Radmin[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

Radmin.zip
Size

8.4MB
MD5

d7aec3a7d5fef1237cd6e4d8f508c53c
SHA1

9441fef7bb1fe827b2f476c7141002ef8eb2bf24
SHA256

6b689ea99ec6168c6a070ade3326e2458d6efd71e6fe3459c432002ac4f0a729
SHA512

1622a644776f0a588e653e2583fe117a1d96164dd6031b809bbbd51a0927385cc1e8a01a7e504de1c6913115689248931f254b75be74f02d8b31fa48fa9632e7
SSDEEP

196608:FSNaKrCia/fYUa8aXD/AJEdnnfp6DmbBZyOguJVkT+Y/:eaKrCjIF8Q/JdnnfqQE/uvkT+c

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/keymaker.exe	upx

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/RadminViewer 3.4/2052.lng_rad
unpack001/keymaker.exe
unpack002/out.upx

Files

Radmin.zip
.zip
RadminViewer 3.4/2052.lng_rad
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 512B - Virtual size: 6B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 95KB - Virtual size: 95KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RadminViewer 3.4/CHATLOGS/info.txt
RadminViewer 3.4/ChatLPCx.dll
.dll windows:4 windows x86 arch:x86

d3299a0b1df79751863c512035c2c808

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:a2:0d:8e:f5:9b:9b:c8:7e:4d:99:10:f2:f5:a4:86
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/09/2009, 00:00

Not After

21/09/2010, 23:59

Subject

CN=Famatech International Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Famatech International Corp.,L=Road Town,ST=Tortola,C=VG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

o:\Builder\BuildRoot\out\Release\Radmin\x86\chatlpcx.pdb

Imports

kernel32

LoadResource
GetCurrentThreadId
CreateFileA
EnumResourceLanguagesA
CompareStringA
SetLastError
RaiseException
SetEnvironmentVariableA
LCMapStringA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeA
RtlUnwind
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
GetDateFormatA
GetTimeFormatA
GetOEMCP
GetACP
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
FindResourceA
SetFilePointer
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapCreate
HeapDestroy
HeapReAlloc
GetProcessHeap
GetCommandLineA
GetSystemTimeAsFileTime
CreateThread
ExitThread
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapFree
HeapAlloc
GetModuleHandleA
LockResource
SizeofResource
VirtualAlloc
VirtualFree
CloseHandle
DeleteCriticalSection
EnterCriticalSection
ReleaseSemaphore
LeaveCriticalSection
InitializeCriticalSection
SetEvent
WaitForSingleObject
GetLocaleInfoA
FreeLibrary
GetVersionExA
LoadLibraryA
MulDiv
GetLastError
Sleep
InterlockedExchange
ReadFile
GetVersion

user32

VkKeyScanA
CreatePopupMenu
ValidateRect
IsIconic
CharLowerA
SetWindowPlacement
SetCursor
GetWindowPlacement
ReleaseCapture
GetCursorPos
VkKeyScanExA
DrawTextA
TrackPopupMenu
GetFocus
RegisterClassExA
CreateDialogParamA
GetKeyboardLayout
PtInRect
SetCapture
GetAsyncKeyState
CopyIcon
EnableMenuItem
DestroyMenu
GetActiveWindow
GetSubMenu
GetForegroundWindow
FlashWindow
GetMenu
MapWindowPoints
GetDlgCtrlID
SendDlgItemMessageA
EnumDisplaySettingsA
GetSysColor
GetSysColorBrush
SetActiveWindow
MessageBoxA
EnumChildWindows
GetWindowTextA
KillTimer
IsDialogMessageA
TranslateMessage
CopyRect
IsWindow
DestroyIcon
PostMessageA
GetDlgItem
SetForegroundWindow
DispatchMessageA
GetMessageA
PostQuitMessage
GetSystemMetrics
SetWindowTextA
SetTimer
SetRect
IntersectRect
SetFocus
LoadAcceleratorsA
LoadImageA
LoadMenuA
LoadIconA
GetDC
ReleaseDC
GetParent
SetWindowPos
SetScrollInfo
GetWindowRect
GetScrollInfo
InvalidateRect
MoveWindow
GetClientRect
SendMessageA
SetRectEmpty
UnregisterClassA
CreateWindowExA
UpdateWindow
DefWindowProcA
ShowWindow
DestroyWindow
RegisterClassA
ActivateKeyboardLayout

gdi32

CreateCompatibleDC
DeleteDC
SetTextColor
GetPixel
DeleteObject
SetBkMode
GetObjectA
GetDeviceCaps
CreateFontIndirectA
GetStockObject
CreateCompatibleBitmap
PatBlt
SelectObject
SetBkColor
CreateSolidBrush

shell32

Shell_NotifyIconA
ShellExecuteA

comdlg32

GetSaveFileNameA

winmm

PlaySoundA

comctl32

ImageList_ReplaceIcon
ImageList_LoadImageW
ord17
ImageList_Destroy
ImageList_Create

Exports

Exports

Deinit
Init
_GetClientsArray@4

Sections

.text
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RadminViewer 3.4/Radmin.exe
.exe windows:4 windows x86 arch:x86

18c5f2677bef8d93f7ad4544be510d2d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:a2:0d:8e:f5:9b:9b:c8:7e:4d:99:10:f2:f5:a4:86
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/09/2009, 00:00

Not After

21/09/2010, 23:59

Subject

CN=Famatech International Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Famatech International Corp.,L=Road Town,ST=Tortola,C=VG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualFree
VirtualAlloc
LoadLibraryA
GetModuleHandleA
VirtualProtect
GetProcAddress
GetStringTypeA
LCMapStringW
RtlUnwind
HeapAlloc
HeapFree
GetStartupInfoA
GetCommandLineA
GetVersion
ExitProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapReAlloc
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
WriteFile
GetCPInfo
GetACP
GetOEMCP
MultiByteToWideChar
LCMapStringA
GetStringTypeW

user32

MessageBoxA

Exports

Exports

_LoadResourceModule@0

Sections

.text
Size: 40KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Sec0
Size: - Virtual size: 786KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Sec1
Size: - Virtual size: 86KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Sec2
Size: - Virtual size: 50KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.Sec3
Size: - Virtual size: 46KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 820KB - Virtual size: 816KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RadminViewer 3.4/WinLpcDl.dll
.dll windows:4 windows x86 arch:x86

f433e7fcc51e68080022754836705744

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:a2:0d:8e:f5:9b:9b:c8:7e:4d:99:10:f2:f5:a4:86
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/09/2009, 00:00

Not After

21/09/2010, 23:59

Subject

CN=Famatech International Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Famatech International Corp.,L=Road Town,ST=Tortola,C=VG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
LoadLibraryA
GetProcAddress
ExitProcess
VirtualAlloc
VirtualFree

user32

MessageBoxA

Exports

Exports

_WinNtLpcAlloc@4
_WinNtLpcCRITICAL_SHUTDOWN@0
_WinNtLpcCallOnClient@4
_WinNtLpcClient2Server@28
_WinNtLpcCloseInstance@12
_WinNtLpcCreateNewInstance@12
_WinNtLpcCreateServerPort@4
_WinNtLpcDontCheckCallbackTime@4
_WinNtLpcEnterCriticalRegion@0
_WinNtLpcFree@4
_WinNtLpcFreeDll@0
_WinNtLpcGetActiveSessionID@0
_WinNtLpcGetCurrentSessionID@0
_WinNtLpcGetNextPacketID@4
_WinNtLpcGetSessionsList@8
_WinNtLpcIsDllInStopMode@0
_WinNtLpcIsRunningAsService@0
_WinNtLpcLeaveCriticalRegion@0
_WinNtLpcPostMessage2Client@24
_WinNtLpcPostMessage2Server@16
_WinNtLpcRegisterNewClient@8
_WinNtLpcRegisterUpdate@4
_WinNtLpcServer2Client@36
_WinNtLpcSetQuietModeOn@0
_WinNtLpcSetTrueDesktopForNewThread@0
_WinNtLpcUpdateSessionInfo@0
_WinNtLpc_DoNotCall@4
_WinNtLpc_Fast_Client2Server@28
_WinNtLpc_Fast_Server2Client@28
_WinNtLpc_IsScreenSaverDesktopActive@4

Sections

.text
Size: - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

utysiqm9
Size: - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

3epo84m3
Size: - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

rsnmiyve
Size: 157KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

y7ykgryo
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
RadminViewer 3.4/amt.dll
.dll windows:4 windows x86 arch:x86

b4c9ab5d648579ecca534944f4337d35

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:a2:0d:8e:f5:9b:9b:c8:7e:4d:99:10:f2:f5:a4:86
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/09/2009, 00:00

Not After

21/09/2010, 23:59

Subject

CN=Famatech International Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Famatech International Corp.,L=Road Town,ST=Tortola,C=VG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

o:\Builder\BuildRoot\out\Release\Radmin\x86\Raamt.pdb

Imports

kernel32

VirtualFree
VirtualAlloc
FormatMessageA
SetLastError
GetVersionExW
GetCurrentThreadId
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetDriveTypeA
GetLogicalDrives
CreateFileW
InitializeCriticalSection
DeleteCriticalSection
GetLastError
ExpandEnvironmentStringsA
ReadFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetFilePointer
GetLocaleInfoA
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
RaiseException
RtlUnwind
GetStringTypeW
LCMapStringW
LCMapStringA
SetStdHandle
GetStartupInfoA
GetFileType
SetHandleCount
GetModuleHandleW
GetOEMCP
GetACP
HeapSize
CreateFileA
FlushFileBuffers
GetConsoleCP
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
HeapCreate
HeapDestroy
GetProcessHeap
GetVersionExA
GetCommandLineA
CreateThread
ExitThread
GetSystemTimeAsFileTime
GetCPInfo
InterlockedDecrement
CreateSemaphoreW
ReleaseSemaphore
WaitForSingleObject
WaitForMultipleObjects
Sleep
GetVersion
InterlockedExchange
MultiByteToWideChar
GetModuleHandleA
LockResource
LoadLibraryA
GetProcAddress
SizeofResource
LoadResource
GetStringTypeA
FindResourceA
EnterCriticalSection
LeaveCriticalSection
GetModuleFileNameW
WideCharToMultiByte
HeapReAlloc
IsDebuggerPresent
SetUnhandledExceptionFilter
CloseHandle
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
ExitProcess
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
HeapFree
HeapAlloc
GetTickCount
CreateWaitableTimerA
SetWaitableTimer
IsValidCodePage

user32

GetMessageW
LoadImageA
LoadMenuA
UnregisterClassA
RegisterClassExW
DefWindowProcW
UpdateWindow
UnregisterClassW
RegisterClassExA
CreateDialogParamA
CreateWindowExW
CreateDialogParamW
DestroyWindow
ShowWindow
DefWindowProcA
IsWindowUnicode
CreateWindowExA
GetWindowLongW
MoveWindow
PostMessageA
IsWindow
CopyRect
SetRect
GetWindowTextA
GetParent
SetForegroundWindow
SetWindowTextW
GetDlgItem
LoadCursorA
EnableWindow
MapWindowPoints
GetWindowTextW
SendMessageW
SetWindowTextA
SendMessageA
GetWindowRect
IsWindowVisible
SetFocus
SetRectEmpty
GetSystemMetrics
CloseClipboard
SetClipboardData
EmptyClipboard
GetClipboardData
OpenClipboard
SetWindowLongW
ReleaseDC
GetDC
IsDialogMessageA
TranslateMessage
IsDialogMessageW
GetFocus
GetClassLongA
GetMessageA
DispatchMessageW
DispatchMessageA
BeginPaint
PostQuitMessage
GetClassLongW
CheckMenuItem
GetMenu
GetAsyncKeyState
GetClientRect
InvalidateRect
EndPaint

gdi32

GetTextExtentPoint32W
SetBkColor
CreateSolidBrush
CreateCompatibleBitmap
SelectObject
BitBlt
SetTextColor
DeleteDC
CreateCompatibleDC
CreateFontW
CreateFontA
TextOutW
PatBlt
CreateFontIndirectW
GetObjectW
DeleteObject
GetTextExtentPoint32A

comdlg32

ChooseFontW
GetOpenFileNameA
GetOpenFileNameW

winhttp

WinHttpSetOption
WinHttpReadData
WinHttpReceiveResponse
WinHttpSetCredentials
WinHttpOpenRequest
WinHttpConnect
WinHttpAddRequestHeaders
WinHttpQueryAuthSchemes
WinHttpQueryDataAvailable
WinHttpSendRequest
WinHttpCrackUrl
WinHttpOpen
WinHttpCloseHandle
WinHttpSetStatusCallback
WinHttpQueryHeaders

crypt32

CertFindCertificateInStore
CertGetNameStringW
CertOpenStore

imrsdk

IMR_SOLCloseSession
IMR_IDEROpenTCPSessionEx
IMR_SOLSendText
IMR_SOLOpenTCPSessionEx
IMR_Close
IMR_RemoveClient
IMR_AddClient
IMR_IDERCloseSession
IMR_SOLReceiveText
IMR_RemoveAllClients
IMR_Init
IMR_IDERSetDeviceState
IMR_IDERGetDeviceState

ws2_32

getaddrinfo
htons
accept
setsockopt
WSACleanup
recv
ioctlsocket
socket
connect
gethostbyname
send
getsockopt
select
WSAGetLastError
shutdown
WSAStartup
__WSAFDIsSet
inet_addr
closesocket

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Exports

Exports

AMTBios
AMTControl
AMTNetworkBoot
AMTRestart
AMTTurnOff
AMTTurnOn
GetStatusString

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 140KB - Virtual size: 138KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RadminViewer 3.4/amt.ini
RadminViewer 3.4/imrsdk.dll
.dll windows:4 windows x86 arch:x86

c261828571df46b4df31ae80205dc645

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

38:83:fa:c3:87:16:03:8a:df:72:78:2b:c5:81:71:b9
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

16/05/2006, 00:00

Not After

15/05/2009, 23:59

Subject

CN=Famatech International Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Famatech International Corp.,L=Road Town,ST=Tortola,C=VG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

ws2_32

recvfrom
listen
sendto
connect
socket
bind
accept
ioctlsocket
closesocket
recv
send
setsockopt
ntohs
getservbyport
gethostbyaddr
htons
getservbyname
htonl
gethostbyname
shutdown
WSASetLastError
WSAStartup
WSACleanup
select
WSAGetLastError
getsockname
__WSAFDIsSet
inet_addr
inet_ntoa
ntohl

secur32

CompleteAuthToken
InitializeSecurityContextA
DeleteSecurityContext
EnumerateSecurityPackagesA
FreeContextBuffer
AcquireCredentialsHandleA
FreeCredentialsHandle

ntdsapi

DsMakeSpnA

kernel32

GetLocaleInfoW
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetSystemInfo
VirtualProtect
CreateProcessA
GetExitCodeProcess
IsValidCodePage
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetDateFormatA
GetTimeFormatA
GetStringTypeW
GetStringTypeA
VirtualQuery
InterlockedExchange
InitializeCriticalSection
GetCPInfo
GetOEMCP
GetACP
GetLastError
DeviceIoControl
CloseHandle
SetErrorMode
ReadFile
SetFilePointer
WriteFile
GetFileSize
GetDiskFreeSpaceA
GetDiskFreeSpaceExA
InterlockedDecrement
GetDriveTypeA
CreateFileA
GetPrivateProfileStringA
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
GetCurrentThreadId
GetVersion
GetFileType
GetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
GetVersionExA
SetLastError
CreateSemaphoreA
DuplicateHandle
GetCurrentProcess
WaitForSingleObject
ReleaseSemaphore
CreateEventA
SetEvent
ResetEvent
PulseEvent
ResumeThread
Sleep
IsBadCodePtr
IsBadReadPtr
SetStdHandle
GetTimeZoneInformation
SetConsoleCtrlHandler
InterlockedIncrement
FindNextFileA
FindFirstFileA
FindClose
FlushConsoleInputBuffer
FileTimeToSystemTime
FileTimeToLocalFileTime
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
WriteConsoleA
PeekConsoleInputA
GetNumberOfConsoleInputEvents
SetCurrentDirectoryA
GetFileAttributesExA
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCurrentDirectoryA
GetFullPathNameA
GetCommandLineA
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
ExitThread
CreateThread
TlsAlloc
GetCurrentThread
TlsFree
TlsSetValue
TlsGetValue
GetModuleHandleA
SetUnhandledExceptionFilter
DeleteCriticalSection
FatalAppExitA
SetHandleCount
GetStartupInfoA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
ExitProcess
TerminateProcess
HeapSize
FlushFileBuffers
GetFileAttributesA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
UnhandledExceptionFilter
LCMapStringA
MultiByteToWideChar
LCMapStringW

user32

GetProcessWindowStation
GetDesktopWindow
MessageBoxA
GetUserObjectInformationW

gdi32

CreateDCA
CreateCompatibleDC
GetDeviceCaps
CreateCompatibleBitmap
SelectObject
GetObjectA
BitBlt
GetBitmapBits
DeleteObject
DeleteDC

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource

Exports

Exports

IMR_AddClient
IMR_Close
IMR_GetAllClients
IMR_GetClientInfo
IMR_GetErrorString
IMR_GetErrorStringLen
IMR_IDERClientFeatureSupported
IMR_IDERCloseSession
IMR_IDERGetDeviceState
IMR_IDERGetSessionStatistics
IMR_IDEROpenTCPSession
IMR_IDEROpenTCPSessionEx
IMR_IDERSetDeviceState
IMR_Init
IMR_RemoveAllClients
IMR_RemoveClient
IMR_SOLCloseSession
IMR_SOLOpenTCPSession
IMR_SOLOpenTCPSessionEx
IMR_SOLReceiveText
IMR_SOLSendText
IMR_SetCertificateInfo

Sections

.text
Size: 1.1MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 220KB - Virtual size: 218KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 80KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 56KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RadminViewer 3.4/raudiox.dll
.dll windows:4 windows x86 arch:x86

ee3a9c4005746e0ea92621cfdb703aa5

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:a2:0d:8e:f5:9b:9b:c8:7e:4d:99:10:f2:f5:a4:86
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/09/2009, 00:00

Not After

21/09/2010, 23:59

Subject

CN=Famatech International Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Famatech International Corp.,L=Road Town,ST=Tortola,C=VG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

o:\Builder\BuildRoot\out\Release\Radmin\x86\RAudiox.pdb

Imports

shlwapi

PathFileExistsW
PathAppendW

kernel32

GetLastError
Sleep
WaitForMultipleObjects
IsBadReadPtr
InterlockedIncrement
DuplicateHandle
InterlockedDecrement
GetCurrentProcess
FindResourceA
SizeofResource
LockResource
LoadResource
GetModuleHandleA
WriteFile
CreateFileA
GetCurrentProcessId
DeleteCriticalSection
ResumeThread
LeaveCriticalSection
ReleaseSemaphore
InterlockedExchange
EnterCriticalSection
VirtualFree
VirtualAlloc
GetVersionExA
GetCurrentThread
IsBadWritePtr
GetThreadPriority
SetThreadPriority
GetFileSize
SetFilePointer
GetLocalTime
SetEndOfFile
GetACP
SetLastError
OpenEventA
TerminateThread
CloseHandle
ResetEvent
SetEvent
CreateEventA
RaiseException
WaitForSingleObject
GetSystemDirectoryA
LoadLibraryA
FreeLibrary
HeapReAlloc
HeapFree
InitializeCriticalSection
FlushFileBuffers
ExitThread
GetCurrentThreadId
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringA
GetStringTypeA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
GetOEMCP
CreateThread
RtlUnwind
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
ExitProcess
HeapCreate
HeapDestroy
GetProcessHeap
GetCommandLineA
HeapAlloc

advapi32

RegCloseKey
GetLengthSid
FreeSid
IsValidSid
AddAccessAllowedAce
AllocateAndInitializeSid
InitializeAcl
RegQueryValueExA
RegSetValueExA
RegCreateKeyExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
IsValidSecurityDescriptor

user32

IsWindow

shell32

SHGetSpecialFolderLocation

winmm

mixerGetNumDevs
timeGetTime
waveOutGetNumDevs
waveInGetNumDevs
mixerOpen
mixerSetControlDetails
mixerClose
mixerGetLineInfoA
mixerGetLineControlsA
mixerGetControlDetailsA
waveOutGetDevCapsA
waveOutMessage
waveInMessage
mixerMessage
mixerGetDevCapsA
waveInGetDevCapsA

ole32

CoCreateInstance
CoUninitialize
CoTaskMemFree
CoInitialize
PropVariantClear

voicex

dllStartRecord
dllSetPlaybackId
dllCreatePlaybackAPI
dllSetRecordId
dllStartPlayback
dllCreateSpeechAnalyzer
dllStopPlayback
dllRegStoppingNotify
dllStopRecord
dllSpeechAnalisys
dllCreateRecord
dllDestroyRecord
dllDestroyPlayback
dllGetDeviceBufferSize
dllConvertBitrate_D2C
dllConvertBitrate_C2D
dllGetCompressedBufferSize
dllEncode
dllConvertSize_C2D
dll_free
dllDecode
dllGetNetCodecSize
dllGetUncompressedBufferSize
dllDestroyCodec
dllCreateCodec
dllGetCodecTime
dllWinCodecIsValid
dllDestroySpeechAnalyzer
dllGetDecodeEventPlayback

Exports

Exports

NotifyOfServerOptionsChange
ShowAudioWindow
StartFunc

Sections

.text
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RadminViewer 3.4/rchatx.dll
.dll windows:4 windows x86 arch:x86

714373a9836cd3d740cbe268b50fbc76

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:a2:0d:8e:f5:9b:9b:c8:7e:4d:99:10:f2:f5:a4:86
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/09/2009, 00:00

Not After

21/09/2010, 23:59

Subject

CN=Famatech International Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Famatech International Corp.,L=Road Town,ST=Tortola,C=VG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

o:\Builder\BuildRoot\out\Release\Radmin\x86\rchatx.pdb

Imports

kernel32

SetEndOfFile
SystemTimeToFileTime
CreateDirectoryA
RemoveDirectoryA
GetTickCount
GetDateFormatA
WriteFile
GetVersion
GetVersionExA
ReleaseSemaphore
VirtualFree
VirtualAlloc
SizeofResource
LockResource
FindResourceA
LoadResource
SetLastError
SetFilePointer
DeleteFileA
ReadFile
GetFileSize
CreateFileA
FileTimeToSystemTime
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeA
GetLocalTime
GetACP
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
HeapSize
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
HeapCreate
HeapDestroy
LCMapStringA
ExitProcess
RaiseException
RtlUnwind
GetProcessHeap
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
HeapReAlloc
HeapFree
HeapAlloc
InterlockedDecrement
InterlockedIncrement
WaitForSingleObject
CreateEventA
CloseHandle
SetEvent
GetModuleHandleA
InterlockedExchange
GlobalLock
EnumResourceLanguagesA
GlobalUnlock
GlobalAlloc
GetLocaleInfoA
InitializeCriticalSection
FreeLibrary
GetComputerNameA
GetLastError
DeleteCriticalSection
EnterCriticalSection
LoadLibraryA
Sleep
GetOEMCP
LeaveCriticalSection

advapi32

RegSetValueExA
RegCloseKey
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA

user32

LoadMenuA
LoadIconA
RegisterClassA
VkKeyScanA
GetSysColorBrush
GetDlgItem
UnregisterClassA
DefWindowProcA
TranslateMessage
SetRect
SetRectEmpty
GetSystemMetrics
GetMessageA
EnumDisplaySettingsA
DestroyIcon
CreateDialogParamA
PtInRect
SetWindowTextA
InvalidateRect
GetSysColor
CloseClipboard
LoadImageA
GetFocus
MoveWindow
CreateWindowExA
ReleaseDC
EnableMenuItem
GetCursorPos
MapWindowPoints
CharLowerA
UpdateWindow
SetClipboardData
EmptyClipboard
GetWindowRect
PostQuitMessage
DrawTextA
DispatchMessageA
DestroyMenu
GetWindowTextA
TrackPopupMenu
DestroyWindow
GetClientRect
VkKeyScanExA
GetSubMenu
ShowWindow
SetFocus
SendMessageA
GetDC
CreatePopupMenu
CopyRect
GetAsyncKeyState
OpenClipboard
IsDialogMessageA
SetForegroundWindow

gdi32

SetBkColor
CreateCompatibleBitmap
SelectObject
DeleteObject
SetBkMode
DeleteDC
GetObjectA
CreateCompatibleDC
CreateSolidBrush
GetStockObject
SetTextColor
GetPixel
PatBlt

comctl32

ImageList_LoadImageW
ord17
ImageList_Destroy

chatlpcx

Init
_GetClientsArray@4

Exports

Exports

GetMessageDlg
NotifyOfServerOptionsChange
ShowChatWindow
ShowMessageDlg
StartFunc

Sections

.text
Size: 188KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RadminViewer 3.4/unicows.dll
.dll windows:5 windows x86 arch:x86

628730441f2453f40c61ce661f08e0ca

Code Sign

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0d:e9:2b:f0:d4:d8:29:88:18:32:05:09:5e:9a:76:88
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

04/12/2003, 00:00

Not After

03/12/2008, 23:59

Subject

CN=VeriSign Time Stamping Services Signer,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

6a:0b:99:4f:c0:00:de:aa:11:d4:d8:40:9a:a8:be:e6
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/12/2000, 08:00

Not After

12/11/2005, 08:00

Subject

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

61:0e:7d:a7:00:00:00:00:00:48
Certificate

Issuer

CN=Microsoft Code Signing PCA,OU=Copyright (c) 2000 Microsoft Corp.,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/10/2003, 05:59

Not After

25/01/2005, 06:09

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

a7:a2:13:01:eb:da:5d:60:b9:4a:67:90:6b:06:79:8b:f5:ed:1c:2f
Signer

Actual PE Digest

a7:a2:13:01:eb:da:5d:60:b9:4a:67:90:6b:06:79:8b:f5:ed:1c:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\dnsrv\sdktools\unicows\godot\obj\i386\unicows.pdb

Imports

kernel32

GetDiskFreeSpaceA
GetDiskFreeSpaceW
GetDriveTypeA
GetDriveTypeW
FreeEnvironmentStringsA
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
GetEnvironmentVariableW
GetFileAttributesW
FindClose
IsDBCSLeadByte
GetFullPathNameA
GetFullPathNameW
GetLocaleInfoW
GetLogicalDriveStringsA
GetLogicalDriveStringsW
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
GetNamedPipeHandleStateA
GetNamedPipeHandleStateW
GetNumberFormatA
GetNumberFormatW
GetPrivateProfileIntA
GetPrivateProfileIntW
GetPrivateProfileSectionA
GetPrivateProfileSectionW
GetPrivateProfileSectionNamesA
GetPrivateProfileSectionNamesW
GetPrivateProfileStringA
GetPrivateProfileStringW
GetPrivateProfileStructA
GetPrivateProfileStructW
GetProfileIntA
GetProfileIntW
GetProfileSectionA
GetProfileSectionW
GetProfileStringA
GetProfileStringW
GetShortPathNameA
GetShortPathNameW
GetStartupInfoA
GetStartupInfoW
GetStringTypeExA
GetStringTypeExW
GetSystemDirectoryA
GetSystemDirectoryW
GetTempFileNameW
GetTempPathW
GetTimeFormatA
GetTimeFormatW
GetVersionExA
GetVersionExW
GetVolumeInformationA
GetVolumeInformationW
GetWindowsDirectoryA
GetWindowsDirectoryW
GlobalAddAtomW
GlobalFindAtomA
GlobalFindAtomW
GlobalGetAtomNameA
GlobalGetAtomNameW
IsBadStringPtrW
IsValidCodePage
LCMapStringA
LCMapStringW
LoadLibraryW
LoadLibraryExW
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
MoveFileW
OpenEventA
GetDefaultCommConfigW
OpenFileMappingA
OpenFileMappingW
OpenMutexA
OpenMutexW
OpenSemaphoreA
OpenSemaphoreW
OutputDebugStringA
OutputDebugStringW
PeekConsoleInputA
PeekConsoleInputW
QueryDosDeviceA
QueryDosDeviceW
ReadConsoleA
ReadConsoleW
ReadConsoleInputA
ReadConsoleInputW
ReadConsoleOutputA
ReadConsoleOutputW
ReadConsoleOutputCharacterA
ReadConsoleOutputCharacterW
RemoveDirectoryA
RemoveDirectoryW
ScrollConsoleScreenBufferA
ScrollConsoleScreenBufferW
SearchPathA
SearchPathW
SetComputerNameA
SetComputerNameW
SetConsoleTitleA
SetConsoleTitleW
SetCurrentDirectoryA
SetCurrentDirectoryW
SetDefaultCommConfigA
SetDefaultCommConfigW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetFileAttributesA
SetFileAttributesW
SetLocaleInfoA
SetLocaleInfoW
SetVolumeLabelA
SetVolumeLabelW
VerLanguageNameA
VerLanguageNameW
WaitNamedPipeA
WaitNamedPipeW
WriteConsoleA
WriteConsoleW
WriteConsoleInputA
WriteConsoleInputW
WriteConsoleOutputA
WriteConsoleOutputW
WriteConsoleOutputCharacterA
WriteConsoleOutputCharacterW
WritePrivateProfileSectionA
WritePrivateProfileSectionW
WritePrivateProfileStringA
WritePrivateProfileStringW
WritePrivateProfileStructA
WritePrivateProfileStructW
WriteProfileSectionA
WriteProfileSectionW
WriteProfileStringA
WriteProfileStringW
FindResourceA
IsBadWritePtr
SetErrorMode
GetStringTypeW
FindResourceW
QueryPerformanceCounter
GetTickCount
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetDefaultCommConfigA
GetDateFormatW
GetDateFormatA
GetCurrentDirectoryA
GetCurrentDirectoryW
GetCurrencyFormatW
GetCurrencyFormatA
GetConsoleTitleW
GetConsoleTitleA
GetComputerNameW
GetComputerNameA
GetAtomNameW
GetAtomNameA
FormatMessageW
FormatMessageA
HeapReAlloc
LocalAlloc
FreeEnvironmentStringsW
FindNextFileW
FindNextFileA
FindFirstFileW
FindFirstFileA
FindFirstChangeNotificationW
FindFirstChangeNotificationA
FindAtomW
FindAtomA
FillConsoleOutputCharacterW
FillConsoleOutputCharacterA
FatalAppExitW
FatalAppExitA
ExpandEnvironmentStringsW
ExpandEnvironmentStringsA
EnumTimeFormatsW
EnumTimeFormatsA
EnumSystemLocalesW
EnumSystemLocalesA
EnumSystemCodePagesW
EnumDateFormatsW
EnumDateFormatsA
EnumCalendarInfoW
EnumCalendarInfoA
DeleteFileW
CreateSemaphoreW
CreateSemaphoreA
CreateProcessW
CreateProcessA
CreateNamedPipeW
CreateNamedPipeA
CreateMutexW
CreateMutexA
CreateMailslotW
CreateMailslotA
CreateFileMappingW
CreateFileMappingA
CreateFileW
CreateEventW
CreateEventA
CreateDirectoryExW
CreateDirectoryExA
CreateDirectoryW
CreateDirectoryA
CopyFileW
CopyFileA
CompareStringW
CommConfigDialogW
CommConfigDialogA
CallNamedPipeW
CallNamedPipeA
BuildCommDCBAndTimeoutsW
BuildCommDCBAndTimeoutsA
BuildCommDCBW
BuildCommDCBA
AddAtomW
AddAtomA
InitializeCriticalSection
GetACP
GetOEMCP
DeleteCriticalSection
GetFileAttributesA
LoadLibraryExA
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
lstrlenW
FindResourceExW
SizeofResource
LoadResource
LockResource
FreeResource
GetTempFileNameA
GetTempPathA
DeleteFileA
MoveFileA
_lclose
_lread
_lwrite
_llseek
VirtualQuery
GetSystemInfo
VirtualFree
VirtualAlloc
VirtualProtect
TlsAlloc
TlsFree
TlsGetValue
TlsSetValue
GetCurrentProcessId
GetLastError
EnterCriticalSection
LeaveCriticalSection
CompareStringA
LocalFree
GlobalAddAtomA
lstrcpyA
AreFileApisANSI
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
WideCharToMultiByte
GetCurrentThreadId
lstrcmpA
lstrcmpiA
GetLocaleInfoA
CreateFileA
GetFileSize
CloseHandle
IsDBCSLeadByteEx
LoadLibraryA
InterlockedExchange
FreeLibrary
GetCPInfo
GetVersion
GetModuleHandleA
GetProcAddress
lstrlenA
GetProcessHeap
HeapAlloc
SetLastError
MultiByteToWideChar
OpenEventW
HeapFree
RtlUnwind

user32

TranslateAcceleratorW
TabbedTextOutA
TabbedTextOutW
UnregisterClassA
UnregisterClassW
VkKeyScanExA
VkKeyScanExW
WinHelpA
WinHelpW
wvsprintfW
CharLowerW
CharUpperW
EnumClipboardFormats
GetClipboardData
VkKeyScanW
wsprintfW
IsCharUpperW
IsCharLowerW
IsCharAlphaNumericW
IsCharAlphaW
InsertMenuItemW
InsertMenuItemA
InsertMenuW
InsertMenuA
GrayStringW
GrayStringA
GetWindowTextLengthW
GetWindowTextLengthA
GetWindowTextW
GetWindowTextA
GetWindowLongW
GetTabbedTextExtentW
GetTabbedTextExtentA
GetPropW
GetMessageW
GetMenuStringW
GetMenuStringA
GetMenuItemInfoW
GetMenuItemInfoA
GetKeyNameTextW
GetKeyboardLayout
GetKeyNameTextA
GetKeyboardLayoutNameW
GetKeyboardLayoutNameA
GetDlgItemTextW
GetDlgItemTextA
GetClipboardFormatNameW
GetClipboardFormatNameA
GetClassNameW
GetClassLongW
GetClassLongA
GetClassInfoExW
GetClassInfoExA
GetClassInfoW
GetClassInfoA
FindWindowExW
FindWindowExA
FindWindowW
FindWindowA
EnableWindow
EnumPropsExW
EnumPropsExA
EnumPropsW
EnumPropsA
EnumDisplaySettingsW
EnumDisplaySettingsA
DrawTextExW
DrawTextExA
DrawTextW
DrawTextA
DrawStateW
DrawStateA
DlgDirSelectExW
DlgDirSelectExA
DlgDirSelectComboBoxExW
DlgDirSelectComboBoxExA
DlgDirListComboBoxW
DlgDirListComboBoxA
SystemParametersInfoW
DlgDirListA
DispatchMessageW
DialogBoxParamW
DialogBoxParamA
DialogBoxIndirectParamW
DialogBoxIndirectParamA
DefMDIChildProcW
DefFrameProcW
DefDlgProcW
DdeQueryStringW
DdeQueryStringA
DdeQueryConvInfo
DdeInitializeW
DdeInitializeA
DdeCreateStringHandleW
DdeCreateStringHandleA
DdeConnectList
DdeConnect
CharUpperBuffW
IsCharLowerA
CharToOemBuffW
CharToOemW
CharPrevW
CharNextW
CharLowerBuffW
IsCharUpperA
SystemParametersInfoA
SetWindowTextW
SetWindowTextA
SetWindowsHookExW
SetWindowsHookW
SetWindowsHookA
SetWindowLongW
SetPropW
SetMenuItemInfoW
SetMenuItemInfoA
SetDlgItemTextW
SetDlgItemTextA
SetClassLongW
SetClassLongA
SendNotifyMessageW
SendMessageTimeoutW
SendMessageCallbackW
SendMessageW
SendDlgItemMessageW
RemovePropW
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClipboardFormatA
RegisterClassExW
RegisterClassExA
RegisterClassW
RegisterClassA
PostThreadMessageW
PostMessageW
PeekMessageW
OemToCharBuffW
OemToCharW
ModifyMenuW
ModifyMenuA
MessageBoxIndirectW
MessageBoxIndirectA
MessageBoxExW
MessageBoxW
MapVirtualKeyExW
ChangeMenuW
ChangeMenuA
ChangeDisplaySettingsW
ChangeDisplaySettingsA
CreateWindowExW
CreateWindowExA
CreateMDIWindowW
CreateMDIWindowA
CreateDialogParamW
CreateDialogParamA
CreateDialogIndirectParamW
CreateDialogIndirectParamA
CreateAcceleratorTableW
CreateAcceleratorTableA
CopyAcceleratorTableW
CopyAcceleratorTableA
CallWindowProcW
CallMsgFilterW
CallMsgFilterA
AppendMenuW
AppendMenuA
GetWindowThreadProcessId
SetWindowLongA
TranslateAcceleratorA
IsDialogMessageA
DispatchMessageA
PeekMessageA
GetMessageA
PostThreadMessageA
PostMessageA
SendNotifyMessageA
SendMessageTimeoutA
SendMessageCallbackA
SendMessageA
DefWindowProcA
CallWindowProcA
DefMDIChildProcA
DefFrameProcA
DefDlgProcA
GetWindowLongA
GetParent
GetDlgItem
DestroyWindow
SetPropA
RemovePropA
GetClassNameA
UnhookWindowsHookEx
SetWindowsHookExA
RegisterWindowMessageA
CallNextHookEx
MapVirtualKeyExA
EnumChildWindows
MapVirtualKeyW
MapVirtualKeyA
LoadStringW
LoadMenuIndirectW
IsDlgButtonChecked
GetPropA
LoadMenuIndirectA
LoadMenuW
LoadMenuA
LoadKeyboardLayoutW
LoadKeyboardLayoutA
LoadImageW
LoadImageA
LoadIconW
LoadIconA
LoadCursorFromFileW
LoadCursorFromFileA
LoadCursorW
LoadCursorA
LoadBitmapW
LoadBitmapA
LoadAcceleratorsW
LoadAcceleratorsA
IsWindowUnicode
IsWindow
DlgDirListW
IsDialogMessageW
IsClipboardFormatAvailable

gdi32

GetEnhMetaFileDescriptionW
GetGlyphOutlineA
GetGlyphOutlineW
GetICMProfileA
GetICMProfileW
GetKerningPairsA
GetKerningPairsW
GetLogColorSpaceA
GetLogColorSpaceW
GetMetaFileA
GetMetaFileW
GetObjectA
GetObjectType
GetObjectW
GetOutlineTextMetricsA
GetOutlineTextMetricsW
GetTextExtentExPointA
GetTextExtentExPointW
GetTextExtentPointA
GetEnhMetaFileDescriptionA
GetTextExtentPoint32A
GetTextExtentPoint32W
GetTextFaceA
GetTextFaceW
GetTextMetricsA
GetTextMetricsW
PolyTextOutA
PolyTextOutW
RemoveFontResourceA
RemoveFontResourceW
ResetDCA
ResetDCW
SetICMProfileA
SetICMProfileW
StartDocA
StartDocW
TextOutW
UpdateICMRegKeyA
UpdateICMRegKeyW
GetEnhMetaFileW
GetEnhMetaFileA
GetCharacterPlacementW
GetCharacterPlacementA
GetCharWidthFloatW
GetCharWidthFloatA
GetCharWidth32W
GetCharWidthW
GetCharWidthA
GetCharABCWidthsFloatW
GetCharABCWidthsFloatA
GetCharABCWidthsW
GetCharABCWidthsA
ExtTextOutW
ExtTextOutA
EnumICMProfilesW
EnumICMProfilesA
EnumFontsW
EnumFontsA
EnumFontFamiliesExW
EnumFontFamiliesExA
EnumFontFamiliesW
EnumFontFamiliesA
CreateScalableFontResourceW
CreateScalableFontResourceA
CreateMetaFileW
CreateMetaFileA
CreateICW
CreateICA
CreateFontIndirectW
CreateFontIndirectA
CreateFontW
CreateFontA
CreateEnhMetaFileW
CreateEnhMetaFileA
CreateDCW
CreateDCA
CreateColorSpaceW
CreateColorSpaceA
CopyMetaFileW
CopyMetaFileA
CopyEnhMetaFileW
CopyEnhMetaFileA
AddFontResourceW
AddFontResourceA
GetFontData
GetTextExtentPointW
TranslateCharsetInfo
GetTextCharset

mpr

WNetGetUniversalNameW
MultinetGetConnectionPerformanceW
WNetAddConnectionA
WNetAddConnectionW
WNetAddConnection2A
WNetAddConnection2W
WNetAddConnection3A
WNetAddConnection3W
WNetCancelConnectionA
WNetCancelConnectionW
WNetCancelConnection2A
WNetCancelConnection2W
WNetConnectionDialog1A
WNetConnectionDialog1W
WNetDisconnectDialog1A
WNetDisconnectDialog1W
WNetEnumResourceA
WNetEnumResourceW
WNetGetConnectionA
WNetGetConnectionW
WNetGetLastErrorA
WNetGetLastErrorW
WNetGetNetworkInformationA
WNetGetNetworkInformationW
WNetGetProviderNameA
WNetUseConnectionW
WNetUseConnectionA
WNetOpenEnumW
WNetOpenEnumA
WNetGetUserW
WNetGetUserA
MultinetGetConnectionPerformanceA
WNetGetUniversalNameA
WNetGetResourceParentW
WNetGetResourceParentA
WNetGetResourceInformationW
WNetGetResourceInformationA
WNetGetProviderNameW

advapi32

RegOpenKeyA
RegEnumValueA
RegUnLoadKeyW
RegUnLoadKeyA
RegSetValueExW
RegSetValueExA
RegSetValueW
RegSetValueA
RegSaveKeyW
RegSaveKeyA
RegReplaceKeyW
RegReplaceKeyA
RegQueryValueExW
RegQueryValueExA
RegQueryValueW
RegQueryValueA
RegQueryMultipleValuesW
RegQueryMultipleValuesA
RegQueryInfoKeyW
RegQueryInfoKeyA
RegOpenKeyExW
RegOpenKeyW
RegCloseKey
RegLoadKeyW
RegLoadKeyA
RegEnumValueW
RegEnumKeyExW
RegEnumKeyExA
RegEnumKeyW
RegEnumKeyA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegCreateKeyExW
RegCreateKeyExA
RegCreateKeyW
RegCreateKeyA
RegConnectRegistryW
RegConnectRegistryA
IsTextUnicode
GetUserNameW
GetUserNameA
RegOpenKeyExA

comdlg32

GetOpenFileNameW
GetFileTitleW
GetFileTitleA
FindTextW
ChooseFontW
ChooseFontA
ChooseColorW
ChooseColorA
ReplaceTextW
FindTextA
ReplaceTextA
GetOpenFileNameA
GetSaveFileNameA
PageSetupDlgA
PageSetupDlgW
PrintDlgA
PrintDlgW
GetSaveFileNameW

version

VerQueryValueW
VerQueryValueA
VerInstallFileW
VerInstallFileA
VerFindFileW
VerFindFileA
GetFileVersionInfoSizeW
GetFileVersionInfoSizeA
GetFileVersionInfoW
GetFileVersionInfoA

shell32

SHGetPathFromIDListA
ord180
ord179
SHGetFileInfoA
SHFileOperationA
SHChangeNotify
SHBrowseForFolderA
Shell_NotifyIconA
ShellExecuteExA
ShellExecuteW
ShellExecuteA
ShellAboutW
ShellAboutA
FindExecutableW
FindExecutableA
ExtractIconExA
DragQueryFileA
DragQueryFileW
ExtractIconW
ExtractIconA

winspool.drv

GetPrinterW
GetPrinterDataW
GetPrinterDriverW
GetPrinterDriverDirectoryA
GetPrinterDriverDirectoryW
GetPrintProcessorDirectoryA
GetPrintProcessorDirectoryW
GetJobW
OpenPrinterW
ResetPrinterA
ResetPrinterW
SetJobA
SetJobW
SetPrinterA
SetPrinterW
SetPrinterDataA
SetPrinterDataW
StartDocPrinterA
EnumPrintProcessorsW
EnumPrintProcessorDatatypesW
EnumPrintersW
EnumPrinterDriversW
EnumPortsW
EnumMonitorsW
DocumentPropertiesW
DocumentPropertiesA
DeviceCapabilitiesW
DeviceCapabilitiesA
DeletePrintProvidorW
DeletePrintProvidorA
DeletePrintProcessorW
DeletePrintProcessorA
DeletePrinterDriverW
DeletePrinterDriverA
DeletePortW
DeletePortA
DeleteMonitorW
DeleteMonitorA
ConfigurePortW
ConfigurePortA
AdvancedDocumentPropertiesW
AdvancedDocumentPropertiesA
AddPrintProvidorW
AddPrintProvidorA
AddPrintProcessorW
AddPrintProcessorA
AddPrinterDriverW
AddPrinterDriverA
AddPrinterW
AddPrinterA
AddPortW
AddPortA
AddMonitorW
AddMonitorA
AddJobW
AddJobA
OpenPrinterA
StartDocPrinterW

oledlg

OleUIUpdateLinksW
OleUIPromptUserW
OleUIPasteSpecialW
OleUIObjectPropertiesW
OleUIInsertObjectW
OleUIEditLinksW
OleUIConvertW
OleUIChangeSourceW
OleUIChangeIconW
OleUIBusyW
ord8
OleUIAddVerbMenuW
ord1
ord6

winmm

waveOutGetErrorTextW
waveOutGetErrorTextA
waveOutGetDevCapsW
waveOutGetDevCapsA
waveInGetErrorTextW
mixerGetControlDetailsW
midiOutGetErrorTextW
midiOutGetErrorTextA
midiOutGetDevCapsW
midiOutGetDevCapsA
midiInGetErrorTextW
midiInGetDevCapsW
midiInGetDevCapsA
mciSendStringW
mciSendStringA
mciSendCommandW
mciGetErrorStringW
mciGetErrorStringA
midiInGetErrorTextA
mciGetDeviceIDW
mciGetDeviceIDA
joyGetDevCapsW
joyGetDevCapsA
auxGetDevCapsW
auxGetDevCapsA
PlaySoundW
PlaySoundA
mixerGetDevCapsW
mixerGetLineControlsW
mixerGetLineInfoW
mmioInstallIOProcW
mmioOpenA
mmioOpenW
mmioRenameA
mmioRenameW
mmioStringToFOURCCA
mmioStringToFOURCCW
sndPlaySoundA
sndPlaySoundW
waveInGetDevCapsA
waveInGetDevCapsW
waveInGetErrorTextA
mixerGetDevCapsA

avicap32

capCreateCaptureWindowA
capGetDriverDescriptionA

msvfw32

MCIWndCreateW
MCIWndCreateA
GetSaveFileNamePreviewW
GetOpenFileNamePreviewW

imm32

ImmReleaseContext
ImmGetCompositionStringA
ImmGetContext
ImmGetCompositionStringW

Exports

Exports

AcquireCredentialsHandleW
AddAtomW
AddFontResourceW
AddJobW
AddMonitorW
AddPortW
AddPrintProcessorW
AddPrintProvidorW
AddPrinterDriverW
AddPrinterW
AdvancedDocumentPropertiesW
AppendMenuW
BeginUpdateResourceA
BeginUpdateResourceW
BroadcastSystemMessageW
BuildCommDCBAndTimeoutsW
BuildCommDCBW
CallMsgFilterW
CallNamedPipeW
CallWindowProcA
CallWindowProcW
ChangeDisplaySettingsExW
ChangeDisplaySettingsW
ChangeMenuW
CharLowerBuffW
CharLowerW
CharNextW
CharPrevW
CharToOemBuffW
CharToOemW
CharUpperBuffW
CharUpperW
ChooseColorW
ChooseFontW
CommConfigDialogW
CompareStringW
ConfigurePortW
CopyAcceleratorTableW
CopyEnhMetaFileW
CopyFileExW
CopyFileW
CopyMetaFileW
CreateAcceleratorTableW
CreateColorSpaceW
CreateDCW
CreateDialogIndirectParamW
CreateDialogParamW
CreateDirectoryExW
CreateDirectoryW
CreateEnhMetaFileW
CreateEventW
CreateFileMappingW
CreateFileW
CreateFontIndirectW
CreateFontW
CreateICW
CreateMDIWindowW
CreateMailslotW
CreateMetaFileW
CreateMutexW
CreateNamedPipeW
CreateProcessW
CreateScalableFontResourceW
CreateSemaphoreW
CreateStdAccessibleProxyW
CreateWaitableTimerW
CreateWindowExW
CryptAcquireContextW
CryptEnumProviderTypesW
CryptEnumProvidersW
CryptGetDefaultProviderW
CryptSetProviderExW
CryptSetProviderW
CryptSignHashW
CryptVerifySignatureW
DdeConnect
DdeConnectList
DdeCreateStringHandleW
DdeInitializeW
DdeQueryConvInfo
DdeQueryStringW
DefDlgProcW
DefFrameProcW
DefMDIChildProcW
DefWindowProcW
DeleteFileW
DeleteMonitorW
DeletePortW
DeletePrintProcessorW
DeletePrintProvidorW
DeletePrinterDriverW
DeviceCapabilitiesW
DialogBoxIndirectParamW
DialogBoxParamW
DispatchMessageW
DlgDirListComboBoxW
DlgDirListW
DlgDirSelectComboBoxExW
DlgDirSelectExW
DocumentPropertiesW
DragQueryFileW
DrawStateW
DrawTextExW
DrawTextW
EnableWindow
EndUpdateResourceA
EndUpdateResourceW
EnumCalendarInfoExW
EnumCalendarInfoW
EnumClipboardFormats
EnumDateFormatsExW
EnumDateFormatsW
EnumDisplayDevicesW
EnumDisplaySettingsExW
EnumDisplaySettingsW
EnumFontFamiliesExW
EnumFontFamiliesW
EnumFontsW
EnumICMProfilesW
EnumMonitorsW
EnumPortsW
EnumPrintProcessorDatatypesW
EnumPrintProcessorsW
EnumPrinterDriversW
EnumPrintersW
EnumPropsA
EnumPropsExA
EnumPropsExW
EnumPropsW
EnumSystemCodePagesW
EnumSystemLocalesW
EnumTimeFormatsW
EnumerateSecurityPackagesW
ExpandEnvironmentStringsW
ExtTextOutW
ExtractIconExW
ExtractIconW
FatalAppExitW
FillConsoleOutputCharacterW
FindAtomW
FindExecutableW
FindFirstChangeNotificationW
FindFirstFileW
FindNextFileW
FindResourceExW
FindResourceW
FindTextW
FindWindowExW
FindWindowW
FormatMessageW
FreeContextBuffer
FreeEnvironmentStringsW
GetAltTabInfoW
GetAtomNameW
GetCPInfo
GetCPInfoExW
GetCalendarInfoW
GetCharABCWidthsFloatW
GetCharABCWidthsW
GetCharWidth32W
GetCharWidthFloatW
GetCharWidthW
GetCharacterPlacementW
GetClassInfoExW
GetClassInfoW
GetClassLongW
GetClassNameW
GetClipboardData
GetClipboardFormatNameW
GetComputerNameW
GetConsoleTitleW
GetCurrencyFormatW
GetCurrentDirectoryW
GetCurrentHwProfileW
GetDateFormatW
GetDefaultCommConfigW
GetDiskFreeSpaceExW
GetDiskFreeSpaceW
GetDlgItemTextW
GetDriveTypeW
GetEnhMetaFileDescriptionW
GetEnhMetaFileW
GetEnvironmentStringsW
GetEnvironmentVariableW
GetFileAttributesExW
GetFileAttributesW
GetFileTitleW
GetFileVersionInfoSizeW
GetFileVersionInfoW
GetFullPathNameW
GetGlyphOutlineW
GetICMProfileW
GetJobW
GetKerningPairsW
GetKeyNameTextW
GetKeyboardLayoutNameW
GetLocaleInfoW
GetLogColorSpaceW
GetLogicalDriveStringsW
GetLongPathNameW
GetMenuItemInfoW
GetMenuStringW
GetMessageW
GetMetaFileW
GetModuleFileNameW
GetModuleHandleW
GetMonitorInfoW
GetNamedPipeHandleStateW
GetNumberFormatW
GetObjectW
GetOpenFileNamePreviewW
GetOpenFileNameW
GetOutlineTextMetricsW
GetPrintProcessorDirectoryW
GetPrinterDataW
GetPrinterDriverDirectoryW
GetPrinterDriverW
GetPrinterW
GetPrivateProfileIntW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
GetPrivateProfileStringW
GetPrivateProfileStructW
GetProcAddress
GetProfileIntW
GetProfileSectionW
GetProfileStringW
GetPropA
GetPropW
GetRoleTextW
GetSaveFileNamePreviewW
GetSaveFileNameW
GetShortPathNameW
GetStartupInfoW
GetStateTextW
GetStringTypeExW
GetStringTypeW
GetSystemDirectoryW
GetSystemWindowsDirectoryW
GetTabbedTextExtentW
GetTempFileNameW
GetTempPathW
GetTextExtentExPointW
GetTextExtentPoint32W
GetTextExtentPointW
GetTextFaceW
GetTextMetricsW
GetTimeFormatW
GetUserNameW
GetVersionExW
GetVolumeInformationW
GetWindowLongA
GetWindowLongW
GetWindowModuleFileNameW
GetWindowTextLengthW
GetWindowTextW
GetWindowsDirectoryW
GlobalAddAtomW
GlobalFindAtomW
GlobalGetAtomNameW
GrayStringW
InitSecurityInterfaceW
InitializeSecurityContextW
InsertMenuItemW
InsertMenuW
IsBadStringPtrW
IsCharAlphaNumericW
IsCharAlphaW
IsCharLowerW
IsCharUpperW
IsClipboardFormatAvailable
IsDestinationReachableW
IsDialogMessageW
IsTextUnicode
IsValidCodePage
IsWindowUnicode
LCMapStringW
LoadAcceleratorsW
LoadBitmapW
LoadCursorFromFileW
LoadCursorW
LoadIconW
LoadImageW
LoadKeyboardLayoutW
LoadLibraryExW
LoadLibraryW
LoadMenuIndirectW
LoadMenuW
LoadStringW
MCIWndCreateW
MapVirtualKeyExW
MapVirtualKeyW
MessageBoxExW
MessageBoxIndirectW
MessageBoxW
ModifyMenuW
MoveFileW
MultiByteToWideChar
MultinetGetConnectionPerformanceW
OemToCharBuffW
OemToCharW
OleUIAddVerbMenuW
OleUIBusyW
OleUIChangeIconW
OleUIChangeSourceW
OleUIConvertW
OleUIEditLinksW
OleUIInsertObjectW
OleUIObjectPropertiesW
OleUIPasteSpecialW
OleUIPromptUserW
OleUIUpdateLinksW
OpenEventW
OpenFileMappingW
OpenMutexW
OpenPrinterW
OpenSemaphoreW
OpenWaitableTimerW
OutputDebugStringW
PageSetupDlgW
PeekConsoleInputW
PeekMessageW
PlaySoundW
PolyTextOutW
PostMessageW
PostThreadMessageW
PrintDlgW
QueryContextAttributesW
QueryCredentialsAttributesW
QueryDosDeviceW
QuerySecurityPackageInfoW
RasConnectionNotificationW
RasCreatePhonebookEntryW
RasDeleteEntryW
RasDeleteSubEntryW
RasDialW
RasEditPhonebookEntryW
RasEnumConnectionsW
RasEnumDevicesW
RasEnumEntriesW
RasGetConnectStatusW
RasGetEntryDialParamsW
RasGetEntryPropertiesW
RasGetErrorStringW
RasGetProjectionInfoW
RasHangUpW
RasRenameEntryW
RasSetEntryDialParamsW
RasSetEntryPropertiesW
RasSetSubEntryPropertiesW
RasValidateEntryNameW
ReadConsoleInputW
ReadConsoleOutputCharacterW
ReadConsoleOutputW
ReadConsoleW
RegConnectRegistryW
RegCreateKeyExW
RegCreateKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegEnumKeyW
RegEnumValueW
RegLoadKeyW
RegOpenKeyExW
RegOpenKeyW
RegQueryInfoKeyW
RegQueryMultipleValuesW
RegQueryValueExW
RegQueryValueW
RegReplaceKeyW
RegSaveKeyW
RegSetValueExW
RegSetValueW
RegUnLoadKeyW
RegisterClassExW
RegisterClassW
RegisterClipboardFormatW
RegisterDeviceNotificationW
RegisterWindowMessageW
RemoveDirectoryW
RemoveFontResourceW
RemovePropA
RemovePropW
ReplaceTextW
ResetDCW
ResetPrinterW
SHBrowseForFolderW
SHChangeNotify
SHFileOperationW
SHGetFileInfoW
SHGetNewLinkInfoW
SHGetPathFromIDListW
ScrollConsoleScreenBufferW
SearchPathW
SendDlgItemMessageW
SendMessageCallbackW
SendMessageTimeoutW
SendMessageW
SendNotifyMessageW
SetCalendarInfoW
SetClassLongW
SetComputerNameW
SetConsoleTitleW
SetCurrentDirectoryW
SetDefaultCommConfigW
SetDlgItemTextW
SetEnvironmentVariableW
SetFileAttributesW
SetICMProfileW
SetJobW
SetLocaleInfoW
SetMenuItemInfoW
SetPrinterDataW
SetPrinterW
SetPropA
SetPropW
SetVolumeLabelW
SetWindowLongA
SetWindowLongW
SetWindowTextW
SetWindowsHookExW
SetWindowsHookW
ShellAboutW
ShellExecuteExW
ShellExecuteW
Shell_NotifyIconW
StartDocPrinterW
StartDocW
SystemParametersInfoW
TabbedTextOutW
TextOutW
TranslateAcceleratorW
UnregisterClassW
UpdateICMRegKeyW
UpdateResourceA
UpdateResourceW
VerFindFileW
VerInstallFileW
VerLanguageNameW
VerQueryValueW
VkKeyScanExW
VkKeyScanW
WNetAddConnection2W
WNetAddConnection3W
WNetAddConnectionW
WNetCancelConnection2W
WNetCancelConnectionW
WNetConnectionDialog1W
WNetDisconnectDialog1W
WNetEnumResourceW
WNetGetConnectionW
WNetGetLastErrorW
WNetGetNetworkInformationW
WNetGetProviderNameW
WNetGetResourceInformationW
WNetGetResourceParentW
WNetGetUniversalNameW
WNetGetUserW
WNetOpenEnumW
WNetUseConnectionW
WaitNamedPipeW
WideCharToMultiByte
WinHelpW
WriteConsoleInputW
WriteConsoleOutputCharacterW
WriteConsoleOutputW
WriteConsoleW
WritePrivateProfileSectionW
WritePrivateProfileStringW
WritePrivateProfileStructW
WriteProfileSectionW
WriteProfileStringW
__FreeAllLibrariesInMsluDll
auxGetDevCapsW
capCreateCaptureWindowW
capGetDriverDescriptionW
joyGetDevCapsW
lstrcatW
lstrcmpW
lstrcmpiW
lstrcpyW
lstrcpynW
lstrlenW
mciGetDeviceIDW
mciGetErrorStringW
mciSendCommandW
mciSendStringW
midiInGetDevCapsW
midiInGetErrorTextW
midiOutGetDevCapsW
midiOutGetErrorTextW
mixerGetControlDetailsW
mixerGetDevCapsW
mixerGetLineControlsW
mixerGetLineInfoW
mmioInstallIOProcW
mmioOpenW
mmioRenameW
mmioStringToFOURCCW

Sections

.text
Size: 228KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RadminViewer 3.4/vcintcx.dll
.dll windows:4 windows x86 arch:x86

0d622dd967a1a6a5d39f7f9164df0bb4

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:a2:0d:8e:f5:9b:9b:c8:7e:4d:99:10:f2:f5:a4:86
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/09/2009, 00:00

Not After

21/09/2010, 23:59

Subject

CN=Famatech International Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Famatech International Corp.,L=Road Town,ST=Tortola,C=VG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

o:\Builder\BuildRoot\out\Release\Radmin\x86\vcintcx.pdb

Imports

kernel32

FindResourceA
CompareStringA
SetLastError
SetEnvironmentVariableA
FlushFileBuffers
CreateFileA
ReadFile
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeA
LCMapStringA
GetLocaleInfoA
GetConsoleMode
GetConsoleCP
SetFilePointer
RtlUnwind
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
GetTimeZoneInformation
SizeofResource
GetTimeFormatA
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
HeapSize
InterlockedDecrement
InterlockedIncrement
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapCreate
HeapDestroy
HeapReAlloc
GetProcessHeap
GetCommandLineA
GetSystemTimeAsFileTime
CreateThread
ExitThread
HeapFree
HeapAlloc
LockResource
LoadResource
VirtualAlloc
VirtualFree
CloseHandle
ReleaseSemaphore
WaitForSingleObject
GetVersionExA
MulDiv
RaiseException
GetVersion
GetLastError
GetModuleHandleA
GetCurrentProcess
Sleep
GetCurrentThreadId
FreeLibrary
InterlockedExchange
LoadLibraryA
SetEvent
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetDateFormatA
LeaveCriticalSection

user32

DrawIconEx
GetSysColor
CreateIcon
GetDlgCtrlID
LoadMenuA
IntersectRect
IsIconic
SetMenuItemInfoA
LoadImageA
PostQuitMessage
GetDlgItem
SetRect
DestroyWindow
EnumDisplaySettingsA
PostMessageA
TrackPopupMenu
EnableMenuItem
SetCapture
GetForegroundWindow
GetSubMenu
GetMenu
GetFocus
GetWindowPlacement
LoadIconA
SetWindowPlacement
SetCursor
CopyIcon
ReleaseCapture
DestroyMenu
MapWindowPoints
KillTimer
ValidateRect
SetTimer
HideCaret
SetForegroundWindow
EnumChildWindows
GetWindowTextA
GetAsyncKeyState
SendDlgItemMessageA
SetWindowTextA
MessageBoxA
DestroyIcon
SetFocus
GetClientRect
SendMessageA
SetScrollInfo
ReleaseDC
MoveWindow
GetDC
SetWindowPos
GetScrollInfo
InvalidateRect
UpdateWindow
RegisterClassA
ShowWindow
DefWindowProcA
GetCursorPos
GetClassNameA
RegisterHotKey
GetSystemMetrics
UnregisterClassA
TranslateMessage
SetRectEmpty
GetWindowRect
GetParent
EnumWindows
PtInRect
CopyRect
CreateDialogParamA
CreateWindowExA
IsWindow
UnregisterHotKey
RegisterClassExA
LoadAcceleratorsA

gdi32

SetBkColor
GetPixel
GetObjectA
SelectObject
CreateSolidBrush
DeleteObject
CreateCompatibleBitmap
GetBkColor
GetTextColor
CreateRectRgn
SelectClipRgn
GetClipRgn
CreateFontIndirectA
GetDeviceCaps
DeleteDC
SetTextColor
GetStockObject
PatBlt
CreateCompatibleDC

shell32

Shell_NotifyIconA

winmm

mixerOpen
mixerClose
mixerGetID
timeGetTime
mixerGetNumDevs

comctl32

ImageList_Create
ImageList_LoadImageW
ord17
ImageList_Destroy
ImageList_ReplaceIcon

Exports

Exports

Deinit
Init
_GetClientsArray@4

Sections

.text
Size: 276KB - Virtual size: 273KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RadminViewer 3.4/vcintsx.dll
.dll windows:4 windows x86 arch:x86

f6fe015f89633cd1b854aac898f9af3c

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:a2:0d:8e:f5:9b:9b:c8:7e:4d:99:10:f2:f5:a4:86
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/09/2009, 00:00

Not After

21/09/2010, 23:59

Subject

CN=Famatech International Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Famatech International Corp.,L=Road Town,ST=Tortola,C=VG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

o:\Builder\BuildRoot\out\Release\Radmin\x86\vcintsx.pdb

Imports

kernel32

GetTickCount
GetModuleHandleA
InterlockedExchange
Sleep
InitializeCriticalSection
LeaveCriticalSection
ReleaseSemaphore
EnterCriticalSection
SetEvent
DeleteCriticalSection
LockResource
FindResourceA
LoadResource
SizeofResource
SetLastError
WaitForSingleObject
CloseHandle
LoadLibraryA
FreeLibrary
FlushFileBuffers
CreateFileA
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
LCMapStringA
GetStringTypeA
GetConsoleMode
GetConsoleCP
SetFilePointer
GetLocaleInfoA
HeapAlloc
GetLastError
HeapFree
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetACP
GetOEMCP
RaiseException

advapi32

RegQueryValueExA
RegCreateKeyExA
RegSetValueExA
RegCloseKey

user32

GetSystemMetrics
SetRectEmpty
CopyRect
SetRect

Exports

Exports

FreeInterface
InitInterface
PostInterfaceMessage

Sections

.text
Size: 108KB - Virtual size: 104KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RadminViewer 3.4/voicex.dll
.dll windows:4 windows x86 arch:x86

367f4eef3a1df440be2e15b5caa0cec1

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:a2:0d:8e:f5:9b:9b:c8:7e:4d:99:10:f2:f5:a4:86
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/09/2009, 00:00

Not After

21/09/2010, 23:59

Subject

CN=Famatech International Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Famatech International Corp.,L=Road Town,ST=Tortola,C=VG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

o:\Builder\BuildRoot\out\Release\Radmin\x86\Voicex.pdb

Imports

kernel32

InterlockedExchange
EnterCriticalSection
ResetEvent
WaitForMultipleObjects
DeleteCriticalSection
CloseHandle
WaitForSingleObject
SetEvent
InitializeCriticalSection
Sleep
GetVersionExA
CreateEventA
GetThreadPriority
SetThreadPriority
GetCurrentThread
IsBadReadPtr
ResumeThread
InterlockedIncrement
InterlockedDecrement
SetLastError
GetModuleHandleA
FreeLibrary
LoadLibraryA
LeaveCriticalSection
GetSystemDirectoryA
LCMapStringA
GetStringTypeA
GetLocaleInfoA
GetOEMCP
GetACP
RtlUnwind
GetSystemTimeAsFileTime
GetCurrentProcessId
GetTickCount
QueryPerformanceCounter
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
RaiseException
SetHandleCount
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
TlsFree
HeapAlloc
GetLastError
HeapFree
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
GetProcessHeap
VirtualFree
VirtualAlloc
HeapReAlloc
HeapDestroy
HeapCreate
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue

user32

GetDesktopWindow

winmm

waveInStart
waveInMessage
waveInClose
waveInOpen
waveInUnprepareHeader
waveInAddBuffer
waveInReset
waveInPrepareHeader
waveOutMessage
waveOutWrite
waveOutOpen
waveOutClose
waveOutReset
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutGetNumDevs
waveInGetNumDevs
mixerGetDevCapsA
timeGetTime

ole32

CoUninitialize
CoInitialize

msacm32

acmStreamUnprepareHeader
acmStreamConvert
acmStreamOpen
acmStreamPrepareHeader
acmStreamClose

Exports

Exports

dllConvertBitrate_C2D
dllConvertBitrate_D2C
dllConvertSize_C2D
dllConvertSize_D2C
dllCreateCodec
dllCreatePlaybackAPI
dllCreatePlaybackDS
dllCreateRecord
dllCreateSpeechAnalyzer
dllDecode
dllDestroyCodec
dllDestroyPlayback
dllDestroyRecord
dllDestroySpeechAnalyzer
dllEncode
dllGetCodecTime
dllGetCompressedBufferSize
dllGetDecodeEventPlayback
dllGetDeviceBufferSize
dllGetNetCodecSize
dllGetUncompressedBufferSize
dllIsPlayback
dllIsRecord
dllRegStoppingNotify
dllSetPlaybackId
dllSetRecordId
dllSpeechAnalisys
dllStartPlayback
dllStartRecord
dllStopPlayback
dllStopRecord
dllValidSoundModuleOfRAdmin
dllWinCodecIsValid
dll_free

Sections

.text
Size: 144KB - Virtual size: 143KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
keymaker.exe
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 200KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 384KB - Virtual size: 388KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 192KB - Virtual size: 191KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 65KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 252KB - Virtual size: 252KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
rserv34cn.exe
.exe windows:4 windows x86 arch:x86

8fc44b6baee0f63424e7fdfd8a71500e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

21/05/2009, 00:00

Not After

20/05/2019, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

5f:a2:0d:8e:f5:9b:9b:c8:7e:4d:99:10:f2:f5:a4:86
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=US

Not Before

21/09/2009, 00:00

Not After

21/09/2010, 23:59

Subject

CN=Famatech International Corp.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Famatech International Corp.,L=Road Town,ST=Tortola,C=VG

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

Signer

Actual PE Digest

Digest Algorithm

PE Digest Matches

false

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

version

VerQueryValueA
GetFileVersionInfoSizeA
GetFileVersionInfoA

shell32

ShellExecuteA
SHBrowseForFolderA
SHGetMalloc
SHGetPathFromIDListA

comctl32

ord17

kernel32

GetCurrentProcess
ExitProcess
Sleep
RemoveDirectoryA
DeleteFileA
WaitForSingleObject
CreateProcessA
GetVersion
lstrcpyA
GetWindowsDirectoryA
SetErrorMode
GetTempPathA
ExpandEnvironmentStringsA
lstrcmpA
lstrcmpiA
GetTickCount
GetExitCodeThread
CreateThread
CopyFileA
InterlockedIncrement
InterlockedDecrement
QueryPerformanceFrequency
CreateEventA
lstrcatA
GetTempFileNameA
CompareStringA
CompareStringW
GetVersionExA
SetFilePointer
SetFileAttributesA
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
FreeLibrary
GetProcAddress
LoadLibraryA
LockResource
LoadResource
SizeofResource
FindResourceA
GetSystemDefaultLCID
GlobalHandle
VerLanguageNameA
SetCurrentDirectoryA
FindClose
FindNextFileA
CompareFileTime
FindFirstFileA
GetSystemTimeAsFileTime
GetSystemInfo
MulDiv
IsValidCodePage
FlushFileBuffers
SetEndOfFile
LocalFree
FormatMessageA
GetDiskFreeSpaceA
GetDriveTypeA
CreateFileA
GetExitCodeProcess
GetCurrentThread
GetLocaleInfoA
FreeEnvironmentStringsA
DuplicateHandle
GetOEMCP
GetACP
GetCPInfo
SetUnhandledExceptionFilter
LCMapStringW
LCMapStringA
IsBadWritePtr
VirtualAlloc
VirtualFree
HeapCreate
HeapDestroy
GetEnvironmentVariableA
TlsGetValue
TlsAlloc
TlsSetValue
GetCurrentThreadId
HeapSize
HeapReAlloc
GetCommandLineA
GetStartupInfoA
RaiseException
RtlUnwind
LeaveCriticalSection
DeleteCriticalSection
InterlockedExchange
InitializeCriticalSection
EnterCriticalSection
SystemTimeToFileTime
QueryPerformanceCounter
ResetEvent
SetEvent
GetShortPathNameA
VirtualProtect
VirtualQuery
IsBadReadPtr
GetModuleHandleA
TerminateProcess
SearchPathA
IsBadCodePtr
GetStringTypeA
GetStringTypeW
SetStdHandle
GetFileSize
GlobalAlloc
CloseHandle
GlobalLock
ReadFile
GlobalUnlock
GlobalFree
GetThreadContext
VirtualProtectEx
WriteProcessMemory
FlushInstructionCache
SetThreadContext
ResumeThread
GetFileAttributesA
GetProcessHeap
HeapAlloc
HeapFree
WriteFile
lstrcpynA
GetModuleFileNameA
lstrlenW
WideCharToMultiByte
MultiByteToWideChar
GetLastError
SetLastError
CreateFileMappingA
MapViewOfFile
UnmapViewOfFile
UnhandledExceptionFilter
lstrlenA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetHandleCount
GetStdHandle
GetFileType
CreateDirectoryA

user32

GetWindowTextA
MoveWindow
GetWindowPlacement
DrawIcon
DestroyIcon
GetDlgCtrlID
GetWindowTextLengthA
GetParent
EnableWindow
GetDlgItemTextA
GetWindow
CharUpperA
SetCursor
UpdateWindow
GetClassInfoA
wvsprintfA
SetWindowTextA
FillRect
GetSysColor
GetSysColorBrush
IsDialogMessageA
SendMessageA
GetWindowRect
LoadStringA
FindWindowA
IntersectRect
SubtractRect
IsWindow
DestroyWindow
CreateDialogParamA
CharNextA
MessageBoxA
WaitForInputIdle
GetWindowLongA
BeginPaint
EndPaint
SetWindowLongA
GetClientRect
ClientToScreen
SetWindowPos
GetWindowDC
EndDialog
GetDlgItem
ShowWindow
DialogBoxParamA
GetDesktopWindow
wsprintfA
MsgWaitForMultipleObjects
PeekMessageA
DefWindowProcA
PostMessageA
KillTimer
PostQuitMessage
SetTimer
LoadIconA
LoadCursorA
RegisterClassA
CreateWindowExA
GetMessageA
TranslateMessage
DispatchMessageA
GetDC
ReleaseDC
CharPrevA
ExitWindowsEx
SendDlgItemMessageA
SetRect
CharLowerBuffA
GetSystemMetrics

gdi32

GetTextExtentPoint32A
SetBkMode
SetTextColor
GetObjectA
CreateFontIndirectA
CreateSolidBrush
CreateCompatibleDC
SelectObject
CreateFontA
DeleteDC
DeleteObject
GetStockObject
GetSystemPaletteEntries
CreatePalette
GetDeviceCaps
SelectPalette
RealizePalette
CreateDIBitmap
BitBlt
TranslateCharsetInfo

advapi32

RegQueryValueA
RegOpenKeyA
RegCreateKeyExA
RegSetValueExA
RegDeleteValueA
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenThreadToken
RegEnumValueA

rpcrt4

RpcStringFreeA
UuidToStringA
UuidCreate

ole32

StgIsStorageFile
StgOpenStorage
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocStringLen
SysReAllocStringLen
SysStringLen
SysAllocString
VariantChangeType
VariantClear

Sections

.text
Size: 196KB - Virtual size: 192KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

Headers

File Characteristics

Sections

.text Size: 512B - Virtual size: 6B

.rsrc Size: 95KB - Virtual size: 95KB

.reloc Size: 512B - Virtual size: 12B

d3299a0b1df79751863c512035c2c808

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5f:a2:0d:8e:f5:9b:9b:c8:7e:4d:99:10:f2:f5:a4:86Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

PDB Paths

Imports

kernel32

user32

gdi32

shell32

comdlg32

winmm

comctl32

Exports

Exports

Sections

.text Size: 220KB - Virtual size: 216KB

.rdata Size: 24KB - Virtual size: 23KB

.data Size: 8KB - Virtual size: 14KB

.rsrc Size: 88KB - Virtual size: 86KB

.reloc Size: 20KB - Virtual size: 16KB

18c5f2677bef8d93f7ad4544be510d2d

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate

Extended Key Usages

Key Usages

5f:a2:0d:8e:f5:9b:9b:c8:7e:4d:99:10:f2:f5:a4:86Certificate

Extended Key Usages

Key Usages

Signer

Headers

File Characteristics

Imports

kernel32

user32

Exports

Exports

Sections

.text Size: 40KB - Virtual size: 38KB

.rdata Size: 20KB - Virtual size: 17KB

.data Size: 12KB - Virtual size: 11KB

.Sec0 Size: - Virtual size: 786KB

.Sec1 Size: - Virtual size: 86KB

.Sec2 Size: - Virtual size: 50KB

.Sec3 Size: - Virtual size: 46KB

.rsrc Size: 820KB - Virtual size: 816KB

f433e7fcc51e68080022754836705744

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

.text
Size: 512B - Virtual size: 6B

.rsrc
Size: 95KB - Virtual size: 95KB

.reloc
Size: 512B - Virtual size: 12B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5f:a2:0d:8e:f5:9b:9b:c8:7e:4d:99:10:f2:f5:a4:86
Certificate

.text
Size: 220KB - Virtual size: 216KB

.rdata
Size: 24KB - Virtual size: 23KB

.data
Size: 8KB - Virtual size: 14KB

.rsrc
Size: 88KB - Virtual size: 86KB

.reloc
Size: 20KB - Virtual size: 16KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5f:a2:0d:8e:f5:9b:9b:c8:7e:4d:99:10:f2:f5:a4:86
Certificate

.text
Size: 40KB - Virtual size: 38KB

.rdata
Size: 20KB - Virtual size: 17KB

.data
Size: 12KB - Virtual size: 11KB

.Sec0
Size: - Virtual size: 786KB

.Sec1
Size: - Virtual size: 86KB

.Sec2
Size: - Virtual size: 50KB

.Sec3
Size: - Virtual size: 46KB

.rsrc
Size: 820KB - Virtual size: 816KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5f:a2:0d:8e:f5:9b:9b:c8:7e:4d:99:10:f2:f5:a4:86
Certificate

.text
Size: - Virtual size: 208KB

.rdata
Size: 28KB - Virtual size: 28KB

.data
Size: - Virtual size: 16KB

.rsrc
Size: 28KB - Virtual size: 28KB

utysiqm9
Size: - Virtual size: 12KB

3epo84m3
Size: - Virtual size: 20KB

rsnmiyve
Size: 157KB - Virtual size: 160KB

y7ykgryo
Size: 4KB - Virtual size: 4KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5c
Certificate

5f:a2:0d:8e:f5:9b:9b:c8:7e:4d:99:10:f2:f5:a4:86
Certificate

.text
Size: 1.3MB - Virtual size: 1.3MB

.rdata
Size: 140KB - Virtual size: 138KB

.data
Size: 40KB - Virtual size: 44KB

.rsrc
Size: 20KB - Virtual size: 17KB

.reloc
Size: 84KB - Virtual size: 81KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate