StartAllBack[.]v3[.]7[.]9[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

StartAllBack.v3.7.9.exe
Size

3.4MB
MD5

cfa05e668d40141a0962f8cd63834294
SHA1

8e62d099cd181f3bbe644e3d5a0a264ad2ecce92
SHA256

68de812ffc84aaf4f7a5b3f7b55472f2a525fe43c60e64539a84506fcf386d0e
SHA512

59adde381e178a9f291d5585ac37a4c1789be2d20d94f81290ad66c471964b18369d6f9143caa9915ad27334ce518e39e39a331d174fecd282b4b949bbc85d6a
SSDEEP

98304:2k8H3G0wUxHEfGNH8iYAxvlD5H2Lz8sC2Wn66Hsn4O:2T6pGNH8yxN5Huz7CTO

Score

3^/10

Malware Config

Signatures

Unsigned PE 15 IoCs

Checks for missing Authenticode signature.

resource
StartAllBack.v3.7.9.exe
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PROGRAMFILES/StartIsBack/Orbs/Shamrock.orb
unpack001/$PROGRAMFILES/StartIsBack/Orbs/Windows 7.orb
unpack001/$PROGRAMFILES/StartIsBack/UpdateCheck.exe
unpack001/$PROGRAMFILES64/StartAllBack/Orbs/Shamrock.orb
unpack001/$PROGRAMFILES64/StartAllBack/Orbs/Windows 7.orb
unpack001/$PROGRAMFILES64/StartAllBack/Styles/Plain10.msstyles
unpack001/$PROGRAMFILES64/StartAllBack/Styles/Plain8.msstyles
unpack001/$PROGRAMFILES64/StartAllBack/Styles/Windows 7.msstyles
unpack001/$PROGRAMFILES64/StartAllBack/UpdateCheck.exe
unpack001/$TEMP/STARTISBACK/Orbs/Windows 7.orb
unpack001/$TEMP/STARTISBACK/Styles/Plain8.msstyles
unpack001/$TEMP/STARTISBACK/Styles/Windows 7.msstyles
unpack001/$TEMP/STARTISBACK/UpdateCheck.exe

Files

StartAllBack.v3.7.9.exe
.exe windows:4 windows x86 arch:x86

9dda1a1d1f8a1d13ae0297b47046b26e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
CreatePopupMenu
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CharPrevW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
CharNextA
wsprintfA
DispatchMessageW
CreateWindowExW
PeekMessageW
GetSystemMetrics

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

RemoveDirectoryW
lstrcmpiA
GetTempFileNameW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
WriteFile
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
CreateFileW
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
CopyFileW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 392KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 624KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

68b7023f8923dd087549802f8fa631c3

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

SetSecurityDescriptorDacl
InitializeSecurityDescriptor
IsTextUnicode

user32

CharNextExA
CharNextW
CharPrevW
FindWindowExW
wsprintfW
SendMessageW

kernel32

GetCommandLineW
lstrcpynW
ExitProcess
GetCurrentProcess
GetModuleHandleA
GetProcAddress
Sleep
TerminateProcess
GlobalReAlloc
MultiByteToWideChar
IsDBCSLeadByteEx
ReadFile
PeekNamedPipe
GetExitCodeProcess
WaitForSingleObject
GetTickCount
lstrcpyW
CreateProcessW
GetStartupInfoW
CreatePipe
GetVersion
DeleteFileW
lstrcmpiW
lstrlenW
lstrcatW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES/StartIsBack/Orbs/Shamrock.orb
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 294KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES/StartIsBack/Orbs/StartIsBack_Ei8htOrb_v2_by_PainteR.bmp
$PROGRAMFILES/StartIsBack/Orbs/Windows 7.orb
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 294KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES/StartIsBack/UpdateCheck.exe
.exe windows:5 windows x86 arch:x86

f4bb95a2ed29767e199a8a83e34ea89d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
ExitProcess
GetModuleHandleW
GetStartupInfoW
GetCommandLineW

user32

FindWindowW
PostMessageW

shell32

SHLoadInProc

Sections

.text
Size: 1024B - Virtual size: 742B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/StartAllBack/Orbs/Shamrock.orb
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 294KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/StartAllBack/Orbs/StartIsBack_Ei8htOrb_v2_by_PainteR.bmp
$PROGRAMFILES64/StartAllBack/Orbs/Windows 7.orb
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 294KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/StartAllBack/StartIsBack32.dll
.dll windows:6 windows x86 arch:x86

78814ba3dca5854d429e851b774dd8aa

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08-02-2024 14:45

Not After

10-03-2027 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fc:8d:81:95:80:d2:38:e0:54:13:db:58:fb:cd:1c:c6:10:bb:0b:75:05:d0:a7:0e:70:aa:67:c3:9d:39:ed:a4
Signer

Actual PE Digest

fc:8d:81:95:80:d2:38:e0:54:13:db:58:fb:cd:1c:c6:10:bb:0b:75:05:d0:a7:0e:70:aa:67:c3:9d:39:ed:a4

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\DEVEL\StartIsBackPlusPlus\Release\StartIsBack32.pdb

Imports

shlwapi

ord487
StrCmpNIW
StrCpyNW
StrNCatW
PathParseIconLocationW
PathAddBackslashW
StrStrIW
UrlIsW
PathCreateFromUrlW
PathFindExtensionW
StrCmpNW
SHOpenRegStream2W
ord12
PathRemoveBlanksW
SHGetValueW
StrCmpW
SHCreateStreamOnFileW
PathFindFileNameW
PathFileExistsW
PathRemoveBackslashW
StrToIntW
ord16
PathRemoveFileSpecW
PathAppendW
SHRegGetValueW
SHSetValueW
StrStrW
PathIsRelativeW
ord172
PathIsDirectoryW
PathIsUNCW
ord174
ord256
PathIsFileSpecW
PathStripToRootW
PathIsRootW
ord168
StrCmpIW
PathIsNetworkPathW
ord388
ord184
ord512
ord212
ord513
ord176
ord215
ord158
StrStrIA
StrCSpnA
SHStrDupW

dwmapi

DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmSetWindowAttribute
DwmExtendFrameIntoClientArea

uxtheme

SetWindowTheme
BeginBufferedPaint
EndBufferedPaint
OpenThemeData
GetThemeInt
DrawThemeTextEx
CloseThemeData
GetThemeColor
DrawThemeBackground
DrawThemeParentBackground
BufferedPaintSetAlpha
GetThemeBackgroundContentRect
ord47
GetThemePartSize
GetBufferedPaintTargetDC
GetThemeEnumValue
GetThemeFont
GetThemeBool
GetThemeRect
GetThemeTextExtent
GetThemeMargins
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
GetThemePropertyOrigin
IsThemePartDefined
GetWindowTheme
GetThemeMetric
GetThemeBackgroundExtent

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsDeleteString

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

msvcrt

wcscpy_s
wcscat_s
malloc
free
_vsnwprintf
isspace
_wcsnicmp
isprint
wcstok_s
wcsstr
vswprintf_s
_wcsicmp
??3@YAXPAX@Z
atoi
_unlock
__dllonexit
_lock
_onexit
__CxxFrameHandler3
??1type_info@@UAE@XZ
_XcptFilter
_initterm
_amsg_exit
memmove
_except_handler4_common
wcsncmp
vsprintf_s
??2@YAPAXI@Z
tolower
wcschr
memcpy
memcmp
memset

kernel32

ExitThread
SleepEx
TerminateProcess
IsBadReadPtr
GetUserDefaultLangID
FindResourceW
GlobalLock
GetPrivateProfileStringW
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
CreateMutexW
lstrcatW
lstrcpynW
GetApplicationUserModelId
OpenProcess
GetWindowsDirectoryW
LoadLibraryW
DeleteFileW
MoveFileExW
LocalAlloc
LocalFree
TlsAlloc
TlsGetValue
TlsSetValue
QueueUserWorkItem
CompareStringOrdinal
CompareFileTime
GetTempPathW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
lstrcmpiA
SetUnhandledExceptionFilter
GetCurrentProcessId
ProcessIdToSessionId
FindPackagesByPackageFamily
PackageFamilyNameFromFullName
GetModuleFileNameW
OpenMutexW
GetVersionExW
GlobalUnlock
DisableThreadLibraryCalls
GetModuleHandleExW
RtlCaptureContext
GetUserDefaultUILanguage
GetComputerNameExW
OpenEventW
LoadResource
SizeofResource
DebugBreak
lstrcpynA
InterlockedExchange
InterlockedCompareExchange
QueryPerformanceCounter
UnhandledExceptionFilter
GetLastError
LoadLibraryA
GetPrivateProfileIntW
GlobalAddAtomW
OutputDebugStringA
GetSystemWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
lstrlenW
CreateFileW
DeviceIoControl
CloseHandle
lstrcpyA
lstrlenA
lstrcatA
GetSystemTimeAsFileTime
FileTimeToSystemTime
lstrcpyW
lstrcmpiW
GetUserPreferredUILanguages
MulDiv
VirtualProtect
GetFileAttributesExW
WaitForSingleObject
CreateThread
SetThreadPriority
Sleep
GetTickCount
GetModuleHandleW
GetCurrentThreadId
GetAtomNameW
lstrcmpW
CreateThreadpoolWork
InitializeCriticalSection
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThread
SubmitThreadpoolWork
ExpandEnvironmentStringsW
GetCurrentProcess
CreateProcessW
CreateFileA
GetSystemFirmwareTable
GlobalAlloc
GlobalFree
GetProcAddress
LoadLibraryExW
FreeLibrary
QueueUserAPC
SetEvent
RaiseException
CreateEventW
ParseApplicationUserModelId
GetPackagesByPackageFamily
FindFirstFileW
FindNextFileW
FindClose
MoveFileW
InitOnceExecuteOnce
RegisterWaitForSingleObject
UnregisterWaitEx
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
DeleteTimerQueueTimer
CreateTimerQueueTimer

user32

EndDeferWindowPos
IsWindowVisible
GetWindow
MapWindowPoints
LockSetForegroundWindow
GetFocus
IsWindow
SetFocus
SetLayeredWindowAttributes
PeekMessageW
SystemParametersInfoW
NotifyWinEvent
ShowWindow
GetParent
DispatchMessageW
GetMessagePos
WindowFromPoint
ScreenToClient
ClientToScreen
TrackMouseEvent
GetCapture
GetNextDlgGroupItem
CreatePopupMenu
InsertMenuW
LoadMenuW
GetMenuStringW
GetSubMenu
DestroyMenu
CheckMenuItem
RegisterWindowMessageW
GetClassWord
GetSystemMetrics
BeginDeferWindowPos
PrintWindow
GetAsyncKeyState
SendNotifyMessageW
CallNextHookEx
SetWinEventHook
UnhookWinEvent
SetWindowsHookExW
TrackPopupMenuEx
IsCharAlphaNumericA
RegisterClassExW
DestroyIcon
PostQuitMessage
GetCursorPos
MonitorFromPoint
GetWindowTextW
SetWindowTextW
MsgWaitForMultipleObjectsEx
SetCursor
SetMenuDefaultItem
CreateDialogParamW
GetDlgItemTextW
SetDlgItemTextW
IntersectRect
SendDlgItemMessageW
DrawFocusRect
EndDialog
GetSysColorBrush
GetActiveWindow
SetMenuInfo
GetMenuItemCount
GetMenuItemInfoW
DeleteMenu
SetMenuItemInfoW
TrackPopupMenu
TranslateMessage
GetMenuItemID
GetMenuDefaultItem
GetDC
PtInRect
InvalidateRect
GetMenuState
ExitWindowsEx
GetDoubleClickTime
EnableWindow
WindowFromDC
CallWindowProcW
CharLowerW
SetCapture
ReleaseCapture
DrawTextW
FillRect
IsRectEmpty
EqualRect
ModifyMenuW
EnumDisplayMonitors
DrawEdge
DrawTextExW
LoadImageW
GetRawInputDeviceInfoW
GetRawInputData
RegisterRawInputDevices
GetMessageW
GetRawInputDeviceList
EnumThreadWindows
DrawIconEx
UnionRect
UnregisterClassW
MonitorFromRect
SetForegroundWindow
GetWindowRgnBox
GetLayeredWindowAttributes
IsIconic
GetForegroundWindow
SetRectEmpty
EnumWindows
CheckDlgButton
IsDlgButtonChecked
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
UnhookWindowsHookEx
UnregisterHotKey
RegisterHotKey
AllowSetForegroundWindow
SwitchToThisWindow
SetActiveWindow
RegisterClipboardFormatW
GetMessageExtraInfo
ChildWindowFromPointEx
LookupIconIdFromDirectoryEx
PostThreadMessageW
SetRect
GetMonitorInfoW
RegisterClassW
LoadCursorW
DestroyWindow
SetWindowLongW
GetWindowRgn
UpdateLayeredWindow
GetWindowDC
MonitorFromWindow
IsChild
GetGUIThreadInfo
GetAncestor
DefWindowProcW
RemovePropW
GetWindowLongW
SetWindowPos
SetTimer
FindWindowW
KillTimer
GetShellWindow
CreateWindowExW
GetWindowThreadProcessId
FindWindowExW
DialogBoxParamW
EndPaint
OffsetRect
GetWindowRect
GetWindowInfo
BeginPaint
SetPropW
GetPropW
GetDlgItem
GetComboBoxInfo
GetClassNameW
ReleaseDC
GetDCEx
PostMessageW
SendMessageW
RedrawWindow
EnumChildWindows
GetClientRect
SetWindowRgn
GetSysColor
CreateIconIndirect
GetKeyState
wsprintfW
LoadStringW
wsprintfA
DeferWindowPos
InflateRect

gdi32

GetLayout
GetCharWidth32W
CreateFontW
RestoreDC
ExcludeClipRect
SaveDC
GdiFlush
GetRgnBox
CombineRgn
CreateRectRgnIndirect
GetStockObject
ExtTextOutW
CreateSolidBrush
SetBkColor
SetTextColor
BitBlt
SetLayout
CreateRectRgn
DeleteObject
CreateBitmap
DeleteDC
GdiAlphaBlend
GetObjectW
SelectObject
CreateCompatibleDC
CreateDIBSection
GetTextExtentExPointW
OffsetClipRgn
SelectClipRgn
StretchBlt
GetDeviceCaps
StretchDIBits
OffsetRgn
GetBoundsRect
SetBoundsRect
GetClipBox
GetCurrentObject
GetBkMode
SetBkMode
GetBkColor
GetTextColor
TextOutW
GetTextExtentPointW
SetWindowOrgEx
CreateFontIndirectW

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryInfoKeyW
RegCreateKeyW
RegSetKeyValueW
RegGetValueW
RegDeleteKeyValueW
RegOpenKeyExW
RegEnumKeyW
RegNotifyChangeKeyValue
RegOpenKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
InitiateShutdownW
GetUserNameW
RegQueryValueExA
RegDeleteValueA

shell32

ord155
ord152
ord16
ord18
ord25
ord190
ord256
SHCreateDataObject
SHCreateDefaultContextMenu
AssocCreateForClasses
SHCreateShellItemArrayFromIDLists
SHCreateItemFromParsingName
ord6
SHCreateShellItemArrayFromDataObject
SHAssocEnumHandlers
SHGetKnownFolderPath
ord100
SHBindToObject
ord846
ord27
ord21
ord68
SHGetKnownFolderIDList
Shell_NotifyIconGetRect
ShellExecuteW
SHCreateItemInKnownFolder
SHGetPropertyStoreForWindow
SHGetIDListFromObject
SHCreateItemFromIDList
SHCreateDefaultExtractIcon
SHGetFolderPathW
SHChangeNotify
SHGetNameFromIDList
ord162
SHGetFileInfoW
Shell_GetCachedImageIndexW
SHOpenFolderAndSelectItems
SHGetSpecialFolderPathW
ord193
SHBindToParent
ord22
ord134
ord132
ord23
ord727
ord17
SHGetFolderLocation
SHGetDesktopFolder
ord98
SHParseDisplayName
ord88
ord644
ord645
ord4
ord2
SHGetStockIconInfo
ord62
SHFileOperationW
SHCreateItemWithParent

ole32

CoInitialize
CoUninitialize
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoCreateInstance
RegisterDragDrop
RevokeDragDrop
StringFromGUID2
ReleaseStgMedium
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
CoTaskMemAlloc
CoTaskMemFree
PropVariantClear

Exports

Exports

DllCanUnloadNow
DllGetClassObject
LoadSystemOrb2
PickGlyphDlg
RemoteInit

Sections

.text
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/StartAllBack/StartIsBack64.dll
.dll windows:6 windows x64 arch:x64

67e4e2b125c787546cf433ed504aee08

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08-02-2024 14:45

Not After

10-03-2027 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3f:ad:36:18:69:f6:5f:ae:46:93:33:a7:71:c1:fe:47:de:27:48:4a:35:55:48:46:94:ba:4e:5d:25:67:b8:e5
Signer

Actual PE Digest

3f:ad:36:18:69:f6:5f:ae:46:93:33:a7:71:c1:fe:47:de:27:48:4a:35:55:48:46:94:ba:4e:5d:25:67:b8:e5

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\DEVEL\StartIsBackPlusPlus\Release\StartIsBack64.pdb

Imports

shlwapi

ord487
StrCmpNIW
StrCpyNW
StrNCatW
PathParseIconLocationW
PathAddBackslashW
StrStrIW
UrlIsW
PathCreateFromUrlW
PathFindExtensionW
StrCmpNW
SHOpenRegStream2W
ord12
PathRemoveBlanksW
SHGetValueW
StrCmpW
SHCreateStreamOnFileW
PathFindFileNameW
PathFileExistsW
PathRemoveBackslashW
StrToIntW
ord16
PathRemoveFileSpecW
PathAppendW
SHRegGetValueW
SHSetValueW
StrStrW
PathIsRelativeW
ord172
PathIsDirectoryW
PathIsUNCW
ord174
ord256
PathIsFileSpecW
PathStripToRootW
PathIsRootW
ord168
StrCmpIW
PathIsNetworkPathW
ord388
ord184
ord512
ord212
ord513
ord176
ord215
ord158
StrStrIA
StrCSpnA
SHStrDupW

dwmapi

DwmEnableBlurBehindWindow
DwmGetWindowAttribute
DwmSetWindowAttribute
DwmExtendFrameIntoClientArea

uxtheme

SetWindowTheme
BeginBufferedPaint
EndBufferedPaint
OpenThemeData
GetThemeInt
DrawThemeTextEx
CloseThemeData
GetThemeColor
DrawThemeBackground
DrawThemeParentBackground
BufferedPaintSetAlpha
GetThemeBackgroundContentRect
ord47
GetThemePartSize
GetBufferedPaintTargetDC
GetThemeEnumValue
GetThemeFont
GetThemeBool
GetThemeRect
GetThemeTextExtent
GetThemeMargins
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetThemeBackgroundRegion
GetThemePropertyOrigin
IsThemePartDefined
GetWindowTheme
GetThemeMetric
GetThemeBackgroundExtent

api-ms-win-shcore-scaling-l1-1-1

GetDpiForMonitor

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsDuplicateString
WindowsDeleteString

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError

msvcrt

wcscpy_s
wcscat_s
malloc
free
_vsnwprintf
isspace
_wcsnicmp
isprint
wcstok_s
wcsstr
vswprintf_s
_wcsicmp
??3@YAXPEAX@Z
atoi
__C_specific_handler
_unlock
__dllonexit
_lock
_onexit
__CxxFrameHandler3
??1type_info@@UEAA@XZ
_XcptFilter
_initterm
_amsg_exit
memset
wcsncmp
vsprintf_s
??2@YAPEAX_K@Z
tolower
wcschr
memmove
memcpy
memcmp
strcmp

kernel32

SleepEx
TerminateProcess
IsBadReadPtr
GetUserDefaultLangID
FindResourceW
GetPrivateProfileIntW
ExitThread
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
CreateMutexW
lstrcatW
lstrcpynW
GetApplicationUserModelId
OpenProcess
GetWindowsDirectoryW
LoadLibraryW
DeleteFileW
MoveFileExW
LocalAlloc
LocalFree
TlsAlloc
TlsGetValue
TlsSetValue
QueueUserWorkItem
CompareStringOrdinal
CompareFileTime
GetTempPathW
SetFileAttributesW
GetFileAttributesW
CreateDirectoryW
RemoveDirectoryW
lstrcmpiA
GetCurrentProcessId
ProcessIdToSessionId
FindPackagesByPackageFamily
PackageFamilyNameFromFullName
GetModuleFileNameW
OpenMutexW
GetVersionExW
CreateTimerQueueTimer
GlobalLock
GlobalUnlock
DisableThreadLibraryCalls
GlobalAddAtomW
RtlCaptureContext
GetUserDefaultUILanguage
GetComputerNameExW
OpenEventW
LoadResource
SizeofResource
DebugBreak
lstrcpynA
RtlVirtualUnwind
RtlLookupFunctionEntry
QueryPerformanceCounter
GetLastError
LoadLibraryA
GetPrivateProfileStringW
GetModuleHandleExW
OutputDebugStringA
GetSystemWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
lstrlenW
CreateFileW
DeviceIoControl
CloseHandle
lstrcpyA
lstrlenA
lstrcatA
GetSystemTimeAsFileTime
FileTimeToSystemTime
lstrcpyW
lstrcmpiW
GetUserPreferredUILanguages
MulDiv
VirtualProtect
GetFileAttributesExW
WaitForSingleObject
CreateThread
SetThreadPriority
Sleep
GetTickCount
GetModuleHandleW
GetCurrentThreadId
GetAtomNameW
lstrcmpW
CreateThreadpoolWork
InitializeCriticalSection
WaitForThreadpoolWorkCallbacks
CloseThreadpoolWork
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentThread
SubmitThreadpoolWork
ExpandEnvironmentStringsW
GetCurrentProcess
CreateProcessW
CreateFileA
GetSystemFirmwareTable
GlobalAlloc
GlobalFree
GetProcAddress
LoadLibraryExW
FreeLibrary
QueueUserAPC
SetEvent
RaiseException
CreateEventW
ParseApplicationUserModelId
GetPackagesByPackageFamily
FindFirstFileW
FindNextFileW
FindClose
MoveFileW
InitOnceExecuteOnce
RegisterWaitForSingleObject
UnregisterWaitEx
FindNextChangeNotification
FindFirstChangeNotificationW
FindCloseChangeNotification
DeleteTimerQueueTimer

user32

EndDeferWindowPos
IsWindowVisible
GetWindow
GetWindowLongW
MapWindowPoints
LockSetForegroundWindow
GetFocus
IsWindow
SetFocus
SetLayeredWindowAttributes
PeekMessageW
SystemParametersInfoW
NotifyWinEvent
ShowWindow
GetParent
DispatchMessageW
GetMessagePos
WindowFromPoint
ScreenToClient
ClientToScreen
TrackMouseEvent
GetCapture
GetNextDlgGroupItem
CreatePopupMenu
InsertMenuW
LoadMenuW
GetMenuStringW
GetSubMenu
DestroyMenu
CheckMenuItem
RegisterWindowMessageW
GetClassWord
GetSystemMetrics
BeginDeferWindowPos
PrintWindow
GetAsyncKeyState
SendNotifyMessageW
CallNextHookEx
SetWinEventHook
UnhookWinEvent
SetWindowsHookExW
TrackPopupMenuEx
IsCharAlphaNumericA
RegisterClassExW
DestroyIcon
PostQuitMessage
GetCursorPos
MonitorFromPoint
GetWindowTextW
SetWindowTextW
MsgWaitForMultipleObjectsEx
SetCursor
SetMenuDefaultItem
CreateDialogParamW
GetDlgItemTextW
SetDlgItemTextW
IntersectRect
SendDlgItemMessageW
DrawFocusRect
EndDialog
GetSysColorBrush
GetActiveWindow
SetMenuInfo
GetMenuItemCount
GetMenuItemInfoW
DeleteMenu
SetMenuItemInfoW
TrackPopupMenu
TranslateMessage
GetMenuItemID
GetMenuDefaultItem
GetDC
PtInRect
InvalidateRect
GetMenuState
ExitWindowsEx
GetDoubleClickTime
EnableWindow
WindowFromDC
CallWindowProcW
CharLowerW
SetCapture
ReleaseCapture
DrawTextW
FillRect
IsRectEmpty
EqualRect
ModifyMenuW
EnumDisplayMonitors
DrawEdge
DrawTextExW
LoadImageW
GetRawInputDeviceInfoW
GetRawInputData
RegisterRawInputDevices
GetMessageW
GetRawInputDeviceList
EnumThreadWindows
DrawIconEx
UnionRect
UnregisterClassW
MonitorFromRect
SetForegroundWindow
GetWindowRgnBox
GetLayeredWindowAttributes
IsIconic
GetForegroundWindow
SetRectEmpty
EnumWindows
CheckDlgButton
IsDlgButtonChecked
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
SetCursorPos
UnhookWindowsHookEx
UnregisterHotKey
RegisterHotKey
AllowSetForegroundWindow
SwitchToThisWindow
SetActiveWindow
RegisterClipboardFormatW
GetMessageExtraInfo
SetWindowLongW
ChildWindowFromPointEx
LookupIconIdFromDirectoryEx
PostThreadMessageW
SetRect
GetMonitorInfoW
RegisterClassW
LoadCursorW
DestroyWindow
SetWindowLongPtrW
GetWindowRgn
UpdateLayeredWindow
GetWindowDC
MonitorFromWindow
IsChild
GetGUIThreadInfo
GetAncestor
DefWindowProcW
RemovePropW
GetWindowLongPtrW
SetWindowPos
SetTimer
FindWindowW
KillTimer
GetShellWindow
CreateWindowExW
GetWindowThreadProcessId
FindWindowExW
DialogBoxParamW
EndPaint
OffsetRect
GetWindowRect
GetWindowInfo
BeginPaint
SetPropW
GetPropW
GetDlgItem
GetComboBoxInfo
GetClassNameW
ReleaseDC
GetDCEx
PostMessageW
SendMessageW
RedrawWindow
EnumChildWindows
GetClientRect
SetWindowRgn
GetSysColor
CreateIconIndirect
GetKeyState
wsprintfW
LoadStringW
wsprintfA
DeferWindowPos
InflateRect

gdi32

GetLayout
GetCharWidth32W
CreateFontW
RestoreDC
ExcludeClipRect
SaveDC
GdiFlush
GetRgnBox
CombineRgn
CreateRectRgnIndirect
GetStockObject
ExtTextOutW
CreateSolidBrush
SetBkColor
SetTextColor
BitBlt
SetLayout
CreateRectRgn
DeleteObject
CreateBitmap
DeleteDC
GdiAlphaBlend
GetObjectW
SelectObject
CreateCompatibleDC
CreateDIBSection
GetTextExtentExPointW
OffsetClipRgn
SelectClipRgn
StretchBlt
GetDeviceCaps
StretchDIBits
OffsetRgn
GetBoundsRect
SetBoundsRect
GetClipBox
GetCurrentObject
GetBkMode
SetBkMode
GetBkColor
GetTextColor
TextOutW
GetTextExtentPointW
SetWindowOrgEx
CreateFontIndirectW

advapi32

RegSetValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA
RegCreateKeyExA
RegQueryInfoKeyW
RegCreateKeyW
RegSetKeyValueW
RegGetValueW
RegDeleteKeyValueW
RegOpenKeyExW
RegEnumKeyW
RegNotifyChangeKeyValue
RegOpenKeyW
RegSetValueExW
RegDeleteValueW
RegCreateKeyExW
RegQueryValueExW
RegDeleteKeyW
InitiateShutdownW
GetUserNameW
RegQueryValueExA
RegDeleteValueA

shell32

ord155
ord152
ord16
ord18
ord25
ord190
ord256
SHCreateDataObject
SHCreateDefaultContextMenu
AssocCreateForClasses
SHCreateShellItemArrayFromIDLists
SHCreateItemFromParsingName
ord6
SHCreateShellItemArrayFromDataObject
SHAssocEnumHandlers
SHGetKnownFolderPath
ord100
SHBindToObject
ord846
ord27
ord21
ord68
SHGetKnownFolderIDList
Shell_NotifyIconGetRect
ShellExecuteW
SHCreateItemInKnownFolder
SHGetPropertyStoreForWindow
SHGetIDListFromObject
SHCreateItemFromIDList
SHCreateDefaultExtractIcon
SHGetFolderPathW
SHChangeNotify
SHGetNameFromIDList
ord162
SHGetFileInfoW
Shell_GetCachedImageIndexW
SHOpenFolderAndSelectItems
SHGetSpecialFolderPathW
ord193
SHBindToParent
ord22
ord134
ord132
ord23
ord727
ord17
SHGetFolderLocation
SHGetDesktopFolder
ord98
SHParseDisplayName
ord88
ord644
ord645
ord4
ord2
SHGetStockIconInfo
ord62
SHFileOperationW
SHCreateItemWithParent

ole32

CoUninitialize
CoWaitForMultipleHandles
CoCreateFreeThreadedMarshaler
CoGetInterfaceAndReleaseStream
CoInitialize
RegisterDragDrop
RevokeDragDrop
StringFromGUID2
ReleaseStgMedium
CoInitializeEx
CoMarshalInterThreadInterfaceInStream
PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance

Exports

Exports

DllCanUnloadNow
DllGetClassObject
LoadSystemOrb2
PickGlyphDlg
RemoteInit

Sections

.text
Size: 385KB - Virtual size: 384KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 94KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 145KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/StartAllBack/StartIsBackCfg.exe
.exe windows:5 windows x86 arch:x86

97904919f03d618a14870f47a21c0d08

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08-02-2024 14:45

Not After

10-03-2027 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:b4:0d:b4:3b:d6:f8:4b:14:d0:f3:68:4b:ae:9f:87:20:17:30:8f:09:1b:ca:52:1e:27:ce:6d:0b:06:4e:20
Signer

Actual PE Digest

63:b4:0d:b4:3b:d6:f8:4b:14:d0:f3:68:4b:ae:9f:87:20:17:30:8f:09:1b:ca:52:1e:27:ce:6d:0b:06:4e:20

Digest Algorithm

sha256

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
RegSetValueExW
RegSetKeySecurity
RegQueryInfoKeyW
RegGetKeySecurity
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetNamedSecurityInfoW
SetEntriesInAclW
RegDeleteTreeW
RegDeleteKeyExW

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateLayeredWindow
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
TrackMouseEvent
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClassLongW
SetCapture
SetActiveWindow
SendNotifyMessageW
SendMessageTimeoutW
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MapWindowPoints
MapVirtualKeyW
LoadKeyboardLayoutW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
ExitWindowsEx
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
wsprintfW
SwitchToThisWindow
SetProcessDefaultLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetTickCount
QueryPerformanceCounter
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
lstrcpyA
lstrcpyW
lstrcmpiW
lstrcmpW
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualProtectEx
UnmapViewOfFile
SwitchToThread
SizeofResource
SignalObjectAndWait
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
QueueUserWorkItem
OpenProcess
OpenFileMappingW
OpenEventW
MulDiv
MoveFileExW
MapViewOfFile
LockResource
LocalFree
LoadResource
LoadLibraryW
LeaveCriticalSection
IsBadReadPtr
InitializeCriticalSection
GlobalFindAtomW
GlobalDeleteAtom
GlobalAddAtomW
GetVersionExW
GetTempPathW
GetSystemTime
GetLocalTime
GetLastError
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FormatMessageW
FindResourceW
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileW
DeleteCriticalSection
CreateProcessW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
AddAtomW
CheckElevationEnabled
GetSystemWindowsDirectoryW
IsWow64Process
GetUserPreferredUILanguages

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
PlayEnhMetaFile
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBkColor
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExcludeClipRect
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgnIndirect
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateFontW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
BitBlt
GdiAlphaBlend
SetLayout
GetLayout

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoInitialize
CLSIDFromString

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

shell32

ShellExecuteExW
ShellExecuteW
SHFileOperationW
ExtractIconExW
SHGetSpecialFolderPathW
SHAddToRecentDocs
ord896
SHDefExtractIconW
ILSaveToStream
ILLoadFromStreamEx

comdlg32

ChooseColorW

shlwapi

SHAutoComplete
PathIsSystemFolderW
PathRemoveFileSpecW
PathParseIconLocationW
PathIsNetworkPathW
PathCanonicalizeW
PathAppendW
PathAddBackslashW
StrCatW
StrDupW
SHLoadIndirectString
SHOpenRegStream2W

gdiplus

GdipDrawImageRectRectI
GdipDrawImageRectI
GdipDrawImageRect
GdipDrawImageI
GdipFillRectangleI
GdipFillRectangle
GdipSetInterpolationMode
GdipSetCompositingMode
GdipReleaseDC
GdipGetDC
GdipDeleteGraphics
GdipCreateFromHDC
GdipBitmapSetPixel
GdipBitmapGetPixel
GdipCreateBitmapFromScan0
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipSaveImageToFile
GdipDisposeImage
GdipLoadImageFromFile
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

ntdll

RtlAdjustPrivilege

uxtheme

SetWindowTheme
ord16
ord7
ord92
ord121
ord120
ord50

shcore

GetDpiForMonitor

wintrust

WinVerifyTrust

crypt32

CryptStringToBinaryA

Sections

.text
Size: 769KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 21KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/StartAllBack/Styles/Plain10.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/StartAllBack/Styles/Plain8.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/StartAllBack/Styles/Windows 7.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 403KB - Virtual size: 404KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/StartAllBack/UpdateCheck.exe
.exe windows:5 windows x86 arch:x86

f4bb95a2ed29767e199a8a83e34ea89d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
ExitProcess
GetModuleHandleW
GetStartupInfoW
GetCommandLineW

user32

FindWindowW
PostMessageW

shell32

SHLoadInProc

Sections

.text
Size: 1024B - Virtual size: 742B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PROGRAMFILES64/StartAllBack/startscreen.exe
.exe windows:6 windows x86 arch:x86

a6992110d0391564eb635761bbd672b5

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28-07-2020 00:00

Not After

18-03-2029 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08-02-2024 14:45

Not After

10-03-2027 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e6:2e:b4:37:93:5e:37:57:e7:30:72:d3:3d:60:bc:5e:b9:b2:40:b0:96:a7:ac:9d:bc:7e:7c:a1:c3:0a:7d:a8
Signer

Actual PE Digest

e6:2e:b4:37:93:5e:37:57:e7:30:72:d3:3d:60:bc:5e:b9:b2:40:b0:96:a7:ac:9d:bc:7e:7c:a1:c3:0a:7d:a8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\DEVEL\StartIsBackPlusPlus\StartScreenPP\Release\startscreen.pdb

Imports

api-ms-win-core-privateprofile-l1-1-0

WritePrivateProfileStringW

api-ms-win-core-com-l1-1-0

CoTaskMemAlloc
PropVariantClear
CoWaitForMultipleHandles
CoUninitialize
CoCreateInstance

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetCommandLineW

api-ms-win-core-processthreads-l1-1-0

CreateProcessW
ExitProcess
TerminateProcess
GetCurrentProcess

api-ms-win-core-debug-l1-1-0

OutputDebugStringA

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetProcAddress
FreeLibrary

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegDeleteKeyExW
RegOpenKeyExW

api-ms-win-core-winrt-string-l1-1-0

WindowsCreateStringReference

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-sysinfo-l1-1-0

GetVersionExW

api-ms-win-core-file-l1-1-0

DeleteFileW
SetFileAttributesW

api-ms-win-core-synch-l1-1-0

SetEvent
CreateEventW

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-winrt-l1-1-0

RoInitialize
RoActivateInstance
RoUninitialize

api-ms-win-core-path-l1-1-0

PathCchAppend
PathCchAddBackslash
PathCchRemoveFileSpec

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
GetLastError
RaiseException
UnhandledExceptionFilter

api-ms-win-core-wow64-l1-1-0

IsWow64Process

user32

FindWindowExW
MonitorFromWindow
GetForegroundWindow
FindWindowW
PostMessageW

ole32

CoInitialize

shell32

ord190
ord730
ord165
SHFileOperationW
ord155
SHChangeNotify

shlwapi

ord487
PathRemoveBlanksW
PathFileExistsW

msvcrt

__CxxFrameHandler3
??1type_info@@UAE@XZ
??3@YAXPAX@Z
??2@YAPAXI@Z
vsprintf_s
wcscat_s
_errno
_wcsicmp
_purecall
memcpy
wcscpy_s
memset

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-interlocked-l1-1-0

InterlockedExchange

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 884B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/STARTISBACK/DarkMagicLoaderX64.exe
.exe windows:6 windows x64 arch:x64

e75f4984b1f4f72162793ec77624ebf2

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08-02-2024 14:45

Not After

10-03-2027 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19-11-2020 20:32

Not After

19-11-2035 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3a:33:28:ed:15:29:98:a2:04:00:00:00:00:00:3a
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15-02-2024 20:36

Not After

15-02-2025 20:36

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=Thales TSS ESN:3DA5-963B-E1F4,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1d:2f:3a:c8:60:08:33:91:99:e1:51:9e:94:45:49:15:db:38:98:2f:13:d0:36:7b:5e:75:91:bc:f9:1f:a3:f6
Signer

Actual PE Digest

1d:2f:3a:c8:60:08:33:91:99:e1:51:9e:94:45:49:15:db:38:98:2f:13:d0:36:7b:5e:75:91:bc:f9:1f:a3:f6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW

api-ms-win-core-processthreads-l1-1-0

ExitProcess

api-ms-win-downlevel-shlwapi-l1-1-0

StrToIntW

Sections

.text
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 512B - Virtual size: 60B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/STARTISBACK/DarkMagicLoaderX86.exe
.exe windows:6 windows x86 arch:x86

e75f4984b1f4f72162793ec77624ebf2

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08-02-2024 14:45

Not After

10-03-2027 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19-11-2020 20:32

Not After

19-11-2035 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3a:33:28:ed:15:29:98:a2:04:00:00:00:00:00:3a
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15-02-2024 20:36

Not After

15-02-2025 20:36

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=Thales TSS ESN:3DA5-963B-E1F4,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

1c:55:a5:7d:80:6c:3b:41:4d:ee:7d:fc:c1:60:c3:17:44:0e:d9:bf:2d:c8:aa:c7:5b:09:b7:59:40:e6:2e:0a
Signer

Actual PE Digest

1c:55:a5:7d:80:6c:3b:41:4d:ee:7d:fc:c1:60:c3:17:44:0e:d9:bf:2d:c8:aa:c7:5b:09:b7:59:40:e6:2e:0a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

api-ms-win-core-processenvironment-l1-1-0

GetCommandLineW

api-ms-win-core-errorhandling-l1-1-0

SetErrorMode

api-ms-win-shcore-obsolete-l1-1-0

CommandLineToArgvW

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
LoadLibraryExW

api-ms-win-core-processthreads-l1-1-0

ExitProcess

api-ms-win-downlevel-shlwapi-l1-1-0

StrToIntW

Sections

.text
Size: 512B - Virtual size: 223B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 612B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/STARTISBACK/DarkMagicX64.dll
.dll windows:6 windows x64 arch:x64

1a834ad9377e4424ecc0a92c7d4a4bcf

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08-02-2024 14:45

Not After

10-03-2027 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19-11-2020 20:32

Not After

19-11-2035 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3a:33:28:ed:15:29:98:a2:04:00:00:00:00:00:3a
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15-02-2024 20:36

Not After

15-02-2025 20:36

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=Thales TSS ESN:3DA5-963B-E1F4,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c7:6a:a3:55:c7:cb:49:8a:3c:df:62:6e:53:9e:18:1f:b8:67:3b:46:72:30:a3:9c:3e:a2:33:49:93:10:ee:18
Signer

Actual PE Digest

c7:6a:a3:55:c7:cb:49:8a:3c:df:62:6e:53:9e:18:1f:b8:67:3b:46:72:30:a3:9c:3e:a2:33:49:93:10:ee:18

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\StartAllBack\StartIsBack11\Release\DarkMagicX64.pdb

Imports

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrcmpiW
lstrcmpW
lstrlenW
lstrcmpA

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
GetProcAddress
GetModuleHandleExW
GetModuleHandleW
LoadLibraryExW
GetModuleHandleA
DisableThreadLibraryCalls
GetModuleFileNameW

api-ms-win-core-debug-l1-1-0

IsDebuggerPresent
OutputDebugStringA

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
TerminateProcess
GetCurrentProcess
GetProcessIdOfThread
GetCurrentThread
SetThreadPriority
ResumeThread
GetCurrentProcessId
OpenProcessToken
CreateThread
GetThreadId

api-ms-win-core-atoms-l1-1-0

DeleteAtom
FindAtomW
AddAtomW

api-ms-win-core-synch-l1-1-0

CreateEventW
SleepEx
SetEvent
WaitForSingleObject
OpenEventW
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
WaitForSingleObjectEx

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
SetLastError
GetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

CreateWellKnownSid
GetTokenInformation

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-sidebyside-l1-1-0

FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
GetCurrentActCtx

api-ms-win-core-registry-l1-1-0

RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegCreateKeyExW
RegGetValueW

api-ms-win-core-memory-l1-1-0

CreateFileMappingW
MapViewOfFile
VirtualProtect
OpenFileMappingW

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
WakeAllConditionVariable
SleepConditionVariableSRW

api-ms-win-core-com-l1-1-0

CoCreateInstance
CoTaskMemFree

api-ms-win-core-psapi-l1-1-0

K32GetMappedFileNameW
QueryFullProcessImageNameW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathAddBackslashW
PathFileExistsW
PathAppendW
PathRemoveBackslashW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFindFileNameW

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

FindClose
CreateFileW
ReadFile
CreateDirectoryW
FindNextFileW
FindFirstFileW
SetFilePointer

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-mm-time-l1-1-0

timeBeginPeriod
timeGetTime
timeEndPeriod

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

user32

IsWindow
UnhookWindowsHookEx
UnhookWinEvent
SetWinEventHook
GetParent
SetWindowsHookExW
CallNextHookEx
IsWindowVisible
IsIconic
GetDpiForMonitorInternal
ord2557
FindWindowW
GetUpdateRect
GetDesktopWindow
EqualRect
MapWindowPoints
GetWindowTextW
SendMessageW
InternalGetWindowText
RegisterShellHookWindow
DeregisterShellHookWindow
IsImmersiveProcess
GetDpiForWindow
SystemParametersInfoForDpi
LoadIconW
SetWindowCompositionAttribute
SendMessageCallbackW
RegisterClassExW
LoadImageA
AnimateWindow
EnableWindow
SystemParametersInfoA
GetWindowThreadProcessId
ShowWindow
FillRect
SendNotifyMessageW
IsMenu
GetSystemMenu
EndPaint
GetThreadDpiAwarenessContext
GetWindowRect
EnumThreadWindows
BeginPaint
SetWindowLongW
WindowFromPoint
GetCursorPos
DrawEdge
GetWindow
KillTimer
GetDlgItem
GetClassInfoW
EnumChildWindows
DrawTextW
SetWindowLongPtrW
MonitorFromWindow
GetWindowLongPtrW
GetCurrentInputMessageSource
PtInRect
GetMenuItemRect
RegisterWindowMessageW
GetClassWord
GetAncestor
GetPropW
GetSysColor
PrintWindow
GetDC
GetMenuItemInfoW
GetMenuItemCount
InflateRect
ReleaseDC
DestroyIcon
WindowFromDC
SetClassLongPtrW
UpdateWindow
GetGUIThreadInfo
GetSystemMetricsForDpi
DrawIconEx
CreateIconIndirect
RegisterClassW
GetDpiForSystem
SetLayeredWindowAttributes
InvalidateRect
GetCIMSSM
GetSubMenu
SystemParametersInfoW
GetWindowInfo
OffsetRect
GetMenu
SetPropW
PostMessageW
CreateWindowExW
GetWindowLongW
UpdateLayeredWindow
SetWindowPos
SetTimer
GetMessageExtraInfo
RemovePropW
GetMenuBarInfo
GetMenuInfo
GetClientRect
SetMenuInfo
GetSystemMetrics
FindWindowExW
SetMessageExtraInfo
GetClassLongPtrW
SetMenuItemInfoW
GetIconInfo
DefWindowProcW

gdi32

SetTextColor
GetBitmapBits
GetTextExtentExPointW
GetStockObject
SetLayout
ExcludeClipRect
DeleteDC
StretchDIBits
GdiAlphaBlend
CreateCompatibleDC
GetObjectW
GetObjectType
DeleteObject
GetLayout
SelectObject
RestoreDC
SaveDC
CreateFontW
CreateFontIndirectW
GetTextColor
SetBkMode
GetCurrentObject
SetBkColor
ExtTextOutW
GetDCBrushColor
BitBlt
StretchBlt
CreateDIBSection
GetDCDpiScaleValue
CreateDPIScaledDIBSection
GdiDrawStream
SetBitmapBits
SetBitmapDimensionEx
GetBitmapDimensionEx
GdiFlush
CreateBitmap

kernel32

GetApplicationUserModelId
GetCurrentApplicationUserModelId

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vswprintf_s

api-ms-win-crt-runtime-l1-1-0

_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initterm_e
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll

api-ms-win-crt-heap-l1-1-0

_callnewh
calloc
free
malloc

api-ms-win-crt-string-l1-1-0

memset
_wcsicmp
_wcsnicmp
strcmp
wcscmp
wcsncmp
wcsncpy_s
wcscat_s
wcscpy_s

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlAdjustPrivilege
NtResumeThread
RtlInitUnicodeString
RtlVirtualUnwind
NtAlpcSendWaitReceivePort

api-ms-win-crt-private-l1-1-0

_CxxThrowException
__std_exception_destroy
__std_exception_copy
__CxxFrameHandler4
__C_specific_handler
memcpy
__std_type_info_destroy_list
wcschr

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-math-l1-1-0

acos
cos
sin

Exports

Exports

Bootstrap
DllCanUnloadNow
DllGetClassObject
InitDarkMagic
IsCompositedTheme
LoadRemote
SetSmallScrollbar
UnroundPtr

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 1024B - Virtual size: 656B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/STARTISBACK/DarkMagicX86.dll
.dll windows:6 windows x86 arch:x86

66d89fc2405cc5c77cb9c5ac2738839c

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08-02-2024 14:45

Not After

10-03-2027 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19-11-2020 20:32

Not After

19-11-2035 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3a:33:28:ed:15:29:98:a2:04:00:00:00:00:00:3a
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15-02-2024 20:36

Not After

15-02-2025 20:36

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=Thales TSS ESN:3DA5-963B-E1F4,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3d:be:30:d1:e0:a5:4c:f6:c0:e1:6f:f2:09:1f:0e:b0:9c:50:e7:eb:89:40:86:6c:3b:8f:c7:b1:90:b0:52:b7
Signer

Actual PE Digest

3d:be:30:d1:e0:a5:4c:f6:c0:e1:6f:f2:09:1f:0e:b0:9c:50:e7:eb:89:40:86:6c:3b:8f:c7:b1:90:b0:52:b7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\StartAllBack\StartIsBack11\Release\DarkMagicX86.pdb

Imports

api-ms-win-core-largeinteger-l1-1-0

MulDiv

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiA
lstrcmpiW
lstrcmpW
lstrlenW
lstrcmpA

api-ms-win-core-libraryloader-l1-2-0

GetModuleFileNameW
GetProcAddress
GetModuleHandleExW
DisableThreadLibraryCalls
GetModuleHandleW
LoadLibraryExW
GetModuleHandleA
SizeofResource

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
IsDebuggerPresent

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
CreateThread
ResumeThread
OpenProcessToken
GetCurrentProcessId
GetCurrentThread
SetThreadPriority
GetThreadId
TerminateProcess
GetProcessIdOfThread
GetCurrentThreadId

api-ms-win-core-atoms-l1-1-0

FindAtomW
DeleteAtom
AddAtomW

api-ms-win-core-synch-l1-1-0

AcquireSRWLockExclusive
ReleaseSRWLockExclusive
CreateEventW
OpenEventW
SetEvent
SleepEx
WaitForSingleObject
WaitForSingleObjectEx

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLastError
SetLastError

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-heap-l2-1-0

LocalFree
LocalAlloc

api-ms-win-security-base-l1-1-0

GetTokenInformation
CreateWellKnownSid

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-sidebyside-l1-1-0

ActivateActCtx
GetCurrentActCtx
FindActCtxSectionStringW
DeactivateActCtx

api-ms-win-core-registry-l1-1-0

RegSetValueExW
RegCloseKey
RegCreateKeyExW
RegGetValueW
RegNotifyChangeKeyValue
RegOpenKeyExW

api-ms-win-core-memory-l1-1-0

VirtualProtect
CreateFileMappingW
OpenFileMappingW
MapViewOfFile

api-ms-win-core-synch-l1-2-0

WakeAllConditionVariable
SleepConditionVariableSRW
InitOnceExecuteOnce

api-ms-win-core-com-l1-1-0

CoTaskMemFree
CoCreateInstance

api-ms-win-core-psapi-l1-1-0

K32GetMappedFileNameW
QueryFullProcessImageNameW

api-ms-win-core-registry-l2-1-0

RegOpenKeyW

api-ms-win-core-shlwapi-legacy-l1-1-0

PathRemoveExtensionW
PathFileExistsW
PathFindFileNameW
PathAppendW
PathRemoveBackslashW
PathAddBackslashW
PathRemoveFileSpecW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent
OpenProcess

api-ms-win-core-kernel32-legacy-l1-1-0

RegisterWaitForSingleObject

api-ms-win-core-threadpool-legacy-l1-1-0

UnregisterWaitEx

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-file-l1-1-0

FindClose
CreateDirectoryW
ReadFile
FindNextFileW
CreateFileW
SetFilePointer
FindFirstFileW

api-ms-win-core-wow64-l1-1-1

IsWow64Process2

api-ms-win-mm-time-l1-1-0

timeBeginPeriod
timeEndPeriod
timeGetTime

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

user32

GetParent
GetDesktopWindow
SendMessageW
SendMessageCallbackW
InvalidateRect
SetLayeredWindowAttributes
RegisterClassW
SetClassLongW
SetWindowLongW
GetDpiForMonitorInternal
ord2557
SetWindowCompositionAttribute
EnumChildWindows
GetClassInfoW
GetWindowThreadProcessId
SendNotifyMessageW
IsMenu
EnumThreadWindows
InternalGetWindowText
RegisterShellHookWindow
DeregisterShellHookWindow
IsImmersiveProcess
GetDpiForWindow
SystemParametersInfoForDpi
IsWindow
FindWindowW
GetSystemMenu
RegisterClassExW
LoadImageA
GetWindowRect
EnableWindow
SystemParametersInfoA
ShowWindow
UpdateWindow
GetUpdateRect
KillTimer
AnimateWindow
GetGUIThreadInfo
EndPaint
GetSubMenu
GetMenu
GetWindowTextW
BeginPaint
WindowFromPoint
GetCursorPos
DrawEdge
GetWindow
GetDlgItem
GetSystemMetrics
MapWindowPoints
DrawTextW
MonitorFromWindow
GetIconInfo
GetCurrentInputMessageSource
PrintWindow
LoadIconW
PtInRect
GetMenuItemRect
GetDC
RegisterWindowMessageW
GetClassWord
GetAncestor
GetPropW
GetSysColor
ReleaseDC
DestroyIcon
GetMenuItemInfoW
GetMenuItemCount
InflateRect
EqualRect
FillRect
WindowFromDC
CreateIconIndirect
DefWindowProcW
IsIconic
GetSystemMetricsForDpi
DrawIconEx
IsWindowVisible
GetCIMSSM
GetDpiForSystem
CallNextHookEx
SetWindowsHookExW
SetWinEventHook
SystemParametersInfoW
GetWindowInfo
OffsetRect
UnhookWinEvent
SetPropW
PostMessageW
CreateWindowExW
GetWindowLongW
UnhookWindowsHookEx
UpdateLayeredWindow
SetWindowPos
SetTimer
GetMessageExtraInfo
RemovePropW
GetMenuBarInfo
GetMenuInfo
GetClientRect
SetMenuInfo
GetThreadDpiAwarenessContext
FindWindowExW
SetMessageExtraInfo
GetClassLongW
SetMenuItemInfoW

gdi32

StretchBlt
SetLayout
ExcludeClipRect
DeleteDC
StretchDIBits
GdiAlphaBlend
CreateCompatibleDC
GetObjectW
GetObjectType
DeleteObject
GetLayout
SelectObject
GetBitmapBits
RestoreDC
SaveDC
CreateFontW
CreateFontIndirectW
GetTextColor
SetTextColor
SetBkMode
GetCurrentObject
SetBkColor
ExtTextOutW
GetTextExtentExPointW
GetDCBrushColor
BitBlt
GetStockObject
CreateDIBSection
GetDCDpiScaleValue
CreateDPIScaledDIBSection
GdiDrawStream
SetBitmapBits
SetBitmapDimensionEx
GetBitmapDimensionEx
GdiFlush
CreateBitmap

kernel32

GetCurrentApplicationUserModelId
GetApplicationUserModelId

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s
__stdio_common_vswprintf_s

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_crt_atexit
_register_onexit_function
_execute_onexit_table
_initialize_onexit_table
_initterm
_cexit
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment

api-ms-win-crt-heap-l1-1-0

free
_callnewh
malloc
calloc

api-ms-win-crt-string-l1-1-0

wcsncpy_s
_wcsicmp
wcsncmp
wcscpy_s
wcscat_s
_wcsnicmp
memset

ntdll

NtResumeThread
RtlAdjustPrivilege
NtAlpcSendWaitReceivePort
RtlInitUnicodeString

api-ms-win-crt-private-l1-1-0

memcpy
_except_handler4_common
_CxxThrowException
__std_exception_destroy
__CxxFrameHandler3
__std_exception_copy
wcschr
__std_type_info_destroy_list

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-file-l1-2-0

GetTempPathW

api-ms-win-shcore-stream-l1-1-0

SHCreateStreamOnFileW

api-ms-win-core-file-l2-1-0

MoveFileExW

api-ms-win-crt-utility-l1-1-0

bsearch

api-ms-win-crt-math-l1-1-0

_libm_sse2_acos_precise
_libm_sse2_sin_precise
_libm_sse2_cos_precise

Exports

Exports

InitDarkMagic
LoadRemote

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didat
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/STARTISBACK/Orbs/Windows 7.orb
.dll windows:6 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rsrc
Size: 294KB - Virtual size: 296KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/STARTISBACK/Orbs/clover.svg
$TEMP/STARTISBACK/Orbs/e1evenorb-pr.png
.png
$TEMP/STARTISBACK/Orbs/w8logo.svg
$TEMP/STARTISBACK/Ribbon/theme-dark/Windows.AddRemovePrograms.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-dark/Windows.Computer.Manage.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-dark/Windows.CopyToMenu.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-dark/Windows.MoveToMenu.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-dark/Windows.MultiVerb.cmd.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-dark/Windows.MultiVerb.cmdPromptAsAdministrator.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-dark/Windows.RibbonPermissionsDialog.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-dark/Windows.shareprivate.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-dark/accessmedia.svg
$TEMP/STARTISBACK/Ribbon/theme-dark/easyaccess.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-dark/windows.SystemProperties.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-dark/windows.folderoptions.svg
$TEMP/STARTISBACK/Ribbon/theme-dark/windows.help.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-dark/windows.hideSelected.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-dark/windows.layout.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-dark/windows.open.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-dark/windows.opencontrolpanel.svg
$TEMP/STARTISBACK/Ribbon/theme-dark/windows.pastelink.svg
$TEMP/STARTISBACK/Ribbon/theme-dark/windows.removeproperties.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-dark/windows.slideshow.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-dark/windows.troubleshoot.svg
$TEMP/STARTISBACK/Ribbon/theme-light/Windows.AddRemovePrograms.svg
$TEMP/STARTISBACK/Ribbon/theme-light/Windows.Computer.Manage.svg
$TEMP/STARTISBACK/Ribbon/theme-light/Windows.CopyToMenu.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-light/Windows.MoveToMenu.svg
$TEMP/STARTISBACK/Ribbon/theme-light/Windows.MultiVerb.cmd.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-light/Windows.MultiVerb.cmdPromptAsAdministrator.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-light/Windows.RibbonPermissionsDialog.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-light/Windows.shareprivate.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-light/accessmedia.svg
$TEMP/STARTISBACK/Ribbon/theme-light/easyaccess.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-light/windows.SystemProperties.svg
$TEMP/STARTISBACK/Ribbon/theme-light/windows.edit.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-light/windows.email.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-light/windows.folderoptions.svg
$TEMP/STARTISBACK/Ribbon/theme-light/windows.help.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-light/windows.hideSelected.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-light/windows.layout.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-light/windows.open.svg
$TEMP/STARTISBACK/Ribbon/theme-light/windows.openControlPanel.svg
$TEMP/STARTISBACK/Ribbon/theme-light/windows.pastelink.svg
$TEMP/STARTISBACK/Ribbon/theme-light/windows.removeproperties.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-light/windows.slideshow.svg
.xml
$TEMP/STARTISBACK/Ribbon/theme-light/windows.troubleshoot.svg
$TEMP/STARTISBACK/StartAllBackCfg.exe
.exe windows:5 windows x64 arch:x64

5ecbeb837f99e247ba191e8c163a00ec

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08-02-2024 14:45

Not After

10-03-2027 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19-11-2020 20:32

Not After

19-11-2035 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:62:06:a6:f0:2e:c2:6c:de:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15-02-2024 20:36

Not After

15-02-2025 20:36

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=nShield TSS ESN:7A00-05E0-D947,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

56:dd:3d:51:c0:9c:61:e6:33:54:33:81:a3:04:63:ab:6e:17:e2:37:a9:aa:2b:77:49:61:99:79:64:b4:bb:aa
Signer

Actual PE Digest

56:dd:3d:51:c0:9c:61:e6:33:54:33:81:a3:04:63:ab:6e:17:e2:37:a9:aa:2b:77:49:61:99:79:64:b4:bb:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
GetErrorInfo
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
RegSetValueExW
RegSetKeySecurity
RegQueryInfoKeyW
RegFlushKey
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetNamedSecurityInfoW
SetEntriesInAclW
RegDeleteTreeW
RegDeleteKeyExW
RegDeleteKeyValueW

user32

MessageBoxA
CharNextW
LoadStringW
SetClassLongPtrW
GetClassLongPtrW
SetWindowLongPtrW
GetWindowLongPtrW
CreateWindowExW
WindowFromPoint
WindowFromDC
WaitMessage
UpdateLayeredWindow
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
TrackMouseEvent
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRectEmpty
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetCapture
SetActiveWindow
SendNotifyMessageW
SendMessageA
SendMessageW
SendDlgItemMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadKeyboardLayoutW
LoadImageW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
IsCharAlphaNumericW
InvalidateRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCapture
GetAncestor
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
ExitWindowsEx
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CopyImage
ClientToScreen
ChildWindowFromPoint
CheckMenuItem
CharUpperBuffW
CharUpperW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromWindow
SetProcessDefaultLayout
SwitchToThisWindow
GetDpiForWindow

kernel32

Sleep
VirtualFree
VirtualAlloc
HeapFree
HeapAlloc
GetProcessHeap
lstrlenW
lstrcpynW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwindEx
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
GetStdHandle
CloseHandle
LoadLibraryA
TlsSetValue
TlsGetValue
LocalFree
LocalAlloc
lstrcpyW
lstrcmpiW
lstrcmpW
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
UnmapViewOfFile
SuspendThread
SizeofResource
SetThreadPriority
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
RemoveDirectoryW
ReadFile
QueueUserWorkItem
OpenFileMappingW
MulDiv
MoveFileExW
MapViewOfFile
LockResource
LoadResource
LoadLibraryW
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetWindowsDirectoryW
GetVersionExW
GetThreadPriority
GetThreadLocale
GetTempPathW
GetSystemTime
GetLocalTime
GetFullPathNameW
GetFileAttributesW
GetExitCodeThread
GetExitCodeProcess
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfoExW
GetCPInfo
FreeResource
FormatMessageW
FindResourceW
FindNextFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExpandEnvironmentStringsW
EnumSystemLocalesW
EnumCalendarInfoW
DeleteFileW
CreateProcessW
CreateFileMappingW
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
AddAtomW
GetUserPreferredUILanguages
CheckElevationEnabled
GetSystemWindowsDirectoryW
IsWow64Process2

msimg32

GradientFill
AlphaBlend

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RoundRect
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
Polygon
PolyBezierTo
PolyBezier
PlayEnhMetaFile
Pie
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextColor
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetCurrentObject
GetClipBox
GetBrushOrgEx
GetBitmapBits
GdiFlush
FrameRgn
ExtTextOutW
ExtFloodFill
ExcludeClipRect
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateFontW
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
Chord
BitBlt
ArcTo
Arc
AngleArc
GdiAlphaBlend
SetLayout
GetLayout

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc
CoCreateInstance
CoUninitialize
CoInitializeEx
CoInitialize
IsEqualGUID

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawIndirect
ImageList_DrawEx
ImageList_AddMasked
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls

shell32

SHFileOperationW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
SHAppBarMessage
SHGetSpecialFolderPathW
SHAddToRecentDocs
SHDefExtractIconW
ord896
ILSaveToStream
ILLoadFromStreamEx

wininet

InternetReadFile
InternetOpenUrlW
InternetOpenW
InternetCloseHandle

comdlg32

ChooseFontW
ChooseColorW

winspool.drv

OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW

shlwapi

PathParseIconLocationW
PathIsNetworkPathW
PathFindFileNameW
PathFileExistsW
PathCanonicalizeW
PathAppendW
PathAddBackslashW
StrCatW
StrDupW
StrCmpNIW
SHLoadIndirectString
SHOpenRegStream2W
StrToInt64ExW

ntdll

RtlAdjustPrivilege

gdiplus

GdipDrawImageRectRectI
GdipDrawImageRectI
GdipFillPath
GdipFillEllipseI
GdipGraphicsClear
GdipDrawPath
GdipSetInterpolationMode
GdipSetPixelOffsetMode
GdipSetSmoothingMode
GdipSetCompositingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStreamICM
GdipCreateBitmapFromStream
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipLoadImageFromFileICM
GdipLoadImageFromFile
GdipSetPenDashStyle
GdipDeletePen
GdipCreatePen1
GdipCreateSolidFill
GdipDeleteBrush
GdipCloneBrush
GdipAddPathArcI
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc

shcore

GetDpiForMonitor
ord200

uxtheme

ord121
ord120
SetWindowTheme

wtsapi32

WTSTerminateProcess

winmm

PlaySoundW

crypt32

CryptStringToBinaryA

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 39KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 484B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 40B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.pdata
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/STARTISBACK/StartAllBackLoaderX64.dll
.dll windows:6 windows x64 arch:x64

8d84ac60d65a19835a8dc294d87b31f8

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08-02-2024 14:45

Not After

10-03-2027 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19-11-2020 20:32

Not After

19-11-2035 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3a:33:28:ed:15:29:98:a2:04:00:00:00:00:00:3a
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15-02-2024 20:36

Not After

15-02-2025 20:36

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=Thales TSS ESN:3DA5-963B-E1F4,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

fe:2d:2e:58:85:df:74:37:64:cd:e5:32:93:bc:34:04:c8:9f:04:6c:4b:7d:45:d4:11:c5:8c:89:0b:20:b7:ba
Signer

Actual PE Digest

fe:2d:2e:58:85:df:74:37:64:cd:e5:32:93:bc:34:04:c8:9f:04:6c:4b:7d:45:d4:11:c5:8c:89:0b:20:b7:ba

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\StartAllBack\StartIsBack11\Release\StartAllBackLoaderX64.pdb

Imports

api-ms-win-core-path-l1-1-0

PathCchRemoveFileSpec
PathCchAppend

kernel32

FreeLibrary
OutputDebugStringA
GetModuleFileNameW
WaitForSingleObject
GetVersion
DisableThreadLibraryCalls
CloseHandle
LoadLibraryW
GetProcAddress
CreateProcessW
GetModuleHandleW

user32

IsWindow
GetShellWindow

advapi32

RegDeleteKeyW

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 1024B - Virtual size: 611B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/STARTISBACK/StartAllBackX64.dll
.dll windows:6 windows x64 arch:x64

6594f30f111bf6443053d91152d09269

Code Sign

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28-07-2020 00:00

Not After

28-07-2030 00:00

Subject

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

Issuer

CN=GlobalSign GCC R45 CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08-02-2024 14:45

Not After

10-03-2027 14:45

Subject

CN=IP Zinukhov Stanislav Igorevich,O=IP Zinukhov Stanislav Igorevich,L=Moscow,ST=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19-11-2020 20:32

Not After

19-11-2035 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:39:62:06:a6:f0:2e:c2:6c:de:00:00:00:00:00:39
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15-02-2024 20:36

Not After

15-02-2025 20:36

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=nShield TSS ESN:7A00-05E0-D947,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

de:c1:0f:43:c3:ab:df:d6:2d:eb:3d:2f:90:b7:17:b1:3d:a9:9e:85:41:d4:74:98:42:6f:19:44:0d:1b:97:a8
Signer

Actual PE Digest

de:c1:0f:43:c3:ab:df:d6:2d:eb:3d:2f:90:b7:17:b1:3d:a9:9e:85:41:d4:74:98:42:6f:19:44:0d:1b:97:a8

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\StartAllBack\StartIsBack11\Release\StartAllBackX64.pdb

Imports

shlwapi

PathRemoveFileSpecW
PathRemoveBlanksW
ord12
SHOpenRegStream2W
ord176
StrCmpNW
PathAddBackslashW
PathFindExtensionW
PathParseIconLocationW
StrNCatW
StrCpyNW
StrCmpNIW
ord219
PathAppendW
PathRemoveExtensionW
ord174
StrCSpnA
StrStrIA
HashData
StrStrNIW
PathIsNetworkPathW
ord158
ord215
UrlCreateFromPathW
PathAddExtensionW
StrToInt64ExW
StrChrW
PathCommonPrefixW
StrTrimW
ord513
ord212
ord512
ord184
ord388
StrCmpIW
ord168
PathIsRootW
PathStripToRootW
PathIsFileSpecW
ord256
PathIsUNCW
PathIsDirectoryW
PathIsRelativeW
SHRegGetValueW
StrStrW
ord16
StrToIntW
PathFileExistsW
SHStrDupW
ord172
StrStrIW
UrlIsW
PathCreateFromUrlW
SHGetValueW
StrCmpW
SHCreateStreamOnFileW
PathFindFileNameW
PathRemoveBackslashW
ord487

dwmapi

DwmExtendFrameIntoClientArea
DwmGetWindowAttribute
ord138
ord139
ord140
ord113
DwmEnableBlurBehindWindow
ord159
ord163
ord164
ord187
DwmSetWindowAttribute
DwmInvalidateIconicBitmaps
DwmFlush
DwmUpdateThumbnailProperties
DwmSetIconicThumbnail
ord141

uxtheme

IsThemePartDefined
GetThemePropertyOrigin
GetThemeRect
GetThemeFont
GetThemeBackgroundExtent
GetThemeBackgroundRegion
GetThemeBool
GetThemeMargins
GetBufferedPaintTargetDC
GetThemeTextExtent
ord121
ord120
ord139
ord126
ord50
ord16
ord140
ord135
ord49
ord74
ord133
ord132
ord138
GetThemeMetric
GetThemePartSize
BufferedPaintSetAlpha
GetCurrentThemeName
EndBufferedAnimation
DrawThemeBackground
SetWindowTheme
GetThemeBackgroundContentRect
IsThemeBackgroundPartiallyTransparent
DrawThemeText
SetWindowThemeAttribute
OpenThemeData
GetThemeBitmap
CloseThemeData
GetThemeInt
GetThemeEnumValue
GetThemeColor
BeginBufferedPaint
EndBufferedPaint
ord47
DrawThemeParentBackground
OpenThemeDataForDpi
DrawThemeTextEx

api-ms-win-core-winrt-l1-1-0

RoGetActivationFactory
RoInitialize
RoUninitialize
RoActivateInstance

ntdll

RtlCaptureContext
NtQueryWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlAdjustPrivilege
RtlUnsubscribeWnfNotificationWaitForCompletion
RtlInitUnicodeString

msvcrt

strcmp
sqrt
sin
memset
vsprintf_s
??2@YAPEAX_K@Z
wcschr
_wcsnicmp
wcscpy_s
wcscat_s
wcsncmp
malloc
free
_wcsicmp
vswprintf_s
isspace
tolower
isprint
_vsnwprintf
wcsstr
_itow_s
wcstok_s
abort
swscanf_s
__C_specific_handler
_wtoi
??_U@YAPEAX_K@Z
rand_s
??_V@YAXPEAX@Z
??3@YAXPEAX@Z
atoi
_XcptFilter
??1type_info@@UEAA@XZ
_unlock
__dllonexit
_lock
_onexit
__CxxFrameHandler3
wcscmp
memmove
memcpy
memcmp
floor
cos
ceil
acos
wcsncpy_s
bsearch
_amsg_exit
_initterm

gdi32

CreateFontW
GetCharWidth32W
GetGlyphIndicesW
GetLayout
SelectClipRgn
OffsetClipRgn
TextOutW
SetWindowOrgEx
GetBitmapBits
GetBkColor
CreateDPIScaledDIBSection
GetDCDpiScaleValue
CreateBitmap
SetBkMode
GetBkMode
SetBoundsRect
GetBoundsRect
OffsetRgn
StretchDIBits
CreateCompatibleBitmap
SetViewportOrgEx
GetTextExtentPoint32W
CreateDIBSection
GetDeviceCaps
AddFontResourceExW
StretchBlt
GetObjectW
SetBitmapBits
CreateRectRgn
GetClipBox
CreateSolidBrush
CreateCompatibleDC
CreateFontIndirectW
SelectObject
GetTextExtentPointW
DeleteDC
DeleteObject
SetLayout
BitBlt
SetTextColor
SetBkColor
ExtTextOutW
GdiAlphaBlend
ExcludeClipRect
CreateRectRgnIndirect
GetStockObject
GetCurrentObject
CombineRgn
GetRgnBox
GdiFlush
SaveDC
GdiDrawStream
RestoreDC
GetTextColor

user32

GetPropW
GetClientRect
GetDpiForWindow
SetTimer
KillTimer
SetPropW
GetClassWord
RegisterWindowMessageW
GetWindowLongPtrW
SendMessageTimeoutW
GetWindowLongW
SetWindowLongPtrW
GetSystemMetricsForDpi
SetWindowRgn
SendMessageW
DefWindowProcW
EqualRect
IsZoomed
SetClassLongPtrW
GetSysColorBrush
RegisterClassW
TrackPopupMenu
TrackPopupMenuEx
InvalidateRect
SystemParametersInfoForDpi
InflateRect
SetFocus
GetDoubleClickTime
SetWindowPos
ShowWindow
IsWindowVisible
EnumChildWindows
RedrawWindow
GetDCEx
ReleaseDC
FillRect
BeginPaint
GetWindowInfo
GetDlgItem
OffsetRect
EndPaint
GetWindowDC
GetClassLongPtrW
GetSysColor
GetSystemMetrics
GetComboBoxInfo
SystemParametersInfoW
DrawFocusRect
GetClassNameW
LoadImageW
UnhookWindowsHookEx
CallNextHookEx
SetWindowsHookExW
MapWindowPoints
SetWinEventHook
CreateWindowExW
RemovePropW
GetGUIThreadInfo
IsChild
MonitorFromWindow
UpdateLayeredWindow
GetWindowRgn
DestroyWindow
LoadCursorW
GetMonitorInfoW
SetRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
GetWindow
LockSetForegroundWindow
GetFocus
IsWindow
SetLayeredWindowAttributes
PeekMessageW
NotifyWinEvent
DispatchMessageW
GetMessagePos
WindowFromPoint
ScreenToClient
ClientToScreen
TrackMouseEvent
GetCapture
GetNextDlgGroupItem
CreatePopupMenu
InsertMenuW
LoadMenuW
GetMenuStringW
GetSubMenu
DestroyMenu
CheckMenuRadioItem
GetMenuItemCount
CheckMenuItem
ReleaseCapture
PtInRect
DragDetect
SetCapture
SetMenuItemBitmaps
DrawTextW
GetPointerDevices
IsClipboardFormatAvailable
FindWindowW
UnhookWinEvent
IsCharAlphaNumericA
DestroyIcon
CreateIconIndirect
SetCursor
RegisterClassExW
PostQuitMessage
SetThreadDpiAwarenessContext
GetCursorPos
MonitorFromPoint
SetWindowTextW
MsgWaitForMultipleObjectsEx
GetForegroundWindow
SetMenuDefaultItem
CreateDialogParamW
GetDlgItemTextW
SetDlgItemTextW
IntersectRect
SendDlgItemMessageW
EndDialog
DialogBoxParamW
GetActiveWindow
GetMenuItemInfoW
DeleteMenu
AppendMenuW
GetMenuItemID
SetMenuItemInfoW
GetDlgCtrlID
TranslateMessage
GetMenuDefaultItem
GetAsyncKeyState
GetDC
GetShellWindow
ExitWindowsEx
GetMenuState
EnableWindow
IsCharAlphaNumericW
IsCharAlphaW
CharNextW
WindowFromDC
CallWindowProcW
CharLowerW
EnumThreadWindows
SetSysColors
SwitchToThisWindow
GetLayeredWindowAttributes
IsRectEmpty
UnregisterClassW
MonitorFromRect
FrameRect
InternalGetWindowText
GetWindowPlacement
IsIconic
CopyRect
ShowWindowAsync
PrintWindow
ModifyMenuW
EnumDisplayMonitors
DrawEdge
DrawTextExW
SetForegroundWindow
CopyIcon
SetRectEmpty
SendNotifyMessageW
GetUpdateRect
SetWindowLongW
UnionRect
CalculatePopupWindowPosition
GetMessageExtraInfo
SetMessageExtraInfo
DrawIconEx
GetWindowRgnBox
EnumWindows
CheckDlgButton
IsDlgButtonChecked
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetCursorInfo
GetDesktopWindow
GetIconInfoExW
AllowSetForegroundWindow
RegisterPointerDeviceNotifications
GetIconInfo
CopyImage
SetCursorPos
SubtractRect
PostThreadMessageW
RegisterHotKey
GetDpiForSystem
GetGuiResources
SetActiveWindow
RegisterClipboardFormatW
ChildWindowFromPointEx
InsertMenuItemW
IsMenu
GetMessageW
GetCurrentInputMessageSource
GetCIMSSM
GetWindowRect
GetParent
GetWindowTextW
FindWindowExW
PostMessageW
LoadStringW
GetKeyState
wsprintfW
wsprintfA
GetAncestor
SetWindowCompositionAttribute
GetWindowBand
ord2509
ord2510
SetWindowBand
ord2005
GetWindowThreadProcessId
GetDpiForMonitorInternal

kernel32

LocalFree
LCMapStringW
CompareFileTime
SetFileAttributesW
GetFileAttributesW
RemoveDirectoryW
CreateDirectoryW
lstrcmpiA
SetUnhandledExceptionFilter
ProcessIdToSessionId
GetLastError
CreateProcessW
CreateTimerQueueTimer
DeleteTimerQueueTimer
FindCloseChangeNotification
FindFirstChangeNotificationW
FindNextChangeNotification
MoveFileExW
lstrcpynW
TlsSetValue
TlsAlloc
FindPackagesByPackageFamily
TlsGetValue
GetPackagesByPackageFamily
ParseApplicationUserModelId
QueueUserAPC
PackageFamilyNameFromFullName
GetUserPreferredUILanguages
CreateMutexW
FormatMessageW
QueueUserWorkItem
GlobalFree
GlobalAlloc
GetSystemFirmwareTable
CreateFileA
Sleep
SetEvent
OpenEventW
UnregisterWaitEx
CreateEventW
RegisterWaitForSingleObject
LoadLibraryW
GetModuleFileNameW
ExpandEnvironmentStringsW
SubmitThreadpoolWork
GetCurrentThread
DeleteFileW
CreateThreadpool
SetThreadpoolThreadMinimum
SetThreadpoolThreadMaximum
GetWindowsDirectoryW
OpenProcess
QueryFullProcessImageNameW
ReleaseMutex
UnmapViewOfFile
MapViewOfFile
GetPrivateProfileStringW
GetPrivateProfileIntW
lstrcmpA
ResolveDelayLoadedAPI
GetProcessId
IsBadReadPtr
TerminateProcess
ExitThread
GlobalLock
GlobalUnlock
QueryPerformanceCounter
IsBadCodePtr
GetApplicationUserModelId
ResetEvent
OpenThread
UnregisterWait
GetTempPathW
CloseThreadpool
TrySubmitThreadpoolCallback
GetVersionExW
DisableThreadLibraryCalls
GetCurrentActCtx
GlobalAddAtomW
SetThreadErrorMode
GetUserDefaultUILanguage
GetCurrentProcess
WinExec
GetComputerNameExW
lstrcpynA
RtlVirtualUnwind
RtlLookupFunctionEntry
LocalAlloc
GetThreadPriority
DeleteCriticalSection
CloseThreadpoolWork
WaitForThreadpoolWorkCallbacks
CreateThreadpoolWork
GetModuleHandleExW
GetCurrentProcessId
FreeLibrary
DeleteAtom
AddAtomW
FindAtomW
DeactivateActCtx
ActivateActCtx
GetTickCount
SetThreadPriority
UnhandledExceptionFilter
IsProcessorFeaturePresent
DelayLoadFailureHook
WaitForSingleObjectEx
SleepEx
IsWow64Process2
FindFirstFileW
FindNextFileW
FindClose
GetCurrentApplicationUserModelId
MoveFileW
GetSystemWindowsDirectoryW
GetVolumeNameForVolumeMountPointW
lstrlenW
CreateFileW
DeviceIoControl
CloseHandle
lstrcpyA
OutputDebugStringA
lstrlenA
lstrcatA
GetSystemTimeAsFileTime
FileTimeToSystemTime
lstrcpyW
lstrcmpiW
RaiseException
VirtualProtect
GetFileAttributesExW
DebugBreak
MulDiv
InitOnceExecuteOnce
GetProcAddress
GetCurrentThreadId
LoadLibraryExW
InitOnceBeginInitialize
InitOnceComplete
lstrcmpW
FindResourceW
LoadResource
SizeofResource
CompareStringOrdinal
EnterCriticalSection
LeaveCriticalSection
GetModuleHandleW
InitializeCriticalSection
GetSystemTime
SystemTimeToTzSpecificLocalTimeEx
GetDateFormatEx
GetTimeFormatEx
GetDynamicTimeZoneInformation
EnumDateFormatsExEx
GetLocalTime
WaitForSingleObject
CreateThread

advapi32

GetUserNameW
RegQueryValueW
RegEnumKeyExW
RegDeleteTreeW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegNotifyChangeKeyValue
RegDeleteKeyValueW
EnumDynamicTimeZoneInformation
RegEnumKeyW
RegOpenKeyW
GetSidSubAuthority
RegGetValueW
RegSetKeyValueW
RegCreateKeyW
RegQueryInfoKeyW
RegCreateKeyExA
RegQueryValueExA
RegDeleteValueA
RegSetValueExA
RegCloseKey
RegQueryValueA
RegOpenKeyExA

shell32

ord85
SHFileOperationW
SHAppBarMessage
ord62
ord645
ord644
ord88
SHParseDisplayName
ord98
SHGetDesktopFolder
SHGetFolderLocation
ord17
ord727
ord23
SHCreateItemWithParent
ord155
ord152
ord16
ord18
ord25
ord190
ord256
SHCreateDataObject
SHCreateDefaultContextMenu
AssocCreateForClasses
SHCreateShellItemArrayFromIDLists
SHGetStockIconInfo
ord6
SHCreateShellItemArrayFromDataObject
SHAssocEnumHandlers
SHGetKnownFolderPath
ord100
SHBindToObject
SHCreateItemFromParsingName
ShellExecuteExW
ord846
ord27
ord21
ord68
SHGetKnownFolderIDList
ord22
ord132
ord2
ord4
ord134
SHGetFileInfoW
SHGetIDListFromObject
ShellExecuteW
Shell_NotifyIconW
SHGetFolderPathW
SHCreateItemInKnownFolder
SHGetPropertyStoreForWindow
Shell_NotifyIconGetRect
SHCreateItemFromIDList
SHCreateDefaultExtractIcon
SHChangeNotify
SHGetNameFromIDList
ord162
Shell_GetCachedImageIndexW
SHOpenFolderAndSelectItems
SHGetSpecialFolderPathW
ord193
SHBindToParent

ole32

CoAllowSetForegroundWindow
StringFromGUID2
CoGetInterfaceAndReleaseStream
CoCreateFreeThreadedMarshaler
CoRegisterClassObject
CoCreateGuid
CLSIDFromString
CoWaitForMultipleHandles
CoUninitialize
CoInitialize
RevokeDragDrop
RegisterDragDrop
CoCreateInstance
PropVariantClear
CoTaskMemAlloc
CoTaskMemFree
ReleaseStgMedium
CreateStreamOnHGlobal
CoInitializeEx
CoMarshalInterThreadInterfaceInStream

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GlassControls
LoadSVG
LoadSVGOrb
PickGlyphDlg
Startup
UninstallW
Uninstall_AllUsersW

Sections

.text
Size: 530KB - Virtual size: 530KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 142KB - Virtual size: 142KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/STARTISBACK/Styles/Plain8.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/STARTISBACK/Styles/Windows 7.msstyles
.dll windows:4 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 375KB - Virtual size: 375KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 110B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/STARTISBACK/UpdateCheck.exe
.exe windows:5 windows x86 arch:x86

f4bb95a2ed29767e199a8a83e34ea89d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_AGGRESIVE_WS_TRIM
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

Sleep
ExitProcess
GetModuleHandleW
GetStartupInfoW
GetCommandLineW

user32

FindWindowW
PostMessageW

shell32

SHLoadInProc

Sections

.text
Size: 1024B - Virtual size: 742B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

9dda1a1d1f8a1d13ae0297b47046b26e

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 392KB

.ndata Size: - Virtual size: 624KB

.rsrc Size: 42KB - Virtual size: 42KB

68b7023f8923dd087549802f8fa631c3

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

user32

kernel32

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 420B

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 294KB - Virtual size: 296KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 294KB - Virtual size: 296KB

f4bb95a2ed29767e199a8a83e34ea89d

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

shell32

Sections

.text Size: 1024B - Virtual size: 742B

.data Size: - Virtual size: 4B

.rsrc Size: 1024B - Virtual size: 976B

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 294KB - Virtual size: 296KB

Headers

DLL Characteristics

File Characteristics

Sections

.rsrc Size: 294KB - Virtual size: 296KB

78814ba3dca5854d429e851b774dd8aa

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54Certificate

Extended Key Usages

Key Usages

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47Certificate

Extended Key Usages

Key Usages

20:c1:88:80:ce:b5:61:19:64:5b:f6:7fCertificate

Extended Key Usages

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 392KB

.ndata
Size: - Virtual size: 624KB

.rsrc
Size: 42KB - Virtual size: 42KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 420B

.rsrc
Size: 294KB - Virtual size: 296KB

.rsrc
Size: 294KB - Virtual size: 296KB

.text
Size: 1024B - Virtual size: 742B

.data
Size: - Virtual size: 4B

.rsrc
Size: 1024B - Virtual size: 976B

.rsrc
Size: 294KB - Virtual size: 296KB

.rsrc
Size: 294KB - Virtual size: 296KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

fc:8d:81:95:80:d2:38:e0:54:13:db:58:fb:cd:1c:c6:10:bb:0b:75:05:d0:a7:0e:70:aa:67:c3:9d:39:ed:a4
Signer

.text
Size: 310KB - Virtual size: 309KB

.rdata
Size: 61KB - Virtual size: 60KB

.data
Size: 2KB - Virtual size: 5KB

.rsrc
Size: 145KB - Virtual size: 145KB

.reloc
Size: 27KB - Virtual size: 27KB

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

77:bd:0e:03:a1:b7:08:f8:54:ab:06:72:10:d9:04:47
Certificate

20:c1:88:80:ce:b5:61:19:64:5b:f6:7f
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

3f:ad:36:18:69:f6:5f:ae:46:93:33:a7:71:c1:fe:47:de:27:48:4a:35:55:48:46:94:ba:4e:5d:25:67:b8:e5
Signer