JLI_CmdToArgs
JLI_GetStdArgc
JLI_GetStdArgs
JLI_Launch
JLI_MemAlloc
JLI_ReportErrorMessage
JLI_ReportErrorMessageSys
JLI_ReportMessage
JLI_SetTraceLauncher
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
Static task
static1
1 signatures
Behavioral task
behavioral1
Sample
6.dll
Resource
win7-20240221-en
windows7-x64
8 signatures
150 seconds
Behavioral task
behavioral2
Sample
6.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
9 signatures
150 seconds
Behavioral task
behavioral3
Sample
MSVCR100.dll
Resource
win7-20240508-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral4
Sample
MSVCR100.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral5
Sample
i76.exe
Resource
win7-20240508-en
windows7-x64
5 signatures
150 seconds
Behavioral task
behavioral6
Sample
i76.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
13 signatures
150 seconds
Behavioral task
behavioral7
Sample
jli.dll
Resource
win7-20240221-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral8
Sample
jli.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
General
-
Target
12052024_1630_sis_allinone.zip
-
Size
18.8MB
-
MD5
573ed6c97f82e92d0024b27b59a23f88
-
SHA1
ee516439089c4300f136b8494bec5fc9eef6de24
-
SHA256
2f0c6c184a094f650fd043acc814f9b1e734e93eb7ce9b6a259ec2fbd36e8567
-
SHA512
449e4be38ce29091da29b78273e3c8b1d8e0e997e89bfac07697533af85d5e6114dc7c2c789056b29ac0367f2ae99b6927d4bf32555e0d407992ddf91492e346
-
SSDEEP
393216:mV5fcRBgay16aZkR1i7ZAa/ZbCBMGscy5ju+r9XeP9FXTjWycWB3Yu:mV5ERyaM6at7ZT/l2MGm5jBZXYXTCU2u
Score
3/10
Malware Config
Signatures
-
Unsigned PE 2 IoCs
Checks for missing Authenticode signature.
resource unpack001/6.ia unpack001/jli.dll
Files
-
12052024_1630_sis_allinone.zip.zip
Password: infected
-
6.ia.dll windows:5 windows x86 arch:x86
Password: infected
7a1a937e8a3376b0a27b0a6b443dc1a5
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI
Imports
oleaut32
SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayGetElemsize
SafeArrayPtrOfIndex
SafeArrayPutElement
SafeArrayGetElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopyInd
VariantCopy
VariantClear
VariantInit
GetErrorInfo
VariantInit
SysFreeString
advapi32
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegQueryInfoKeyW
RegOpenKeyExW
RegFlushKey
RegEnumValueW
RegEnumKeyExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
GetUserNameW
AdjustTokenPrivileges
RegNotifyChangeKeyValue
user32
CharNextW
LoadStringW
SetClassLongW
GetClassLongW
SetWindowLongW
GetWindowLongW
CreateWindowExW
mouse_event
keybd_event
WindowFromPoint
WindowFromDC
WaitMessage
VkKeyScanW
ValidateRect
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
ShowCaret
SetWindowRgn
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetTimer
SetSystemCursor
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetKeyboardState
SetForegroundWindow
SetFocus
SetCursorPos
SetCursor
SetClipboardData
SetCaretPos
SetCapture
SetActiveWindow
SendMessageTimeoutW
SendMessageA
SendMessageW
ScrollWindowEx
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassExW
RegisterClassW
RedrawWindow
PtInRect
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
NotifyWinEvent
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MoveWindow
MessageBoxIndirectW
MessageBoxA
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsRectEmpty
IsIconic
IsDialogMessageA
IsDialogMessageW
IsClipboardFormatAvailable
IsChild
IsCharAlphaNumericW
IsCharAlphaW
InvalidateRect
InsertMenuItemW
InsertMenuW
InflateRect
HideCaret
GetWindowThreadProcessId
GetWindowTextLengthW
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowDC
GetUpdateRect
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetScrollBarInfo
GetPropW
GetParent
GetWindow
GetMessageTime
GetMessagePos
GetMessageExtraInfo
GetMenuStringW
GetMenuState
GetMenuItemRect
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDoubleClickTime
GetDlgCtrlID
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetComboBoxInfo
GetClipboardData
GetClientRect
GetClassNameW
GetClassInfoExW
GetClassInfoW
GetCaretPos
GetCapture
GetAsyncKeyState
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
ExitWindowsEx
EnumWindows
EnumThreadWindows
EnumClipboardFormats
EnumChildWindows
EndPaint
EndMenu
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawStateW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DestroyCaret
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIconIndirect
CreateIcon
CreateCaret
CountClipboardFormats
CopyRect
CopyImage
CopyIcon
CloseClipboard
ClipCursor
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharUpperW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BringWindowToTop
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout
EnumDisplayMonitors
GetMonitorInfoW
MonitorFromPoint
MonitorFromRect
MonitorFromWindow
kernel32
Sleep
VirtualFree
VirtualAlloc
lstrlenW
VirtualQuery
QueryPerformanceCounter
GetTickCount
GetSystemInfo
GetVersion
CompareStringW
IsDBCSLeadByteEx
IsValidLocale
SetThreadLocale
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetLocaleInfoW
WideCharToMultiByte
MultiByteToWideChar
GetConsoleOutputCP
GetConsoleCP
GetACP
LoadLibraryExW
GetStartupInfoW
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetCommandLineW
FreeLibrary
GetLastError
UnhandledExceptionFilter
RtlUnwind
RaiseException
ExitProcess
ExitThread
SwitchToThread
GetCurrentThreadId
CreateThread
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
FindFirstFileW
FindClose
WriteFile
SetFilePointer
SetEndOfFile
ReadFile
GetFileType
GetFileSize
CreateFileW
GetStdHandle
CloseHandle
GetProcAddress
RaiseException
LoadLibraryA
GetLastError
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
LocalFree
LocalAlloc
FreeLibrary
lstrcpyW
lstrcmpW
WriteProcessMemory
WriteFile
WideCharToMultiByte
WaitForSingleObjectEx
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualProtect
VirtualFreeEx
VirtualFree
VirtualAllocEx
VirtualAlloc
VerSetConditionMask
VerifyVersionInfoW
UnmapViewOfFile
UnlockFileEx
UnlockFile
TryEnterCriticalSection
TerminateProcess
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
SwitchToThread
SuspendThread
Sleep
SizeofResource
SetThreadPriority
SetThreadLocale
SetProcessWorkingSetSize
SetPriorityClass
SetLastError
SetFileTime
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
SetConsoleTextAttribute
ResumeThread
ResetEvent
RemoveDirectoryW
ReadProcessMemory
ReadFile
RaiseException
QueryPerformanceFrequency
QueryPerformanceCounter
IsDebuggerPresent
OutputDebugStringA
OutputDebugStringW
OpenProcess
MultiByteToWideChar
MulDiv
MoveFileW
MapViewOfFile
LockResource
LockFileEx
LockFile
LocalFree
LoadResource
LoadLibraryA
LoadLibraryW
LeaveCriticalSection
LCMapStringW
IsValidLocale
IsBadReadPtr
InitializeCriticalSection
HeapValidate
HeapSize
HeapReAlloc
HeapFree
HeapDestroy
HeapCreate
HeapCompact
HeapAlloc
GlobalUnlock
GlobalSize
GlobalHandle
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVolumeInformationW
GetVersionExA
GetVersionExW
GetVersion
GetTimeZoneInformation
GetTickCount
GetThreadPriority
GetThreadLocale
GetTempPathA
GetTempPathW
GetSystemTimeAsFileTime
GetSystemTime
GetSystemInfo
GetStdHandle
GetProcessHeap
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameA
GetFullPathNameW
GetFileTime
GetFileSize
GetFileAttributesExW
GetFileAttributesA
GetFileAttributesW
GetExitCodeThread
GetEnvironmentVariableW
GetEnvironmentStringsW
GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetComputerNameW
GetCPInfoExW
GetCPInfo
GetACP
FreeResource
InterlockedExchange
InterlockedCompareExchange
FreeLibrary
FreeEnvironmentStringsW
FormatMessageA
FormatMessageW
FoldStringW
FlushViewOfFile
FlushInstructionCache
FlushFileBuffers
FindResourceW
FindNextFileW
FindFirstFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
ExitThread
EnumSystemLocalesW
EnumCalendarInfoW
EnterCriticalSection
DeleteFileA
DeleteFileW
DeleteCriticalSection
CreateThread
CreateMutexW
CreateFileMappingA
CreateFileMappingW
CreateFileA
CreateFileW
CreateEventW
CreateDirectoryW
CopyFileW
CompareStringW
CloseHandle
AreFileApisANSI
AllocConsole
Sleep
MulDiv
MulDiv
IsDebuggerPresent
OpenThread
GetConsoleWindow
gdi32
WidenPath
UnrealizeObject
TextOutW
StrokePath
StrokeAndFillPath
StretchDIBits
StretchBlt
StartPage
StartDocW
SetWindowOrgEx
SetWindowExtEx
SetWinMetaFileBits
SetViewportOrgEx
SetViewportExtEx
SetTextCharacterExtra
SetTextColor
SetTextAlign
SetStretchBltMode
SetRectRgn
SetROP2
SetPixelV
SetPixel
SetMapMode
SetGraphicsMode
SetEnhMetaFileBits
SetDIBits
SetDIBColorTable
SetDCPenColor
SetBrushOrgEx
SetBkMode
SetBkColor
SetBitmapBits
SetArcDirection
SetAbortProc
SelectPalette
SelectObject
SelectClipRgn
SelectClipPath
SaveDC
RoundRect
RestoreDC
ResizePalette
Rectangle
RectVisible
RealizePalette
PtVisible
PtInRegion
PolylineTo
Polyline
Polygon
PolyPolyline
PolyBezierTo
PolyBezier
PlgBlt
PlayEnhMetaFile
Pie
PathToRegion
PatBlt
OffsetRgn
MoveToEx
MaskBlt
LineTo
LPtoDP
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetViewportOrgEx
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetTextExtentExPointW
GetTextCharacterExtra
GetTextAlign
GetSystemPaletteEntries
GetStretchBltMode
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetNearestPaletteIndex
GetMapMode
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileDescriptionW
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetCurrentPositionEx
GetClipRgn
GetClipBox
GetBrushOrgEx
GetBkMode
GetBkColor
GetBitmapDimensionEx
GetBitmapBits
GdiFlush
FrameRgn
FillPath
ExtTextOutW
ExtSelectClipRgn
ExtFloodFill
ExtCreatePen
ExcludeClipRect
EnumFontsW
EnumFontFamiliesExW
EnumFontFamiliesW
EndPath
EndPage
EndDoc
Ellipse
DeleteObject
DeleteEnhMetaFile
DeleteDC
DPtoLP
CreateSolidBrush
CreateRoundRectRgn
CreateRectRgn
CreatePolygonRgn
CreatePenIndirect
CreatePen
CreatePalette
CreateICW
CreateHalftonePalette
CreateFontIndirectW
CreateEllipticRgnIndirect
CreateEllipticRgn
CreateDIBitmap
CreateDIBSection
CreateDCW
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
CombineRgn
CloseFigure
Chord
BitBlt
BeginPath
ArcTo
Arc
AngleArc
version
VerQueryValueA
VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW
netapi32
NetWkstaGetInfo
ole32
CreateStreamOnHGlobal
DoDragDrop
RevokeDragDrop
RegisterDragDrop
OleUninitialize
OleInitialize
CreateBindCtx
MkParseDisplayName
CoTaskMemFree
CoTaskMemAlloc
CLSIDFromProgID
CoCreateInstance
CoUninitialize
CoInitialize
IsEqualGUID
comctl32
InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_GetIcon
ImageList_Remove
ImageList_DrawEx
ImageList_Replace
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create
InitCommonControls
msvcrt
memset
memcpy
_endthreadex
_beginthreadex
shell32
SHGetFileInfoW
ShellExecuteW
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHGetMalloc
SHGetDesktopFolder
winspool.drv
OpenPrinterW
EnumPrintersW
DocumentPropertiesW
ClosePrinter
GetDefaultPrinterW
magnification
MagSetImageScalingCallback
MagSetWindowFilterList
MagSetWindowTransform
MagSetWindowSource
MagInitialize
wsock32
WSACleanup
WSAStartup
WSAGetLastError
WSACancelAsyncRequest
WSAAsyncGetServByName
WSAAsyncGetHostByName
WSAAsyncSelect
gethostname
getservbyname
gethostbyname
gethostbyaddr
socket
setsockopt
send
recv
ntohs
listen
ioctlsocket
inet_ntoa
inet_addr
htons
getsockname
getpeername
connect
closesocket
bind
winmm
timeGetTime
sndPlaySoundW
gdiplus
GdipSetImageAttributesColorKeys
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipRotateMatrix
GdipTranslateMatrix
GdipDeleteMatrix
GdipCreateMatrix
GdipSetWorldTransform
GdipAddPathPolygon
GdipBitmapGetPixel
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipDeleteRegion
GdipSetStringFormatHotkeyPrefix
GdipGetImageHeight
GdipGetImageWidth
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipFillPath
GdipDrawRectangle
GdipDrawImageRectRect
GdipDrawImageRect
GdipDrawImageI
GdipGetImageRawFormat
GdipSetStringFormatTrimming
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipDeleteStringFormat
GdipCreateStringFormat
GdipMeasureString
GdipDrawString
GdipDeleteFont
GdipCreateFont
GdipDeleteFontFamily
GdipCreateFontFamilyFromName
GdipFillRectangle
GdipDrawPath
GdipResetWorldTransform
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipDeleteGraphics
GdipCreateFromHDC
GdipDeletePen
GdipDrawEllipse
GdipCreatePen1
GdipGetPathGradientPointCount
GdipSetPathGradientCenterPointI
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipCreateLineBrushFromRect
GdipCreateSolidFill
GdipDeleteBrush
GdipAddPathEllipse
GdipAddPathArc
GdipAddPathLine
GdipClosePathFigure
GdipDeletePath
GdipCreatePath
GdipFillEllipse
GdiplusShutdown
GdiplusStartup
GdipFree
GdipAlloc
oleacc
LresultFromObject
ntdll
NtQueryInformationThread
Exports
Exports
Sections
.text Size: 8.4MB - Virtual size: 8.4MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 26KB - Virtual size: 26KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 170KB - Virtual size: 169KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 62KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 22KB - Virtual size: 21KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: 8KB - Virtual size: 7KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 402B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 69B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 676KB - Virtual size: 676KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 68.0MB - Virtual size: 68.0MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
MSVCR100.dll.dll windows:5 windows x86 arch:x86
Password: infected
5271d5ce8b44dd47bc92563e27585466
Code Sign
2e:ab:11:dc:50:ff:5c:9d:cb:c0Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before22/08/2007, 22:31Not After25/08/2012, 07:00SubjectCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:01:cf:3e:00:00:00:00:00:0fCertificate
IssuerCN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before07/12/2009, 22:40Not After07/03/2011, 22:40SubjectCN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2Certificate
IssuerCN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft CorporationNot Before16/09/2006, 01:04Not After15/09/2019, 07:00SubjectCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign
61:06:94:2d:00:00:00:00:00:09Certificate
IssuerCN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USNot Before25/07/2008, 19:02Not After25/07/2013, 19:12SubjectCN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
05:c5:93:9c:0d:cd:fc:08:2e:51:ee:8e:e1:e0:0f:4b:d3:83:4c:d6Signer
Actual PE Digest05:c5:93:9c:0d:cd:fc:08:2e:51:ee:8e:e1:e0:0f:4b:d3:83:4c:d6Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
msvcr100.i386.pdb
Imports
kernel32
EncodePointer
DecodePointer
RaiseException
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetCurrentThreadId
TlsGetValue
GetCommandLineW
GetCommandLineA
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileExA
FindClose
FindNextFileW
FindFirstFileExW
GetLogicalDrives
GetDiskFreeSpaceA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
Sleep
Beep
GetFileAttributesA
SetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFullPathNameA
GetDriveTypeW
GetCurrentProcessId
CreateDirectoryA
MoveFileA
RemoveDirectoryA
GetDriveTypeA
DeleteFileA
GetFileAttributesW
SetEnvironmentVariableW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryA
FreeLibrary
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
InterlockedPopEntrySList
InterlockedFlushSList
QueryDepthSList
InterlockedPushEntrySList
CreateTimerQueue
CreateTimerQueueTimer
DeleteTimerQueueTimer
SetEvent
CreateEventW
SwitchToThread
SignalObjectAndWait
TryEnterCriticalSection
GetTickCount
VirtualFree
GetVersionExW
SetThreadPriority
VirtualAlloc
GetSystemInfo
GetProcessAffinityMask
VirtualProtect
SetThreadAffinityMask
InitializeSListHead
ReleaseSemaphore
CreateSemaphoreW
WaitForMultipleObjects
GetThreadPriority
LoadLibraryW
SleepEx
OutputDebugStringW
FreeLibraryAndExitThread
GetModuleHandleA
GetThreadTimes
DebugBreak
MultiByteToWideChar
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
GetTimeFormatW
GetDateFormatW
RtlUnwind
HeapAlloc
HeapFree
HeapCreate
HeapDestroy
HeapQueryInformation
HeapReAlloc
HeapSize
HeapValidate
HeapCompact
HeapWalk
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoW
GetFileInformationByHandle
PeekNamedPipe
CreateFileA
CreateFileW
SetFilePointer
GetConsoleCP
GetConsoleMode
FlushFileBuffers
CreatePipe
SetStdHandle
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleW
ReadConsoleW
SetEndOfFile
GetProcessHeap
InterlockedExchange
LockFile
UnlockFile
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
SetConsoleCtrlHandler
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
LCMapStringW
CompareStringW
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsProcessorFeaturePresent
Exports
Exports
$I10_OUTPUT
??0?$_SpinWait@$00@details@Concurrency@@QAE@P6AXXZ@Z
??0?$_SpinWait@$0A@@details@Concurrency@@QAE@P6AXXZ@Z
??0SchedulerPolicy@Concurrency@@QAA@IZZ
??0SchedulerPolicy@Concurrency@@QAE@ABV01@@Z
??0SchedulerPolicy@Concurrency@@QAE@XZ
??0_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_ReaderWriterLock@details@Concurrency@@QAE@XZ
??0_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??0_ReentrantLock@details@Concurrency@@QAE@XZ
??0_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??0_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@AAV123@@Z
??0_SpinLock@details@Concurrency@@QAE@ACJ@Z
??0_TaskCollection@details@Concurrency@@QAE@XZ
??0_Timer@details@Concurrency@@IAE@I_N@Z
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0__non_rtti_object@std@@QAE@PBD@Z
??0bad_cast@std@@AAE@PBQBD@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@PBD@Z
??0bad_target@Concurrency@@QAE@XZ
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@PBD@Z
??0context_self_unblock@Concurrency@@QAE@XZ
??0context_unblock_unbalanced@Concurrency@@QAE@PBD@Z
??0context_unblock_unbalanced@Concurrency@@QAE@XZ
??0critical_section@Concurrency@@QAE@XZ
??0default_scheduler_exists@Concurrency@@QAE@PBD@Z
??0default_scheduler_exists@Concurrency@@QAE@XZ
??0event@Concurrency@@QAE@XZ
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??0improper_lock@Concurrency@@QAE@PBD@Z
??0improper_lock@Concurrency@@QAE@XZ
??0improper_scheduler_attach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_attach@Concurrency@@QAE@XZ
??0improper_scheduler_detach@Concurrency@@QAE@PBD@Z
??0improper_scheduler_detach@Concurrency@@QAE@XZ
??0improper_scheduler_reference@Concurrency@@QAE@PBD@Z
??0improper_scheduler_reference@Concurrency@@QAE@XZ
??0invalid_link_target@Concurrency@@QAE@PBD@Z
??0invalid_link_target@Concurrency@@QAE@XZ
??0invalid_multiple_scheduling@Concurrency@@QAE@PBD@Z
??0invalid_multiple_scheduling@Concurrency@@QAE@XZ
??0invalid_operation@Concurrency@@QAE@PBD@Z
??0invalid_operation@Concurrency@@QAE@XZ
??0invalid_oversubscribe_operation@Concurrency@@QAE@PBD@Z
??0invalid_oversubscribe_operation@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_key@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_key@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_thread_specification@Concurrency@@QAE@XZ
??0invalid_scheduler_policy_value@Concurrency@@QAE@PBD@Z
??0invalid_scheduler_policy_value@Concurrency@@QAE@XZ
??0message_not_found@Concurrency@@QAE@PBD@Z
??0message_not_found@Concurrency@@QAE@XZ
??0missing_wait@Concurrency@@QAE@PBD@Z
??0missing_wait@Concurrency@@QAE@XZ
??0nested_scheduler_missing_detach@Concurrency@@QAE@PBD@Z
??0nested_scheduler_missing_detach@Concurrency@@QAE@XZ
??0operation_timed_out@Concurrency@@QAE@PBD@Z
??0operation_timed_out@Concurrency@@QAE@XZ
??0reader_writer_lock@Concurrency@@QAE@XZ
??0scheduler_not_attached@Concurrency@@QAE@PBD@Z
??0scheduler_not_attached@Concurrency@@QAE@XZ
??0scheduler_resource_allocation_error@Concurrency@@QAE@J@Z
??0scheduler_resource_allocation_error@Concurrency@@QAE@PBDJ@Z
??0scoped_lock@critical_section@Concurrency@@QAE@AAV12@@Z
??0scoped_lock@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0scoped_lock_read@reader_writer_lock@Concurrency@@QAE@AAV12@@Z
??0task_canceled@details@Concurrency@@QAE@PBD@Z
??0task_canceled@details@Concurrency@@QAE@XZ
??0unsupported_os@Concurrency@@QAE@PBD@Z
??0unsupported_os@Concurrency@@QAE@XZ
??1SchedulerPolicy@Concurrency@@QAE@XZ
??1_NonReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_ReentrantBlockingLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_NonReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_Scoped_lock@_ReentrantPPLLock@details@Concurrency@@QAE@XZ
??1_SpinLock@details@Concurrency@@QAE@XZ
??1_TaskCollection@details@Concurrency@@QAE@XZ
??1_Timer@details@Concurrency@@IAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1critical_section@Concurrency@@QAE@XZ
??1event@Concurrency@@QAE@XZ
??1exception@std@@UAE@XZ
??1reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock@critical_section@Concurrency@@QAE@XZ
??1scoped_lock@reader_writer_lock@Concurrency@@QAE@XZ
??1scoped_lock_read@reader_writer_lock@Concurrency@@QAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4?$_SpinWait@$00@details@Concurrency@@QAEAAV012@ABV012@@Z
??4?$_SpinWait@$0A@@details@Concurrency@@QAEAAV012@ABV012@@Z
??4SchedulerPolicy@Concurrency@@QAEAAV01@ABV01@@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_F?$_SpinWait@$00@details@Concurrency@@QAEXXZ
??_F?$_SpinWait@$0A@@details@Concurrency@@QAEXXZ
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?Alloc@Concurrency@@YAPAXI@Z
?Block@Context@Concurrency@@SAXXZ
?Create@CurrentScheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?Create@Scheduler@Concurrency@@SAPAV12@ABVSchedulerPolicy@2@@Z
?CreateResourceManager@Concurrency@@YAPAUIResourceManager@1@XZ
?CreateScheduleGroup@CurrentScheduler@Concurrency@@SAPAVScheduleGroup@2@XZ
?CurrentContext@Context@Concurrency@@SAPAV12@XZ
?Detach@CurrentScheduler@Concurrency@@SAXXZ
?DisableTracing@Concurrency@@YAJXZ
?EnableTracing@Concurrency@@YAJXZ
?Free@Concurrency@@YAXPAX@Z
?Get@CurrentScheduler@Concurrency@@SAPAVScheduler@2@XZ
?GetExecutionContextId@Concurrency@@YAIXZ
?GetNumberOfVirtualProcessors@CurrentScheduler@Concurrency@@SAIXZ
?GetOSVersion@Concurrency@@YA?AW4OSVersion@IResourceManager@1@XZ
?GetPolicy@CurrentScheduler@Concurrency@@SA?AVSchedulerPolicy@2@XZ
?GetPolicyValue@SchedulerPolicy@Concurrency@@QBEIW4PolicyElementKey@2@@Z
?GetProcessorCount@Concurrency@@YAIXZ
?GetProcessorNodeCount@Concurrency@@YAIXZ
?GetSchedulerId@Concurrency@@YAIXZ
?GetSharedTimerQueue@details@Concurrency@@YAPAXXZ
?Id@Context@Concurrency@@SAIXZ
?Id@CurrentScheduler@Concurrency@@SAIXZ
?IsCurrentTaskCollectionCanceling@Context@Concurrency@@SA_NXZ
?Log2@details@Concurrency@@YAKI@Z
?Oversubscribe@Context@Concurrency@@SAX_N@Z
?RegisterShutdownEvent@CurrentScheduler@Concurrency@@SAXPAX@Z
?ResetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXXZ
?ScheduleGroupId@Context@Concurrency@@SAIXZ
?ScheduleTask@CurrentScheduler@Concurrency@@SAXP6AXPAX@Z0@Z
?SetConcurrencyLimits@SchedulerPolicy@Concurrency@@QAEXII@Z
?SetDefaultSchedulerPolicy@Scheduler@Concurrency@@SAXABVSchedulerPolicy@2@@Z
?SetPolicyValue@SchedulerPolicy@Concurrency@@QAEIW4PolicyElementKey@2@I@Z
?VirtualProcessorId@Context@Concurrency@@SAIXZ
?Yield@Context@Concurrency@@SAXXZ
?_Abort@_StructuredTaskCollection@details@Concurrency@@AAEXXZ
?_Acquire@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_NonReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_Acquire@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Acquire@_ReentrantPPLLock@details@Concurrency@@QAEXPAX@Z
?_AcquireRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_AcquireWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Cancel@_StructuredTaskCollection@details@Concurrency@@QAEXXZ
?_Cancel@_TaskCollection@details@Concurrency@@QAEXXZ
?_CheckTaskCollection@_UnrealizedChore@details@Concurrency@@IAEXXZ
?_ConcRT_Assert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_CoreAssert@details@Concurrency@@YAXPBD0H@Z
?_ConcRT_DumpMessage@details@Concurrency@@YAXPB_WZZ
?_ConcRT_Trace@details@Concurrency@@YAXHPB_WZZ
?_Copy_str@exception@std@@AAEXPBD@Z
?_DoYield@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_DoYield@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_IsCanceling@_StructuredTaskCollection@details@Concurrency@@QAE_NXZ
?_IsCanceling@_TaskCollection@details@Concurrency@@QAE_NXZ
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_NumberOfSpins@?$_SpinWait@$00@details@Concurrency@@IAEKXZ
?_NumberOfSpins@?$_SpinWait@$0A@@details@Concurrency@@IAEKXZ
?_Release@_NonReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_NonReentrantPPLLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantBlockingLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantLock@details@Concurrency@@QAEXXZ
?_Release@_ReentrantPPLLock@details@Concurrency@@QAEXXZ
?_ReleaseRead@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_ReleaseWrite@_ReaderWriterLock@details@Concurrency@@QAEXXZ
?_Reset@?$_SpinWait@$00@details@Concurrency@@IAEXXZ
?_Reset@?$_SpinWait@$0A@@details@Concurrency@@IAEXXZ
?_RunAndWait@_StructuredTaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_RunAndWait@_TaskCollection@details@Concurrency@@QAG?AW4_TaskCollectionStatus@23@PAV_UnrealizedChore@23@@Z
?_Schedule@_StructuredTaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_Schedule@_TaskCollection@details@Concurrency@@QAEXPAV_UnrealizedChore@23@@Z
?_SetSpinCount@?$_SpinWait@$00@details@Concurrency@@QAEXI@Z
?_SetSpinCount@?$_SpinWait@$0A@@details@Concurrency@@QAEXI@Z
?_ShouldSpinAgain@?$_SpinWait@$00@details@Concurrency@@IAE_NXZ
?_ShouldSpinAgain@?$_SpinWait@$0A@@details@Concurrency@@IAE_NXZ
?_SpinOnce@?$_SpinWait@$00@details@Concurrency@@QAE_NXZ
?_SpinOnce@?$_SpinWait@$0A@@details@Concurrency@@QAE_NXZ
?_SpinYield@Context@Concurrency@@SAXXZ
?_Start@_Timer@details@Concurrency@@IAEXXZ
?_Stop@_Timer@details@Concurrency@@IAEXXZ
?_Tidy@exception@std@@AAEXXZ
?_Trace_ppl_function@Concurrency@@YAXABU_GUID@@EW4ConcRT_EventType@1@@Z
?_TryAcquire@_NonReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantBlockingLock@details@Concurrency@@QAE_NXZ
?_TryAcquire@_ReentrantLock@details@Concurrency@@QAE_NXZ
?_TryAcquireWrite@_ReaderWriterLock@details@Concurrency@@QAE_NXZ
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_UnderlyingYield@details@Concurrency@@YAXXZ
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_Value@_SpinCount@details@Concurrency@@SAIXZ
?__ExceptionPtrAssign@@YAXPAXPBX@Z
?__ExceptionPtrCompare@@YA_NPBX0@Z
?__ExceptionPtrCopy@@YAXPAXPBX@Z
?__ExceptionPtrCopyException@@YAXPAXPBX1@Z
?__ExceptionPtrCreate@@YAXPAX@Z
?__ExceptionPtrCurrentException@@YAXPAX@Z
?__ExceptionPtrDestroy@@YAXPAX@Z
?__ExceptionPtrRethrow@@YAXPBX@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?get_error_code@scheduler_resource_allocation_error@Concurrency@@QBEJXZ
?lock@critical_section@Concurrency@@QAEXXZ
?lock@reader_writer_lock@Concurrency@@QAEXXZ
?lock_read@reader_writer_lock@Concurrency@@QAEXXZ
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?native_handle@critical_section@Concurrency@@QAEAAV12@XZ
?raw_name@type_info@@QBEPBDXZ
?reset@event@Concurrency@@QAEXXZ
?set@event@Concurrency@@QAEXXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?try_lock@critical_section@Concurrency@@QAE_NXZ
?try_lock@reader_writer_lock@Concurrency@@QAE_NXZ
?try_lock_read@reader_writer_lock@Concurrency@@QAE_NXZ
?unexpected@@YAXXZ
?unlock@critical_section@Concurrency@@QAEXXZ
?unlock@reader_writer_lock@Concurrency@@QAEXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?wait@Concurrency@@YAXI@Z
?wait@event@Concurrency@@QAEII@Z
?wait_for_multiple@event@Concurrency@@SAIPAPAV12@I_NI@Z
?what@exception@std@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p
Sections
.text Size: 709KB - Virtual size: 708KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 19KB - Virtual size: 22KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 19KB - Virtual size: 19KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
i76.exe.exe windows:5 windows x86 arch:x86
Password: infected
d3310ce6cbcacb3a9f0809bc33e38abe
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
12:f0:27:7e:0f:23:3b:39:f9:41:9b:06:e8:cd:e3:52Certificate
IssuerCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USNot Before14/04/2015, 00:00Not After13/04/2018, 23:59SubjectCN=Oracle America\, Inc.,OU=Code Signing Bureau,O=Oracle America\, Inc.,L=Redwood Shores,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before10/12/2013, 00:00Not After09/12/2023, 23:59SubjectCN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
a3:49:3b:ab:b5:90:11:cd:5b:ba:2a:b0:22:0f:b2:cb:38:f5:83:b4Signer
Actual PE Digesta3:49:3b:ab:b5:90:11:cd:5b:ba:2a:b0:22:0f:b2:cb:38:f5:83:b4Digest Algorithmsha1PE Digest MatchestrueHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
c:\workspace\8-2-build-windows-i586-cygwin\jdk8u92\6642\build\windows-i586\jdk\objs\kinit_objs\kinit.pdb
Imports
jli
JLI_CmdToArgs
JLI_GetStdArgc
JLI_MemAlloc
JLI_GetStdArgs
JLI_Launch
msvcr100
_initterm_e
_configthreadlocale
__setusermatherr
_commode
_fmode
_initterm
?terminate@@YAXXZ
_unlock
__dllonexit
_lock
_onexit
_except_handler4_common
_invoke_watson
_controlfp_s
_crt_debugger_hook
__initenv
exit
_XcptFilter
_exit
_cexit
__getmainargs
_amsg_exit
getenv
printf
__argc
__argv
__set_app_type
kernel32
IsDebuggerPresent
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DecodePointer
SetUnhandledExceptionFilter
EncodePointer
HeapSetInformation
InterlockedCompareExchange
Sleep
InterlockedExchange
GetCommandLineA
GetCurrentProcessId
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 940B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 3KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 472B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
jli.dll.dll windows:6 windows x86 arch:x86
Password: infected
254a5a964df196e175f5993e2dd96e3e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
SetFileAttributesW
SetFileTime
QueryDosDeviceW
GetACP
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
TlsAlloc
QueryPerformanceFrequency
IsDebuggerPresent
GetFullPathNameW
VirtualFree
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
EnumSystemLocalesW
GetStdHandle
GetTimeZoneInformation
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
GetLastError
GetModuleFileNameW
SetLastError
GlobalAlloc
GlobalUnlock
FindResourceW
CreateThread
CompareStringW
CopyFileW
MapViewOfFile
LoadLibraryA
GetVolumeInformationW
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
GetCurrentThread
GetLogicalDrives
LoadLibraryExW
TerminateProcess
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
GlobalFindAtomW
VirtualQueryEx
GlobalFree
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GlobalDeleteAtom
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
GlobalLock
VirtualAlloc
GetTempPathW
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
TlsFree
UnmapViewOfFile
lstrlenW
CompareStringA
QueryPerformanceCounter
SetEndOfFile
lstrcmpW
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
SystemTimeToFileTime
EnumResourceNamesW
DeleteFileW
GetEnvironmentVariableW
GetLocalTime
GetConsoleWindow
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
TzSpecificLocalTimeToSystemTime
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale
comctl32
FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
ImageList_GetDragImage
FlatSB_SetScrollProp
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
FlatSB_GetScrollInfo
ImageList_Write
ImageList_DrawIndirect
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_Draw
ImageList_Remove
shell32
IsUserAnAdmin
Shell_NotifyIconW
SHAppBarMessage
ShellExecuteW
ShellExecuteExW
ole32
IsEqualGUID
OleInitialize
OleUninitialize
CoInitialize
CoCreateInstance
CoUninitialize
CoTaskMemFree
CoTaskMemAlloc
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
user32
CopyImage
CreateWindowExW
ChildWindowFromPoint
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
GetUpdateRect
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
OffsetRect
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
ShowOwnedPopups
GetSystemMenu
GetScrollRange
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
GetKeyboardLayoutList
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
GetClipboardData
SetClipboardData
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
DrawTextW
SetScrollRange
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
RemovePropW
UpdateWindow
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
EmptyClipboard
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowPos
SetWindowRgn
GetMenuItemCount
RemoveMenu
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
OpenClipboard
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
CountClipboardFormats
CloseClipboard
DestroyCursor
EnumClipboardFormats
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
ValidateRect
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
CreateIconIndirect
FindWindowW
DeleteMenu
GetKeyboardLayout
oleaut32
SafeArrayPutElement
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SafeArrayAccessData
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayPtrOfIndex
SafeArrayGetElemsize
VariantCopy
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopyInd
VariantChangeType
msvcrt
memcpy
memset
advapi32
RegEnumKeyExW
RegFlushKey
RegQueryValueExW
GetUserNameW
RegCloseKey
RegQueryInfoKeyW
RegOpenKeyExW
gdi32
Arc
Pie
SetBkMode
SelectPalette
CreateCompatibleBitmap
GetEnhMetaFileHeader
ExcludeClipRect
SetWindowOrgEx
RectVisible
MaskBlt
AngleArc
DeleteEnhMetaFile
ResizePalette
Chord
SetTextColor
SetDIBits
StretchBlt
SetViewportOrgEx
CreateRectRgn
RealizePalette
GetDIBColorTable
SetDIBColorTable
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
GetWindowOrgEx
CreatePalette
CreateBrushIndirect
PatBlt
SetEnhMetaFileBits
PolyBezierTo
GetStockObject
CreateSolidBrush
Polygon
Rectangle
MoveToEx
DeleteDC
SaveDC
PlayEnhMetaFile
BitBlt
Ellipse
FrameRgn
GetDeviceCaps
GetBitmapBits
GetTextExtentPoint32W
GetClipBox
Polyline
IntersectClipRect
GetEnhMetaFileBits
GetSystemPaletteEntries
CreateBitmap
SetWinMetaFileBits
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
CreatePenIndirect
GetDIBits
GetEnhMetaFilePaletteEntries
SetStretchBltMode
CreateFontIndirectW
PolyBezier
LineTo
GetRgnBox
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
CopyEnhMetaFileW
SetBkColor
CreateCompatibleDC
GetObjectW
GetBrushOrgEx
GetCurrentPositionEx
GetWinMetaFileBits
SetROP2
GetNearestPaletteIndex
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetEnhMetaFileDescriptionW
GetPixel
ArcTo
GdiFlush
SetPixel
EnumFontFamiliesExW
StretchDIBits
GetPaletteEntries
Exports
Exports
JLI_CmdToArgs
JLI_GetStdArgc
JLI_GetStdArgs
JLI_Launch
JLI_MemAlloc
JLI_ReportErrorMessage
JLI_ReportErrorMessageSys
JLI_ReportMessage
JLI_SetTraceLauncher
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr
Sections
.text Size: 4.2MB - Virtual size: 4.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.itext Size: 15KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.data Size: 58KB - Virtual size: 58KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.bss Size: - Virtual size: 30KB
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.idata Size: 12KB - Virtual size: 12KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.didata Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.edata Size: 512B - Virtual size: 395B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 69B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 456KB - Virtual size: 456KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.rsrc Size: 456KB - Virtual size: 456KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.debug Size: 24.9MB - Virtual size: 24.9MB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ