21cd9ed287f8a5a68fa2f7de44cb0fbd_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

21cd9ed287f8a5a68fa2f7de44cb0fbd_JaffaCakes118
Size

3.0MB
MD5

21cd9ed287f8a5a68fa2f7de44cb0fbd
SHA1

b88d157b0d6382acfbd61f579ea4a96f8b0edb70
SHA256

8964a0efd666c3213006e4f99ac21debdf54416df60c5b2f220810b3759f69b1
SHA512

13a2670f1e430ae77356b6970da311e8b93724d82f2754a4128e8acbc2e724c319856b5e12579b415d91de1dcbfe34e9e4cc86e63ae7a03e75e07653bab33fc9
SSDEEP

98304:Zm3dZk5kKoFodFSEiGzRKVxljC1D4URz2tGy:4NZSzcA2I4gy

Score

1^/10

Malware Config

Signatures

Files

21cd9ed287f8a5a68fa2f7de44cb0fbd_JaffaCakes118
.cab
TPClnRDP.dll.DD54F5AC_00A0_4160_B070_AB2769A46242
.dll windows:5 windows x86 arch:x86

41c8a0f0bf2d87996f3d625ff78a4efc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3e:bd:bc:de:f1:62:8b:ca:db:4d:15:8f:f8:07:a5:df:1b:f5:39:f3
Signer

Actual PE Digest

3e:bd:bc:de:f1:62:8b:ca:db:4d:15:8f:f8:07:a5:df:1b:f5:39:f3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

InterlockedCompareExchange
ResumeThread
CreateThread
CreateEventW
QueryPerformanceCounter
QueryPerformanceFrequency
DisableThreadLibraryCalls
SetDllDirectoryW
CreateMutexW
ReleaseMutex
GetVersionExW
Sleep
GetTickCount
SetLastError
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
GetLocalTime
MultiByteToWideChar
WriteFile
GetCurrentProcessId
CreateFileW
GetFileAttributesW
GetModuleFileNameW
GetProcAddress
LoadLibraryW
GetModuleHandleW
FreeLibrary
TerminateProcess
CreateProcessW
WideCharToMultiByte
WriteConsoleW
SetStdHandle
GetStringTypeW
GetConsoleMode
ProcessIdToSessionId
GetLastError
SetEvent
WaitForSingleObject
TerminateThread
InterlockedExchange
InitializeCriticalSection
CloseHandle
LeaveCriticalSection
TryEnterCriticalSection
EnterCriticalSection
SetFilePointer
DeleteCriticalSection
FlushFileBuffers
GetConsoleCP
HeapSize
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
LCMapStringW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
ExitProcess
DecodePointer
EncodePointer
RtlUnwind
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
GetStdHandle
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
IsProcessorFeaturePresent
HeapCreate
HeapDestroy

user32

PostMessageW
UnregisterClassW
DestroyWindow
CreateWindowExW
RegisterClassExW
FindWindowW
DefWindowProcW

advapi32

RegEnumValueW
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegCloseKey
OpenThreadToken
OpenProcessToken
GetTokenInformation
GetUserNameW

ws2_32

WSAWaitForMultipleEvents
WSAEnumNetworkEvents
WSAResetEvent
WSACreateEvent
socket
WSASetEvent
WSAEventSelect
shutdown
closesocket
ioctlsocket
WSAStartup
WSACloseEvent
recv
send
getaddrinfo
connect
WSAGetLastError
freeaddrinfo

Exports

Exports

VirtualChannelEntry
VirtualChannelEntryEx

Sections

.text
Size: 119KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TPClnVM.dll.DD54F5AC_00A0_4160_B070_AB2769A46242
.dll windows:5 windows x86 arch:x86

134dee528a0689724f82d688d8d343d1

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10/05/2010, 00:00

Not After

10/05/2015, 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

Issuer

CN=Thawte Code Signing CA - G2,O=Thawte\, Inc.,C=US

Not Before

25/06/2014, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

77:78:63:14:92:09:aa:b0:d8:81:0c:2d:a2:4a:e1:06:07:08:17:ab
Signer

Actual PE Digest

77:78:63:14:92:09:aa:b0:d8:81:0c:2d:a2:4a:e1:06:07:08:17:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
RegEnumValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl

user32

DispatchMessageW
TranslateMessage
GetMessageW
MessageBoxW
PostThreadMessageW

kernel32

CreateFileW
SetStdHandle
WriteConsoleW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
GetLastError
GetLocalTime
GetCurrentThreadId
SetLastError
OutputDebugStringW
GetModuleFileNameW
GetFileAttributesW
SizeofResource
LockResource
LoadResource
FindResourceW
FindResourceExW
CreateEventW
TerminateThread
CloseHandle
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
SetEvent
CreateNamedPipeW
ResetEvent
ConnectNamedPipe
WaitForMultipleObjects
GetOverlappedResult
CancelIo
DisconnectNamedPipe
WriteFile
Sleep
ReadFile
FlushFileBuffers
GetExitCodeThread
WaitForSingleObject
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
EncodePointer
DecodePointer
ExitThread
CreateThread
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
ExitProcess
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetConsoleCP
GetConsoleMode
HeapCreate
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
RtlUnwind
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
IsProcessorFeaturePresent
SetFilePointer
LCMapStringW
MultiByteToWideChar
GetStringTypeW
SetEndOfFile

Exports

Exports

TPClientEntry
TPClientStop

Sections

.text
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TPClnt.dll.DD54F5AC_00A0_4160_B070_AB2769A46242
.dll windows:6 windows x86 arch:x86

a459108c94581c5ce10581e085bbe3b3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

28:8a:4a:58:97:1d:1e:40:76:e6:ef:2f:9c:9e:b3:3a:96:8f:da:1f:49:4e:69:b7:95:3c:e5:4f:18:ec:45:cc
Signer

Actual PE Digest

28:8a:4a:58:97:1d:1e:40:76:e6:ef:2f:9c:9e:b3:3a:96:8f:da:1f:49:4e:69:b7:95:3c:e5:4f:18:ec:45:cc

Digest Algorithm

sha256

PE Digest Matches

true

1f:d3:28:c3:3d:75:77:86:ce:cf:6a:31:b8:5a:a7:bd:b7:d2:9a:a1
Signer

Actual PE Digest

1f:d3:28:c3:3d:75:77:86:ce:cf:6a:31:b8:5a:a7:bd:b7:d2:9a:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

W:\StarTeam\9D8F3BCF-D1DC-40ED-8021-54C772E8A1AE\Win32\Release\x86\TPClnt.pdb

Imports

userenv

EnterCriticalPolicySection
LeaveCriticalPolicySection

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

kernel32

QueryPerformanceCounter
OutputDebugStringW
GetStringTypeW
LCMapStringW
GetCPInfo
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
ExitProcess
GetModuleHandleExW
GetACP
GetSystemInfo
VirtualAlloc
VirtualQuery
CreateThread
ExitThread
FreeLibraryAndExitThread
HeapQueryInformation
GetCommandLineA
GetCommandLineW
DecodePointer
RaiseException
GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
Sleep
ResumeThread
InitializeCriticalSection
FreeLibrary
GetProcAddress
LoadLibraryW
MultiByteToWideChar
LoadResource
LockResource
SizeofResource
FindResourceW
SetEvent
CloseHandle
WaitForSingleObject
CreateEventW
WaitForMultipleObjects
SetLastError
GetSystemTime
GetVersionExW
SystemTimeToFileTime
GetCurrentProcess
GetCurrentThread
LocalFree
SetStdHandle
GetFileType
GetStdHandle
GetConsoleCP
GetConsoleMode
GetDateFormatW
GetTimeFormatW
IsValidLocale
EnumSystemLocalesW
GetTimeZoneInformation
IsValidCodePage
GetOEMCP
ReadConsoleW
SetFilePointerEx
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetConsoleCtrlHandler
WriteConsoleW
SleepEx
WideCharToMultiByte
TerminateThread
GetExitCodeThread
GetCurrentProcessId
GetCurrentThreadId
OpenProcess
GetModuleHandleW
LocalAlloc
GetProfileStringW
CreateFileW
GetFileSize
SetFilePointer
WriteFile
ReleaseMutex
CreateMutexW
GetLocalTime
GetFileAttributesW
GetModuleFileNameW
GetTempPathW
GlobalAlloc
GlobalSize
GlobalLock
GlobalUnlock
GlobalFree
GetTempFileNameW
QueryPerformanceFrequency
SetThreadPriority
SuspendThread
GetTickCount
lstrlenW
CreateDirectoryW
DeleteFileW
TerminateProcess
CreateProcessW
FileTimeToSystemTime
GetWindowsDirectoryW
WinExec
FormatMessageW
MulDiv
CopyFileW
lstrcmpA
ReleaseSemaphore
CreateSemaphoreW
FileTimeToLocalFileTime
GetFileAttributesExW
GetFileSizeEx
GetFileTime
LocalFileTimeToFileTime
SetFileAttributesW
SetFileTime
SystemTimeToTzSpecificLocalTime
FindClose
FindFirstFileW
FlushFileBuffers
GetFullPathNameW
GetShortPathNameW
GetVolumeInformationW
LockFile
ReadFile
SetEndOfFile
UnlockFile
OutputDebugStringA
DuplicateHandle
GetModuleHandleA
LoadLibraryExW
lstrcmpiW
LoadLibraryA
MoveFileW
GetStringTypeExW
GetThreadLocale
EncodePointer
GetSystemDirectoryW
FreeResource
GlobalDeleteAtom
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
VirtualProtect
GlobalFlags
GlobalGetAtomNameW
CompareStringA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
SetErrorMode
GetAtomNameW
lstrcpyW
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
FindResourceExW
GetCurrentDirectoryW
VerSetConditionMask
VerifyVersionInfoW
GetProfileIntW
SearchPathW
GetDiskFreeSpaceW
ReplaceFileW
GetUserDefaultLCID
LocalLock
LocalUnlock
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
InitializeSListHead

user32

TrackMouseEvent
GetSysColorBrush
ShowOwnedPopups
ReuseDDElParam
UnpackDDElParam
GetMenuBarInfo
IntersectRect
InsertMenuItemW
CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
GetWindowThreadProcessId
SetCursor
ReleaseCapture
SetCapture
WaitMessage
RealChildWindowFromPoint
MapDialogRect
GetAsyncKeyState
MapVirtualKeyW
GetKeyNameTextW
WindowFromPoint
FillRect
GetWindowDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
SystemParametersInfoW
GetMenuItemInfoW
DestroyMenu
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
ScrollWindowEx
IsWindowEnabled
SendDlgItemMessageW
IsDlgButtonChecked
CheckRadioButton
CheckDlgButton
GetDlgItemTextW
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
MoveWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetWindow
GetLastActivePopup
GetSystemMetrics
GetTopWindow
GetClassNameW
GetClassLongW
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenuEx
SetMenu
GetCapture
GetDlgItem
IsIconic
EndDeferWindowPos
LockWindowUpdate
BeginDeferWindowPos
UpdateLayeredWindow
MonitorFromPoint
CopyImage
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
GetClassInfoExW
GetClassInfoW
CallWindowProcW
GetMessageTime
OffsetRect
SetRectEmpty
SendDlgItemMessageA
CharUpperW
ValidateRect
GetActiveWindow
PeekMessageW
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
EnableMenuItem
CheckMenuItem
GetFocus
MsgWaitForMultipleObjectsEx
InsertMenuW
GetMenuState
GetMenuStringW
CopyIcon
DestroyCursor
LoadCursorW
PtInRect
InflateRect
ClientToScreen
RedrawWindow
InvalidateRect
ReleaseDC
GetDC
IsWindow
GetMessagePos
GetIconInfo
DrawIconEx
ScreenToClient
WaitForInputIdle
PostThreadMessageW
DispatchMessageW
TranslateMessage
GetMessageW
FindWindowW
MessageBoxW
RemoveMenu
AppendMenuW
PostQuitMessage
RegisterWindowMessageW
KillTimer
SetTimer
BringWindowToTop
IsWindowVisible
LoadImageW
DestroyIcon
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetDialogBaseUnits
UnionRect
IsRectEmpty
DeleteMenu
SetParent
GetNextDlgGroupItem
DrawFocusRect
MessageBeep
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
GetMenuDefaultItem
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClassLongW
SetWindowRgn
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
DrawStateW
DrawEdge
GetParent
GetSysColor
GetCursorPos
GetWindowRect
GetClientRect
GetWindowTextLengthW
GetWindowTextW
EndPaint
BeginPaint
SetForegroundWindow
SetMenuDefaultItem
TrackPopupMenu
ModifyMenuW
GetMenuItemCount
GetMenuItemID
GetSubMenu
GetSystemMenu
GetMenu
LoadMenuW
GetKeyboardLayout
IsCharLowerW
MapVirtualKeyExW
ToUnicodeEx
DrawFrameControl
IsZoomed
SetCursorPos
FrameRect
SetRect
DrawIcon
GetComboBoxInfo
GetDCEx
UnregisterClassW
PostMessageW
DefWindowProcW
RegisterClassW
CreateWindowExW
DestroyWindow
ShowWindow
CloseWindow
UpdateWindow
GetWindowLongW
SetWindowLongW
GetDesktopWindow
FindWindowExW
SendMessageW
SetWindowPos
EnableWindow
wvsprintfW
wsprintfW
GetDlgCtrlID
SetFocus
GetKeyState
GetTabbedTextExtentW
GetWindowRgn
WindowFromDC
CreateMenu
InSendMessage
SendNotifyMessageW
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
EnumChildWindows
GetUpdateRect
IsClipboardFormatAvailable
CharUpperBuffW
RegisterClipboardFormatW
GetDoubleClickTime
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
DeferWindowPos
GetKeyboardState

gdi32

GetTextFaceW
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetBkMode
GetROP2
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
DeleteMetaFile
CreateMetaFileW
CloseMetaFile
GetViewportOrgEx
GetWindowOrgEx
SetPixelV
SetPaletteEntries
ExtFloodFill
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
RoundRect
GetCurrentObject
OffsetRgn
GetRgnBox
Rectangle
LPtoDP
CreateRoundRectRgn
Polyline
Polygon
CreatePolygonRgn
GetTextColor
Ellipse
CreateEllipticRgn
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
GetDIBits
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
GetBkColor
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
StretchDIBits
GetCharWidthW
CreateFontW
EnumFontFamiliesExW
DPtoLP
SetRectRgn
GetMapMode
CombineRgn
GetTextMetricsW
CreateCompatibleBitmap
PatBlt
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
PolylineTo
PolyBezierTo
TextOutW
MoveToEx
ExtCreatePen
SetArcDirection
SelectClipPath
PolyDraw
ArcTo
StartDocW
SetColorAdjustment
ModifyWorldTransform
SetWorldTransform
EnumMetaFile
PlayMetaFileRecord
SetTextJustification
SetTextAlign
SetTextCharacterExtra
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetGraphicsMode
SetMapperFlags
SelectPalette
SelectObject
ExtSelectClipRgn
SelectClipRgn
RectVisible
PtVisible
PlayMetaFile
OffsetClipRgn
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetPixel
GetObjectType
GetCurrentPositionEx
GetClipRgn
GetClipBox
ExcludeClipRect
Escape
DeleteObject
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
CreateDIBPatternBrushPt
ExtTextOutW
CreateCompatibleDC
BitBlt
SetTextColor
SetBkColor
CreateBitmap
CopyMetaFileW
GetTextExtentPoint32W
GetStockObject
CreateSolidBrush
CreateFontIndirectW
ExtEscape
GetObjectW
SaveDC
RestoreDC
SetBkMode
GetDeviceCaps
DeleteDC
CreateDCW

msimg32

AlphaBlend
TransparentBlt

winspool.drv

DeviceCapabilitiesW
DeletePrinterDataW
EndDocPrinter
WritePrinter
SetPrinterDataW
GetPrinterDriverW
GetJobW
SetJobW
DocumentPropertiesW
FindClosePrinterChangeNotification
ClosePrinter
FreePrinterNotifyInfo
FindNextPrinterChangeNotification
FindFirstPrinterChangeNotification
GetPrinterW
StartDocPrinterW
SetPrinterW
OpenPrinterW
EnumPrintersW

advapi32

SystemFunction036
SetFileSecurityW
GetFileSecurityW
RegEnumKeyW
RegSetValueW
LsaNtStatusToWinError
RevertToSelf
ImpersonateLoggedOnUser
DuplicateTokenEx
AllocateLocallyUniqueId
RegQueryValueW
AllocateAndInitializeSid
RegDeleteKeyW
FreeSid
ReportEventW
RegisterEventSourceW
DeregisterEventSource
OpenServiceW
OpenSCManagerW
CloseServiceHandle
ConvertStringSidToSidW
LookupAccountNameW
LookupAccountSidW
IsValidSid
GetTokenInformation
GetLengthSid
EqualSid
CopySid
RegSetValueExW
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegEnumKeyExW
RegCreateKeyExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenThreadToken
OpenProcessToken
RegDeleteValueW
RegCloseKey

shell32

SHAppBarMessage
SHBrowseForFolderW
FindExecutableW
ShellExecuteExW
ShellExecuteW
SHGetFileInfoW
DragQueryFileW
DragFinish
SHAddToRecentDocs
ExtractIconW
SHGetSpecialFolderLocation
SHGetDesktopFolder
SHGetMalloc
SHGetPathFromIDListW

shlwapi

PathIsUNCW
PathStripToRootW
PathFindExtensionW
PathFindFileNameW
PathRemoveExtensionW
StrFormatKBSizeW
PathRemoveFileSpecW

uxtheme

IsAppThemed
GetThemeSysColor
GetWindowTheme
GetThemePartSize
GetCurrentThemeName
GetThemeColor
CloseThemeData
OpenThemeData
DrawThemeParentBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeBackground
DrawThemeText

ole32

WriteFmtUserTypeStg
WriteClassStg
ReadClassStg
CreateBindCtx
CoTreatAsClass
StringFromCLSID
ReadFmtUserTypeStg
OleDuplicateData
GetHGlobalFromILockBytes
OleRun
ReleaseStgMedium
OleRegGetUserType
SetConvertStg
CoCreateGuid
CoCreateInstance
CoInitialize
StringFromGUID2
CoDisconnectObject
CLSIDFromString
OleSetClipboard
OleFlushClipboard
OleIsCurrentClipboard
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
PropVariantCopy
OleSetMenuDescriptor
OleLockRunning
StgCreateDocfile
StgOpenStorage
OleSaveToStream
OleLoadFromStream
WriteClassStm
CoGetMalloc
GetHGlobalFromStream
CreateStreamOnHGlobal
CoTaskMemFree
CoTaskMemAlloc
StgOpenStorageOnILockBytes
StgIsStorageFile
CoInitializeEx
CoUninitialize
CreateFileMoniker
CreateILockBytesOnHGlobal
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleRegGetMiscStatus
OleRegEnumVerbs
StgCreateDocfileOnILockBytes
CreateGenericComposite
CreateItemMoniker
OleCreate
OleCreateFromData
OleCreateLinkFromData
OleCreateStaticFromData
OleCreateLinkToFile
OleCreateFromFile
OleLoad
OleSave
OleSetContainedObject
CLSIDFromProgID
CoRegisterMessageFilter
CoRevokeClassObject
CoRegisterClassObject
CoGetClassObject
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
OleQueryCreateFromData
OleQueryLinkFromData
OleIsRunning
GetRunningObjectTable
CreateOleAdviseHolder
CreateDataAdviseHolder
OleGetIconOfClass

oleaut32

SafeArrayCreate
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElement
SafeArrayPutElement
SafeArrayCopy
SafeArrayGetVartype
VariantCopy
VariantChangeType
VarCmp
SysAllocStringLen
LoadTypeLi
LoadRegTypeLi
RegisterTypeLi
SysReAllocStringLen
VariantTimeToSystemTime
SafeArrayAllocDescriptor
SafeArrayAllocData
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayGetElemsize
SafeArrayLock
SafeArrayUnlock
SafeArrayAccessData
SafeArrayUnaccessData
SafeArrayPtrOfIndex
VarDateFromStr
VarCyFromStr
VarBstrFromCy
VarBstrFromDate
VarBstrFromDec
VarDecFromStr
SystemTimeToVariantTime
SysAllocStringByteLen
VariantClear
SysStringByteLen
VariantInit
SysStringLen
SysFreeString
SysAllocString

oledlg

OleUIBusyW

activeds

ord9

psapi

EnumProcessModules

secur32

LsaDeregisterLogonProcess
LsaFreeReturnBuffer
LsaLookupAuthenticationPackage
LsaRegisterLogonProcess
LsaLogonUser

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromFile
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipDrawImageRectI
GdipAlloc
GdiplusShutdown

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmGetContext
ImmReleaseContext
ImmGetOpenStatus

winmm

PlaySoundW

Exports

Exports

CleanDLL
CloseDLL
CloseDLLEx
FilterMsgDLL
FinalizeDLL
GetVersionDLL
InitializeDLL
OpenDLL
OpenDLLEx
ReceiveDLL
ReceiveDLLEx
SendDLL
SendDLLEx
TPCSetup
TPCSetupW

Sections

.text
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 894KB - Virtual size: 894KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 49KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 1024B - Virtual size: 777B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 264KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 238KB - Virtual size: 238KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TPClntdeu.dll.DD54F5AC_00A0_4160_B070_AB2769A46242
.dll windows:6 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

42:3a:53:38:44:29:51:5d:8a:f1:e4:a8:eb:7c:33:cb:20:b1:f7:cc:c9:8e:98:cf:fd:0f:b9:1f:97:e5:3a:87
Signer

Actual PE Digest

42:3a:53:38:44:29:51:5d:8a:f1:e4:a8:eb:7c:33:cb:20:b1:f7:cc:c9:8e:98:cf:fd:0f:b9:1f:97:e5:3a:87

Digest Algorithm

sha256

PE Digest Matches

true

2b:b7:a6:ff:c4:05:a8:a6:0b:b1:a7:c2:55:f4:b9:8d:02:e9:d9:e1
Signer

Actual PE Digest

2b:b7:a6:ff:c4:05:a8:a6:0b:b1:a7:c2:55:f4:b9:8d:02:e9:d9:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

W:\StarTeam\9D8F3BCF-D1DC-40ED-8021-54C772E8A1AE\Win32\Release\x86\VMware\TPClntdeu.pdb

Sections

.text
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 121KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TPClntjpn.dll.DD54F5AC_00A0_4160_B070_AB2769A46242
.dll windows:6 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c1:14:99:9d:3e:31:86:1d:b5:30:39:81:8d:78:c2:56:13:19:b1:bb:cc:43:d0:4f:5a:23:7e:c4:fc:a2:af:d1
Signer

Actual PE Digest

c1:14:99:9d:3e:31:86:1d:b5:30:39:81:8d:78:c2:56:13:19:b1:bb:cc:43:d0:4f:5a:23:7e:c4:fc:a2:af:d1

Digest Algorithm

sha256

PE Digest Matches

true

af:c2:2a:d1:e1:29:a2:55:d0:58:9b:55:80:58:13:6c:f2:5d:f1:21
Signer

Actual PE Digest

af:c2:2a:d1:e1:29:a2:55:d0:58:9b:55:80:58:13:6c:f2:5d:f1:21

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

W:\StarTeam\9D8F3BCF-D1DC-40ED-8021-54C772E8A1AE\Win32\Release\x86\VMware\TPClntjpn.pdb

Sections

.text
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TPClntloc.dll.DD54F5AC_00A0_4160_B070_AB2769A46242
.dll windows:6 windows x86 arch:x86

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a5:61:23:f5:bb:fc:2f:70:c9:20:ae:96:73:07:78:a8:42:56:78:cf:3f:87:fc:91:00:cd:cf:bc:22:0d:2f:08
Signer

Actual PE Digest

a5:61:23:f5:bb:fc:2f:70:c9:20:ae:96:73:07:78:a8:42:56:78:cf:3f:87:fc:91:00:cd:cf:bc:22:0d:2f:08

Digest Algorithm

sha256

PE Digest Matches

true

ed:e5:27:dc:94:30:0f:6e:3c:62:23:5c:ff:df:9b:ca:7a:b4:89:03
Signer

Actual PE Digest

ed:e5:27:dc:94:30:0f:6e:3c:62:23:5c:ff:df:9b:ca:7a:b4:89:03

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

W:\StarTeam\9D8F3BCF-D1DC-40ED-8021-54C772E8A1AE\Win32\Release\x86\VMware\TPClntloc.pdb

Sections

.text
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
TPViewjpn.dll.DD54F5AC_00A0_4160_B070_AB2769A46242
.dll windows:5 windows x86 arch:x86

4e1b61525e1e60b23ce7bc7bc455b974

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b9:d9:4b:db:15:1d:13:46:90:31:fb:82:0a:bd:7f:7d:a6:84:83:2d:8a:3e:f8:9b:5d:96:46:a5:a4:0a:ed:91
Signer

Actual PE Digest

b9:d9:4b:db:15:1d:13:46:90:31:fb:82:0a:bd:7f:7d:a6:84:83:2d:8a:3e:f8:9b:5d:96:46:a5:a4:0a:ed:91

Digest Algorithm

sha256

PE Digest Matches

true

4c:5b:54:8c:f0:d3:a9:a4:c7:2b:cd:0a:3b:d4:47:31:64:c0:80:94
Signer

Actual PE Digest

4c:5b:54:8c:f0:d3:a9:a4:c7:2b:cd:0a:3b:d4:47:31:64:c0:80:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 390KB - Virtual size: 390KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tppcoipw32.dll.DD54F5AC_00A0_4160_B070_AB2769A46242
.dll windows:5 windows x86 arch:x86

efc92f87d3c85783696fa2705332f223

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:d1:15:f8:87:6b:8c:6e:44:35:9d:a5:a2:dd:3d:33:6e:48:41:41:40:55:6b:07:11:cf:9b:83:aa:d2:25:65
Signer

Actual PE Digest

51:d1:15:f8:87:6b:8c:6e:44:35:9d:a5:a2:dd:3d:33:6e:48:41:41:40:55:6b:07:11:cf:9b:83:aa:d2:25:65

Digest Algorithm

sha256

PE Digest Matches

true

cd:a9:a3:a9:32:40:c6:23:82:7d:b7:93:14:1f:53:1e:4e:93:16:1f
Signer

Actual PE Digest

cd:a9:a3:a9:32:40:c6:23:82:7d:b7:93:14:1f:53:1e:4e:93:16:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

vdp_rdpvcbridge

VDP_FreeMemory
VDP_QuerySessionInformationW
VDP_VirtualChannelQuery
VDP_VirtualChannelClose
VDP_VirtualChannelOpen
VDP_IsViewSession

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

ws2_32

InetNtopW
WSAGetLastError
InetPtonW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GlobalFree
CloseHandle
GlobalAlloc
GetCurrentProcess
FreeLibrary
LoadLibraryW
GetProcAddress
GetCurrentThread
WideCharToMultiByte
DuplicateHandle
GetModuleFileNameW
ReleaseMutex
CreateEventW
CreateMutexW
OpenMutexW
SetEvent
ReadFile
ResetEvent
GetOverlappedResult
WaitForSingleObject
GetTickCount
Sleep
CancelIo
WriteFile
MultiByteToWideChar
GetCurrentThreadId
GetModuleHandleW
HeapAlloc
HeapFree
DecodePointer
GetCommandLineA
IsProcessorFeaturePresent
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
ExitProcess
GetStdHandle
HeapDestroy
EncodePointer
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LCMapStringW
SetEnvironmentVariableA
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
SetFilePointer
GetConsoleCP
GetConsoleMode
HeapReAlloc
HeapSize
SetStdHandle
WriteConsoleW
CreateFileW
FlushFileBuffers
OutputDebugStringW
GetFileSize
DeleteFileW
GetLocalTime
GetProcessHeap
LocalAlloc
GetVersionExW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
CreateFileMappingW
LocalFree
OpenFileMappingW
MapViewOfFile
SetLastError
GetLastError
UnmapViewOfFile
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileExW
RaiseException
GetFullPathNameW
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryW
SetEndOfFile
GetTimeZoneInformation
CompareStringW
HeapCreate
SetHandleCount

user32

LoadStringW
wvsprintfW
wsprintfW

advapi32

DeregisterEventSource
GetLengthSid
CopySid
RegOpenKeyExW
IsValidSid
OpenThreadToken
OpenProcessToken
GetTokenInformation
InitializeAcl
AddAccessAllowedAce
GetAce
LookupAccountSidW
AllocateAndInitializeSid
EqualSid
FreeSid
RegQueryValueExW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
ReportEventW
RegisterEventSourceW
GetSidLengthRequired

Exports

Exports

DllEntryPoint
DllMain
GetDllVersion
VirtualChannelClientMachine2
VirtualChannelClose
VirtualChannelClose2
VirtualChannelFreeMemory
VirtualChannelOpen
VirtualChannelOpen2
VirtualChannelOpen3
VirtualChannelOpenBySessionId2
VirtualChannelOpenBySessionId3
VirtualChannelPurgeInput
VirtualChannelPurgeInput2
VirtualChannelPurgeOutput
VirtualChannelPurgeOutput2
VirtualChannelQuerySessionInformation
VirtualChannelRead
VirtualChannelRead2
VirtualChannelWrite
VirtualChannelWrite2
VirtualChannelWrite3

Sections

.text
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpprintticket.dll.DD54F5AC_00A0_4160_B070_AB2769A46242
.dll windows:5 windows x86 arch:x86

b1ef5315be487f2c21eade374734763b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a7:d1:82:a9:25:b5:d4:2c:94:96:70:e9:83:9f:51:c2:5f:1f:a5:8d:8c:f0:89:1f:81:ca:45:3a:ac:2c:d8:c5
Signer

Actual PE Digest

a7:d1:82:a9:25:b5:d4:2c:94:96:70:e9:83:9f:51:c2:5f:1f:a5:8d:8c:f0:89:1f:81:ca:45:3a:ac:2c:d8:c5

Digest Algorithm

sha256

PE Digest Matches

true

02:81:42:a9:51:36:4b:36:76:92:c4:37:87:5f:50:79:c6:bb:5f:33
Signer

Actual PE Digest

02:81:42:a9:51:36:4b:36:76:92:c4:37:87:5f:50:79:c6:bb:5f:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
WriteFile
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
HeapSize

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tprdpw32.dll.DD54F5AC_00A0_4160_B070_AB2769A46242
.dll windows:6 windows x86 arch:x86

7531b4de50e58f0319ba3aa99600c517

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

13:e2:cd:bc:c6:fa:f9:80:2c:2d:c5:1c:44:72:e6:3b:fd:e1:e9:df:df:41:6c:26:fb:2a:c4:20:62:48:63:15
Signer

Actual PE Digest

13:e2:cd:bc:c6:fa:f9:80:2c:2d:c5:1c:44:72:e6:3b:fd:e1:e9:df:df:41:6c:26:fb:2a:c4:20:62:48:63:15

Digest Algorithm

sha256

PE Digest Matches

true

cd:ec:51:6c:d3:05:fc:d2:99:89:02:08:2f:7f:f2:e2:73:9b:6a:22
Signer

Actual PE Digest

cd:ec:51:6c:d3:05:fc:d2:99:89:02:08:2f:7f:f2:e2:73:9b:6a:22

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

wtsapi32

WTSVirtualChannelQuery
WTSVirtualChannelClose
WTSVirtualChannelOpen
WTSEnumerateSessionsW
WTSFreeMemory
WTSQuerySessionInformationW

ws2_32

InetPtonW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

WideCharToMultiByte
ReadFile
WriteFile
GetOverlappedResult
CancelIo
SetEvent
ResetEvent
ReleaseMutex
WaitForSingleObject
CreateMutexW
OpenMutexW
CreateEventW
Sleep
GetCurrentThreadId
GetTickCount
GetModuleFileNameW
MultiByteToWideChar
HeapFree
HeapAlloc
IsDebuggerPresent
IsProcessorFeaturePresent
GetCommandLineA
EncodePointer
DecodePointer
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetStdHandle
RaiseException
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
LoadLibraryW
TlsFree
GetStartupInfoW
GetModuleHandleW
GetFileType
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
SetEnvironmentVariableA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
CompareStringW
LCMapStringW
LoadLibraryExW
OutputDebugStringW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
HeapReAlloc
HeapSize
SetStdHandle
WriteConsoleW
FlushFileBuffers
CreateFileW
ReadConsoleW
GetFileSize
DeleteFileW
SetFilePointer
GetLocalTime
FindFirstFileExW
FindClose
LocalAlloc
GlobalFree
GlobalAlloc
GetProcAddress
FreeLibrary
GetVersionExW
GetCurrentThread
GetCurrentProcess
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
DuplicateHandle
CloseHandle
LocalFree
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
SetLastError
GetLastError
GetDriveTypeW
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameW
GetCurrentDirectoryW
GetTimeZoneInformation
SetEndOfFile
TlsSetValue
GetSystemTimeAsFileTime

user32

wsprintfW
wvsprintfW
LoadStringW

advapi32

AddAccessAllowedAce
GetAce
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupAccountSidW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
IsValidSid
GetTokenInformation
GetSidLengthRequired
GetLengthSid
FreeSid
EqualSid
CopySid
AllocateAndInitializeSid
OpenThreadToken
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
InitializeAcl

Exports

Exports

DllEntryPoint
DllMain
GetDllVersion
VirtualChannelClientMachine
VirtualChannelClientMachine2
VirtualChannelClose
VirtualChannelClose2
VirtualChannelFreeMemory
VirtualChannelOpen
VirtualChannelOpen2
VirtualChannelOpen3
VirtualChannelOpenBySessionId2
VirtualChannelOpenBySessionId3
VirtualChannelPurgeInput
VirtualChannelPurgeInput2
VirtualChannelPurgeOutput
VirtualChannelPurgeOutput2
VirtualChannelQuerySessionInformation
VirtualChannelRead
VirtualChannelRead2
VirtualChannelWrite
VirtualChannelWrite2
VirtualChannelWrite3

Sections

.text
Size: 127KB - Virtual size: 126KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpview.dll.DD54F5AC_00A0_4160_B070_AB2769A46242
.dll regsvr32 windows:5 windows x86 arch:x86

1140b7bb2748970eaf3f1025e122efec

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ec:71:9f:2f:6e:32:9a:69:a6:58:88:d9:fe:fe:d8:7d:38:d9:27:bc:f2:3c:d7:35:db:c2:2c:ed:6f:59:13:9a
Signer

Actual PE Digest

ec:71:9f:2f:6e:32:9a:69:a6:58:88:d9:fe:fe:d8:7d:38:d9:27:bc:f2:3c:d7:35:db:c2:2c:ed:6f:59:13:9a

Digest Algorithm

sha256

PE Digest Matches

true

1f:84:3f:2e:b1:ca:1c:3e:04:ed:35:56:67:d4:b4:a9:58:95:6c:e6
Signer

Actual PE Digest

1f:84:3f:2e:b1:ca:1c:3e:04:ed:35:56:67:d4:b4:a9:58:95:6c:e6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

LocalFree
SizeofResource
LockResource
LoadResource
FindResourceW
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
GetModuleHandleW
lstrlenW
lstrcmpiW
RaiseException
MultiByteToWideChar
LoadLibraryExW
GetModuleFileNameW
InterlockedDecrement
InterlockedIncrement
FindFirstFileW
CompareFileTime
FindNextFileW
FindClose
GetTempPathW
GetCurrentThreadId
SetLastError
GetFileAttributesW
GetFullPathNameW
DeleteFileW
CloseHandle
CreateEventW
ResumeThread
SetEnvironmentVariableA
GetProcessHeap
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetTimeZoneInformation
QueryPerformanceCounter
FreeEnvironmentStringsW
GetModuleFileNameA
GetConsoleMode
GetConsoleCP
GetStartupInfoW
SetHandleCount
LCMapStringW
IsProcessorFeaturePresent
GetProcAddress
IsValidCodePage
GetOEMCP
GetACP
HeapDestroy
HeapCreate
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
HeapQueryInformation
HeapSize
GetCPInfo
VirtualAlloc
ExitProcess
GetFileType
SetStdHandle
RtlUnwind
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
DecodePointer
EncodePointer
HeapAlloc
HeapFree
VirtualProtect
SearchPathW
GetProfileIntW
GetNumberFormatW
GetWindowsDirectoryW
GlobalFlags
lstrcpyW
GetSystemDirectoryW
GetCurrentDirectoryW
SetErrorMode
LocalReAlloc
GlobalHandle
GlobalReAlloc
GetFileSizeEx
SetEvent
GetExitCodeThread
CreateFileW
GetFileSize
ReadFile
GetCurrentThread
LocalFileTimeToFileTime
FileTimeToLocalFileTime
GetTempFileNameW
WriteFile
MoveFileExW
CreateDirectoryW
LoadLibraryW
GetLastError
FreeLibrary
GetStringTypeW
GetFileAttributesExW
GlobalGetAtomNameW
SetEndOfFile
GetVolumeInformationW
FlushFileBuffers
LocalAlloc
UnlockFile
LockFile
MoveFileW
GetDiskFreeSpaceW
GetFileTime
SetFileTime
ReplaceFileW
FreeResource
GlobalFindAtomW
CompareStringW
GlobalAddAtomW
GetPrivateProfileStringW
WritePrivateProfileStringW
SetThreadPriority
ReleaseActCtx
CreateActCtxW
lstrcmpA
GlobalDeleteAtom
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
ActivateActCtx
GetExitCodeProcess
DeactivateActCtx
lstrcmpW
MulDiv
OpenFileMappingW
lstrlenA
SystemTimeToFileTime
FileTimeToSystemTime
FindResourceExW
GetUserDefaultLCID
ConvertDefaultLocale
GetEnvironmentStringsW
GetLocaleInfoW
TlsAlloc
CreateMutexW
CreateThread
TlsSetValue
GetThreadContext
SetThreadContext
TerminateThread
VirtualQuery
VirtualFree
DuplicateHandle
TlsFree
SuspendThread
WaitForMultipleObjects
Sleep
WaitForSingleObject
ExitThread
TlsGetValue
GetFileInformationByHandle
GetLocalTime
OutputDebugStringW
SetFilePointer
GetSystemInfo
GetCurrentProcess
GetOverlappedResult
ResetEvent
OpenMutexW
ReleaseMutex
CopyFileW
FormatMessageW
GetCurrentProcessId
GetTickCount
GetThreadTimes
InitializeCriticalSection
WideCharToMultiByte
GlobalSize
MapViewOfFile
CreateFileMappingW
UnmapViewOfFile
GetVersionExW
GetPrivateProfileIntW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetComputerNameW
InterlockedCompareExchange
OpenProcess
InterlockedExchange
GetStdHandle
ConnectNamedPipe
CreateProcessW
CreateNamedPipeW
TerminateProcess

user32

RegisterClipboardFormatW
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
GetMenuDefaultItem
WaitMessage
IsClipboardFormatAvailable
LockWindowUpdate
CreateAcceleratorTableW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFocusRect
DrawFrameControl
DrawEdge
DrawIconEx
DrawStateW
SetClassLongW
GetAsyncKeyState
NotifyWinEvent
DestroyAcceleratorTable
MessageBeep
GetNextDlgGroupItem
UnionRect
GetSystemMenu
MapVirtualKeyW
GetKeyNameTextW
CopyImage
GetTabbedTextExtentW
CreateMenu
CopyAcceleratorTableW
SetParent
RealChildWindowFromPoint
SetLayeredWindowAttributes
EnumDisplayMonitors
DeleteMenu
GetSysColorBrush
WindowFromPoint
IsZoomed
UnpackDDElParam
ReuseDDElParam
DestroyIcon
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
IntersectRect
BringWindowToTop
TranslateAcceleratorW
CharUpperW
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMenuItemInfoW
SetRectEmpty
RegisterWindowMessageW
LoadIconW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
GetClassNameW
SetPropW
GetPropW
RemovePropW
GetForegroundWindow
SetActiveWindow
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos
RedrawWindow
GetClassInfoExW
GetClassInfoW
EqualRect
DefFrameProcW
GetScrollInfo
SetScrollInfo
CallWindowProcW
DestroyCursor
IsChild
ReleaseCapture
PtInRect
SetCapture
KillTimer
SetTimer
GetWindowRect
SetWindowRgn
DrawIcon
AdjustWindowRectEx
IsRectEmpty
GetSysColor
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
MapDialogRect
ClientToScreen
ScreenToClient
GetWindowTextLengthW
SetFocus
MoveWindow
GetDlgCtrlID
IsWindow
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
CheckDlgButton
GetWindowThreadProcessId
GetLastActivePopup
IsWindowEnabled
ShowOwnedPopups
GetMessageW
GetActiveWindow
IsWindowVisible
ValidateRect
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
LoadBitmapW
GetFocus
ModifyMenuW
CheckMenuItem
PostQuitMessage
GetMenuState
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
RemoveMenu
PeekMessageW
TranslateMessage
DispatchMessageW
CloseWindowStation
SetProcessWindowStation
GetProcessWindowStation
OpenWindowStationW
SetUserObjectSecurity
GetUserObjectSecurity
CloseDesktop
OpenDesktopW
LoadImageW
GetMenu
FillRect
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
UnhookWindowsHookEx
SetWindowsHookExW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
MonitorFromPoint
UpdateLayeredWindow
IsMenu
SetMenuDefaultItem
GetUpdateRect
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
CopyIcon
CharUpperBuffW
GetDoubleClickTime
GetDlgItem
CallNextHookEx
GetWindowTextW
EnumThreadWindows
MessageBoxW
CloseWindow
EnableWindow
SetForegroundWindow
SetWindowPlacement
SetWindowPos
IsCharLowerW
MapVirtualKeyExW
SubtractRect
GetWindowRgn
DeferWindowPos
GetDC
ShowWindow
GetWindowPlacement
GetKeyState
SetCursorPos
GetSystemMetrics
EnableMenuItem
GetSubMenu
LoadMenuW
UpdateWindow
SetCursor
FrameRect
OffsetRect
InflateRect
ShowScrollBar
GetClientRect
IsIconic
InvalidateRect
SetRect
CopyRect
SystemParametersInfoW
LoadCursorW
DestroyMenu
GetCursorPos
DestroyWindow
DefWindowProcW
GetWindowLongW
SetWindowLongW
UnregisterClassW
CreateWindowExW
RegisterClassW
PostMessageW
GetParent
GetDesktopWindow
GetWindow
SendMessageW
PostThreadMessageW
CharNextW

gdi32

SetAbortProc
GetViewportOrgEx
Rectangle
PatBlt
CreateCompatibleBitmap
GetTextExtentPoint32W
GetCharWidthW
CreateFontW
StretchDIBits
GetBkColor
CreateDIBitmap
CreateRectRgnIndirect
EnumFontFamiliesW
GetTextCharsetInfo
SetRectRgn
CombineRgn
GetNearestColor
GetBkMode
GetPolyFillMode
GetROP2
GetStretchBltMode
GetTextColor
GetTextAlign
GetWindowOrgEx
Ellipse
CreateRoundRectRgn
CreatePolygonRgn
Polyline
Polygon
GetPaletteEntries
GetNearestPaletteIndex
GetSystemPaletteEntries
OffsetRgn
SetDIBColorTable
SetPixel
EnumFontFamiliesExW
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
LPtoDP
CreateEllipticRgn
CreateSolidBrush
CreateHatchBrush
CreatePen
GetObjectType
SelectPalette
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetPixel
BitBlt
GetWindowExtEx
GetViewportExtEx
GetObjectW
CreateRectRgn
SelectClipRgn
SetLayout
GetLayout
AddFontResourceW
GetDeviceCaps
EndPage
EndDoc
SetGraphicsMode
SetWorldTransform
CreateDCW
ResetDCW
StartDocW
StartPage
AbortDoc
DeleteDC
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
DeleteObject
DeleteEnhMetaFile
GetEnhMetaFileW
RealizePalette
CreateCompatibleDC
CreateDIBSection
SelectObject
GetStockObject
EnumEnhMetaFile
SetStretchBltMode
SetBrushOrgEx
StretchBlt
GetCurrentPositionEx
ModifyWorldTransform
MoveToEx
SetMapMode
GetWorldTransform
GetTextFaceW
PlayEnhMetaFileRecord
ExtTextOutA
GetFontData
LineTo
DPtoLP
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFilePaletteEntries
CreatePalette
CreateFontIndirectW
GetTextMetricsW
CopyMetaFileW
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
RemoveFontResourceW
SetROP2
SetTextColor
GetClipBox
ExcludeClipRect
IntersectClipRect
GetRgnBox
SetTextAlign

msimg32

AlphaBlend
TransparentBlt

comdlg32

CommDlgExtendedError
GetSaveFileNameW
GetFileTitleW

winspool.drv

StartDocPrinterW
SetJobW
WritePrinter
GetJobW
DocumentPropertiesW
GetPrinterW
DeviceCapabilitiesW
OpenPrinterW
EndDocPrinter
GetPrinterDriverW
XcvDataW
ClosePrinter

advapi32

RegCloseKey
RegOpenKeyExW
RegDeleteKeyW
RegQueryInfoKeyW
RegEnumKeyExW
RegSetValueExW
RegCreateKeyExW
RegQueryValueW
RegEnumKeyW
SetServiceStatus
SetSecurityDescriptorSacl
SetSecurityDescriptorControl
SetSecurityDescriptorRMControl
IsValidAcl
RegOpenKeyW
FreeSid
AllocateAndInitializeSid
CopySid
OpenProcessToken
EqualSid
AddAccessAllowedAceEx
IsValidSid
DeregisterEventSource
ReportEventW
RegisterEventSourceW
LookupAccountSidW
CreateProcessAsUserW
MakeSelfRelativeSD
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetEntriesInAclW
SetFileSecurityW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAce
GetAce
AddAccessAllowedAce
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
GetFileSecurityW
DuplicateTokenEx
OpenThreadToken
RegEnumValueW
RevertToSelf
ImpersonateLoggedOnUser
GetTokenInformation
RegQueryValueExW
RegDeleteValueW

shell32

SHAppBarMessage
SHGetFolderPathW
SHGetFileInfoW
DragFinish
DragQueryFileW
SHBrowseForFolderW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
ShellExecuteW

comctl32

ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathRemoveFileSpecW

ole32

OleDuplicateData
ReleaseStgMedium
GetHGlobalFromStream
StringFromGUID2
CoGetCallContext
CoUninitialize
CoInitializeEx
CoCreateGuid
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoLockObjectExternal
CoInitialize
OleTranslateAccelerator
IsAccelerator
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
RevokeDragDrop
RegisterDragDrop
DoDragDrop
OleGetClipboard
CreateStreamOnHGlobal
OleLockRunning

oleaut32

SysFreeString
VarBstrFromDate
LoadTypeLi
RegisterTypeLi
SysAllocString
UnRegisterTypeLi
SysAllocStringByteLen
VariantInit
VariantClear
VariantChangeType
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocStringLen
LoadRegTypeLi
SysStringLen
VarUI4FromStr

ws2_32

WSACleanup
connect
htons
inet_addr
socket
WSAGetLastError
WSAStartup
send
closesocket

gdiplus

GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipCloneImage
GdipDrawImageRectI
GdipSetInterpolationMode
GdipGetImagePalette
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdiplusShutdown
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipGetImageGraphicsContext
GdipCreateFromHDC
GdipDrawImageI

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
TPEMFCloseJob
TPEMFCloseView
TPEMFGetDLLVersion
TPEMFGetLastError
TPEMFIsJobActive
TPEMFJobGetLastError
TPEMFOpenJob
TPEMFWriteData
TPEMFWriteDataAsync
TPFontCleanupW
TPRenderW
TPSetOption_RUNDLLW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 482KB - Virtual size: 482KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 75KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 394KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 234KB - Virtual size: 234KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
tpviewdeu.dll.DD54F5AC_00A0_4160_B070_AB2769A46242
.dll windows:5 windows x86 arch:x86

4e1b61525e1e60b23ce7bc7bc455b974

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

Issuer

CN=thawte Primary Root CA,OU=Certification Services Division+OU=(c) 2006 thawte\, Inc. - For authorized use only,O=thawte\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

Issuer

CN=thawte SHA256 Code Signing CA,O=thawte\, Inc.,C=US

Not Before

03/03/2016, 00:00

Not After

23/09/2016, 23:59

Subject

CN=Cortado AG,OU=Software Development,O=Cortado AG,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12/01/2016, 00:00

Not After

11/04/2027, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

cf:8d:1e:4d:a6:47:db:f2:30:6a:48:18:42:87:63:c1:e7:d3:78:5a:d3:50:55:08:e7:ba:76:ef:39:d2:74:ef
Signer

Actual PE Digest

cf:8d:1e:4d:a6:47:db:f2:30:6a:48:18:42:87:63:c1:e7:d3:78:5a:d3:50:55:08:e7:ba:76:ef:39:d2:74:ef

Digest Algorithm

sha256

PE Digest Matches

true

aa:e0:c1:04:0e:85:66:84:9d:4d:65:2b:15:42:67:e4:65:c4:5f:0f
Signer

Actual PE Digest

aa:e0:c1:04:0e:85:66:84:9d:4d:65:2b:15:42:67:e4:65:c4:5f:0f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent

Sections

.text
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

41c8a0f0bf2d87996f3d625ff78a4efc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20Certificate

Extended Key Usages

Key Usages

3e:bd:bc:de:f1:62:8b:ca:db:4d:15:8f:f8:07:a5:df:1b:f5:39:f3Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 119KB - Virtual size: 118KB

.rdata Size: 35KB - Virtual size: 34KB

.data Size: 8KB - Virtual size: 15KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 10KB - Virtual size: 10KB

134dee528a0689724f82d688d8d343d1

Code Sign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:beCertificate

Extended Key Usages

Key Usages

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5eCertificate

Extended Key Usages

Key Usages

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20Certificate

Extended Key Usages

Key Usages

77:78:63:14:92:09:aa:b0:d8:81:0c:2d:a2:4a:e1:06:07:08:17:abSigner

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: 66KB - Virtual size: 65KB

.rdata Size: 20KB - Virtual size: 19KB

.data Size: 4KB - Virtual size: 13KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

a459108c94581c5ce10581e085bbe3b3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22Certificate

Extended Key Usages

Key Usages

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cbCertificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

3e:bd:bc:de:f1:62:8b:ca:db:4d:15:8f:f8:07:a5:df:1b:f5:39:f3
Signer

.text
Size: 119KB - Virtual size: 118KB

.rdata
Size: 35KB - Virtual size: 34KB

.data
Size: 8KB - Virtual size: 15KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 10KB - Virtual size: 10KB

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

47:97:4d:78:73:a5:bc:ab:0d:2f:b3:70:19:2f:ce:5e
Certificate

42:3f:c8:6a:dc:47:57:ad:fe:37:2d:23:bb:2b:91:20
Certificate

77:78:63:14:92:09:aa:b0:d8:81:0c:2d:a2:4a:e1:06:07:08:17:ab
Signer

.text
Size: 66KB - Virtual size: 65KB

.rdata
Size: 20KB - Virtual size: 19KB

.data
Size: 4KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

28:8a:4a:58:97:1d:1e:40:76:e6:ef:2f:9c:9e:b3:3a:96:8f:da:1f:49:4e:69:b7:95:3c:e5:4f:18:ec:45:cc
Signer

1f:d3:28:c3:3d:75:77:86:ce:cf:6a:31:b8:5a:a7:bd:b7:d2:9a:a1
Signer

.text
Size: 3.6MB - Virtual size: 3.6MB

.rdata
Size: 894KB - Virtual size: 894KB

.data
Size: 49KB - Virtual size: 83KB

.idata
Size: 26KB - Virtual size: 26KB

.tls
Size: 1024B - Virtual size: 777B

.00cfg
Size: 512B - Virtual size: 260B

.rsrc
Size: 264KB - Virtual size: 263KB

.reloc
Size: 238KB - Virtual size: 238KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

71:a0:b7:36:95:dd:b1:af:c2:3b:2b:9a:18:ee:54:cb
Certificate

2b:53:ab:80:25:c4:00:20:8f:5d:e1:10:9f:e7:8d:22
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate