_GetDefaultIOMethods
PR_GetDescType
PR_GetDirectorySeparator
PR_GetDirectorySepartor
PR_GetEnv
PR_GetError
PR_GetErrorText
PR_GetErrorTextLength
PR_GetFileInfo
PR_GetFileInfo64
PR_GetFileMethods
PR_GetGCRegisters
PR_GetHostByAddr
PR_GetHostByName
PR_GetIPNodeByName
PR_GetIdentitiesLayer
PR_GetInheritedFD
PR_GetInheritedFileMap
PR_GetLayersIdentity
PR_GetLibraryFilePathname
PR_GetLibraryName
PR_GetLibraryPath
PR_GetMemMapAlignment
PR_GetMonitorEntryCount
PR_GetNameForIdentity
PR_GetNumberOfProcessors
PR_GetOSError
PR_GetOpenFileInfo
PR_GetOpenFileInfo64
PR_GetPageShift
PR_GetPageSize
PR_GetPathSeparator
PR_GetPeerName
PR_GetPhysicalMemorySize
PR_GetPipeMethods
PR_GetProtoByName
PR_GetProtoByNumber
PR_GetRandomNoise
PR_GetSP
PR_GetSockName
PR_GetSocketOption
PR_GetSpecialFD
PR_GetStackSpaceLeft
PR_GetSysfdTableMax
PR_GetSystemInfo
PR_GetTCPMethods
PR_GetThreadAffinityMask
PR_GetThreadID
PR_GetThreadName
PR_GetThreadPriority
PR_GetThreadPrivate
PR_GetThreadScope
PR_GetThreadState
PR_GetThreadType
PR_GetTraceEntries
PR_GetTraceHandleFromName
PR_GetTraceNameFromHandle
PR_GetTraceOption
PR_GetUDPMethods
PR_GetUniqueIdentity
PR_GetVersion
PR_ImplodeTime
PR_ImportFile
PR_ImportFileMapFromString
PR_ImportPipe
PR_ImportTCPSocket
PR_ImportUDPSocket
PR_IncrementCounter
PR_Init
PR_Initialize
PR_InitializeNetAddr
PR_Initialized
PR_Interrupt
PR_IntervalNow
PR_IntervalToMicroseconds
PR_IntervalToMilliseconds
PR_IntervalToSeconds
PR_IsNetAddrType
PR_JoinJob
PR_JoinThread
PR_JoinThreadPool
PR_KillProcess
PR_Listen
PR_LoadLibrary
PR_LoadLibraryWithFlags
PR_LoadStaticLibrary
PR_LocalTimeParameters
PR_Lock
PR_LockFile
PR_LockOrderedLock
PR_LogFlush
PR_LogPrint
PR_MakeDir
PR_Malloc
PR_MemMap
PR_MemUnmap
PR_MicrosecondsToInterval
PR_MillisecondsToInterval
PR_MkDir
PR_NetAddrToString
PR_NewCondVar
PR_NewLock
PR_NewLogModule
PR_NewMonitor
PR_NewNamedMonitor
PR_NewPollableEvent
PR_NewProcessAttr
PR_NewRWLock
PR_NewSem
PR_NewTCPSocket
PR_NewTCPSocketPair
PR_NewThreadPrivateIndex
PR_NewUDPSocket
PR_NormalizeTime
PR_Notify
PR_NotifyAll
PR_NotifyAllCondVar
PR_NotifyCondVar
PR_Now
PR_Open
PR_OpenAnonFileMap
PR_OpenDir
PR_OpenFile
PR_OpenSemaphore
PR_OpenSharedMemory
PR_OpenTCPSocket
PR_OpenUDPSocket
PR_ParseTimeString
PR_ParseTimeStringToExplodedTime
PR_Poll
PR_PopIOLayer
PR_PostSem
PR_PostSemaphore
PR_ProcessAttrSetCurrentDirectory
PR_ProcessAttrSetInheritableFD
PR_ProcessAttrSetInheritableFileMap
PR_ProcessAttrSetStdioRedirect
PR_ProcessExit
PR_PushIOLayer
PR_QueueJob
PR_QueueJob_Accept
PR_QueueJob_Connect
PR_QueueJob_Read
PR_QueueJob_Timer
PR_QueueJob_Write
PR_RWLock_Rlock
PR_RWLock_Unlock
PR_RWLock_Wlock
PR_Read
PR_ReadDir
PR_Realloc
PR_RecordTraceEntries
PR_Recv
PR_RecvFrom
PR_Rename
PR_ResetAlarm
PR_ResetProcessAttr
PR_ResumeAll
PR_RmDir
PR_ScanStackPointers
PR_SecondsToInterval
PR_Seek
PR_Seek64
PR_Select
PR_Send
PR_SendFile
PR_SendTo
PR_SetAlarm
PR_SetCPUAffinityMask
PR_SetConcurrency
PR_SetCounter
PR_SetCurrentThreadName
PR_SetEnv
PR_SetError
PR_SetErrorText
PR_SetFDCacheSize
PR_SetFDInheritable
PR_SetLibraryPath
PR_SetLogBuffering
PR_SetLogFile
PR_SetNetAddr
PR_SetPollableEvent
PR_SetSocketOption
PR_SetStdioRedirect
PR_SetSysfdTableSize
PR_SetThreadAffinityMask
PR_SetThreadDumpProc
PR_SetThreadGCAble
PR_SetThreadPriority
PR_SetThreadPrivate
PR_SetThreadRecycleMode
PR_SetTraceOption
PR_ShowStatus
PR_Shutdown
PR_ShutdownThreadPool
PR_Sleep
PR_Socket
PR_StackPop
PR_StackPush
PR_Stat
PR_StringToNetAddr
PR_SubtractFromCounter
PR_SuspendAll
PR_Sync
PR_SyncMemMap
PR_TLockFile
PR_TestAndEnterMonitor
PR_TestAndLock
PR_ThreadScanStackPointers
PR_TicksPerSecond
PR_Trace
PR_TransmitFile
PR_USPacificTimeParameters
PR_UnblockClockInterrupts
PR_UnblockInterrupt
PR_UnloadLibrary
PR_Unlock
PR_UnlockFile
PR_UnlockOrderedLock
PR_VersionCheck
PR_Wait
PR_WaitCondVar
PR_WaitForPollableEvent
PR_WaitProcess
PR_WaitRecvReady
PR_WaitSem
PR_WaitSemaphore
PR_Write
PR_Writev
PR_Yield
PR_cnvtf
PR_dtoa
PR_fprintf
PR_htonl
PR_htonll
PR_htons
PR_ntohl
PR_ntohll
PR_ntohs
PR_smprintf
PR_smprintf_free
PR_snprintf
PR_sprintf_append
PR_sscanf
PR_strtod
PR_sxprintf
PR_vfprintf
PR_vsmprintf
PR_vsnprintf
PR_vsprintf_append
PR_vsxprintf
PT_FPrintStats
SetExecutionEnvironment
_PR_AddSleepQ
_PR_CreateThread
_PR_DelSleepQ
_PR_GetPrimordialCPU
_PR_MD_FREE_CV
_PR_MD_INIT_LOCKS
_PR_MD_NEW_CV
_PR_MD_NEW_LOCK
_PR_MD_NOTIFYALL_CV
_PR_MD_NOTIFY_CV
_PR_MD_UNLOCK
_PR_MD_WAIT_CV
_PR_NativeCreateThread
_pr_push_ipv6toipv4_layer
_pr_test_ipv6_socket
libVersionPoint

Sections

.text
Size: 196KB - Virtual size: 195KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_2_/nss3.dll
.dll windows:6 windows x86 arch:x86

9e2f8a8cfc34da6dfd8f2fda9de568a7

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:0a:e3:8b:e4:b5:2f:f2:33:6e:0e:d2:eb:6d:87:e5:a1:d1:28:ea
Signer

Actual PE Digest

03:0a:e3:8b:e4:b5:2f:f2:33:6e:0e:d2:eb:6d:87:e5:a1:d1:28:ea

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

nssutil3

DER_GetUInteger
PORT_UCS4_UTF8Conversion
PORT_ISO88591_UTF8Conversion
NSS_Get_SEC_BMPStringTemplate_Util
NSS_Get_SEC_UTF8StringTemplate_Util
NSS_Get_SEC_UniversalStringTemplate
SEC_ASN1EncoderSetNotifyProc_Util
NSS_Get_SEC_T61StringTemplate
DER_StoreHeader
DER_LengthLength
NSS_Get_SEC_SetOfAnyTemplate_Util
SEC_ASN1EncoderAbort_Util
SEC_ASN1EncoderFinish_Util
SEC_ASN1EncoderUpdate_Util
SEC_ASN1EncoderStart_Util
SEC_QuickDERDecodeItem_Util
SEC_ASN1DecodeItem_Util
SEC_ASN1Decode_Util
SEC_ASN1DecoderClearNotifyProc_Util
SECOID_KnownCertExtenOID
SEC_ASN1DecoderSetNotifyProc_Util
SEC_ASN1DecoderClearFilterProc_Util
SEC_ASN1DecoderSetFilterProc_Util
SEC_ASN1DecoderAbort_Util
SEC_ASN1DecoderFinish_Util
SEC_ASN1DecoderUpdate_Util
SEC_ASN1DecoderStart_Util
DER_EncodeTimeChoice_Util
DER_DecodeTimeChoice_Util
CERT_GenTime2FormattedAscii_Util
DER_GeneralizedTimeToTime_Util
DER_TimeToGeneralizedTimeArena_Util
DER_TimeToGeneralizedTime_Util
DER_TimeChoiceDayToAscii_Util
DER_GeneralizedDayToAscii_Util
DER_UTCDayToAscii_Util
DER_UTCTimeToAscii_Util
DER_UTCTimeToTime_Util
DER_AsciiToTime_Util
NSS_Get_SEC_IA5StringTemplate_Util
PORT_RegExpCaseSearch
PORT_RegExpValid
SECITEM_HashCompare
SECITEM_Hash
NSS_Get_SEC_SkipTemplate
SEC_ASN1EncoderClearNotifyProc_Util
SEC_StringToOID
NSSUTIL_MkNSSString
NSSUTIL_ArgParseCipherFlags
NSSUTIL_MkModuleSpec
NSSUTIL_ArgParseModuleSpec
NSSUTIL_MkSlotString
NSSUTIL_ArgParseSlotInfo
NSSUTIL_DoubleEscapeSize
NSSUTIL_Escape
NSSUTIL_EscapeSize
NSSUTIL_ArgReadLong
NSSUTIL_ArgHasFlag
NSSUTIL_ArgIsBlank
NSSUTIL_ArgDecodeNumber
NSSUTIL_ArgGetLabel
NSSUTIL_ArgSkipParameter
NSSUTIL_ArgGetParamValue
NSSUTIL_ArgStrip
NSSUTIL_ArgFetchValue
SECOID_FindOIDByMechanism
PORT_LoadLibraryFromOrigin
NSS_Get_SEC_ObjectIDTemplate_Util
SGN_DecodeDigestInfo
_SGN_VerifyPKCS1DigestInfo
NSS_Get_SEC_BitStringTemplate_Util
NSS_GetAlgorithmPolicy
NSS_Get_SEC_SequenceOfObjectIDTemplate
NSS_Get_SECOID_AlgorithmIDTemplate_Util
NSS_Get_SEC_PointerToGeneralizedTimeTemplate
NSS_Get_SEC_SequenceOfAnyTemplate
NSS_Get_SEC_PointerToEnumeratedTemplate
NSS_Get_SEC_PointerToAnyTemplate_Util
NSS_Get_SEC_OctetStringTemplate_Util
NSS_Get_SEC_NullTemplate_Util
NSS_Get_SEC_EnumeratedTemplate
NSS_Get_SEC_IntegerTemplate_Util
NSS_Get_SEC_GeneralizedTimeTemplate_Util
DER_SetUInteger
NSS_Get_SEC_AnyTemplate_Util
NSSRWLock_HaveWriteLock_Util
NSSRWLock_UnlockWrite_Util
NSSRWLock_UnlockRead_Util
NSSRWLock_LockWrite_Util
NSSRWLock_LockRead_Util
NSSRWLock_Destroy_Util
NSSRWLock_New_Util
NSSBase64_EncodeItem_Util
NSSBase64_DecodeBuffer_Util
NSSBase64Encoder_Destroy_Util
NSSBase64Decoder_Destroy_Util
NSSBase64Encoder_Update_Util
NSSBase64Decoder_Update_Util
NSSBase64Encoder_Create_Util
NSSBase64Decoder_Create_Util
BTOA_ConvertItemToAscii_Util
ATOB_ConvertAsciiToItem_Util
ATOB_AsciiToData_Util
BTOA_DataToAscii_Util
SEC_ASN1LengthLength_Util
SEC_ASN1DecodeInteger_Util
SEC_ASN1EncodeUnsignedInteger_Util
SEC_ASN1EncodeInteger_Util
SEC_ASN1EncodeItem_Util
SEC_ASN1Encode_Util
SEC_ASN1EncoderClearTakeFromBuf_Util
SEC_ASN1EncoderSetTakeFromBuf_Util
SEC_ASN1EncoderClearStreaming_Util
SEC_ASN1EncoderSetStreaming_Util
PORT_Alloc_Util
DER_TimeToUTCTime_Util
DER_GetInteger_Util
DER_Lengths_Util
DER_Encode_Util
SGN_CompareDigestInfo_Util
SGN_CopyDigestInfo_Util
SGN_DestroyDigestInfo_Util
SGN_CreateDigestInfo_Util
SECOID_AddEntry_Util
SECOID_FindOIDTagDescription_Util
SECOID_CompareAlgorithmID_Util
SECOID_DestroyAlgorithmID_Util
SECOID_GetAlgorithmTag_Util
SECOID_CopyAlgorithmID_Util
SECOID_SetAlgorithmID_Util
SECOID_FindOIDByTag_Util
SECOID_FindOIDTag_Util
SECOID_FindOID_Util
SECITEM_ZfreeItem_Util
SECITEM_FreeItem_Util
SECITEM_ArenaDupItem_Util
SECITEM_DupItem_Util
SECITEM_CopyItem_Util
SECITEM_ItemsAreEqual_Util
SECITEM_CompareItem_Util
SECITEM_AllocItem_Util
NSS_PutEnv_Util
PORT_UCS2_UTF8Conversion_Util
PORT_SetUCS2_UTF8ConversionFunction_Util
PORT_UCS2_ASCIIConversion_Util
PORT_SetUCS2_ASCIIConversionFunction_Util
PORT_SetUCS4_UTF8ConversionFunction_Util
PORT_ArenaStrdup_Util
PORT_ArenaUnmark_Util
PORT_ArenaRelease_Util
PORT_ArenaMark_Util
PORT_ArenaGrow_Util
PORT_FreeArena_Util
PORT_ArenaZAlloc_Util
PORT_ArenaAlloc_Util
PORT_NewArena_Util
PORT_GetError_Util
PORT_ZFree_Util
NSSUTIL_DoubleEscape
NSS_InitializePRErrorTable
SECOID_Shutdown
SECOID_Init
PORT_SetError_Util
PORT_Strdup_Util
PORT_Free_Util
PORT_ZAlloc_Util
PORT_Realloc_Util
NSS_Get_SEC_PrintableStringTemplate

plc4

PL_strcasecmp
PL_strncasecmp
PL_Base64Encode
PL_strncpyz
PL_strcatn
PL_strlen
PL_strcat
PL_strstr
PL_strnstr
PL_strdup
PL_strfree

plds4

PL_NewHashTable
PL_HashTableDestroy
PL_HashTableAdd
PL_HashTableRemove
PL_HashTableLookup
PL_CompareValues
PL_HashTableEnumerateEntries
PL_InitArenaPool
PL_FinishArenaPool
PL_ArenaAllocate
PL_ArenaRelease
PL_HashString
PL_CompareStrings

nspr4

PR_Unlock
PR_htons
PR_ErrorToString
PR_Send
PR_Shutdown
PR_Listen
PR_Bind
PR_Accept
PR_ConnectContinue
PR_FindFunctionSymbol
PR_DestroyRWLock
PR_Realloc
PR_Malloc
PR_GetThreadPrivate
PR_SetThreadPrivate
PR_NewThreadPrivateIndex
PR_Free
PR_Calloc
PR_sprintf_append
PR_GetError
PR_htonl
PR_ConvertIPv4AddrToIPv6
PR_NetAddrToString
PR_SetErrorText
PR_Sleep
PR_IntervalToMicroseconds
PR_IntervalToMilliseconds
PR_IntervalToSeconds
PR_LogPrint
PR_NewLogModule
PR_FindSymbol
PR_UnloadLibrary
PR_LoadLibrary
PR_CallOnceWithArg
PR_IntervalNow
PR_GetEnv
PR_Poll
PR_ExitMonitor
PR_EnterMonitor
PR_DestroyMonitor
PR_NewMonitor
PR_InitializeNetAddr
PR_EnumerateHostEnt
PR_GetHostByName
PR_StringToNetAddr
PR_snprintf
PR_Recv
PR_Connect
PR_NewTCPSocket
PR_Write
PR_Close
PR_SecondsToInterval
PR_TicksPerSecond
PR_Now
PR_NotifyAllCondVar
PR_NotifyCondVar
PR_WaitCondVar
PR_NewCondVar
PR_Lock
PR_DestroyLock
PR_NewLock
PR_smprintf_free
PR_smprintf
PR_CallOnce

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetProcessHeap
GetModuleHandleW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStartupInfoW
GetFileType
GetStdHandle
RtlUnwind
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
CloseHandle
HeapFree
AreFileApisANSI
GetProcAddress
GetModuleHandleExW
ExitProcess
WideCharToMultiByte
DeleteCriticalSection
DecodePointer
EncodePointer
MultiByteToWideChar
SetLastError
GetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThreadId
GetCommandLineA
IsProcessorFeaturePresent
IsDebuggerPresent
LeaveCriticalSection
EnterCriticalSection
FreeEnvironmentStringsW
GetStringTypeW
CompareStringW
LCMapStringW
GetModuleFileNameW
SetEnvironmentVariableA
HeapAlloc
LoadLibraryExW
GetFileAttributesExW
HeapReAlloc
SetStdHandle
SetFilePointerEx
WriteConsoleW
OutputDebugStringW
HeapSize
CreateFileW
SetEndOfFile
ReadFile
ReadConsoleW
GetEnvironmentStringsW

Exports

Exports

ATOB_AsciiToData
ATOB_ConvertAsciiToItem
BTOA_ConvertItemToAscii
BTOA_DataToAscii
CERT_AddCertToListHead
CERT_AddCertToListSorted
CERT_AddCertToListTail
CERT_AddExtension
CERT_AddExtensionByOID
CERT_AddOCSPAcceptableResponses
CERT_AddOKDomainName
CERT_AddRDN
CERT_AllocCERTRevocationFlags
CERT_AsciiToName
CERT_CRLCacheRefreshIssuer
CERT_CacheCRL
CERT_CacheOCSPResponseFromSideChannel
CERT_CertChainFromCert
CERT_CertListFromCert
CERT_CertTimesValid
CERT_ChangeCertTrust
CERT_CheckCertUsage
CERT_CheckCertValidTimes
CERT_CheckNameSpace
CERT_CheckOCSPStatus
CERT_ClearOCSPCache
CERT_CompareCerts
CERT_CompareName
CERT_CompareValidityTimes
CERT_CompleteCRLDecodeEntries
CERT_CopyName
CERT_CopyRDN
CERT_CreateAVA
CERT_CreateCertificate
CERT_CreateCertificateRequest
CERT_CreateEncodedOCSPErrorResponse
CERT_CreateEncodedOCSPSuccessResponse
CERT_CreateName
CERT_CreateOCSPCertID
CERT_CreateOCSPRequest
CERT_CreateOCSPSingleResponseGood
CERT_CreateOCSPSingleResponseRevoked
CERT_CreateOCSPSingleResponseUnknown
CERT_CreateRDN
CERT_CreateSubjectCertList
CERT_CreateValidity
CERT_DecodeAVAValue
CERT_DecodeAltNameExtension
CERT_DecodeAuthInfoAccessExtension
CERT_DecodeAuthKeyID
CERT_DecodeBasicConstraintValue
CERT_DecodeCRLDistributionPoints
CERT_DecodeCertificatePoliciesExtension
CERT_DecodeDERCrl
CERT_DecodeDERCrlWithFlags
CERT_DecodeGeneralName
CERT_DecodeNameConstraintsExtension
CERT_DecodeOCSPRequest
CERT_DecodeOCSPResponse
CERT_DecodeOidSequence
CERT_DecodePrivKeyUsagePeriodExtension
CERT_DecodeTrustString
CERT_DecodeUserNotice
CERT_DerNameToAscii
CERT_DestroyCERTRevocationFlags
CERT_DestroyCertArray
CERT_DestroyCertList
CERT_DestroyCertificate
CERT_DestroyCertificateList
CERT_DestroyCertificatePoliciesExtension
CERT_DestroyCertificateRequest
CERT_DestroyName
CERT_DestroyOCSPCertID
CERT_DestroyOCSPRequest
CERT_DestroyOCSPResponse
CERT_DestroyOidSequence
CERT_DestroyUserNotice
CERT_DestroyValidity
CERT_DisableOCSPChecking
CERT_DisableOCSPDefaultResponder
CERT_DistNamesFromCertList
CERT_DupCertList
CERT_DupCertificate
CERT_DupDistNames
CERT_EnableOCSPChecking
CERT_EnableOCSPDefaultResponder
CERT_EncodeAltNameExtension
CERT_EncodeAndAddBitStrExtension
CERT_EncodeAuthKeyID
CERT_EncodeBasicConstraintValue
CERT_EncodeCRLDistributionPoints
CERT_EncodeCertPoliciesExtension
CERT_EncodeGeneralName
CERT_EncodeInfoAccessExtension
CERT_EncodeInhibitAnyExtension
CERT_EncodeNameConstraintsExtension
CERT_EncodeNoticeReference
CERT_EncodeOCSPRequest
CERT_EncodePolicyConstraintsExtension
CERT_EncodePolicyMappingExtension
CERT_EncodeSubjectKeyID
CERT_EncodeUserNotice
CERT_ExtractPublicKey
CERT_FilterCertListByCANames
CERT_FilterCertListByUsage
CERT_FilterCertListForUserCerts
CERT_FindCRLEntryReasonExten
CERT_FindCRLNumberExten
CERT_FindCertByDERCert
CERT_FindCertByIssuerAndSN
CERT_FindCertByName
CERT_FindCertByNickname
CERT_FindCertByNicknameOrEmailAddr
CERT_FindCertByNicknameOrEmailAddrForUsage
CERT_FindCertBySubjectKeyID
CERT_FindCertExtension
CERT_FindCertIssuer
CERT_FindKeyUsageExtension
CERT_FindNameConstraintsExten
CERT_FindSMimeProfile
CERT_FindSubjectKeyIDExtension
CERT_FindUserCertByUsage
CERT_FindUserCertsByUsage
CERT_FinishCertificateRequestAttributes
CERT_FinishExtensions
CERT_ForcePostMethodForOCSP
CERT_FormatName
CERT_FreeDistNames
CERT_FreeNicknames
CERT_GenTime2FormattedAscii
CERT_GetAVATag
CERT_GetCertChainFromCert
CERT_GetCertEmailAddress
CERT_GetCertIssuerAndSN
CERT_GetCertNicknames
CERT_GetCertTimes
CERT_GetCertTrust
CERT_GetCertUid
CERT_GetCertificateNames
CERT_GetCertificateRequestExtensions
CERT_GetClassicOCSPDisabledPolicy
CERT_GetClassicOCSPEnabledHardFailurePolicy
CERT_GetClassicOCSPEnabledSoftFailurePolicy
CERT_GetCommonName
CERT_GetConstrainedCertificateNames
CERT_GetCountryName
CERT_GetDBContentVersion
CERT_GetDefaultCertDB
CERT_GetDomainComponentName
CERT_GetEncodedOCSPResponse
CERT_GetFirstEmailAddress
CERT_GetGeneralNameTypeFromString
CERT_GetLocalityName
CERT_GetNextEmailAddress
CERT_GetNextGeneralName
CERT_GetNextNameConstraint
CERT_GetOCSPAuthorityInfoAccessLocation
CERT_GetOCSPResponseStatus
CERT_GetOCSPStatusForCertID
CERT_GetOidString
CERT_GetOrgName
CERT_GetOrgUnitName
CERT_GetPKIXVerifyNistRevocationPolicy
CERT_GetPrevGeneralName
CERT_GetPrevNameConstraint
CERT_GetSSLCACerts
CERT_GetSlopTime
CERT_GetStateName
CERT_GetSubjectNameDigest
CERT_GetSubjectPublicKeyDigest
CERT_GetUsePKIXForValidation
CERT_GetValidDNSPatternsFromCert
CERT_Hexify
CERT_ImportCAChain
CERT_ImportCAChainTrusted
CERT_ImportCRL
CERT_ImportCerts
CERT_IsCACert
CERT_IsCADERCert
CERT_IsRootDERCert
CERT_IsUserCert
CERT_KeyFromDERCrl
CERT_MakeCANickname
CERT_MergeExtensions
CERT_NameToAscii
CERT_NameToAsciiInvertible
CERT_NewCertList
CERT_NewTempCertificate
CERT_NicknameStringsFromCertList
CERT_OCSPCacheSettings
CERT_OpenCertDBFilename
CERT_PKIXVerifyCert
CERT_PostOCSPRequest
CERT_RFC1485_EscapeAndQuote
CERT_RegisterAlternateOCSPAIAInfoCallBack
CERT_RemoveCertListNode
CERT_SaveSMimeProfile
CERT_SetOCSPDefaultResponder
CERT_SetOCSPFailureMode
CERT_SetOCSPTimeout
CERT_SetSlopTime
CERT_SetUsePKIXForValidation
CERT_StartCRLEntryExtensions
CERT_StartCRLExtensions
CERT_StartCertExtensions
CERT_StartCertificateRequestAttributes
CERT_UncacheCRL
CERT_VerifyCACertForUsage
CERT_VerifyCert
CERT_VerifyCertName
CERT_VerifyCertNow
CERT_VerifyCertificate
CERT_VerifyCertificateNow
CERT_VerifyOCSPResponseSignature
CERT_VerifySignedData
CERT_VerifySignedDataWithPublicKey
CERT_VerifySignedDataWithPublicKeyInfo
DER_AsciiToTime
DER_DecodeTimeChoice
DER_Encode
DER_EncodeTimeChoice
DER_GeneralizedDayToAscii
DER_GeneralizedTimeToTime
DER_GetInteger
DER_Lengths
DER_TimeChoiceDayToAscii
DER_TimeToGeneralizedTime
DER_TimeToGeneralizedTimeArena
DER_TimeToUTCTime
DER_UTCDayToAscii
DER_UTCTimeToAscii
DER_UTCTimeToTime
DSAU_DecodeDerSig
DSAU_DecodeDerSigToLen
DSAU_EncodeDerSig
DSAU_EncodeDerSigWithLen
HASH_Begin
HASH_Clone
HASH_Create
HASH_Destroy
HASH_End
HASH_GetHashObject
HASH_GetHashObjectByOidTag
HASH_GetHashTypeByOidTag
HASH_GetType
HASH_HashBuf
HASH_ResultLen
HASH_ResultLenByOidTag
HASH_ResultLenContext
HASH_Update
NSSBase64Decoder_Create
NSSBase64Decoder_Destroy
NSSBase64Decoder_Update
NSSBase64Encoder_Create
NSSBase64Encoder_Destroy
NSSBase64Encoder_Update
NSSBase64_DecodeBuffer
NSSBase64_EncodeItem
NSSRWLock_Destroy
NSSRWLock_HaveWriteLock
NSSRWLock_LockRead
NSSRWLock_LockWrite
NSSRWLock_New
NSSRWLock_UnlockRead
NSSRWLock_UnlockWrite
NSS_GetVersion
NSS_Get_CERT_CertificateRequestTemplate
NSS_Get_CERT_CertificateTemplate
NSS_Get_CERT_CrlTemplate
NSS_Get_CERT_IssuerAndSNTemplate
NSS_Get_CERT_NameTemplate
NSS_Get_CERT_SequenceOfCertExtensionTemplate
NSS_Get_CERT_SetOfSignedCrlTemplate
NSS_Get_CERT_SignedCrlTemplate
NSS_Get_CERT_SignedDataTemplate
NSS_Get_CERT_SubjectPublicKeyInfoTemplate
NSS_Get_CERT_TimeChoiceTemplate
NSS_Get_SECKEY_DSAPublicKeyTemplate
NSS_Get_SECKEY_EncryptedPrivateKeyInfoTemplate
NSS_Get_SECKEY_PointerToEncryptedPrivateKeyInfoTemplate
NSS_Get_SECKEY_PointerToPrivateKeyInfoTemplate
NSS_Get_SECKEY_PrivateKeyInfoTemplate
NSS_Get_SECKEY_RSAPSSParamsTemplate
NSS_Get_SECKEY_RSAPublicKeyTemplate
NSS_Get_SECOID_AlgorithmIDTemplate
NSS_Get_SEC_AnyTemplate
NSS_Get_SEC_BMPStringTemplate
NSS_Get_SEC_BitStringTemplate
NSS_Get_SEC_BooleanTemplate
NSS_Get_SEC_GeneralizedTimeTemplate
NSS_Get_SEC_IA5StringTemplate
NSS_Get_SEC_IntegerTemplate
NSS_Get_SEC_NullTemplate
NSS_Get_SEC_ObjectIDTemplate
NSS_Get_SEC_OctetStringTemplate
NSS_Get_SEC_PointerToAnyTemplate
NSS_Get_SEC_PointerToOctetStringTemplate
NSS_Get_SEC_SetOfAnyTemplate
NSS_Get_SEC_SignedCertificateTemplate
NSS_Get_SEC_UTCTimeTemplate
NSS_Get_SEC_UTF8StringTemplate
NSS_Get_sgn_DigestInfoTemplate
NSS_Init
NSS_InitContext
NSS_InitReadWrite
NSS_InitWithMerge
NSS_Initialize
NSS_IsInitialized
NSS_NoDB_Init
NSS_PutEnv
NSS_RegisterShutdown
NSS_Shutdown
NSS_ShutdownContext
NSS_UnregisterShutdown
NSS_VersionCheck
PBE_CreateContext
PBE_DestroyContext
PBE_GenerateBits
PK11SDR_Decrypt
PK11SDR_Encrypt
PK11_AlgtagToMechanism
PK11_Authenticate
PK11_BlockData
PK11_ChangePW
PK11_CheckSSOPassword
PK11_CheckUserPassword
PK11_CipherOp
PK11_CloneContext
PK11_ConfigurePKCS11
PK11_ConvertSessionPrivKeyToTokenPrivKey
PK11_ConvertSessionSymKeyToTokenSymKey
PK11_CopySymKeyForSigning
PK11_CopyTokenPrivKeyToSessionPrivKey
PK11_CreateContextBySymKey
PK11_CreateDigestContext
PK11_CreateGenericObject
PK11_CreateMergeLog
PK11_CreatePBEAlgorithmID
PK11_CreatePBEParams
PK11_CreatePBEV2AlgorithmID
PK11_DEREncodePublicKey
PK11_Decrypt
PK11_DeleteTokenCertAndKey
PK11_DeleteTokenPrivateKey
PK11_DeleteTokenPublicKey
PK11_DeleteTokenSymKey
PK11_Derive
PK11_DeriveWithFlags
PK11_DeriveWithFlagsPerm
PK11_DeriveWithTemplate
PK11_DestroyContext
PK11_DestroyGenericObject
PK11_DestroyGenericObjects
PK11_DestroyMergeLog
PK11_DestroyObject
PK11_DestroyPBEParams
PK11_DestroyTokenObject
PK11_DigestBegin
PK11_DigestFinal
PK11_DigestKey
PK11_DigestOp
PK11_DoesMechanism
PK11_Encrypt
PK11_ExportDERPrivateKeyInfo
PK11_ExportEncryptedPrivKeyInfo
PK11_ExportEncryptedPrivateKeyInfo
PK11_ExportPrivKeyInfo
PK11_ExportPrivateKeyInfo
PK11_ExtractKeyValue
PK11_Finalize
PK11_FindBestKEAMatch
PK11_FindCertAndKeyByRecipientList
PK11_FindCertAndKeyByRecipientListNew
PK11_FindCertByIssuerAndSN
PK11_FindCertFromDERCert
PK11_FindCertFromDERCertItem
PK11_FindCertFromNickname
PK11_FindCertInSlot
PK11_FindCertsFromEmailAddress
PK11_FindCertsFromNickname
PK11_FindFixedKey
PK11_FindGenericObjects
PK11_FindKeyByAnyCert
PK11_FindKeyByDERCert
PK11_FindKeyByKeyID
PK11_FindPrivateKeyFromCert
PK11_FindSlotByName
PK11_FindSlotsByNames
PK11_FortezzaHasKEA
PK11_FortezzaMapSig
PK11_FreeSlot
PK11_FreeSlotList
PK11_FreeSlotListElement
PK11_FreeSymKey
PK11_GenerateFortezzaIV
PK11_GenerateKeyPair
PK11_GenerateKeyPairWithFlags
PK11_GenerateKeyPairWithOpFlags
PK11_GenerateNewParam
PK11_GenerateRandom
PK11_GenerateRandomOnSlot
PK11_GetAllSlotsForCert
PK11_GetAllTokens
PK11_GetBestKeyLength
PK11_GetBestSlot
PK11_GetBestSlotMultiple
PK11_GetBestSlotMultipleWithAttributes
PK11_GetBestSlotWithAttributes
PK11_GetBestWrapMechanism
PK11_GetBlockSize
PK11_GetCertFromPrivateKey
PK11_GetCurrentWrapIndex
PK11_GetDefaultArray
PK11_GetDefaultFlags
PK11_GetDisabledReason
PK11_GetFirstSafe
PK11_GetIVLength
PK11_GetInternalKeySlot
PK11_GetInternalSlot
PK11_GetKeyData
PK11_GetKeyGen
PK11_GetKeyLength
PK11_GetKeyStrength
PK11_GetKeyType
PK11_GetLowLevelKeyIDForCert
PK11_GetLowLevelKeyIDForPrivateKey
PK11_GetMechanism
PK11_GetMinimumPwdLength
PK11_GetModInfo
PK11_GetModule
PK11_GetModuleID
PK11_GetNextGenericObject
PK11_GetNextSafe
PK11_GetNextSymKey
PK11_GetPBECryptoMechanism
PK11_GetPBEIV
PK11_GetPQGParamsFromPrivateKey
PK11_GetPadMechanism
PK11_GetPrevGenericObject
PK11_GetPrivateKeyNickname
PK11_GetPrivateModulusLen
PK11_GetPublicKeyNickname
PK11_GetSlotFromKey
PK11_GetSlotFromPrivateKey
PK11_GetSlotID
PK11_GetSlotInfo
PK11_GetSlotName
PK11_GetSlotPWValues
PK11_GetSlotSeries
PK11_GetSymKeyHandle
PK11_GetSymKeyNickname
PK11_GetSymKeyType
PK11_GetSymKeyUserData
PK11_GetTokenInfo
PK11_GetTokenName
PK11_GetWindow
PK11_GetWrapKey
PK11_HasRootCerts
PK11_HashBuf
PK11_IVFromParam
PK11_ImportCRL
PK11_ImportCert
PK11_ImportCertForKey
PK11_ImportCertForKeyToSlot
PK11_ImportDERCert
PK11_ImportDERCertForKey
PK11_ImportDERPrivateKeyInfo
PK11_ImportDERPrivateKeyInfoAndReturnKey
PK11_ImportEncryptedPrivateKeyInfo
PK11_ImportEncryptedPrivateKeyInfoAndReturnKey
PK11_ImportPrivateKeyInfo
PK11_ImportPrivateKeyInfoAndReturnKey
PK11_ImportPublicKey
PK11_ImportSymKey
PK11_ImportSymKeyWithFlags
PK11_InitPin
PK11_IsDisabled
PK11_IsFIPS
PK11_IsFriendly
PK11_IsHW
PK11_IsInternal
PK11_IsInternalKeySlot
PK11_IsLoggedIn
PK11_IsPresent
PK11_IsReadOnly
PK11_IsRemovable
PK11_KeyForCertExists
PK11_KeyForDERCertExists
PK11_KeyGen
PK11_KeyGenWithTemplate
PK11_LinkGenericObject
PK11_ListCerts
PK11_ListCertsInSlot
PK11_ListFixedKeysInSlot
PK11_ListPrivKeysInSlot
PK11_ListPrivateKeysInSlot
PK11_ListPublicKeysInSlot
PK11_LoadPrivKey
PK11_Logout
PK11_LogoutAll

Sections

.text
Size: 717KB - Virtual size: 717KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 800B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_2_/nssutil3.dll
.dll windows:6 windows x86 arch:x86

6ba16e7e12b3827a81a688ff0a5191a4

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

22:c2:cd:81:68:c1:26:0c:56:04:e4:3e:63:cf:9f:8f:c2:76:2d:e4
Signer

Actual PE Digest

22:c2:cd:81:68:c1:26:0c:56:04:e4:3e:63:cf:9f:8f:c2:76:2d:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

plc4

PL_strlen
PL_strcasecmp
PL_strpbrk
PL_strncasecmp

plds4

PL_FinishArenaPool
PL_FreeArenaPool
PL_InitArenaPool
PL_CompareValues
PL_ArenaAllocate
PL_HashTableLookup
PL_HashTableAdd
PL_HashTableDestroy
PL_NewHashTable
PL_ArenaGrow
PL_ArenaRelease
PL_ClearArenaPool
PL_HashTableLookupConst

nspr4

PR_smprintf_free
PR_smprintf
PR_Access
PR_Rename
PR_Delete
PR_GetError
PR_FormatTime
PR_LocalTimeParameters
PR_GetEnv
PR_GetDirectorySeparator
PR_GetLibraryFilePathname
PR_LoadLibraryWithFlags
PR_GetCurrentThread
PR_NotifyAllCondVar
PR_NotifyCondVar
PR_WaitCondVar
PR_DestroyCondVar
PR_NewCondVar
PR_Unlock
PR_Lock
PR_DestroyLock
PR_NewLock
PR_Free
PR_Realloc
PR_Calloc
PR_Malloc
PR_SetError
PR_CallOnce
PR_ErrorInstallTable
PR_GMTParameters
PR_ImplodeTime
PR_ExplodeTime

kernel32

GetTimeZoneInformation
HeapSize
OutputDebugStringW
HeapReAlloc
GetCurrentDirectoryW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
LoadLibraryExW
GetModuleFileNameW
SetEndOfFile
WriteConsoleW
SetFilePointerEx
ReadConsoleW
ReadFile
FlushFileBuffers
HeapAlloc
LCMapStringW
CompareStringW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetProcessHeap
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
GetDriveTypeW
FindFirstFileExW
FindClose
SetStdHandle
AreFileApisANSI
GetModuleHandleExW
ExitProcess
CreateFileW
GetConsoleMode
SetEnvironmentVariableA
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcAddress
SetEnvironmentVariableW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetLastError
MultiByteToWideChar
WideCharToMultiByte
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
CloseHandle
HeapFree
GetStdHandle
GetFileType
DeleteCriticalSection
RtlUnwind
WriteFile
GetConsoleCP

Exports

Exports

ATOB_AsciiToData_Util
ATOB_ConvertAsciiToItem_Util
BTOA_ConvertItemToAscii_Util
BTOA_DataToAscii_Util
CERT_GenTime2FormattedAscii_Util
DER_AsciiToTime_Util
DER_DecodeTimeChoice_Util
DER_EncodeTimeChoice_Util
DER_Encode_Util
DER_GeneralizedDayToAscii_Util
DER_GeneralizedTimeToTime_Util
DER_GetInteger_Util
DER_GetUInteger
DER_LengthLength
DER_Lengths_Util
DER_SetUInteger
DER_StoreHeader
DER_TimeChoiceDayToAscii_Util
DER_TimeToGeneralizedTimeArena_Util
DER_TimeToGeneralizedTime_Util
DER_TimeToUTCTime_Util
DER_UTCDayToAscii_Util
DER_UTCTimeToAscii_Util
DER_UTCTimeToTime_Util
NSSBase64Decoder_Create_Util
NSSBase64Decoder_Destroy_Util
NSSBase64Decoder_Update_Util
NSSBase64Encoder_Create_Util
NSSBase64Encoder_Destroy_Util
NSSBase64Encoder_Update_Util
NSSBase64_DecodeBuffer_Util
NSSBase64_EncodeItem_Util
NSSRWLock_Destroy_Util
NSSRWLock_HaveWriteLock_Util
NSSRWLock_LockRead_Util
NSSRWLock_LockWrite_Util
NSSRWLock_New_Util
NSSRWLock_UnlockRead_Util
NSSRWLock_UnlockWrite_Util
NSSUTIL_ArgDecodeNumber
NSSUTIL_ArgFetchValue
NSSUTIL_ArgGetLabel
NSSUTIL_ArgGetParamValue
NSSUTIL_ArgHasFlag
NSSUTIL_ArgIsBlank
NSSUTIL_ArgParseCipherFlags
NSSUTIL_ArgParseModuleSpec
NSSUTIL_ArgParseSlotFlags
NSSUTIL_ArgParseSlotInfo
NSSUTIL_ArgReadLong
NSSUTIL_ArgSkipParameter
NSSUTIL_ArgStrip
NSSUTIL_DoModuleDBFunction
NSSUTIL_DoubleEscape
NSSUTIL_DoubleEscapeSize
NSSUTIL_Escape
NSSUTIL_EscapeSize
NSSUTIL_GetVersion
NSSUTIL_MkModuleSpec
NSSUTIL_MkNSSString
NSSUTIL_MkSlotString
NSSUTIL_Quote
NSSUTIL_QuoteSize
NSS_GetAlgorithmPolicy
NSS_Get_SECOID_AlgorithmIDTemplate_Util
NSS_Get_SEC_AnyTemplate_Util
NSS_Get_SEC_BMPStringTemplate_Util
NSS_Get_SEC_BitStringTemplate_Util
NSS_Get_SEC_BooleanTemplate_Util
NSS_Get_SEC_EnumeratedTemplate
NSS_Get_SEC_GeneralizedTimeTemplate_Util
NSS_Get_SEC_IA5StringTemplate_Util
NSS_Get_SEC_IntegerTemplate_Util
NSS_Get_SEC_NullTemplate_Util
NSS_Get_SEC_ObjectIDTemplate_Util
NSS_Get_SEC_OctetStringTemplate_Util
NSS_Get_SEC_PointerToAnyTemplate_Util
NSS_Get_SEC_PointerToEnumeratedTemplate
NSS_Get_SEC_PointerToGeneralizedTimeTemplate
NSS_Get_SEC_PointerToOctetStringTemplate_Util
NSS_Get_SEC_PrintableStringTemplate
NSS_Get_SEC_SequenceOfAnyTemplate
NSS_Get_SEC_SequenceOfObjectIDTemplate
NSS_Get_SEC_SetOfAnyTemplate_Util
NSS_Get_SEC_SkipTemplate
NSS_Get_SEC_T61StringTemplate
NSS_Get_SEC_UTF8StringTemplate_Util
NSS_Get_SEC_UniversalStringTemplate
NSS_Get_sgn_DigestInfoTemplate_Util
NSS_InitializePRErrorTable
NSS_PutEnv_Util
NSS_SecureMemcmp
NSS_SetAlgorithmPolicy
PORT_Alloc_Util
PORT_ArenaAlloc_Util
PORT_ArenaGrow_Util
PORT_ArenaMark_Util
PORT_ArenaRelease_Util
PORT_ArenaStrdup_Util
PORT_ArenaUnmark_Util
PORT_ArenaZAlloc_Util
PORT_FreeArena_Util
PORT_Free_Util
PORT_GetError_Util
PORT_ISO88591_UTF8Conversion
PORT_LoadLibraryFromOrigin
PORT_NewArena_Util
PORT_Realloc_Util
PORT_RegExpCaseSearch
PORT_RegExpSearch
PORT_RegExpValid
PORT_SetError_Util
PORT_SetUCS2_ASCIIConversionFunction_Util
PORT_SetUCS2_UTF8ConversionFunction_Util
PORT_SetUCS4_UTF8ConversionFunction_Util
PORT_Strdup_Util
PORT_UCS2_ASCIIConversion_Util
PORT_UCS2_UTF8Conversion_Util
PORT_UCS4_UTF8Conversion
PORT_ZAlloc_Util
PORT_ZFree_Util
SECITEM_AllocArray
SECITEM_AllocItem_Util
SECITEM_ArenaDupItem_Util
SECITEM_CompareItem_Util
SECITEM_CopyItem_Util
SECITEM_DupArray
SECITEM_DupItem_Util
SECITEM_FreeArray
SECITEM_FreeItem_Util
SECITEM_Hash
SECITEM_HashCompare
SECITEM_ItemsAreEqual_Util
SECITEM_ReallocItem
SECITEM_ReallocItemV2
SECITEM_ZfreeArray
SECITEM_ZfreeItem_Util
SECOID_AddEntry_Util
SECOID_CompareAlgorithmID_Util
SECOID_CopyAlgorithmID_Util
SECOID_DestroyAlgorithmID_Util
SECOID_FindOIDByMechanism
SECOID_FindOIDByTag_Util
SECOID_FindOIDTagDescription_Util
SECOID_FindOIDTag_Util
SECOID_FindOID_Util
SECOID_GetAlgorithmTag_Util
SECOID_Init
SECOID_KnownCertExtenOID
SECOID_SetAlgorithmID_Util
SECOID_Shutdown
SEC_ASN1DecodeInteger_Util
SEC_ASN1DecodeItem_Util
SEC_ASN1Decode_Util
SEC_ASN1DecoderAbort_Util
SEC_ASN1DecoderClearFilterProc_Util
SEC_ASN1DecoderClearNotifyProc_Util
SEC_ASN1DecoderFinish_Util
SEC_ASN1DecoderSetFilterProc_Util
SEC_ASN1DecoderSetNotifyProc_Util
SEC_ASN1DecoderStart_Util
SEC_ASN1DecoderUpdate_Util
SEC_ASN1EncodeInteger_Util
SEC_ASN1EncodeItem_Util
SEC_ASN1EncodeUnsignedInteger_Util
SEC_ASN1Encode_Util
SEC_ASN1EncoderAbort_Util
SEC_ASN1EncoderClearNotifyProc_Util
SEC_ASN1EncoderClearStreaming_Util
SEC_ASN1EncoderClearTakeFromBuf_Util
SEC_ASN1EncoderFinish_Util
SEC_ASN1EncoderSetNotifyProc_Util
SEC_ASN1EncoderSetStreaming_Util
SEC_ASN1EncoderSetTakeFromBuf_Util
SEC_ASN1EncoderStart_Util
SEC_ASN1EncoderUpdate_Util
SEC_ASN1LengthLength_Util
SEC_QuickDERDecodeItem_Util
SEC_StringToOID
SGN_CompareDigestInfo_Util
SGN_CopyDigestInfo_Util
SGN_CreateDigestInfo_Util
SGN_DecodeDigestInfo
SGN_DestroyDigestInfo_Util
UTIL_SetForkState
_NSSUTIL_EvaluateConfigDir
_NSSUTIL_GetSecmodName
_SGN_VerifyPKCS1DigestInfo

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_2_/plc4.dll
.dll windows:6 windows x86 arch:x86

4598533a0c3b6c5ddb9612a89de425ce

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:f7:2d:fe:48:cd:dc:86:0c:b0:f6:e1:5c:5a:20:40:04:1a:19:da
Signer

Actual PE Digest

70:f7:2d:fe:48:cd:dc:86:0c:b0:f6:e1:5c:5a:20:40:04:1a:19:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

nspr4

PR_SetError
PR_Calloc
PR_ErrorToName
PR_GetOSError
PR_GetError
PR_fprintf
PR_GetSpecialFD
PR_Free
PR_Malloc

kernel32

Sleep
CreateFileW
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
GetLastError
HeapFree
HeapAlloc
GetCommandLineA
GetCurrentThreadId
GetProcessHeap
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameW
IsProcessorFeaturePresent
SetLastError
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
IsDebuggerPresent
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
RtlUnwind
HeapReAlloc
HeapSize
LCMapStringW

Exports

Exports

PL_Base64Decode
PL_Base64Encode
PL_CreateLongOptState
PL_CreateOptState
PL_DestroyOptState
PL_FPrintError
PL_GetNextOpt
PL_PrintError
PL_strcasecmp
PL_strcaserstr
PL_strcasestr
PL_strcat
PL_strcatn
PL_strchr
PL_strcmp
PL_strcpy
PL_strdup
PL_strfree
PL_strlen
PL_strncasecmp
PL_strncaserstr
PL_strncasestr
PL_strncat
PL_strnchr
PL_strncmp
PL_strncpy
PL_strncpyz
PL_strndup
PL_strnlen
PL_strnpbrk
PL_strnprbrk
PL_strnrchr
PL_strnrstr
PL_strnstr
PL_strpbrk
PL_strprbrk
PL_strrchr
PL_strrstr
PL_strstr
PL_strtok_r
libVersionPoint

Sections

.text
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_2_/plds4.dll
.dll windows:6 windows x86 arch:x86

4f9a53fbf939884bc7e65bde68799fc4

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:39:5a:e1:41:57:86:08:ff:80:9a:78:1e:39:1c:fa:a7:c4:01:e6
Signer

Actual PE Digest

57:39:5a:e1:41:57:86:08:ff:80:9a:78:1e:39:1c:fa:a7:c4:01:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

nspr4

PR_CallOnce
PR_Unlock
PR_Lock
PR_DestroyLock
PR_NewLock
PR_CeilingLog2
PR_Free
PR_Malloc

kernel32

TlsAlloc
CreateFileW
CloseHandle
WriteConsoleW
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetCommandLineA
GetCurrentThreadId
IsProcessorFeaturePresent
GetLastError
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
IsDebuggerPresent
WriteFile
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
HeapAlloc
HeapReAlloc
GetStringTypeW
OutputDebugStringW
HeapSize
LCMapStringW

Exports

Exports

PL_ArenaAllocate
PL_ArenaFinish
PL_ArenaGrow
PL_ArenaRelease
PL_ClearArenaPool
PL_CompactArenaPool
PL_CompareStrings
PL_CompareValues
PL_FinishArenaPool
PL_FreeArenaPool
PL_HashString
PL_HashTableAdd
PL_HashTableDestroy
PL_HashTableDump
PL_HashTableEnumerateEntries
PL_HashTableLookup
PL_HashTableLookupConst
PL_HashTableRawAdd
PL_HashTableRawLookup
PL_HashTableRawLookupConst
PL_HashTableRawRemove
PL_HashTableRemove
PL_InitArenaPool
PL_NewHashTable
PL_SizeOfArenaPoolExcludingPool
libVersionPoint

Sections

.text
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 760B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_2_/softokn3.dll
.dll windows:6 windows x86 arch:x86

f62703f3be4a59d359a62952d431248f

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

95:c2:29:c2:fb:a1:0f:d7:61:93:9b:80:63:f2:0c:b7:70:44:d5:ec
Signer

Actual PE Digest

95:c2:29:c2:fb:a1:0f:d7:61:93:9b:80:63:f2:0c:b7:70:44:d5:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

sqlite3

sqlite3_file_control
sqlite3_reset
sqlite3_finalize
sqlite3_column_int
sqlite3_column_bytes
sqlite3_column_blob
sqlite3_step
sqlite3_bind_text
sqlite3_bind_int
sqlite3_bind_blob
sqlite3_prepare_v2
sqlite3_open
sqlite3_free
sqlite3_mprintf
sqlite3_busy_timeout
sqlite3_exec
sqlite3_close

nssutil3

SECOID_GetAlgorithmTag_Util
PORT_Alloc_Util
PORT_Free_Util
PORT_SetError_Util
NSS_Get_SECOID_AlgorithmIDTemplate_Util
NSS_Get_SEC_AnyTemplate_Util
NSS_Get_SEC_BitStringTemplate_Util
NSS_Get_SEC_ObjectIDTemplate_Util
PORT_NewArena_Util
PORT_ArenaZAlloc_Util
SECITEM_CopyItem_Util
PORT_ZAlloc_Util
SECITEM_CompareItem_Util
NSSUTIL_ArgHasFlag
NSSUTIL_ArgIsBlank
NSSUTIL_ArgDecodeNumber
NSSUTIL_ArgGetLabel
NSSUTIL_ArgSkipParameter
NSSUTIL_ArgStrip
NSSUTIL_ArgFetchValue
_NSSUTIL_EvaluateConfigDir
PORT_Strdup_Util
SECOID_FindOIDByMechanism
SGN_DestroyDigestInfo_Util
SGN_CreateDigestInfo_Util
DER_Encode_Util
_SGN_VerifyPKCS1DigestInfo
NSS_Get_SEC_OctetStringTemplate_Util
SEC_QuickDERDecodeItem_Util
_NSSUTIL_GetSecmodName
NSSUTIL_DoModuleDBFunction
UTIL_SetForkState
SECOID_Shutdown
SECOID_Init
DER_SetUInteger
SECITEM_HashCompare
PORT_ArenaAlloc_Util
PORT_GetError_Util
PORT_ArenaGrow_Util
PORT_Realloc_Util
SECOID_DestroyAlgorithmID_Util
PORT_ZFree_Util
SECOID_CopyAlgorithmID_Util
SECOID_SetAlgorithmID_Util
DER_GetInteger_Util
SEC_ASN1EncodeInteger_Util
SEC_ASN1EncodeItem_Util
SEC_ASN1DecodeItem_Util
SECITEM_ZfreeItem_Util
SECITEM_FreeItem_Util
SECITEM_DupItem_Util
SECITEM_AllocItem_Util
PORT_FreeArena_Util

plc4

PL_strncasecmp
PL_strcasecmp

plds4

PL_NewHashTable
PL_HashTableDestroy
PL_HashTableAdd
PL_HashTableRemove
PL_HashTableLookup
PL_HashTableLookupConst
PL_CompareValues
PL_HashTableEnumerateEntries

nspr4

PR_CallOnce
PR_SetError
PR_Free
PR_snprintf
PR_GetEnv
PR_LoadLibraryWithFlags
PR_UnloadLibrary
PR_FindFunctionSymbol
PR_GetLibraryFilePathname
PR_Lock
PR_Unlock
PR_GetDirectorySeparator
PR_SecondsToInterval
PR_NewLock
PR_DestroyLock
PR_Sleep
PR_smprintf_free
PR_IntervalNow
PR_MillisecondsToInterval
PR_GetCurrentThread
PR_Now
PR_Access
PR_NewMonitor
PR_DestroyMonitor
PR_EnterMonitor
PR_ExitMonitor
PR_smprintf

kernel32

SetFileAttributesW
GetFileAttributesExW
CloseHandle
CreateFileW
FlushFileBuffers
HeapSize
WriteConsoleW
SetStdHandle
HeapReAlloc
OutputDebugStringW
LoadLibraryExW
RtlUnwind
SetEnvironmentVariableA
SetFilePointerEx
GetConsoleMode
GetConsoleCP
LCMapStringW
CompareStringW
GetStringTypeW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
GetModuleFileNameW
WriteFile
GetStdHandle
GetProcessHeap
AreFileApisANSI
GetModuleHandleExW
ExitProcess
WideCharToMultiByte
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DecodePointer
EncodePointer
GetProcAddress
GetModuleHandleW
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
GetCurrentProcess
Sleep
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
UnhandledExceptionFilter
MultiByteToWideChar
SetLastError
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetCurrentThreadId
GetCommandLineA
HeapAlloc
HeapFree
GetLastError
IsProcessorFeaturePresent
IsDebuggerPresent
GetTempPathA

Exports

Exports

C_GetFunctionList
FC_GetFunctionList
NSC_GetFunctionList
NSC_ModuleDBFunc

Sections

.text
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/$_2_/sqlite3.dll
.dll windows:6 windows x86 arch:x86

08e0c5c4d25d1d7e6ba2923f9444c9ee

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:ac:f6:aa:c3:69:45:1a:36:c6:d1:a4:81:6b:3f:d6:a5:69:18:44
Signer

Actual PE Digest

44:ac:f6:aa:c3:69:45:1a:36:c6:d1:a4:81:6b:3f:d6:a5:69:18:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

DeleteFileA
AreFileApisANSI
GetSystemTime
LocalFree
GetTempPathA
GetCurrentProcessId
DeleteFileW
CloseHandle
GetVersionExA
OutputDebugStringA
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapSize
GetProcAddress
GetLastError
GetTempPathW
FlushFileBuffers
MultiByteToWideChar
CreateFileW
ReadFile
GetFileAttributesW
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageW
Sleep
LoadLibraryW
WideCharToMultiByte
WriteFile
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
GetTickCount
OutputDebugStringW
LockFile
UnlockFile
WaitForSingleObject
HeapFree
QueryPerformanceCounter
SystemTimeToFileTime
HeapAlloc
FreeLibrary
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
SetFilePointer
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
GetFullPathNameW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
GetCurrentThreadId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
GetTimeZoneInformation
GetFileType
GetModuleFileNameA
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
RtlUnwind
CompareStringW
LCMapStringW
GetStringTypeW
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableA
SetStdHandle
SetFilePointerEx
WriteConsoleW

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_auto_extension
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_bind_value
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_clear_bindings
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_column_value
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_function
sqlite3_create_function16
sqlite3_create_module
sqlite3_data_count
sqlite3_db_handle
sqlite3_declare_vtab
sqlite3_enable_load_extension
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_extended_result_codes
sqlite3_file_control
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_load_extension
sqlite3_malloc
sqlite3_mprintf
sqlite3_open
sqlite3_open16
sqlite3_open_v2
sqlite3_overload_function
sqlite3_prepare
sqlite3_prepare16
sqlite3_prepare16_v2
sqlite3_prepare_v2
sqlite3_profile
sqlite3_progress_handler
sqlite3_realloc
sqlite3_reset
sqlite3_reset_auto_extension
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_sleep
sqlite3_snprintf
sqlite3_step
sqlite3_thread_cleanup
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_numeric_type
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_version
sqlite3_vmprintf
sqlite3_wal_checkpoint

Sections

.text
Size: 457KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_39_/$DESKTOP/[Torrents3D.ru]_3618.torrent
$_39_/SoftInstallerHelper.dll
.dll windows:5 windows x86 arch:x86

64c8b63c9b43c1627a109642820cff3b

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

11/03/2015, 00:00

Not After

10/03/2016, 23:59

Subject

CN=Ekaterina Afanasova,OU=Individual Developer,O=No Organization Affiliation,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

Issuer

CN=Thawte Premium Server CA,OU=Certification Services Division,O=Thawte Consulting cc,L=Cape Town,ST=Western Cape,C=ZA,1.2.840.113549.1.9.1=#0c197072656d69756d2d736572766572407468617774652e636f6d

Not Before

17/11/2006, 00:00

Not After

30/12/2020, 23:59

Subject

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:86:04:bf:7e:fb:13:8c:a6:c3:f9:1a:55:5e:69:4b:fc:6c:40:9a
Signer

Actual PE Digest

3b:86:04:bf:7e:fb:13:8c:a6:c3:f9:1a:55:5e:69:4b:fc:6c:40:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Z:\Projects\Kurs.Ru\newAddon\SoftInstallerHelper\Release\SoftInstallerHelper.pdb

Imports

kernel32

GetModuleHandleW
WideCharToMultiByte
SizeofResource
LoadResource
GetProcAddress
LockResource
FindResourceW
MultiByteToWideChar
FindResourceExW
RaiseException
EnterCriticalSection
LeaveCriticalSection
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InterlockedExchange
InitializeCriticalSection
GetCurrentThreadId
GetCommandLineA
RtlUnwind
LCMapStringW
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetFileType
GetStartupInfoW
ReadFile
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
GetACP
GetOEMCP
IsValidCodePage
CloseHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
LoadLibraryW
SetStdHandle
WriteConsoleW
CreateFileA
CreateFileW
SetEndOfFile

advapi32

RegOpenKeyExW
RegCloseKey

Exports

Exports

GetJsonObjStringValueForKey
GetJsonObjValueForKey
GetSoftItemAtIndex
JsonObjToString
LoadSoft
ShouldBeSoftInstalled

Sections

.text
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_39_/soft.json

Sharing

General

Malware Config

Signatures

Files

28a099a911237a28521d8b7ea250f089

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8eCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

85:bc:71:77:76:bc:5c:6b:2f:d6:e8:3f:8f:04:01:e0:74:27:d1:3cSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

comctl32

gdi32

kernel32

ole32

shell32

user32

version

Sections

.text Size: 34KB - Virtual size: 34KB

.data Size: 512B - Virtual size: 140B

.rdata Size: 9KB - Virtual size: 8KB

.bss Size: - Virtual size: 106KB

.idata Size: 5KB - Virtual size: 4KB

.ndata Size: 1024B - Virtual size: 112KB

.rsrc Size: 17KB - Virtual size: 16KB

db2755f409b81c4dbfc04f648cfb80b9

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8eCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91Certificate

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

b1:6b:51:8e:83:95:72:2a:15:4e:b1:97:01:17:f0:60:77:e0:07:77Signer

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 987B

.reloc Size: 512B - Virtual size: 66B

50112fdd20200a51dbedeae8f1f33cdb

Code Sign

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8eCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

85:bc:71:77:76:bc:5c:6b:2f:d6:e8:3f:8f:04:01:e0:74:27:d1:3c
Signer

.text
Size: 34KB - Virtual size: 34KB

.data
Size: 512B - Virtual size: 140B

.rdata
Size: 9KB - Virtual size: 8KB

.bss
Size: - Virtual size: 106KB

.idata
Size: 5KB - Virtual size: 4KB

.ndata
Size: 1024B - Virtual size: 112KB

.rsrc
Size: 17KB - Virtual size: 16KB

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

b1:6b:51:8e:83:95:72:2a:15:4e:b1:97:01:17:f0:60:77:e0:07:77
Signer

.text
Size: 1024B - Virtual size: 987B

.reloc
Size: 512B - Virtual size: 66B

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

95:af:a4:40:20:0a:94:ed:fd:91:ec:ea:bc:18:07:43:32:f5:ea:e6
Signer

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 1014B

.data
Size: - Virtual size: 12B

.reloc
Size: 512B - Virtual size: 262B

.text
Size: 15KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 52B

.rdata
Size: 1024B - Virtual size: 828B

.bss
Size: - Virtual size: 1KB

.edata
Size: 512B - Virtual size: 160B

.idata
Size: 2KB - Virtual size: 1KB

.CRT
Size: 512B - Virtual size: 44B

.tls
Size: 512B - Virtual size: 32B

.reloc
Size: 1KB - Virtual size: 1KB

16:a8:3c:4a:e2:1b:dc:dd:4e:2e:b2:99:d4:d5:a8:8e
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

33:65:50:08:79:ad:73:e2:30:b9:e0:1d:0d:7f:ac:91
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

8e:5d:ea:a3:0e:69:33:a0:b1:75:5a:c9:69:5d:5d:16:5b:2a:08:43
Signer