4db19a589d074e7769193adfca9e08ac_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

4db19a589d074e7769193adfca9e08ac_JaffaCakes118
Size

8.5MB
MD5

4db19a589d074e7769193adfca9e08ac
SHA1

faf8fb0ac9b1c5ec7eac9673ea2bae7ce93ba0dc
SHA256

4491fe6010ba36b4c91875a65244dbc16f9f32dccb732ab0e4fc1375f8dbd7d0
SHA512

fa20f37401688b5b9a9280bceee59b01b6d04a7637dc54363ab10e6ed31d1422faa6cd91fcedff5073418052b158a7dcee45481f3f76ff306fc3e1896beb80e6
SSDEEP

196608:2UYVrkGNpbwFv0csWMQ0ckZxM48f9GQKe9HZhyJkP1CtXYdwbe:2fpDbTcxMQMxM4m97Sk1Ctpe

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/GraphicalInstaller.dll	acprotect
static1/unpack001/$PLUGINSDIR/nsRichEdit.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/GraphicalInstaller.dll	upx
static1/unpack001/$PLUGINSDIR/nsRichEdit.dll	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/GraphicalInstaller.dll
unpack002/out.upx
unpack001/$PLUGINSDIR/Math.dll
unpack001/$PLUGINSDIR/SkinnedControls.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsRichEdit.dll
unpack003/out.upx
unpack001/sqlite3.dll
unpack001/unrar.dll

Files

4db19a589d074e7769193adfca9e08ac_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:a9:7a:ee:3b:04:78:f8:5b:16:cc:08:8a:3f:ee:76
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/03/2015, 00:00

Not After

06/04/2016, 12:00

Subject

CN=SparkTrust Systems,O=SparkTrust Systems,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:32:f5:fe:98:63:7b:f9:73:92:00:fd:2a:88:ee:93:1b:54:87:7f
Signer

Actual PE Digest

78:32:f5:fe:98:63:7b:f9:73:92:00:fd:2a:88:ee:93:1b:54:87:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.3MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/SparkTrust/SparkTrust PC Cleaner Plus/dc_db.db
$PLUGINSDIR/GraphicalInstaller.dll
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

InitButtons
SetButtonsSkin
SubclassCheckBox
SubclassLabel
SubclassRadioButton
UnInitButtons
UnSubclassLabel

Sections

UPX0
Size: - Virtual size: 72KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 35KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 53KB - Virtual size: 53KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/License.rtf
.rtf
$PLUGINSDIR/Math.dll
.dll windows:5 windows x86 arch:x86

14a3860e30b9e9b7d8593963364c41b2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
lstrcmpW
GlobalFree
lstrlenW
lstrcatW
GlobalAlloc
lstrcpynW
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
GetCommandLineA
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetProcAddress
GetModuleHandleA
GetLastError
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LeaveCriticalSection
EnterCriticalSection
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
HeapAlloc
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
RtlUnwind
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
HeapSize
CreateFileA
CloseHandle
FlushFileBuffers

Exports

Exports

Script

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SkinnedControls.dll
.dll windows:5 windows x86 arch:x86

0b5ebf524f3364a6e46fa57d8d2ff79c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LCMapStringW
LCMapStringA
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
GetVersionExW
GetVersion
HeapFree
GetProcessHeap
GetModuleHandleW
HeapAlloc
lstrcmpW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlUnwind
SetLastError
VirtualProtect
FlushInstructionCache
GetProcAddress
LoadLibraryA
VirtualQuery
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
InitializeCriticalSectionAndSpinCount
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
Sleep
InterlockedDecrement
GetCurrentThreadId
InterlockedIncrement
TlsSetValue
TlsGetValue
HeapReAlloc
VirtualAlloc
EnterCriticalSection
LeaveCriticalSection
VirtualFree
lstrlenW
GetFileAttributesW
LocalFree
GetLastError
FormatMessageW
lstrcmpiW
MultiByteToWideChar
WideCharToMultiByte
GlobalAlloc
lstrcpynW
lstrcpyW
MulDiv
GlobalFree

user32

IsWindowVisible
SetCursor
GetCursorPos
ScreenToClient
GetMessagePos
ReleaseCapture
KillTimer
SetCapture
SetTimer
PtInRect
MapWindowPoints
CopyRect
ReleaseDC
GetWindowDC
WindowFromDC
InflateRect
FrameRect
OffsetRect
GetWindowRect
GetSysColorBrush
GetSystemMetrics
SetRect
DrawFrameControl
GetSysColor
GetClientRect
CreateWindowExW
SendMessageW
SetWindowPos
ShowScrollBar
SetScrollRange
SetScrollPos
SetScrollInfo
GetScrollRange
GetScrollPos
GetScrollInfo
EnableScrollBar
FillRect
LoadImageW
ShowWindow
FindWindowExW
EnumChildWindows
RemovePropW
GetClassNameW
GetParent
UpdateWindow
SetPropW
GetDlgItem
SetWindowLongW
InvalidateRect
PostMessageW
CallWindowProcW
GetDlgItemTextW
GetClassLongW
GetWindowLongW
GetPropW
DrawTextW
wsprintfW
DrawEdge

gdi32

ExtTextOutW
SetBrushOrgEx
PatBlt
CreateBitmap
UnrealizeObject
CreateCompatibleBitmap
SetBkColor
GetObjectW
PlayEnhMetaFile
SetWindowOrgEx
SelectClipRgn
IntersectClipRect
CreatePatternBrush
CreateSolidBrush
GetStockObject
SetStretchBltMode
BitBlt
StretchBlt
SetBkMode
SetTextColor
DeleteObject
CreateCompatibleDC
SelectObject
GetPixel
DeleteDC

Exports

Exports

setskin
skinit
unskinit

Sections

.text
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/background.ole
$PLUGINSDIR/background_small.ole
$PLUGINSDIR/button.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:5 windows x86 arch:x86

9ea5bdc8c90dfcffe309465c26c89758

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
MulDiv
lstrlenW
HeapFree
GetProcessHeap
lstrcmpiW
HeapReAlloc
lstrcpynW
GetFileAttributesW
lstrcpyW
GetCurrentDirectoryW
SetCurrentDirectoryW
HeapAlloc
GlobalFree

user32

LoadCursorW
RemovePropW
DrawFocusRect
GetPropW
DrawTextW
GetWindowTextW
GetDlgItem
SetWindowLongW
SetWindowPos
CreateDialogParamW
MapWindowPoints
GetWindowRect
SetCursor
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
GetClientRect
CharPrevW
CallWindowProcW
SetPropW
DestroyWindow
MapDialogRect
CharNextW
SendMessageW
GetWindowLongW

gdi32

SetTextColor

shell32

SHGetPathFromIDListW
SHBrowseForFolderW

comdlg32

GetSaveFileNameW
CommDlgExtendedError
GetOpenFileNameW

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 590B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsRichEdit.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

AddPrintButton
Load
Print

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 446B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
7ZipDLL.dll
.dll windows:6 windows x86 arch:x86

6d9ff435486410f3ef245681046eaf0f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:a9:7a:ee:3b:04:78:f8:5b:16:cc:08:8a:3f:ee:76
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/03/2015, 00:00

Not After

06/04/2016, 12:00

Subject

CN=SparkTrust Systems,O=SparkTrust Systems,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

af:6f:19:f0:d4:89:a8:87:53:cc:fb:40:c5:2c:c7:34:f6:4f:b3:02
Signer

Actual PE Digest

af:6f:19:f0:d4:89:a8:87:53:cc:fb:40:c5:2c:c7:34:f6:4f:b3:02

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
GetLastError
MultiByteToWideChar
WideCharToMultiByte
SetLastError
CloseHandle
GetTempPathA
GetTempFileNameA
CreateFileW
SetFileAttributesA
DeleteFileA
WriteFile
ReadFile
CreateFileA
CompareFileTime
GetProcAddress
GetSystemInfo
GetModuleHandleA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
WaitForMultipleObjects
VirtualAlloc
VirtualFree
InitializeCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateEventA
CreateSemaphoreA
LocalFileTimeToFileTime
DosDateTimeToFileTime
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToDosDateTime
SetFilePointerEx
SetStdHandle
GetConsoleMode
GetConsoleCP
FlushFileBuffers
GetStringTypeW
LCMapStringW
HeapReAlloc
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
RaiseException
HeapFree
HeapAlloc
EncodePointer
DecodePointer
CreateThread
ExitThread
LoadLibraryExW
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
GetProcessHeap
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
HeapSize
GetFileType
GetModuleFileNameA
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
WriteConsoleW

user32

CharPrevExA
CharNextA
CharLowerW
CharLowerA
CharUpperW
CharUpperA
CharPrevA

oleaut32

SysFreeString
VariantCopy
VariantClear
SysAllocString
SysAllocStringByteLen

Exports

Exports

CreateObject
GetHandlerProperty
GetHandlerProperty2
GetMethodProperty
GetNumberOfFormats
GetNumberOfMethodsDLL
SetLargePageMode

Sections

.text
Size: 417KB - Virtual size: 416KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 86KB - Virtual size: 86KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BDUpdateServiceCom.dll
.dll regsvr32 windows:5 windows x86 arch:x86

4b642b2fd3812f58b695155c6569084d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:0f:10:9d:92:32:32:2c:28:0e:f2:c2:d3:f2:b9:53
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

08/02/2016, 23:59

Subject

CN=Bitdefender SRL,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=PD,O=Bitdefender SRL,L=Bucharest,ST=Romania,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

dd:f2:0f:14:2a:94:5f:64:e0:c7:a3:3d:e9:49:6e:1b:0c:de:70:a8
Signer

Actual PE Digest

dd:f2:0f:14:2a:94:5f:64:e0:c7:a3:3d:e9:49:6e:1b:0c:de:70:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Bamboo\home\xml-data\build-dir\OEMSDK-OS-SOURCES\bin\Win32\Release\BDUpdateServiceCom.pdb

Imports

rpcrt4

IUnknown_QueryInterface_Proxy
NdrOleFree
NdrOleAllocate
NdrDllGetClassObject
NdrStubCall2
NdrDllCanUnloadNow
NdrCStdStubBuffer2_Release
NdrDllRegisterProxy
NdrDllUnregisterProxy
UuidCreate
IUnknown_Release_Proxy
NdrStubForwardingFunction
IUnknown_AddRef_Proxy

netapi32

NetGetJoinInformation
NetApiBufferFree

kernel32

GetModuleHandleW
lstrcmpiW
ReleaseMutex
WaitForSingleObject
CreateMutexW
CloseHandle
GetModuleFileNameW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
CreateFileW
SetThreadLocale
GetThreadLocale
GetTickCount
GetCurrentThreadId
OutputDebugStringA
GetLocalTime
GetCurrentProcessId
CreateDirectoryW
OutputDebugStringW
DeviceIoControl
LoadLibraryA
QueryPerformanceFrequency
GetTempPathW
CreateMutexA
ReadFile
GetFileSize
WriteFile
GetSystemInfo
GetModuleHandleA
GetVersionExA
MapViewOfFile
CreateFileMappingA
UnmapViewOfFile
DeleteFileW
GetProcAddress
WriteConsoleW
GetFileInformationByHandle
DebugBreak
CopyFileW
GetSystemDefaultUILanguage
WideCharToMultiByte
SetFileAttributesW
FindClose
FindNextFileA
FindFirstFileA
FindNextFileW
FindFirstFileW
CreateFileA
GetVersion
FileTimeToDosDateTime
FileTimeToLocalFileTime
GetFullPathNameW
GetFullPathNameA
DosDateTimeToFileTime
SetFileTime
GetFileTime
LocalFileTimeToFileTime
SetFilePointer
GetFileType
GetStdHandle
QueryPerformanceCounter
GlobalMemoryStatus
FlushConsoleInputBuffer
HeapFree
GetProcessHeap
WriteConsoleA
SetEndOfFile
SetStdHandle
LCMapStringW
LCMapStringA
PeekNamedPipe
InterlockedDecrement
InterlockedIncrement
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
FlushViewOfFile
GetConsoleOutputCP
InitializeCriticalSectionAndSpinCount
GetTimeZoneInformation
GetStringTypeA
GetStringTypeW
DeleteFileA
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA
RemoveDirectoryA
GetFileSizeEx
GetCurrentDirectoryA
FlushFileBuffers
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetModuleFileNameA
HeapDestroy
HeapCreate
VirtualFree
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
HeapAlloc
RtlUnwind
VirtualProtect
VirtualAlloc
VirtualQuery
GetCommandLineA
GetSystemTimeAsFileTime
FileTimeToSystemTime
GetDriveTypeW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
MoveFileW
HeapReAlloc
DuplicateHandle
CreateDirectoryA
RemoveDirectoryW
GetDriveTypeA
GetConsoleCP
GetConsoleMode
Sleep
ExitProcess

user32

GetSystemMetrics
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
CharNextW

advapi32

RegOpenKeyExW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegQueryValueExA
RegSetValueExA
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryValueExW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoTaskMemAlloc
CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CoUninitialize
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoTaskMemFree

oleaut32

VariantChangeType
VariantCopy
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysAllocString
VariantClear
VariantInit
SysFreeString
UnRegisterTypeLi

Exports

Exports

BDUpdSdkCreate
BDUpdSdkDestroy
BDUpdSdkPerformInstall
BDUpdSdkPerformUpdate
BDUpdSdkResetAllSettings
BDUpdSdkSetOption
BDUpdSdkStop
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 926KB - Virtual size: 926KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 51B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 265KB - Virtual size: 264KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 34KB - Virtual size: 369KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CommonLoggingExtension.pxt
.dll windows:5 windows x86 arch:x86

f364035b7b3aa1061a5bed268564bbb2

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:a9:7a:ee:3b:04:78:f8:5b:16:cc:08:8a:3f:ee:76
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/03/2015, 00:00

Not After

06/04/2016, 12:00

Subject

CN=SparkTrust Systems,O=SparkTrust Systems,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:6a:54:a7:38:8f:e4:00:24:de:fd:1f:67:58:9f:f3:7e:e7:34:eb
Signer

Actual PE Digest

6e:6a:54:a7:38:8f:e4:00:24:de:fd:1f:67:58:9f:f3:7e:e7:34:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Dev\SpeedyPC Pro\common\zeppelin\common\CommonLoggingExtension\Win32\Release\CommonLoggingExtension.pdb

Imports

kernel32

LockResource
GetFileAttributesW
WideCharToMultiByte
MultiByteToWideChar
GetFileSize
SizeofResource
UnmapViewOfFile
CreateFileW
CreateFileMappingW
CloseHandle
LoadResource
FindResourceW
FindResourceExW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
MapViewOfFile
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
LoadLibraryW
RtlUnwind
IsProcessorFeaturePresent
GetCurrentProcess
GetModuleFileNameW
SetFilePointer
WriteFile
ExpandEnvironmentStringsW
GetProcAddress
GetModuleHandleW
GetLastError
GetACP
RaiseException
InitializeCriticalSectionAndSpinCount
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
DecodePointer
EncodePointer
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStdHandle
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
LCMapStringW
GetStringTypeW
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
InitializeCriticalSection

shell32

ord51

ole32

CoCreateInstance
CoTaskMemFree
CoUninitialize
CoInitialize

shlwapi

PathRemoveArgsW
PathFileExistsW
PathUnquoteSpacesW

Exports

Exports

GetExtensionFactory

Sections

.text
Size: 104KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CommonSpecialist.pxt
.dll windows:5 windows x86 arch:x86

ccf8daa3a310ba373ad06900ca8287f9

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:a9:7a:ee:3b:04:78:f8:5b:16:cc:08:8a:3f:ee:76
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/03/2015, 00:00

Not After

06/04/2016, 12:00

Subject

CN=SparkTrust Systems,O=SparkTrust Systems,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:e3:bc:e3:69:59:87:3f:a7:ea:4b:dc:e1:9c:c5:3a:b1:a7:da:6b
Signer

Actual PE Digest

08:e3:bc:e3:69:59:87:3f:a7:ea:4b:dc:e1:9c:c5:3a:b1:a7:da:6b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Dev\SpeedyPC Pro\common\zeppelin\Zeppelin\Specialists\CommonSpecialist\Win32\Release\CommonSpecialist.pdb

Imports

kernel32

SizeofResource
LockResource
LoadResource
WideCharToMultiByte
FindResourceExW
CreateFileW
CloseHandle
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetLastError
GetTickCount
FindResourceW
FlushFileBuffers
WriteConsoleW
SetStdHandle
LoadLibraryW
RtlUnwind
GetCurrentProcess
GetModuleFileNameW
GetFileSize
SetFilePointerEx
ReadFile
SetFilePointer
WriteFile
SetEndOfFile
ExpandEnvironmentStringsW
GetProcAddress
GetModuleHandleW
MultiByteToWideChar
GetACP
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetCurrentThreadId
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
LCMapStringW
IsProcessorFeaturePresent
GetStdHandle
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
GetConsoleCP
GetConsoleMode

shell32

SHGetFolderPathW

shlwapi

PathFileExistsW

Exports

Exports

DeleteExtensionFactory
GetExtensionFactory

Sections

.text
Size: 102KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExtensionManager.dll
.dll windows:5 windows x86 arch:x86

f8e7e237cc67b0cfc97826628ab9d3f1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:a9:7a:ee:3b:04:78:f8:5b:16:cc:08:8a:3f:ee:76
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/03/2015, 00:00

Not After

06/04/2016, 12:00

Subject

CN=SparkTrust Systems,O=SparkTrust Systems,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

dd:79:09:d7:36:ae:51:9d:4f:06:66:03:6a:06:87:76:93:17:19:64
Signer

Actual PE Digest

dd:79:09:d7:36:ae:51:9d:4f:06:66:03:6a:06:87:76:93:17:19:64

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Dev\SpeedyPC Pro\common\zeppelin\common\Extension\Win32\Release\ExtensionManager.pdb

Imports

kernel32

FindResourceW
LoadResource
LockResource
SizeofResource
FindClose
FindNextFileW
FindFirstFileExW
GetProcAddress
FindResourceExW
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
GetCurrentProcess
CloseHandle
GetModuleFileNameW
CreateFileW
SetFilePointer
WriteFile
GetModuleHandleW
GetLastError
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
DecodePointer
EncodePointer
GetCurrentThreadId
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
IsProcessorFeaturePresent
GetStdHandle
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetStringTypeW
LCMapStringW
RtlUnwind
LoadLibraryW

shlwapi

PathFileExistsW

rpcrt4

RpcStringFreeW
UuidToStringW

Exports

Exports

DeleteExtensionManager
GetExtensionManager

Sections

.text
Size: 49KB - Virtual size: 49KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HandleUpdate.dll
.dll windows:5 windows x86 arch:x86

cf4dc42e550c0f7f647d02386b7f511e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:a9:7a:ee:3b:04:78:f8:5b:16:cc:08:8a:3f:ee:76
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/03/2015, 00:00

Not After

06/04/2016, 12:00

Subject

CN=SparkTrust Systems,O=SparkTrust Systems,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:48:c8:3b:ee:d7:23:04:cf:13:c0:39:5b:87:88:0a:ea:08:87:b8
Signer

Actual PE Digest

22:48:c8:3b:ee:d7:23:04:cf:13:c0:39:5b:87:88:0a:ea:08:87:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\dev\Internal\client\products\SpeedyPC Pro\trunk\source\HandleUpdate\Release\HandleUpdate.pdb

Imports

shlwapi

StrFormatKBSizeW
PathFindExtensionW
PathIsUNCW
PathStripToRootW
PathRemoveFileSpecW
PathAppendW
PathFindFileNameW

kernel32

GetCPInfo
GetTimeZoneInformation
GetStringTypeW
GetConsoleCP
GetConsoleMode
ReadConsoleW
SetFilePointerEx
OutputDebugStringW
GetOEMCP
LCMapStringW
WriteConsoleW
SetEnvironmentVariableA
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetACP
IsValidCodePage
SizeofResource
LockResource
LoadResource
FindResourceW
CopyFileW
QueryPerformanceCounter
VirtualQueryEx
GetCurrentProcess
GetModuleFileNameW
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionAndSpinCount
RaiseException
GetLastError
HeapSize
DecodePointer
DeleteCriticalSection
GetCurrentThread
GetCurrentThreadId
GetVersionExW
FreeLibrary
LoadLibraryExW
GlobalAlloc
GlobalLock
GlobalDeleteAtom
lstrcmpA
lstrcmpW
MultiByteToWideChar
WideCharToMultiByte
GlobalSize
GlobalUnlock
GlobalFree
LocalFree
MulDiv
FormatMessageW
SetLastError
CloseHandle
WaitForSingleObject
SetThreadPriority
GetModuleFileNameA
GetStartupInfoW
GetStdHandle
GetFileType
SetStdHandle
GetSystemTimeAsFileTime
VirtualQuery
VirtualAlloc
GetSystemInfo
HeapQueryInformation
IsProcessorFeaturePresent
IsDebuggerPresent
ExitThread
CreateThread
GetModuleHandleExW
ExitProcess
RtlUnwind
GetCommandLineA
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
GetTickCount
ResumeThread
GetModuleHandleW
GetProcAddress
Sleep
GetTempPathW
GetTempFileNameW
VerifyVersionInfoW
VerSetConditionMask
GetWindowsDirectoryW
lstrcpyW
GetFileTime
GetFileSizeEx
GetFileAttributesExW
GetFileAttributesW
FileTimeToLocalFileTime
lstrcmpiW
DuplicateHandle
WriteFile
UnlockFile
SetFilePointer
SetEndOfFile
ReadFile
LockFile
GetVolumeInformationW
GetFullPathNameW
GetFileSize
FlushFileBuffers
FindFirstFileW
FindClose
CreateFileW
GlobalFindAtomW
LoadLibraryA
FreeResource
FileTimeToSystemTime
GlobalGetAtomNameW
DeleteFileW
GlobalFlags
GetUserDefaultUILanguage
GetSystemDefaultUILanguage
GetLocaleInfoW
CompareStringW
GetCurrentDirectoryW
GetSystemDirectoryW
EncodePointer
SetErrorMode
LocalReAlloc
LocalAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
LoadLibraryW
GetModuleHandleA
OutputDebugStringA
GetCurrentProcessId
GlobalAddAtomW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW

user32

MapDialogRect
DestroyCursor
GetWindowRgn
DrawIcon
CreateMenu
SubtractRect
GetUpdateRect
IsClipboardFormatAvailable
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
FrameRect
CharUpperBuffW
RegisterClipboardFormatW
ModifyMenuW
SetMenuDefaultItem
CopyIcon
GetDoubleClickTime
SetClassLongW
LockWindowUpdate
SetParent
SetCursorPos
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetSystemMenu
IsZoomed
GetComboBoxInfo
TrackMouseEvent
GetKeyNameTextW
ReuseDDElParam
UnpackDDElParam
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
MonitorFromPoint
UpdateLayeredWindow
IsMenu
UnionRect
SetWindowRgn
DrawFrameControl
DrawEdge
DrawStateW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
EnumDisplayMonitors
SetLayeredWindowAttributes
LoadMenuW
MapVirtualKeyW
GetMenuDefaultItem
CreatePopupMenu
NotifyWinEvent
InvertRect
HideCaret
EnableScrollBar
GetAsyncKeyState
MessageBeep
GetIconInfo
DrawIconEx
LoadImageW
IsRectEmpty
OffsetRect
SetRectEmpty
DrawFocusRect
WindowFromPoint
ReleaseCapture
SetCapture
GetNextDlgGroupItem
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
SendDlgItemMessageA
IntersectRect
InflateRect
GetMenuItemInfoW
DestroyMenu
CharUpperW
DestroyIcon
IsIconic
IsDialogMessageW
CheckDlgButton
MoveWindow
ShowWindow
GetMonitorInfoW
MonitorFromWindow
WinHelpW
GetScrollInfo
SetScrollInfo
LoadIconW
GetTopWindow
GetClassLongW
SetWindowLongW
EqualRect
CopyRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetForegroundWindow
GetForegroundWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
SetFocus
GetDlgItem
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
DestroyWindow
IsChild
UnregisterClassW
PostMessageW
PostQuitMessage
GetMenuStringW
GetMenuState
IsWindow
CreateWindowExW
GetClassInfoExW
GetClassInfoW
RegisterClassW
CallWindowProcW
DefWindowProcW
GetMessageTime
GetMessagePos
RegisterWindowMessageW
GetWindowTextLengthW
LoadCursorW
GetSysColorBrush
GetSystemMetrics
FillRect
GetSysColor
ScreenToClient
EndPaint
BeginPaint
ReleaseDC
GetWindowDC
GetDC
TabbedTextOutW
GrayStringW
DrawTextExW
DrawTextW
InvalidateRect
UpdateWindow
KillTimer
GetSubMenu
GetMenuItemID
GetMenuItemCount
InsertMenuW
AppendMenuW
RemoveMenu
SendMessageW
GetFocus
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoW
GetParent
LoadBitmapW
GetMessageW
TranslateMessage
DispatchMessageW
PeekMessageW
IsWindowVisible
GetActiveWindow
GetKeyState
ValidateRect
GetCursorPos
SetWindowsHookExW
CallNextHookEx
ShowOwnedPopups
SetCursor
EnableWindow
IsWindowEnabled
MessageBoxW
GetWindowLongW
GetWindowThreadProcessId
GetLastActivePopup
UnhookWindowsHookEx
GetClientRect
CopyImage
SystemParametersInfoW
DeleteMenu
GetDlgCtrlID
SetWindowTextW
GetWindowTextW
GetWindowRect
ClientToScreen
PtInRect
GetDesktopWindow
GetClassNameW
GetWindow
RealChildWindowFromPoint
SetTimer
SetRect

gdi32

SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextColor
SetTextAlign
GetObjectW
MoveToEx
TextOutW
ExtTextOutW
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateFontIndirectW
GetTextExtentPoint32W
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
DPtoLP
GetTextMetricsW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
SelectObject
RealizePalette
GetBkColor
CreateCompatibleBitmap
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
SetPixel
StretchBlt
CreateDIBSection
SetDIBColorTable
CreateEllipticRgn
Ellipse
GetTextColor
CreatePolygonRgn
Polygon
Polyline
Rectangle
EnumFontFamiliesExW
GetRgnBox
OffsetRgn
CreateRoundRectRgn
RoundRect
FrameRgn
PtInRegion
SetPixelV
ExtFloodFill
SetPaletteEntries
FillRgn
GetBoundsRect
GetWindowOrgEx
LPtoDP
GetViewportOrgEx
GetTextFaceW
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
RectVisible
PtVisible
LineTo
IntersectClipRect
GetWindowExtEx
GetDeviceCaps
CreateDCW
GetSystemPaletteEntries
CopyMetaFileW
GetStockObject
GetPixel
GetObjectType
GetClipBox
ExcludeClipRect
Escape
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePatternBrush
CreatePen
CreateHatchBrush
GetViewportExtEx
CreateCompatibleDC
BitBlt
DeleteObject
CreateBitmap

msimg32

TransparentBlt
AlphaBlend

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

RegEnumKeyExW
RegEnumValueW
RegQueryValueW
RegEnumKeyW
RegSetValueExW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileW
DragFinish
SHBrowseForFolderW
SHAppBarMessage

uxtheme

GetThemePartSize
GetWindowTheme
GetThemeSysColor
IsThemeBackgroundPartiallyTransparent
DrawThemeText
DrawThemeParentBackground
OpenThemeData
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsAppThemed

ole32

OleLockRunning
DoDragDrop
CreateStreamOnHGlobal
CoInitializeEx
CoDisconnectObject
CoInitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
CoCreateGuid
CoUninitialize
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
CoCreateInstance
IsAccelerator

oleaut32

LoadTypeLi
SysAllocStringLen
SysStringLen
SystemTimeToVariantTime
VariantTimeToSystemTime
VariantClear
VariantCopy
VariantChangeType
VarBstrFromDate
SysFreeString
SysAllocString
VariantInit

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

gdiplus

GdipSetInterpolationMode
GdipCreateFromHDC
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDrawImageRectI

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

winmm

PlaySoundW

Exports

Exports

HU_ReloadDatabase

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 310KB - Virtual size: 309KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Images/Frame/bottom_logo.png
.png
Images/Frame/close.png
.png
Images/Frame/dlg_title.png
.png
Images/Frame/logo.png
.png
Images/Frame/max.png
.png
Images/Frame/min.png
.png
Images/Frame/register_close.png
.png
Images/Frame/register_close_over.png
.png
Images/Frame/restore.png
.png
Images/Frame/tab_bg.png
.png
Images/Frame/tabactive_bg.png
.png
Images/Frame/tabover_bg.png
.png
Images/Frame/tfn_bg.png
.png
Images/Frame/tfn_logo.png
.png
Images/Frame/title_bar.png
.png
Images/Frame/top_logo.png
.png
Images/Frame/upper_divider.png
.png
Images/Icons/cleaned.png
.png
Images/Icons/info.png
.png
Images/Icons/warning.png
.png
Images/Scan/011.png
.png
Images/Scan/012.png
.png
Images/Scan/animation/01.png
.png
Images/Scan/animation/02.png
.png
Images/Scan/animation/03.png
.png
Images/Scan/animation/04.png
.png
Images/Scan/animation/05.png
.png
Images/Scan/animation/06.png
.png
Images/Scan/animation/07.png
.png
Images/Scan/animation/08.png
.png
Images/Scan/animation/09.png
.png
Images/Scan/check.png
.png
Images/Scan/driver_animation/ani_1.png
.png
Images/Scan/driver_animation/ani_10.png
.png
Images/Scan/driver_animation/ani_11.png
.png
Images/Scan/driver_animation/ani_12.png
.png
Images/Scan/driver_animation/ani_13.png
.png
Images/Scan/driver_animation/ani_14.png
.png
Images/Scan/driver_animation/ani_15.png
.png
Images/Scan/driver_animation/ani_16.png
.png
Images/Scan/driver_animation/ani_17.png
.png
Images/Scan/driver_animation/ani_18.png
.png
Images/Scan/driver_animation/ani_19.png
.png
Images/Scan/driver_animation/ani_2.png
.png
Images/Scan/driver_animation/ani_20.png
.png
Images/Scan/driver_animation/ani_21.png
.png
Images/Scan/driver_animation/ani_22.png
.png
Images/Scan/driver_animation/ani_3.png
.png
Images/Scan/driver_animation/ani_4.png
.png
Images/Scan/driver_animation/ani_5.png
.png
Images/Scan/driver_animation/ani_6.png
.png
Images/Scan/driver_animation/ani_7.png
.png
Images/Scan/driver_animation/ani_8.png
.png
Images/Scan/driver_animation/ani_9.png
.png
Images/Scan/error.png
.png
Images/Scan/error_large.png
.png
Images/Scan/junk.png
.png
Images/Scan/malware.png
.png
Images/Scan/md5.png
.png
Images/Scan/privacy.png
.png
Images/Scan/process-animation.gif
Images/Scan/rating_h.png
.png
Images/Scan/rating_h_scan.png
.png
Images/Scan/rating_l.png
.png
Images/Scan/rating_l_scan.png
.png
Images/Scan/rating_m.png
.png
Images/Scan/rating_m_scan.png
.png
Images/Scan/rating_mh.png
.png
Images/Scan/rating_mh_scan.png
.png
Images/Scan/rating_ml.png
.png
Images/Scan/rating_ml_scan.png
.png
Images/Scan/registry.png
.png
Images/Scan/warning.png
.png
Images/Tabs/drivers.png
.png
Images/Tabs/maintenance.png
.png
Images/Tabs/overview.png
.png
Images/Tabs/restore.png
.png
Images/Tabs/scan.png
.png
Images/Tabs/settings.png
.png
Images/Tabs/tools.png
.png
Images/buttons/btn.png
.png
Images/buttons/btn_over.png
.png
Images/buttons/button_bho.png
.png
Images/buttons/button_defrag.png
.png
Images/buttons/button_file.png
.png
Images/buttons/button_generalsettings.png
.png
Images/buttons/button_ignore.png
.png
Images/buttons/button_junk.png
.png
Images/buttons/button_privacy.png
.png
Images/buttons/button_process.png
.png
Images/buttons/button_registry.png
.png
Images/buttons/button_schedule.png
.png
Images/buttons/button_speedybackup.png
.png
Images/buttons/button_startup.png
.png
Images/buttons/offeraction.png
.png
Images/buttons/offeraction_over.png
.png
Images/buttons/register_over_small.png
.png
Images/buttons/register_small.png
.png
Images/buttons/settings_button.png
.png
Images/buttons/settings_button_over.png
.png
Images/defrag/c_empty.png
.png
Images/defrag/c_frag.png
.png
Images/defrag/c_unfrag.png
.png
Images/defrag/c_unknown.png
.png
Images/defrag/c_unmove.png
.png
Images/general/collapse.png
.png
Images/general/delete.png
.png
Images/general/driverbg.png
.png
Images/general/expand.png
.png
Images/general/progress_glow.png
.png
Images/group/bho.png
.png
Images/group/dup_audio.png
.png
Images/group/dup_doc.png
.png
Images/group/dup_image.png
.png
Images/group/dup_other.png
.png
Images/group/dup_video.png
.png
Images/group/ig_drivers.png
.png
Images/group/ig_proc.png
.png
Images/group/ig_reg.png
.png
Images/group/junk.png
.png
Images/group/priv_3rd.png
.png
Images/group/priv_browser.png
.png
Images/group/priv_email.png
.png
Images/group/priv_fs.png
.png
Images/group/priv_im.png
.png
Images/group/priv_multi.png
.png
Images/group/priv_office.png
.png
Images/group/priv_other.png
.png
Images/group/priv_windows.png
.png
Images/group/reg_apppath.png
.png
Images/group/reg_com.png
.png
Images/group/reg_dll.png
.png
Images/group/reg_empty.png
.png
Images/group/reg_extensions.png
.png
Images/group/reg_filepath.png
.png
Images/group/reg_font.png
.png
Images/group/reg_help.png
.png
Images/group/reg_shortcut.png
.png
Images/group/reg_startup.png
.png
Images/group/reg_uninstall.png
.png
Images/group/startup.png
.png
Images/headers/header_about.png
.png
Images/headers/header_bho.png
.png
Images/headers/header_clean.png
.png
Images/headers/header_defrag.png
.png
Images/headers/header_driver.png
.png
Images/headers/header_file.png
.png
Images/headers/header_junk.png
.png
Images/headers/header_junk_settings.png
.png
Images/headers/header_maintenance.png
.png
Images/headers/header_malware.png
.png
Images/headers/header_performance.png
.png
Images/headers/header_privacy.png
.png
Images/headers/header_process.png
.png
Images/headers/header_registry.png
.png
Images/headers/header_restore.png
.png
Images/headers/header_settings.png
.png
Images/headers/header_startup.png
.png
Images/headers/header_tools.png
.png
Images/headers/settings_general.png
.png
Images/headers/settings_ignore.png
.png
Images/headers/settings_privacy.png
.png
Images/headers/settings_registry.png
.png
Images/headers/settings_schedule.png
.png
Images/headers/vipre.png
.png
Images/list/drivers/cd.png
.png
Images/list/drivers/cpu.png
.png
Images/list/drivers/disk.png
.png
Images/list/drivers/display.png
.png
Images/list/drivers/driver_outdated.png
.png
Images/list/drivers/driver_uptodate.png
.png
Images/list/drivers/floppy.png
.png
Images/list/drivers/mouse_key.png
.png
Images/list/drivers/other.png
.png
Images/list/drivers/outdated.png
.png
Images/list/drivers/power.png
.png
Images/list/drivers/printer.png
.png
Images/list/drivers/software.png
.png
Images/list/drivers/system.png
.png
Images/list/drivers/uptodate.png
.png
Images/list/drivers/usb.png
.png
Images/list/maintenance/defrag.png
.png
Images/list/maintenance/defrag_big.png
.png
Images/list/maintenance/junk.png
.png
Images/list/maintenance/junk_big.png
.png
Images/list/maintenance/malware.png
.png
Images/list/maintenance/malware_big.png
.png
Images/list/maintenance/privacy.png
.png
Images/list/maintenance/privacy_big.png
.png
Images/list/maintenance/registry.png
.png
Images/list/maintenance/registry_big.png
.png
Images/list/other.png
.png
Images/list/process/bho.png
.png
Images/list/process/process.png
.png
Images/list/process/startup.png
.png
Images/list/recommendations/rec_malware16.png
.png
Images/list/recommendations/rec_malware24.png
.png
Images/list/recommendations/rec_malware32.png
.png
Images/list/recommendations/rec_system16.png
.png
Images/list/recommendations/rec_system24.png
.png
Images/list/recommendations/rec_system32.png
.png
Images/list/recommendations/rec_unknown16.png
.png
Images/list/recommendations/rec_unknown24.png
.png
Images/list/recommendations/rec_unknown32.png
.png
Images/list/recommendations/rec_unwanted16.png
.png
Images/list/recommendations/rec_unwanted24.png
.png
Images/list/recommendations/rec_unwanted32.png
.png
Images/list/recommendations/rec_userapp16.png
.png
Images/list/recommendations/rec_userapp24.png
.png
Images/list/recommendations/rec_userapp32.png
.png
Images/popups/animation.gif
.gif
Images/popups/bar_bg.png
.png
Images/popups/checkmark.png
.png
Images/popups/close.png
.png
Images/popups/close_over.png
.png
Images/popups/prefix/computer.png
.png
Images/popups/thankyou.png
.png
Images/popups/time.png
.png
Images/popups/weekly.png
.png
Images/popups/weekly2.png
.png
LiteUnzip.dll
.dll windows:4 windows x86 arch:x86

f7a84048399bc4a2d1221cc8bdd7c96e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:a9:7a:ee:3b:04:78:f8:5b:16:cc:08:8a:3f:ee:76
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/03/2015, 00:00

Not After

06/04/2016, 12:00

Subject

CN=SparkTrust Systems,O=SparkTrust Systems,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

db:0c:1a:40:1c:00:82:84:bb:48:de:29:4b:df:8c:cf:46:6b:82:c1
Signer

Actual PE Digest

db:0c:1a:40:1c:00:82:84:bb:48:de:29:4b:df:8c:cf:46:6b:82:c1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

ReadFile
GlobalFree
GlobalAlloc
CreateDirectoryA
GetLastError
CreateDirectoryW
CloseHandle
SetFileTime
WriteFile
CreateFileA
CreateFileW
IsBadReadPtr
SetFilePointer
lstrcmpA
LocalFileTimeToFileTime
SystemTimeToFileTime
MultiByteToWideChar
lstrlenA
lstrcpyA
lstrcmpiA
WideCharToMultiByte
GetCurrentDirectoryA
DuplicateHandle
GetCurrentProcess
SizeofResource
LockResource
LoadResource
FindResourceA
GetModuleHandleA
DisableThreadLibraryCalls
FlushFileBuffers
LoadLibraryA
GetCommandLineA
GetProcAddress
GetVersion
ExitProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
HeapAlloc
HeapFree
SetStdHandle

user32

LoadStringA
LoadStringW

Exports

Exports

UnzipClose
UnzipFindItemA
UnzipFindItemW
UnzipFormatMessageA
UnzipFormatMessageW
UnzipGetItemA
UnzipGetItemW
UnzipItemToBuffer
UnzipItemToFileA
UnzipItemToFileW
UnzipItemToHandle
UnzipOpenBuffer
UnzipOpenFileA
UnzipOpenFileW
UnzipOpenHandle
UnzipSetBaseDirA
UnzipSetBaseDirW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 595B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LiteZip.dll
.dll windows:4 windows x86 arch:x86

a4f9b29cfb961f52cf212be6c0353a3b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:a9:7a:ee:3b:04:78:f8:5b:16:cc:08:8a:3f:ee:76
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/03/2015, 00:00

Not After

06/04/2016, 12:00

Subject

CN=SparkTrust Systems,O=SparkTrust Systems,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

91:77:9d:ec:db:43:3b:50:6a:16:14:df:c9:41:d9:72:0a:26:8f:bd
Signer

Actual PE Digest

91:77:9d:ec:db:43:3b:50:6a:16:14:df:c9:41:d9:72:0a:26:8f:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FileTimeToSystemTime
SetFilePointer
ReadFile
GlobalFree
CloseHandle
GlobalAlloc
lstrlenA
lstrcmpiA
lstrcpyA
WideCharToMultiByte
SystemTimeToFileTime
GetLocalTime
CreateFileA
CreateFileW
IsBadReadPtr
GetFileSize
GetFileInformationByHandle
WriteFile
FindClose
FindNextFileA
FindFirstFileA
lstrlenW
lstrcpyW
FindNextFileW
FindFirstFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
DuplicateHandle
GetCurrentProcess
DisableThreadLibraryCalls
GetTickCount
FlushFileBuffers
LoadLibraryA
HeapFree
GetCommandLineA
GetProcAddress
GetModuleHandleA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
HeapCreate
HeapDestroy
SetHandleCount
GetFileType
GetStdHandle
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
SetStdHandle

user32

LoadStringW
LoadStringA
GetDesktopWindow

Exports

Exports

ZipAddBufferA
ZipAddBufferW
ZipAddDirA
ZipAddDirW
ZipAddFileA
ZipAddFileW
ZipAddFolderA
ZipAddFolderW
ZipAddHandleA
ZipAddHandleW
ZipAddPipeA
ZipAddPipeW
ZipClose
ZipCreateBuffer
ZipCreateFileA
ZipCreateFileW
ZipCreateHandle
ZipFormatMessageA
ZipFormatMessageW
ZipGetMemory
ZipOptions
ZipResetMemory

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 668B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

shared
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LogSettings.xml
MyResources.dll
.dll windows:5 windows x86 arch:x86

89a6d69512ddd5caf6edc165bcb08fbf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:a9:7a:ee:3b:04:78:f8:5b:16:cc:08:8a:3f:ee:76
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/03/2015, 00:00

Not After

06/04/2016, 12:00

Subject

CN=SparkTrust Systems,O=SparkTrust Systems,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cc:d9:48:f6:ea:8f:32:8e:20:d3:b1:9d:53:3f:d9:4c:41:ca:0c:31
Signer

Actual PE Digest

cc:d9:48:f6:ea:8f:32:8e:20:d3:b1:9d:53:3f:d9:4c:41:ca:0c:31

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\dev\Internal\client\products\SpeedyPC Pro\trunk\source\SpeedyPC\MyResources\Release\MyResources.pdb

Imports

kernel32

GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
GetLastError
SetLastError
EncodePointer
DecodePointer
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetProcessHeap
GetStdHandle
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
HeapFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
WriteFile
GetModuleFileNameW
LoadLibraryExW
RtlUnwind
HeapAlloc
HeapReAlloc
GetStringTypeW
OutputDebugStringW
HeapSize
LCMapStringW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 428KB - Virtual size: 427KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
RegHookSpecialist.pxt
.dll windows:5 windows x86 arch:x86

3b45d71c4b32ae6b60ae479b539135c7

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:a9:7a:ee:3b:04:78:f8:5b:16:cc:08:8a:3f:ee:76
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/03/2015, 00:00

Not After

06/04/2016, 12:00

Subject

CN=SparkTrust Systems,O=SparkTrust Systems,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

62:7d:0c:2e:1a:6b:88:d7:73:cc:a6:8b:1f:51:b5:50:5b:d4:f6:75
Signer

Actual PE Digest

62:7d:0c:2e:1a:6b:88:d7:73:cc:a6:8b:1f:51:b5:50:5b:d4:f6:75

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Dev\SpeedyPC Pro\common\zeppelin\Zeppelin\Specialists\RegHookSpecialist\Win32\Release\RegHookSpecialist.pdb

Imports

kernel32

GetProcAddress
LoadLibraryW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetLongPathNameW
GetFileAttributesW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
GetCurrentProcess
CloseHandle
GetModuleFileNameW
CreateFileW
SetFilePointer
WriteFile
ExpandEnvironmentStringsW
GetModuleHandleW
MultiByteToWideChar
WideCharToMultiByte
GetACP
HeapDestroy
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
DecodePointer
EncodePointer
GetCurrentThreadId
GetCommandLineA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetOEMCP
IsValidCodePage
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
GetStdHandle
Sleep
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
GetLastError

advapi32

RegOpenKeyExW
RegEnumKeyExW
RegEnumValueW
RegSetValueExW
RegCloseKey
RegCreateKeyW
RegEnumKeyW
RegOpenKeyW

shlwapi

PathStripPathW
PathUnquoteSpacesW
PathRemoveArgsW
PathFileExistsW

Exports

Exports

DeleteExtensionFactory
GetExtensionFactory

Sections

.text
Size: 89KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SBTE.dll
.dll windows:5 windows x86 arch:x86

eaf379a29d67bdc501623ee3c6597de4

Code Sign

79:a2:a5:85:f9:d1:15:42:13:d9:b8:3e:f6:b6:8d:ed
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

01/05/2012, 00:00

Not After

31/12/2012, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G3,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:32:3d:bf:4b:8e:5c:fd:d5:65:69:7a:3b:7e:bd:da
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

26/01/2012, 00:00

Not After

25/01/2015, 23:59

Subject

CN=GFI Software (Florida) Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=GFI Software (Florida) Inc.,L=Clearwater,ST=Florida,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fe:5e:92:d3:04:63:fc:aa:a4:26:7d:f8:fb:e8:e6:26:0b:d2:55:e9
Signer

Actual PE Digest

fe:5e:92:d3:04:63:fc:aa:a4:26:7d:f8:fb:e8:e6:26:0b:d2:55:e9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\projects\workspace\sdk-hotfix\src\bin\Release\SBTE.pdb

Imports

kernel32

GetFileSize
FlushFileBuffers
FindClose
lstrlenA
GetUserDefaultLangID
BackupSeek
BackupRead
MapViewOfFile
UnmapViewOfFile
GetCurrentProcess
GetCommandLineW
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
TerminateProcess
HeapFree
HeapAlloc
GetProcessHeap
GetFileSizeEx
GetSystemInfo
FileTimeToSystemTime
FileTimeToLocalFileTime
LoadLibraryA
InterlockedExchange
GetModuleHandleA
SetEnvironmentVariableA
SetStdHandle
HeapReAlloc
GetTickCount
QueryPerformanceCounter
GetModuleFileNameA
GetLocalTime
GetCurrentThreadId
GetCurrentThread
LocalAlloc
LocalFree
InitializeCriticalSectionAndSpinCount
MoveFileExW
VirtualAlloc
OpenProcess
ReadProcessMemory
VirtualFree
GetCurrentProcessId
IsBadWritePtr
InitializeCriticalSection
CreateThread
Sleep
InterlockedDecrement
TlsSetValue
TlsGetValue
TlsAlloc
TlsFree
IsBadReadPtr
SetLastError
FreeLibrary
SetFilePointer
WriteFile
SetEndOfFile
CloseHandle
EnterCriticalSection
ReadFile
GetLastError
LeaveCriticalSection
DeleteCriticalSection
DeviceIoControl
GetTimeZoneInformation
GetConsoleMode
GetConsoleCP
HeapDestroy
HeapCreate
PeekNamedPipe
GetFileInformationByHandle
GetFileType
SetHandleCount
ExitProcess
HeapSize
VirtualQuery
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetStdHandle
IsProcessorFeaturePresent
GetOEMCP
GetACP
InterlockedIncrement
GetCommandLineA
GetSystemTimeAsFileTime
FindFirstFileExW
EncodePointer
DecodePointer
RaiseException
RtlUnwind

psapi

EnumProcessModules
GetModuleFileNameExW
GetModuleInformation
EnumProcesses

advapi32

CryptHashData
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
CryptEncrypt
CryptDecrypt
CryptDeriveKey
CryptDestroyKey
CryptReleaseContext
CryptDestroyHash
CryptCreateHash
OpenThreadToken
SetThreadToken
SetKernelObjectSecurity
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
MakeSelfRelativeSD
GetLengthSid
InitializeAcl
AddAccessAllowedAce
AllocateAndInitializeSid
FreeSid
RegCloseKey

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW

ole32

CoTaskMemFree
CoUninitialize
CoInitializeEx
CoCreateInstance
StringFromGUID2
CoCreateGuid
CoGetClassObject
StringFromIID

oleaut32

SysAllocString
SysFreeString
VariantChangeType
VariantInit
VariantClear
SysStringLen
SysStringByteLen
SysAllocStringByteLen

shlwapi

PathRemoveFileSpecW
PathIsFileSpecW
PathFindFileNameW
PathAppendW
PathIsNetworkPathW

sfc

SfcIsFileProtected

Exports

Exports

SBCSAddIgnoredThreat
SBCSAddPathToScanA
SBCSAddPathToScanW
SBCSAddThreatCategoryActionA
SBCSAddThreatCategoryActionW
SBCSAddUserKnownEntity
SBCSApplyDefinitionUpdateA
SBCSApplyDefinitionUpdateW
SBCSClearFileCache
SBCSClearIgnoredThreats
SBCSClearPathsToScan
SBCSClearThreatCategoryActions
SBCSClearUserKnownEntityList
SBCSCloseThreatEngine
SBCSDeleteThreatA
SBCSDeleteThreatW
SBCSDetectThreatInBuf
SBCSEnableAV
SBCSEnableFileCache
SBCSEnableRootkitEngine
SBCSEncryptFileA
SBCSEncryptFileW
SBCSFindNextThreatId
SBCSFreeBuffer
SBCSGetBootTimeRegistrationStatus
SBCSGetCleanerResultsA
SBCSGetCleanerResultsSizeA
SBCSGetCleanerResultsSizeW
SBCSGetCleanerResultsW
SBCSGetDefReleaseDateA
SBCSGetDefReleaseDateW
SBCSGetDefVersionA
SBCSGetDefVersionW
SBCSGetFileSignatureA
SBCSGetFileSignatureW
SBCSGetLowRiskThreatDetection
SBCSGetQuarantineFolderA
SBCSGetQuarantineFolderW
SBCSGetQuarantineHistoryA
SBCSGetQuarantineHistorySizeA
SBCSGetQuarantineHistorySizeW
SBCSGetQuarantineHistoryW
SBCSGetQuarantineRecordA
SBCSGetQuarantineRecordSizeA
SBCSGetQuarantineRecordSizeW
SBCSGetQuarantineRecordW
SBCSGetScanOption
SBCSGetScannerResultsA
SBCSGetScannerResultsSizeA
SBCSGetScannerResultsSizeW
SBCSGetScannerResultsW
SBCSGetStringOption
SBCSIsAVEnabled
SBCSIsCleaning
SBCSIsFileCacheEnabled
SBCSIsFileGood
SBCSIsRootkitEngineEnabled
SBCSIsScanning
SBCSOpenThreatEngineA
SBCSOpenThreatEngineW
SBCSPurgeQuarantine
SBCSQuarantineBufferA
SBCSQuarantineBufferW
SBCSQuarantineFile2A
SBCSQuarantineFile2W
SBCSQuarantineFileA
SBCSQuarantineFileAsync
SBCSQuarantineFileW
SBCSQueryQuarantineIDA
SBCSQueryQuarantineIDW
SBCSQueryThreatDataA
SBCSQueryThreatDataW
SBCSRegisterBootTimeScanner
SBCSRemoveFileCacheEntry
SBCSResetScanOptions
SBCSRunCleanerA
SBCSRunCleanerW
SBCSRunScanner
SBCSScanBuffer
SBCSScanFileTrace
SBCSScanRegistryTrace
SBCSSetCleanerProgressCallbackA
SBCSSetCleanerProgressCallbackW
SBCSSetDebugLoggingA
SBCSSetDebugLoggingW
SBCSSetLoggerCallbackA
SBCSSetLoggerCallbackW
SBCSSetLowRiskThreatDetection
SBCSSetQuarantineActionCallbackA
SBCSSetQuarantineActionCallbackW
SBCSSetScanDescriptionA
SBCSSetScanDescriptionW
SBCSSetScanOption
SBCSSetScanProgressDetailCallbackA
SBCSSetScanProgressDetailCallbackW
SBCSSetScanProgressStateCallback
SBCSSetStringOption
SBCSUnRegisterBootTimeScanner
SBCSUninstall
SBCSUnquarantineThreatA
SBCSUnquarantineThreatW

Sections

.text
Size: 748KB - Virtual size: 747KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 189KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 47KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SandBoxer.dll
.dll windows:4 windows x86 arch:x86

9c2c447b2262ee25679c6721ea47bb1c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:a9:7a:ee:3b:04:78:f8:5b:16:cc:08:8a:3f:ee:76
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/03/2015, 00:00

Not After

06/04/2016, 12:00

Subject

CN=SparkTrust Systems,O=SparkTrust Systems,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:19:bd:42:19:86:85:63:81:54:6e:a7:a0:bc:a5:5b:d3:2c:9f:4a
Signer

Actual PE Digest

0d:19:bd:42:19:86:85:63:81:54:6e:a7:a0:bc:a5:5b:d3:2c:9f:4a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\dev\code\zeppelin\common\sandboxer\debug\SandBoxer.pdb

Imports

kernel32

LocalFree
LocalAlloc
GetVersion
GetCurrentThreadId
WideCharToMultiByte
GetThreadLocale
GetStartupInfoA
GetLocaleInfoA
GetCommandLineA
FreeLibrary
ExitProcess
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
TlsSetValue
TlsGetValue
TlsFree
TlsAlloc
lstrlenA
lstrcpyW
lstrcpyA
lstrcmpiW
lstrcmpiA
lstrcatW
WriteProcessMemory
WaitForSingleObject
WaitForMultipleObjects
VirtualQueryEx
VirtualQuery
VirtualProtectEx
VirtualProtect
UnmapViewOfFile
TerminateThread
TerminateProcess
Sleep
SetThreadPriority
SetLastError
SetEvent
ResumeThread
ReleaseSemaphore
ReleaseMutex
ReadProcessMemory
OpenProcess
OpenMutexW
OpenMutexA
OpenFileMappingW
OpenFileMappingA
OpenEventW
VirtualAlloc
MapViewOfFile
LoadLibraryExA
LoadLibraryA
IsBadWritePtr
IsBadReadPtr
GetVersionExW
GetVersionExA
GetTickCount
GetThreadContext
GetSystemDirectoryW
GetSystemDirectoryA
GetProcAddress
GetModuleHandleW
GetModuleHandleA
GetModuleFileNameA
GetFileAttributesW
GetFileAttributesA
GetExitCodeThread
GetCurrentThread
GetCurrentProcessId
GetCurrentDirectoryW
GetCurrentDirectoryA
InterlockedExchange
FormatMessageA
DuplicateHandle
DeleteFileW
CreateThread
CreateSemaphoreA
CreateProcessW
CreateProcessA
CreatePipe
CreateMutexW
CreateMutexA
CreateFileMappingW
CreateFileMappingA
CreateFileA
CreateEventW
CreateEventA
CompareStringW
CompareStringA
GetLocaleInfoW
GetTimeZoneInformation
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetUserDefaultLCID
EnumSystemLocalesA
IsValidCodePage
IsValidLocale
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcess
GlobalAlloc
GlobalFree
GetFileSize
ReadFile
OutputDebugStringW
CreateFileW
SetFilePointer
WriteFile
CloseHandle
SetEndOfFile
OutputDebugStringA
GetModuleFileNameW
lstrlenW
GetProcessHeap
HeapAlloc
GetLastError
HeapReAlloc
OpenEventA
HeapFree
GetStringTypeW
GetStringTypeA
GetDateFormatA
GetTimeFormatA
GetConsoleMode
GetConsoleCP
InterlockedIncrement
InterlockedDecrement
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapValidate
FatalAppExitA
DebugBreak
MultiByteToWideChar
GetACP
GetOEMCP
GetCPInfo
LCMapStringA
LCMapStringW
WriteConsoleW
GetFileType
SetConsoleCtrlHandler
LoadLibraryW
SetHandleCount
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
HeapCreate
QueryPerformanceCounter
GetSystemTimeAsFileTime
FlushFileBuffers
SetEnvironmentVariableA

user32

CloseDesktop
DispatchMessageA
GetUserObjectInformationA
MsgWaitForMultipleObjects
OpenInputDesktop
PeekMessageA
TranslateMessage
MessageBoxA
GetKeyboardType
GetThreadDesktop

advapi32

AdjustTokenPrivileges
AllocateAndInitializeSid
EqualSid
FreeSid
GetLengthSid
InitializeSecurityDescriptor
IsValidSid
LookupPrivilegeValueA
RegCreateKeyExA
RegDeleteKeyA
RegEnumKeyA
RegSetValueExA
RegSetValueExW
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
OpenProcessToken
GetTokenInformation
LsaOpenPolicy
LsaAddAccountRights
LsaRemoveAccountRights
LookupAccountNameW
GetKernelObjectSecurity

oleaut32

SysReAllocStringLen
SysFreeString

shlwapi

PathAppendW
PathRemoveFileSpecW

Exports

Exports

SandBox

Sections

.text
Size: 320KB - Virtual size: 317KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

CODE
Size: 108KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

DATA
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

BSS
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SparkTrustPCCleanerPlus.exe
.exe windows:5 windows x86 arch:x86

5810668c72c2f6715bc6035964246702

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:a9:7a:ee:3b:04:78:f8:5b:16:cc:08:8a:3f:ee:76
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/03/2015, 00:00

Not After

06/04/2016, 12:00

Subject

CN=SparkTrust Systems,O=SparkTrust Systems,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

bf:45:15:be:17:80:27:60:84:11:c1:a8:3d:29:79:96:75:ff:1c:fb
Signer

Actual PE Digest

bf:45:15:be:17:80:27:60:84:11:c1:a8:3d:29:79:96:75:ff:1c:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\BuildAgent\work\7cf5b119b56a991c\bin\Release\SpeedyPC.pdb

Imports

winmm

PlaySoundW
timeGetTime

rpcrt4

UuidCreateSequential

wininet

InternetSetStatusCallbackW
InternetGetLastResponseInfoW
InternetOpenUrlW
InternetQueryOptionW
InternetQueryDataAvailable
InternetWriteFile
InternetSetFilePointer
InternetCanonicalizeUrlW
InternetCrackUrlW
DeleteUrlCacheEntryW
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
HttpAddRequestHeadersW
InternetReadFile
HttpQueryInfoW
HttpSendRequestW
HttpOpenRequestW
InternetCloseHandle
InternetConnectW
InternetOpenW

shfolder

SHGetFolderPathW

shell32

DragFinish
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetSpecialFolderPathW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHAppBarMessage
DragQueryFileW
SHEmptyRecycleBinW
SHQueryRecycleBinW
SHGetFileInfoW
SHCreateDirectoryExW
SHFileOperationW
ord165
SHGetDiskFreeSpaceExW
Shell_NotifyIconW

ole32

CLSIDFromString
CoSetProxyBlanket
CoTaskMemAlloc
OleRun
OleDuplicateData
ReleaseStgMedium
OleInitialize
CreateStreamOnHGlobal
OleDraw
CoCreateGuid
CoFreeUnusedLibraries
CLSIDFromProgID
CoDisconnectObject
CoGetClassObject
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
CoRevokeClassObject
OleFlushClipboard
OleIsCurrentClipboard
CoRegisterMessageFilter
DoDragDrop
OleGetClipboard
OleLockRunning
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
StringFromGUID2
CoInitializeSecurity
CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx
OleUninitialize
CoTaskMemFree

shlwapi

PathAppendW
PathStripPathW
StrTrimW
StrFormatByteSizeW
PathFindExtensionW
PathIsDirectoryW
PathFileExistsW
ord217
ord215
PathRemoveFileSpecW
PathFindFileNameW
PathUnquoteSpacesW
SHDeleteKeyW
PathIsFileSpecW
UrlUnescapeW
PathIsUNCW
PathStripToRootW
StrFormatKBSizeW
PathFindOnPathW
PathIsNetworkPathW
PathAddExtensionW
PathGetCharTypeW
PathIsRootW

gdi32

CreatePen
SetTextColor
SetBkColor
DeleteDC
GetTextExtentPoint32W
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SelectPalette
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
LineTo
IntersectClipRect
GetPixel
GetObjectType
CreateDCW
CreateFontIndirectW
CreateRectRgn
CreateHatchBrush
CreateBitmap
CopyMetaFileW
GetDeviceCaps
GetStockObject
CreatePatternBrush
CreateDIBSection
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
EnumFontFamiliesExW
RoundRect
ExtFloodFill
SetPaletteEntries
GetViewportOrgEx
GetWindowOrgEx
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
GetTextFaceW
SetPixelV
GetClipBox
SelectObject
GetObjectW
GetCurrentObject
DeleteObject
CreateSolidBrush
BitBlt
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateCompatibleDC
LPtoDP
CreateCompatibleBitmap
GetMapMode
GetWindowExtEx
GetViewportExtEx
DPtoLP
MoveToEx
SetViewportExtEx
SetViewportOrgEx
CreateDCA
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CombineRgn
CreateRectRgnIndirect
PatBlt
SetRectRgn
CreateEllipticRgn
Ellipse
GetBkColor
GetTextColor
CreatePolygonRgn
Polygon
Polyline
GetTextMetricsW
GetRgnBox
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
GetDIBits
RealizePalette
SetPixel
StretchBlt
SetDIBColorTable
Rectangle
CreateRoundRectRgn
OffsetRgn
ExcludeClipRect
GetBitmapBits
GetObjectA

comctl32

ImageList_ReplaceIcon
InitCommonControlsEx
ImageList_Draw

user32

CreatePopupMenu
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
GetMenuItemInfoW
DrawStateW
GetIconInfo
CopyImage
LoadImageW
SetRectEmpty
WindowFromPoint
GetNextDlgGroupItem
SetWindowRgn
MapVirtualKeyW
GetKeyNameTextW
IntersectRect
LoadBitmapW
SetMenuItemInfoW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetMessageW
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetTopWindow
GetClassLongW
EqualRect
MapWindowPoints
AdjustWindowRectEx
RemovePropW
GetPropW
SetPropW
GetScrollRange
SetScrollRange
CreateMenu
DestroyCursor
WinHelpW
SetWindowTextW
GetWindowRgn
CallWindowProcW
RegisterWindowMessageW
SetMenuDefaultItem
GetCursorPos
TrackPopupMenu
GetScrollPos
SetScrollPos
ScrollWindow
ValidateRect
GetForegroundWindow
SetMenu
GetMenu
GetCapture
GetKeyState
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
GetClassInfoExW
GetClassInfoW
RegisterClassW
InsertMenuItemW
UnpackDDElParam
ReuseDDElParam
DrawEdge
DrawFrameControl
UnregisterClassW
EnumChildWindows
IsIconic
DestroyMenu
DrawFocusRect
DestroyWindow
GetSysColorBrush
DispatchMessageW
GetWindowTextW
EmptyClipboard
SetClipboardData
CreateDialogIndirectParamW
RealChildWindowFromPoint
CopyAcceleratorTableW
InvalidateRgn
CharNextW
SetLayeredWindowAttributes
EnumDisplayMonitors
UnionRect
IsMenu
UpdateLayeredWindow
EnableScrollBar
MonitorFromPoint
DeleteMenu
MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW
NotifyWinEvent
GetMenuDefaultItem
ModifyMenuW
PostThreadMessageW
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
PeekMessageW
CreateAcceleratorTableW
DestroyAcceleratorTable
InvalidateRect
GetWindowDC
DrawTextW
GetClientRect
GetWindowRect
SendMessageW
ReleaseDC
GetFocus
EnableWindow
IsDialogMessageW
LockWindowUpdate
SetClassLongW
SetCursorPos
GetDoubleClickTime
CopyIcon
HideCaret
InvertRect
CharUpperBuffW
FrameRect
DrawMenuBar
DefFrameProcW
DefMDIChildProcW
TranslateMDISysAccel
IsCharLowerW
MapVirtualKeyExW
GetMessageTime
ClientToScreen
GetWindowTextLengthW
GetDlgCtrlID
IsDlgButtonChecked
GetDesktopWindow
SetActiveWindow
GetNextDlgTabItem
EndDialog
SendDlgItemMessageA
GetWindowThreadProcessId
IsWindowEnabled
UnhookWindowsHookEx
RemoveMenu
AppendMenuW
InsertMenuW
GetMenuItemCount
GetMenuItemID
GetMenuState
GetMenuStringW
IsZoomed
GetMonitorInfoW
MonitorFromWindow
IsRectEmpty
GetScrollInfo
CharUpperW
wsprintfW
TranslateMessage
GetAsyncKeyState
GetWindow
MoveWindow
SetFocus
CheckDlgButton
GetSystemMenu
GetClassNameW
SetWindowLongW
GetDlgItem
GetSystemMetrics
GetDialogBaseUnits
GetWindowLongW
DrawIcon
MessageBeep
GetLastActivePopup
GetActiveWindow
MessageBoxW
UpdateWindow
SetForegroundWindow
ShowWindow
LoadIconW
DefWindowProcW
FindWindowExW
SetParent
PostQuitMessage
ExitWindowsEx
FillRect
EnableMenuItem
GetSubMenu
LoadMenuW
DrawIconEx
DestroyIcon
ShowScrollBar
OffsetRect
SubtractRect
GetUpdateRect
WaitMessage
GetComboBoxInfo
SystemParametersInfoW
EndPaint
BeginPaint
ReleaseCapture
LoadCursorW
SetCursor
SetCapture
SetWindowPos
CreateWindowExW
SetRect
CloseClipboard
GetClipboardData
OpenClipboard
IsClipboardFormatAvailable
ScreenToClient
GetMessagePos
IsWindow
TrackMouseEvent
InflateRect
GetDC
LoadStringW
PostMessageW
RedrawWindow
PtInRect
CopyRect
GetParent
GetSysColor
SetTimer
KillTimer
IsWindowVisible
TabbedTextOutW
DrawTextExW
GrayStringW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

7zipdll

CreateObject
GetNumberOfMethodsDLL
GetHandlerProperty2
GetNumberOfFormats
SetLargePageMode
GetMethodProperty

kernel32

GlobalLock
MultiByteToWideChar
GlobalUnlock
GetTempPathW
GetTempFileNameW
DeleteFileW
WaitForSingleObject
FileTimeToSystemTime
FileTimeToLocalFileTime
TryEnterCriticalSection
GetCurrentProcessId
OpenProcess
TerminateProcess
GetVersionExW
GetLocaleInfoW
ReadFile
CreateFileW
FindFirstFileW
FindClose
GetCurrentThread
GetLastError
HeapAlloc
GetProcessHeap
HeapFree
SetCurrentDirectoryW
CreateMutexW
GetLocalTime
MulDiv
GlobalAlloc
LocalAlloc
LocalLock
LocalFree
LocalUnlock
GetSystemTime
HeapReAlloc
InitializeCriticalSectionAndSpinCount
HeapDestroy
RaiseException
HeapSize
DecodePointer
lstrcmpiW
OutputDebugStringW
InterlockedDecrement
IsWow64Process
GetFileSizeEx
CreateEventW
SetEvent
VirtualQueryEx
FindResourceExW
SuspendThread
ResumeThread
ResetEvent
CreateToolhelp32Snapshot
Process32FirstW
WaitForMultipleObjects
Process32NextW
GetProcessId
GetShortPathNameW
WriteFile
DeviceIoControl
GetEnvironmentVariableW
GetSystemDirectoryW
GetWindowsDirectoryW
SetLastError
FormatMessageW
lstrlenW
VirtualFree
VirtualAlloc
FindNextFileW
SetFileTime
SetFileAttributesW
RemoveDirectoryW
MoveFileW
GetFullPathNameW
GetCurrentDirectoryW
SearchPathW
GetFileSize
SetFilePointer
GetFileInformationByHandle
SetEndOfFile
GetStdHandle
GetSystemInfo
GetComputerNameW
GetSystemPowerStatus
CreateTimerQueue
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
DeleteTimerQueue
LockFile
UnlockFile
LockFileEx
FlushFileBuffers
TlsAlloc
TlsGetValue
TlsSetValue
LoadLibraryA
GetTempPathA
GetFullPathNameA
CreateFileA
GetFileAttributesA
DeleteFileA
AreFileApisANSI
GetVersionExA
GetTimeZoneInformation
MoveFileExW
GetSystemTimes
ExpandEnvironmentStringsW
GetLongPathNameW
SetThreadPriority
QueryPerformanceFrequency
QueryPerformanceCounter
GlobalSize
GlobalFree
CopyFileW
OutputDebugStringA
FreeResource
GetModuleHandleA
EncodePointer
GetCurrentThreadId
LoadLibraryExW
GetModuleFileNameW
lstrcmpW
GlobalAddAtomW
GlobalFindAtomW
lstrcmpA
GetPrivateProfileIntW
GetPrivateProfileStringW
WritePrivateProfileStringW
DuplicateHandle
GetThreadLocale
CompareStringA
GlobalGetAtomNameW
ReleaseSemaphore
ReleaseMutex
CreateSemaphoreW
TlsFree
GlobalReAlloc
GlobalHandle
LocalReAlloc
GlobalFlags
CompareStringW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetFileTime
GetUserDefaultLCID
VerSetConditionMask
lstrcpyW
VerifyVersionInfoW
GetFileAttributesExW
SetErrorMode
GetProfileIntW
VirtualProtect
GetCommandLineW
ExitProcess
GetModuleHandleExW
CreateThread
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
GetCPInfo
InterlockedPopEntrySList
InterlockedPushEntrySList
InterlockedFlushSList
QueryDepthSList
WaitForSingleObjectEx
SignalObjectAndWait
SwitchToThread
GetThreadPriority
GetLogicalProcessorInformation
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
VirtualQuery
RtlUnwind
FindFirstFileExW
SystemTimeToTzSpecificLocalTime
SetStdHandle
GetFileType
HeapQueryInformation
GetStartupInfoW
GetEnvironmentStringsW
FreeEnvironmentStringsW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetConsoleCtrlHandler
IsValidCodePage
GetACP
GetOEMCP
GetStringTypeW
GetDateFormatW
GetTimeFormatW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
GetConsoleCP
GetConsoleMode
SetFilePointerEx
GetThreadTimes
FreeLibraryAndExitThread
InitializeSListHead
UnregisterWaitEx
ReadConsoleW
PeekNamedPipe
WriteConsoleW
SetEnvironmentVariableA
GetVolumeInformationW
GetDriveTypeW
GetLogicalDriveStringsW
GetDiskFreeSpaceExW
GetCurrentProcess
GetProcessTimes
GetSystemTimeAsFileTime
GetTickCount
FreeLibrary
GetProcAddress
LoadLibraryW
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CloseHandle
Sleep
TerminateThread
GetExitCodeThread
FindResourceW
LoadResource
LockResource
SizeofResource
ReadConsoleInputA
FlushConsoleInputBuffer
WideCharToMultiByte
GetFileAttributesW
CreateDirectoryW
GlobalMemoryStatusEx
GetModuleHandleW
GlobalDeleteAtom
GetDiskFreeSpaceW
SetConsoleMode
lstrlenA
LoadLibraryExA
GetLogicalDrives
GetVersion
SleepEx
InterlockedIncrement
SetEnvironmentVariableW
GlobalMemoryStatus

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

OpenThreadToken
OpenProcessToken
GetTokenInformation
LookupAccountSidW
LookupAccountNameW
GetFileSecurityW
InitializeSecurityDescriptor
GetSecurityDescriptorDacl
RegSetValueExW
GetLengthSid
InitializeAcl
GetAce
EqualSid
AddAce
SetSecurityDescriptorDacl
GetSecurityDescriptorControl
RegCreateKeyExW
SetFileSecurityW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
DeregisterEventSource
ReportEventA
GetAclInformation
AddAccessAllowedAce
GetUserNameW
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
LookupPrivilegeValueW
AdjustTokenPrivileges
CreateWellKnownSid
SetEntriesInAclW
RegEnumKeyExW
RegEnumValueW
RegDeleteValueW
RegNotifyChangeKeyValue
RegOpenKeyW
RegQueryInfoKeyW
OpenEventLogW
ReadEventLogW
CloseEventLog
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
ConvertSidToStringSidW
FreeSid
AllocateAndInitializeSid
RegisterEventSourceA

oleaut32

VariantClear
DispCallFunc
SysStringByteLen
SysAllocStringByteLen
SysStringLen
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayCreate
SafeArrayDestroy
SafeArrayLock
SafeArrayUnlock
VariantChangeType
LoadTypeLi
VariantInit
SafeArrayRedim
SafeArrayGetDim
SafeArrayGetElemsize
SafeArrayAccessData
SafeArrayUnaccessData
OleCreateFontIndirect
SysAllocString
SysAllocStringLen
SysFreeString
VarBstrFromDate
SystemTimeToVariantTime
VariantTimeToSystemTime

gdiplus

GdipSetStringFormatTabStops
GdipSetStringFormatFlags
GdipCreateFromHWND
GdipDrawLineI
GdipDeletePen
GdipCreatePen1
GdipMeasureString
GdipDrawImageRectI
GdipDrawString
GdipSetStringFormatLineAlign
GdipSetStringFormatAlign
GdipSetStringFormatTrimming
GdipDeleteStringFormat
GdipCreateStringFormat
GdipSetTextRenderingHint
GdipSetSmoothingMode
GdipFillRectangle
GdipCloneBrush
GdipAlloc
GdipFree
GdipDeleteBrush
GdipCreateSolidFill
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetImageWidth
GdipGetImageHeight
GdipDrawImageRectRect
GdipSetImageAttributesColorMatrix
GdipDisposeImageAttributes
GdipCreateImageAttributes
GdipSetPixelOffsetMode
GdipCreateRegionPath
GdipCreatePath
GdipDeletePath
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdiplusStartup
GdipSetInterpolationMode
GdipDrawImageRectRectI
GdipResetClip
GdipAddPathEllipse
GdipCreatePen2
GdipSetLineWrapMode
GdipSetClipRect
GdipAddPathRectangle
GdipDrawEllipse
GdipFillEllipse
GdipCreateFontFromLogfontW
GdipSetStringFormatHotkeyPrefix
GdipSetPathGradientFocusScales
GdipGetPathGradientPointCount
GdipSetPathGradientSurroundColorsWithCount
GdipSetPathGradientCenterPoint
GdipSetPathGradientCenterColor
GdipCreatePathGradientFromPath
GdipClosePathFigure
GdipAddPathLine
ord1
GdipCreateLineBrushFromRect
GdipCombineRegionRect
GdipDeleteRegion
GdipGetFontUnit
GdipClonePath
GdipAddPathArcI
GdipCreateBitmapFromHBITMAP
GdipDrawImageRect
GdipGetLogFontW
GdiplusShutdown
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipDrawLine
GdipCreateLineBrushFromRectI
GdipReleaseDC
GdipGetDC
GdipCreateHICONFromBitmap
GdipCreateBitmapFromFile
GdipDrawImage
GdipDrawRectangleI
GdipFillRectangleI
GdipGetFontSize
GdipGetFontStyle
GdipCreateFont
GdipGetFamily
GdipDeleteFontFamily
GdipGraphicsClear
GdipDeleteFont
GdipLoadImageFromFile
GdipGetFontHeight
GdipGetImageGraphicsContext
GdipCreateBitmapFromScan0
GdipCloneImage
GdipDisposeImage
GdipDrawRectangle
GdipFillPath
GdipDrawPath
GdipAddPathPath
GdipAddPathLineI
GdipAddPathPolygonI
GdipTranslateMatrix
GdipGetPathWorldBounds
GdipTransformPath
GdipScaleMatrix
GdipCreateMatrix
GdipDeleteMatrix
GdipCreateMatrix2
GdipAddPathLine2I

oledlg

OleUIBusyW

psapi

GetProcessMemoryInfo

crypt32

CertGetNameStringW

oleacc

CreateStdAccessibleObject
AccessibleObjectFromWindow
LresultFromObject

imm32

ImmGetContext
ImmGetOpenStatus
ImmReleaseContext

ws2_32

sendto
recvfrom
ntohs
listen
getsockname
bind
accept
select
__WSAFDIsSet
inet_ntoa
gethostbyname
socket
inet_addr
connect
send
recv
WSACleanup
closesocket
WSACloseEvent
WSASocketW
WSAGetLastError
WSAConnect
WSAEnumNetworkEvents
WSAResetEvent
WSASend
WSAGetOverlappedResult
WSARecv
WSACreateEvent
WSASetEvent
freeaddrinfo
WSAEventSelect
ioctlsocket
getsockopt
setsockopt
getprotobyname
gethostname
WSAStartup
getaddrinfo
shutdown
htons
WSASetLastError

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupFindNextLine
SetupEnumInfSectionsW
SetupGetLineTextW
SetupDiGetClassDescriptionW
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
SetupFindNextMatchLineW

iphlpapi

GetAdaptersAddresses
GetAdaptersInfo

msimg32

AlphaBlend
TransparentBlt

wintrust

CryptCATCatalogInfoFromContext
CryptCATAdminEnumCatalogFromHash
CryptCATAdminAcquireContext
CryptCATAdminCalcHashFromFileHandle
WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
CryptCATAdminReleaseContext

litezip

ZipCreateFileW
ZipClose
ZipAddFileW
ZipAddBufferW

msi

ord173
ord217

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 922KB - Virtual size: 921KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
UNS.xml
Utility.pxt
.dll windows:5 windows x86 arch:x86

f82a84f9a36e96b0e8e40c74bb0e618d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0e:a9:7a:ee:3b:04:78:f8:5b:16:cc:08:8a:3f:ee:76
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/03/2015, 00:00

Not After

06/04/2016, 12:00

Subject

CN=SparkTrust Systems,O=SparkTrust Systems,L=Victoria,ST=British Columbia,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e8:26:7d:30:d9:eb:12:19:61:c4:3c:75:cc:ee:34:7d:53:e6:eb:ab
Signer

Actual PE Digest

e8:26:7d:30:d9:eb:12:19:61:c4:3c:75:cc:ee:34:7d:53:e6:eb:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Dev\SpeedyPC Pro\common\zeppelin\common\UtilityExtensions\Win32\Release\UtilityExtensions.pdb

Imports

litezip

ZipClose
ZipAddHandleW
ZipAddFileW
ZipCreateFileW

liteunzip

UnzipGetItemW
UnzipClose
UnzipSetBaseDirW
UnzipOpenFileW
UnzipItemToFileW

fltlib

FilterSendMessage
FilterUnload
FilterConnectCommunicationPort
FilterGetMessage
FilterReplyMessage
FilterLoad

rpcrt4

UuidFromStringW
UuidCreateSequential

kernel32

FindResourceExW
CreateFileW
CloseHandle
MultiByteToWideChar
GetFileSize
SetFilePointerEx
ReadFile
OutputDebugStringW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetModuleFileNameW
SetFilePointer
WriteFile
SetEndOfFile
FindFirstFileW
FindNextFileW
FindClose
GetLogicalDriveStringsW
GetDriveTypeW
RemoveDirectoryW
WideCharToMultiByte
CreateEventW
SetEvent
WaitForSingleObject
GetSystemTime
FindFirstVolumeW
FindVolumeClose
WaitForMultipleObjects
GetVolumeInformationW
FindNextVolumeW
DeviceIoControl
GetVolumeNameForVolumeMountPointW
ResetEvent
ExpandEnvironmentStringsW
GetLongPathNameW
FindResourceW
CopyFileW
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
LocalFree
lstrcmpiW
GetEnvironmentVariableW
FileTimeToSystemTime
GetModuleHandleW
GetVersionExW
MoveFileW
OpenProcess
GlobalAlloc
GlobalFree
GetLocalTime
HeapAlloc
GetProcessHeap
HeapFree
lstrlenW
RaiseException
GetCurrentProcessId
GetTickCount
CreateDirectoryW
MoveFileExW
Sleep
DeleteFileW
SetFileAttributesW
GetFileAttributesW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetUserDefaultLCID
GetLocaleInfoA
LoadResource
LockResource
SizeofResource
GetTimeFormatW
GetDateFormatW
GetTempPathW
SystemTimeToFileTime
EnumSystemLocalesA
VirtualQuery
IsValidLocale
WriteConsoleW
SetStdHandle
CompareStringW
SetEnvironmentVariableA
ResumeThread
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetConsoleMode
GetConsoleCP
GetStartupInfoW
GetFileType
SetHandleCount
GetTimeZoneInformation
ExitProcess
HeapCreate
TlsFree
IsValidCodePage
GetOEMCP
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
GetStdHandle
LCMapStringW
RtlUnwind
GetCommandLineA
GetCPInfo
CreateThread
GetCurrentThreadId
ExitThread
DecodePointer
EncodePointer
GetStringTypeW
VirtualAlloc
VirtualFree
GetFullPathNameW
GetFullPathNameA
CreateFileA
TlsGetValue
UnlockFile
LockFile
GetSystemTimeAsFileTime
TlsSetValue
GetFileAttributesA
FlushFileBuffers
LockFileEx
LoadLibraryA
GetVersionExA
TlsAlloc
GetTempPathA
AreFileApisANSI
DeleteFileA
GetCurrentProcess
ReadProcessMemory
SetLastError
GetCurrentThread
TerminateProcess
GetACP
HeapDestroy
HeapReAlloc
HeapSize
InitializeCriticalSectionAndSpinCount
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange

user32

wsprintfW

advapi32

GetAce
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenThreadToken
SetFileSecurityW
GetSecurityDescriptorControl
SetSecurityDescriptorDacl
AddAccessAllowedAce
AddAce
EqualSid
InitializeAcl
GetLengthSid
GetAclInformation
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetFileSecurityW
LookupAccountNameW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
RegEnumKeyW
RegDeleteValueW
RegSetValueExW
RegDeleteKeyW
RegQueryValueExW
RegEnumValueW
RegEnumKeyExW
RegQueryInfoKeyW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

shell32

SHFileOperationW
SHGetFolderPathW
SHCreateDirectoryExW

ole32

CoInitializeEx
CoInitialize
CoUninitialize
CoCreateInstance
StringFromGUID2
CoTaskMemFree

oleaut32

SysAllocStringLen
SysFreeString

shlwapi

PathFindFileNameW
PathAddBackslashW
PathQuoteSpacesW
PathIsDirectoryEmptyW
StrToIntW
PathFileExistsW
PathAppendW
PathRemoveFileSpecW
PathIsDirectoryW

Exports

Exports

GetExtensionFactory

Sections

.text
Size: 695KB - Virtual size: 694KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 146KB - Virtual size: 145KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdardrv.dll
.dll windows:6 windows x64 arch:x64

dddb735c84156248ccf0cf8ec4e76838

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:0f:10:9d:92:32:32:2c:28:0e:f2:c2:d3:f2:b9:53
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

08/02/2016, 23:59

Subject

CN=Bitdefender SRL,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=PD,O=Bitdefender SRL,L=Bucharest,ST=Romania,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

03:44:32:4f:35:52:02:57:b5:9c:db:6c:a5:83:91:d2:07:47:a4:9d
Signer

Actual PE Digest

03:44:32:4f:35:52:02:57:b5:9c:db:6c:a5:83:91:d2:07:47:a4:9d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\Bamboo\home\xml-data\build-dir\CST-CST2013-SOURCES\bin\x64\Release\bdardrv.pdb

Imports

kernel32

ExpandEnvironmentStringsA
CreateDirectoryA
CreateFileW
SetFileAttributesA
OutputDebugStringW
CloseHandle
DeviceIoControl
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
GetTickCount
GetModuleFileNameA
LoadLibraryW
FileTimeToSystemTime
FindClose
FindFirstFileW
LoadLibraryExW
FlushFileBuffers
OutputDebugStringA
GetLastError
QueryPerformanceCounter
QueryPerformanceFrequency
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
SetWaitableTimer
Sleep
CreateThread
GetCurrentThread
SetThreadPriority
GetSystemDirectoryW
WaitForMultipleObjects
CreateWaitableTimerW
MoveFileW
LCMapStringW
ReadConsoleW
ReadFile
GetProcAddress
GetModuleFileNameW
FindNextFileW
FreeLibrary
EncodePointer
DecodePointer
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
RtlUnwindEx
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
WriteFile
GetConsoleCP
GetConsoleMode
GetStdHandle
GetFileType
GetStartupInfoW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetStringTypeW
GetProcessHeap
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
SetStdHandle
WriteConsoleW
SetEndOfFile

user32

wsprintfW

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

Exports

Exports

rkAPI_AddFileScanPath
rkAPI_CloseFindHandle
rkAPI_DelFileScanPath
rkAPI_GetFileScanStatus
rkAPI_GetHandleToHiddenFileList
rkAPI_GetHandleToHiddenProcessList
rkAPI_GetNextHiddenFile
rkAPI_GetNextHiddenProcess
rkAPI_GetProcessScanStatus
rkAPI_GetStatistics
rkAPI_InitAPI
rkAPI_InitScanEngines
rkAPI_IsScanFinished
rkAPI_PauseScan
rkAPI_RenameFile
rkAPI_SetExcludeOpt
rkAPI_SetRuntimeOption
rkAPI_SetScanOptions
rkAPI_StartScan
rkAPI_StopScan
rkAPI_UninitAPI
rkAPI_UninitScanEngines

Sections

.text
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bdavlic.dat
colors.xml
driver/bdardrv.dll
.dll windows:5 windows x86 arch:x86

2c17c5240a3a6ebbfea579e5d255ff49

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:0f:10:9d:92:32:32:2c:28:0e:f2:c2:d3:f2:b9:53
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

08/02/2016, 23:59

Subject

CN=Bitdefender SRL,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=PD,O=Bitdefender SRL,L=Bucharest,ST=Romania,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e5:9a:99:a0:f1:11:35:fe:e9:e5:10:36:27:ea:8c:dd:92:5e:83:de
Signer

Actual PE Digest

e5:9a:99:a0:f1:11:35:fe:e9:e5:10:36:27:ea:8c:dd:92:5e:83:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\Bamboo\home\xml-data\build-dir\CST-CST2013-SOURCES\bin\Win32\Release\bdardrv.pdb

Imports

kernel32

InterlockedIncrement
InterlockedExchange
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
DeviceIoControl
CloseHandle
GetLocalTime
FileTimeToSystemTime
GetTickCount
LoadLibraryW
GetModuleFileNameA
ExpandEnvironmentStringsA
OutputDebugStringW
CreateDirectoryA
CreateFileW
SetFileAttributesA
CreateThread
GetModuleFileNameW
SetThreadPriority
GetLastError
SetEvent
ResetEvent
WaitForSingleObject
WaitForMultipleObjects
Sleep
FlushFileBuffers
FindClose
CreateEventW
CreateWaitableTimerW
SetWaitableTimer
OutputDebugStringA
GetSystemDirectoryW
FindFirstFileW
FindNextFileW
MoveFileW
QueryPerformanceCounter
QueryPerformanceFrequency
LCMapStringW
ReadConsoleW
ReadFile
LoadLibraryExW
GetProcAddress
GetCurrentThread
FreeLibrary
EncodePointer
DecodePointer
RaiseException
RtlUnwind
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
HeapAlloc
HeapReAlloc
GetCommandLineA
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapSize
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
WriteFile
GetConsoleCP
GetConsoleMode
GetStdHandle
GetFileType
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetStringTypeW
GetProcessHeap
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetFilePointerEx
SetStdHandle
WriteConsoleW
SetEndOfFile

user32

wsprintfW

advapi32

AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW

Exports

Exports

rkAPI_AddFileScanPath
rkAPI_CloseFindHandle
rkAPI_DelFileScanPath
rkAPI_GetFileScanStatus
rkAPI_GetHandleToHiddenFileList
rkAPI_GetHandleToHiddenProcessList
rkAPI_GetNextHiddenFile
rkAPI_GetNextHiddenProcess
rkAPI_GetProcessScanStatus
rkAPI_GetStatistics
rkAPI_InitAPI
rkAPI_InitScanEngines
rkAPI_IsScanFinished
rkAPI_PauseScan
rkAPI_RenameFile
rkAPI_SetExcludeOpt
rkAPI_SetRuntimeOption
rkAPI_SetScanOptions
rkAPI_StartScan
rkAPI_StopScan
rkAPI_UninitAPI
rkAPI_UninitScanEngines

Sections

.text
Size: 107KB - Virtual size: 106KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 35KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 876B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/scan.dll
.dll regsvr32 windows:5 windows x86 arch:x86

737268e480971cd6d4f32cbfaa47aaed

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:0f:10:9d:92:32:32:2c:28:0e:f2:c2:d3:f2:b9:53
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

08/02/2016, 23:59

Subject

CN=Bitdefender SRL,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=PD,O=Bitdefender SRL,L=Bucharest,ST=Romania,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:4b:10:bc:54:cd:64:43:7f:38:bc:8c:94:c7:46:6c:b6:67:b3:b5
Signer

Actual PE Digest

24:4b:10:bc:54:cd:64:43:7f:38:bc:8c:94:c7:46:6c:b6:67:b3:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

e:\Bamboo\home\xml-data\build-dir\CST-CST2013-SOURCES\bin\win32\release\scan.pdb

Imports

shlwapi

PathIsNetworkPathW

wtsapi32

WTSSendMessageW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

lstrcmpiW
QueryPerformanceFrequency
CloseHandle
GetTickCount
CreateFileW
DeviceIoControl
FreeLibrary
LoadLibraryW
ExitProcess
MultiByteToWideChar
GetLocalTime
GetCurrentProcessId
GetModuleFileNameA
FileTimeToSystemTime
GetProcessTimes
GetCurrentProcess
SetFileAttributesA
CreateDirectoryA
ExpandEnvironmentStringsA
InterlockedExchange
GetDriveTypeW
OutputDebugStringW
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryExW
WriteFile
ReadProcessMemory
SetFilePointer
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
VirtualFree
GetTempPathW
GetTempFileNameW
VirtualAlloc
GetExitCodeThread
WaitForSingleObject
CreateThread
GetUserDefaultLangID
DeleteFileW
WideCharToMultiByte
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetFileAttributesW
QueryPerformanceCounter
HeapCreate
GetModuleHandleW
HeapDestroy
HeapAlloc
HeapFree
lstrcpyW
LocalAlloc
LocalReAlloc
LocalFree
Sleep
LoadLibraryA
TerminateProcess
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
CreateProcessW
OpenProcess
InterlockedCompareExchange
OutputDebugStringA
GetVersion
CreateEventW
SetEvent
GetShortPathNameW
ReadFile
GetSystemInfo
SetFilePointerEx
SetEndOfFile
ReleaseSemaphore
SetThreadPriority
GetThreadPriority
GetCurrentThread
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
SetFileAttributesW
GetFileSize
CreateSemaphoreW
lstrlenA
GetProcessHeap
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
GetProcAddress
InterlockedDecrement
InterlockedIncrement
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
SetEnvironmentVariableA
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
lstrlenW
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
lstrcpynW
LCMapStringW
LCMapStringA
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
SetLastError
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStdHandle
HeapReAlloc
GetCommandLineA
GetSystemTimeAsFileTime
IsDebuggerPresent
UnhandledExceptionFilter
VirtualQuery
VirtualProtect
RtlUnwind

user32

GetMessageW
CharNextW
LoadStringW
MessageBoxW
TranslateMessage
DispatchMessageW
PostThreadMessageW

advapi32

OpenServiceW
RevertToSelf
OpenProcessToken
ImpersonateLoggedOnUser
RegisterServiceCtrlHandlerW
CreateServiceW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
SetServiceStatus
ControlService
DeleteService
OpenSCManagerW
CloseServiceHandle
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoCreateInstance
CoRegisterClassObject
CoResumeClassObjects
CoUninitialize
CoSuspendClassObjects
StringFromGUID2
CoImpersonateClient
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx
CoRevertToSelf
CoRevokeClassObject

oleaut32

VARIANT_UserMarshal
VARIANT_UserSize
BSTR_UserFree
BSTR_UserUnmarshal
BSTR_UserMarshal
BSTR_UserSize
SafeArrayRedim
UnRegisterTypeLi
RegisterTypeLi
SafeArrayGetVartype
SysStringLen
SysFreeString
VariantInit
SafeArrayCopy
VariantClear
SysAllocString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayLock
SafeArrayUnlock
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
VARIANT_UserUnmarshal
VARIANT_UserFree
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SafeArrayDestroy
SafeArrayCreate

rpcrt4

NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GenerateCrashDump
ServiceMain
ThreatScanner_CommitTransaction
ThreatScanner_CreateDirTransaction
ThreatScanner_CreateDirTransactionEx
ThreatScanner_CreateInstance
ThreatScanner_CreateInstanceEx
ThreatScanner_DeleteException
ThreatScanner_DestroyInstance
ThreatScanner_DisableGZfltIntegration
ThreatScanner_EnableGZfltIntegration
ThreatScanner_EnumerateDatabaseRecords
ThreatScanner_GetAppReputationData
ThreatScanner_GetDatabaseInformation
ThreatScanner_GetDebugInfo
ThreatScanner_GetKeys
ThreatScanner_GetLicenseInformation
ThreatScanner_GetOption
ThreatScanner_GetScanStatistics
ThreatScanner_GetSmartDBFunctions
ThreatScanner_GetVersion
ThreatScanner_Initialize
ThreatScanner_InitializeEx
ThreatScanner_InitializeMemoryScan
ThreatScanner_InitializeMemoryScanEx
ThreatScanner_InvalidateDirTransaction
ThreatScanner_MoveToQuarantine
ThreatScanner_ScanBuffer
ThreatScanner_ScanBufferEx
ThreatScanner_ScanMappedMemory
ThreatScanner_ScanMemory
ThreatScanner_ScanObject
ThreatScanner_ScanObjectByHandle
ThreatScanner_ScanPath
ThreatScanner_ScanQuarantineFile
ThreatScanner_ScanStream
ThreatScanner_SearchDirectory
ThreatScanner_SearchDirectoryEx
ThreatScanner_SetEnginesUnloadCallback
ThreatScanner_SetExtCallback
ThreatScanner_SetExtraOption
ThreatScanner_SetGlobalOption
ThreatScanner_SetHashCallback
ThreatScanner_SetIntOption
ThreatScanner_SetObjectCallback
ThreatScanner_SetPasswordCallback
ThreatScanner_SetScanCallback
ThreatScanner_SetScanCallback2
ThreatScanner_SetScanCallback3
ThreatScanner_SetScanPriority
ThreatScanner_SetStringOption
ThreatScanner_Uninitialize
ThreatScanner_UninitializeMemoryScan
ThreatScanner_VerifyCert
ThreatScanner_VerifyCert2

Sections

.text
Size: 294KB - Virtual size: 294KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 418B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 113KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/trufos.cat
driver/trufos.dll
.dll windows:5 windows x86 arch:x86

6e47165c880acbea80695c1a41ee266e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:0f:10:9d:92:32:32:2c:28:0e:f2:c2:d3:f2:b9:53
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

08/02/2016, 23:59

Subject

CN=Bitdefender SRL,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=PD,O=Bitdefender SRL,L=Bucharest,ST=Romania,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:19:a5:25:8a:9a:0c:88:b8:98:48:34:de:51:78:8e:9b:65:02:6d
Signer

Actual PE Digest

11:19:a5:25:8a:9a:0c:88:b8:98:48:34:de:51:78:8e:9b:65:02:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\projects\ark2\bin\Win32\Release\trufos.pdb

Imports

kernel32

FlushFileBuffers
GetFileSize
GetCurrentProcessId
GetCurrentThread
OpenProcess
DeviceIoControl
GetCurrentProcess
SetFilePointer
GetEnvironmentVariableW
QueryDosDeviceW
GetLogicalDrives
ReleaseMutex
WaitForSingleObject
OpenMutexW
CreateMutexW
GetProcAddress
GetModuleHandleW
GetVolumeNameForVolumeMountPointW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
VirtualAlloc
HeapSize
GetStringTypeW
LCMapStringW
SetStdHandle
SetEnvironmentVariableW
CompareStringW
GetLocaleInfoW
LoadLibraryW
FreeLibrary
GetTickCount
HeapReAlloc
GetModuleFileNameW
WriteConsoleW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
GetConsoleCP
MultiByteToWideChar
QueryPerformanceCounter
HeapDestroy
HeapCreate
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
SetLastError
FindFirstFileW
FindNextFileW
FindClose
ReadFile
DeleteFileW
CreateFileW
WriteFile
CloseHandle
EnterCriticalSection
GetVersion
GetComputerNameW
GetLastError
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceW
LeaveCriticalSection
GetSystemTimeAsFileTime
UnlockFileEx
LockFileEx
GetFileAttributesW
GetFileSizeEx
SetConsoleCtrlHandler
GetCurrentThreadId
InterlockedIncrement
GetUserDefaultLCID
RtlUnwind
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
Sleep
RaiseException
GetLocalTime
SetEvent
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
WaitForMultipleObjects
CreateThread
SetWaitableTimer
ConnectNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetOverlappedResult
DisconnectNamedPipe
CancelIo
CreateWaitableTimerW
ExpandEnvironmentStringsW
SetFilePointerEx
MapViewOfFile
UnmapViewOfFile
VirtualQuery
CreateFileMappingW
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
DecodePointer
GetCommandLineA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TerminateProcess
HeapFree
HeapAlloc
FatalAppExitA
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW

ntdll

_allshl
strlen
_vsnwprintf
towupper
_aulldiv
_allmul
_aullrem
RtlInitUnicodeString
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
RtlCompareMemory
NtQueryInformationFile
NtQueryFullAttributesFile
memcmp
ZwOpenFile
RtlNtStatusToDosError
ZwQueryDirectoryFile
memmove
ZwClose
_wcsnicmp
_wcsicmp
wcslen
memcpy
memset
_alldiv

advapi32

GetTokenInformation
CryptReleaseContext
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
CryptGetKeyParam
CryptSetKeyParam
CryptImportKey
OpenEncryptedFileRawW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
CryptAcquireContextW
CryptGetUserKey
CryptDecrypt
CryptDestroyKey
GetUserNameW

fltlib

FilterGetMessage
FilterSendMessage
FilterConnectCommunicationPort
FilterLoad
FilterReplyMessage

crypt32

CertFreeCertificateContext

Exports

Exports

RBCStrMatchW
RBCalcAvgW
RBCalcDev
RBCalcMaxW
RBCalcMed
RBCalcMin
RBCalcSum
RBCompMed
RBCompMin
RBGetto
RBGrayscale
RBInvertColor
RBMetto
RBMonochrome
RBTrueColor

Sections

.text
Size: 350KB - Virtual size: 349KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 61KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
driver/trufos.inf
driver/trufos.sys
.sys windows:6 windows x64 arch:x64

eda0908ed737f4113cbee8c0f92a2f18

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:0f:10:9d:92:32:32:2c:28:0e:f2:c2:d3:f2:b9:53
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

08/02/2016, 23:59

Subject

CN=Bitdefender SRL,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=PD,O=Bitdefender SRL,L=Bucharest,ST=Romania,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3b:9e:71:34:65:92:71:7c:94:31:4f:6f:bc:f2:12:94:10:ae:18:ae
Signer

Actual PE Digest

3b:9e:71:34:65:92:71:7c:94:31:4f:6f:bc:f2:12:94:10:ae:18:ae

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TRUFOS.pdb

Imports

ntoskrnl.exe

RtlCreateSecurityDescriptor
RtlSetOwnerSecurityDescriptor
PsLookupProcessByProcessId
_wcsnicmp
ObQueryNameString
IoGetCurrentProcess
PsLookupThreadByThreadId
_stricmp
IoBuildDeviceIoControlRequest
ObfReferenceObject
MmIsAddressValid
IofCallDriver
MmUnmapLockedPages
KeClearEvent
IoGetLowerDeviceObject
KeResetEvent
IoFreeMdl
IoFreeIrp
MmProbeAndLockPages
IoAllocateIrp
MmUnlockPages
IoAllocateMdl
MmSystemRangeStart
RtlQueryRegistryValues
wcscmp
IoAcquireRemoveLockEx
IoDeleteSymbolicLink
IoDeleteDevice
IoReleaseRemoveLockEx
IoReleaseRemoveLockAndWaitEx
IoCreateSymbolicLink
RtlCopyUnicodeString
IoInitializeRemoveLockEx
IoCreateDevice
IoBuildSynchronousFsdRequest
RtlImageDirectoryEntryToData
IoGetAttachedDevice
ZwMapViewOfSection
ZwWaitForSingleObject
PsCreateSystemThread
ZwUnmapViewOfSection
PsTerminateSystemThread
ZwCreateSection
KeWaitForMultipleObjects
ObOpenObjectByPointer
KeAcquireQueuedSpinLock
KeReleaseQueuedSpinLock
IoSetTopLevelIrp
MmForceSectionClosed
KeBugCheckEx
ProbeForRead
ProbeForWrite
MmMapLockedPagesSpecifyCache
NtBuildNumber
IoThreadToProcess
MmGetSystemRoutineAddress
KeQueryActiveProcessors
ZwQueryInformationFile
KeInitializeSemaphore
KeReleaseSemaphore
PsThreadType
PsSetCreateThreadNotifyRoutine
PsSetCreateProcessNotifyRoutine
KeReleaseSpinLockFromDpcLevel
IoVolumeDeviceToDosName
KeDetachProcess
KeAttachProcess
KeAcquireSpinLockAtDpcLevel
ZwReadFile
ZwDuplicateToken
RtlLengthSid
ZwDuplicateObject
ZwOpenProcess
PsGetCurrentThreadId
PsGetCurrentProcessId
RtlCompareUnicodeString
IoGetRelatedDeviceObject
ObReferenceObjectByPointer
NtAdjustPrivilegesToken
RtlCompareMemory
NtOpenProcessToken
RtlInitializeSid
ZwSetSecurityObject
ZwSetInformationFile
RtlAddAccessAllowedAce
ZwSetValueKey
ZwDeleteValueKey
RtlSetDaclSecurityDescriptor
RtlValidSecurityDescriptor
RtlCreateAcl
ZwOpenKey
ObfDereferenceObject
KeWaitForSingleObject
ObReferenceObjectByHandle
IofCompleteRequest
ZwClose
InitSafeBootMode
ZwQueryValueKey
ZwCreateFile
IoFileObjectType
KeDelayExecutionThread
KeReleaseMutex
wcslen
ZwOpenSymbolicLinkObject
KeInitializeEvent
PsGetVersion
ExAllocatePoolWithQuotaTag
ZwQuerySystemInformation
IoGetAttachedDeviceReference
RtlDecompressBuffer
RtlCompressBuffer
RtlGetCompressionWorkSpaceSize
RtlUpcaseUnicodeChar
KeReleaseSpinLock
KeAcquireSpinLockRaiseToDpc
_snprintf
ExQueueWorkItem
ExSystemTimeToLocalTime
_vsnprintf
RtlTimeToTimeFields
ZwWriteFile
DbgPrint
KeInitializeTimer
ExAcquireResourceExclusiveLite
KeLeaveCriticalRegion
KeEnterCriticalRegion
ExAcquireResourceSharedLite
ExReleaseResourceLite
ExDeleteResourceLite
ExInitializeResourceLite
ZwDeviceIoControlFile
ZwOpenEvent
ZwCreateEvent
ZwSetEvent
ZwOpenSection
__C_specific_handler
IoCreateFileSpecifyDeviceObjectHint
ZwDeleteKey
KeSetEvent
RtlInitUnicodeString
ZwQuerySymbolicLinkObject
IoRegisterDriverReinitialization
KeInitializeMutex
ExFreePoolWithTag
KeSetPriorityThread
ExAllocatePoolWithTag
_local_unwind

fltmgr.sys

FltBuildDefaultSecurityDescriptor
FltFreeSecurityDescriptor
FltCreateCommunicationPort
FltCloseClientPort
FltSendMessage
FltAcquirePushLockShared
FltDeletePushLock
FltAcquirePushLockExclusive
FltReleasePushLock
FltInitializePushLock
FltReissueSynchronousIo
FltIsOperationSynchronous
FltSetCallbackDataDirty
FltObjectReference
FltAllocateContext
FltGetVolumeProperties
FltQueryVolumeInformation
FltGetDiskDeviceObject
FltSetInstanceContext
FltReferenceContext
FltGetVolumeGuidName
FltStartFiltering
FltRegisterFilter
FltReleaseContext
FltGetInstanceContext
FltObjectDereference
FltClose
FltQueryInformationFile
FltCreateFile
FltReadFile
FltSetInformationFile
FltWriteFile
FltUnregisterFilter
FltCloseCommunicationPort

hal

KeStallExecutionProcessor

Sections

.text
Size: 387KB - Virtual size: 386KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 1024B - Virtual size: 651B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
html/0_days.htm
.html
html/0_days_trial.htm
.html
html/15_days.htm
.html
html/1_days.htm
.html
html/2_days.htm
.html
html/30_days.htm
.html
html/5_days.htm
.html
html/container_content_bkimg.gif
.gif
html/container_content_leftimg.gif
.gif
html/container_content_rightimg.gif
.gif
html/error_connect.html
.html
html/images/10x10.gif
.gif
html/images/10x10tile.gif
.gif
html/images/background.jpg
.jpg
html/images/contentwrapper.gif
.gif
html/images/error_internet.jpg
.jpg
html/images/footerbarfill.gif
.gif
html/images/info_bubble.jpg
.jpg
html/images/tile_footerbarbase.jpg
.jpg
html/images/tile_subheadbarbase.jpg
.jpg
html/images/tile_titlebarbase.jpg
.jpg
html/main.css
html/main_error.css
html/package_titlebar_bkimg.jpg
.jpg
images/Buttons/register.png
.png
images/Buttons/register_over.png
.png
images/Buttons/renew.png
.png
images/Buttons/renew_over.png
.png
images/Buttons/start.png
.png
images/Buttons/start_over.png
.png
images/Frame/register.png
.png
images/Frame/register_over.png
.png
images/Frame/renew.png
.png
images/Frame/renew_over.png
.png
images/Scan/Fix.png
.png
images/Scan/Fix_over.png
.png
images/Scan/damage1.png
.png
images/Scan/damage2.png
.png
images/Scan/damage3.png
.png
images/Scan/damage4.png
.png
images/Scan/damage5.png
.png
images/Scan/damage6.png
.png
images/Scan/security_high.png
.png
images/Scan/security_low.png
.png
images/popups/activate_normal.png
.png
images/popups/activate_over.png
.png
images/popups/active.png
.png
images/popups/prefix/clean-active.png
.png
images/popups/prefix/clean-down.png
.png
images/popups/prefix/clean-over.png
.png
images/popups/prefix/register-active.png
.png
images/popups/prefix/register-down.png
.png
images/popups/prefix/register-hover.png
.png
images/popups/prefix/renew-over.png
.png
images/popups/prefix/renew.png
.png
privacy.db
scan.dll
.dll regsvr32 windows:5 windows x64 arch:x64

d48ba371ec40a2b97a54647385f21a9b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:0f:10:9d:92:32:32:2c:28:0e:f2:c2:d3:f2:b9:53
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

08/02/2016, 23:59

Subject

CN=Bitdefender SRL,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=PD,O=Bitdefender SRL,L=Bucharest,ST=Romania,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ee:34:df:fe:d5:07:75:9e:f9:1d:f1:56:77:84:1a:3d:e0:d9:8e:63
Signer

Actual PE Digest

ee:34:df:fe:d5:07:75:9e:f9:1d:f1:56:77:84:1a:3d:e0:d9:8e:63

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

e:\Bamboo\home\xml-data\build-dir\CST-CST2013-SOURCES\bin\x64\release\scan.pdb

Imports

shlwapi

PathIsNetworkPathW

wtsapi32

WTSSendMessageW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

CloseHandle
GetTickCount
CreateFileW
DeviceIoControl
FreeLibrary
LoadLibraryW
ExitProcess
MultiByteToWideChar
GetLocalTime
GetCurrentProcessId
GetModuleFileNameA
FileTimeToSystemTime
GetProcessTimes
GetCurrentProcess
SetFileAttributesA
CreateDirectoryA
ExpandEnvironmentStringsA
GetDriveTypeW
OutputDebugStringW
GetCurrentThreadId
GetModuleFileNameW
LoadLibraryExW
WriteFile
ReadProcessMemory
SetFilePointer
Module32NextW
Module32FirstW
CreateToolhelp32Snapshot
RtlVirtualUnwind
RtlLookupFunctionEntry
VirtualFree
GetTempPathW
GetTempFileNameW
VirtualAlloc
GetExitCodeThread
WaitForSingleObject
CreateThread
GetUserDefaultLangID
DeleteFileW
WideCharToMultiByte
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
GetFileAttributesW
QueryPerformanceCounter
HeapCreate
QueryPerformanceFrequency
HeapDestroy
HeapAlloc
HeapFree
lstrcpyW
LocalAlloc
LocalReAlloc
LocalFree
Sleep
LoadLibraryA
TerminateProcess
WriteProcessMemory
VirtualAllocEx
GetModuleHandleA
CreateProcessW
OpenProcess
OutputDebugStringA
GetVersion
CreateEventW
SetEvent
GetShortPathNameW
ReadFile
GetSystemInfo
SetFilePointerEx
SetEndOfFile
ReleaseSemaphore
SetThreadPriority
GetThreadPriority
GetCurrentThread
MapViewOfFile
OpenFileMappingW
UnmapViewOfFile
SetFileAttributesW
GetFileSize
CreateSemaphoreW
lstrlenA
GetProcessHeap
GetLocaleInfoA
GetStringTypeW
GetStringTypeA
lstrcmpiW
GetModuleHandleW
GetProcAddress
GetLastError
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
RaiseException
SetEnvironmentVariableA
lstrlenW
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
lstrcpynW
LCMapStringW
LCMapStringA
SetStdHandle
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetTimeZoneInformation
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
HeapReAlloc
FlsAlloc
SetLastError
FlsFree
FlsGetValue
DecodePointer
EncodePointer
HeapSetInformation
GetStdHandle
GetCommandLineA
FlsSetValue
GetSystemTimeAsFileTime
RtlCaptureContext
IsDebuggerPresent
UnhandledExceptionFilter
VirtualQuery
VirtualProtect
RtlUnwindEx
RtlPcToFileHeader

user32

GetMessageW
CharNextW
LoadStringW
MessageBoxW
DispatchMessageW
TranslateMessage
PostThreadMessageW

advapi32

SetServiceStatus
RevertToSelf
OpenProcessToken
ImpersonateLoggedOnUser
RegisterServiceCtrlHandlerW
CreateServiceW
RegisterEventSourceW
ReportEventW
DeregisterEventSource
ControlService
DeleteService
OpenSCManagerW
OpenServiceW
CloseServiceHandle
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW

ole32

CoCreateInstance
CoRegisterClassObject
CoResumeClassObjects
CoUninitialize
CoSuspendClassObjects
StringFromGUID2
CoImpersonateClient
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
CoInitializeEx
CoRevertToSelf
CoRevokeClassObject

oleaut32

SafeArrayRedim
UnRegisterTypeLi
RegisterTypeLi
SafeArrayGetVartype
SysStringLen
SysFreeString
VariantInit
SafeArrayCopy
VariantClear
SysAllocString
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayLock
SafeArrayUnlock
SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
BSTR_UserSize
BSTR_UserMarshal
BSTR_UserUnmarshal
BSTR_UserFree
VARIANT_UserSize
VARIANT_UserMarshal
VARIANT_UserUnmarshal
VARIANT_UserFree
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SafeArrayDestroy
SafeArrayCreate

rpcrt4

NdrDllUnregisterProxy
NdrDllRegisterProxy
NdrCStdStubBuffer2_Release
NdrDllCanUnloadNow
NdrDllGetClassObject
NdrOleAllocate
NdrOleFree
IUnknown_QueryInterface_Proxy
IUnknown_AddRef_Proxy
IUnknown_Release_Proxy
NdrStubForwardingFunction
NdrStubCall2

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
GenerateCrashDump
ServiceMain
ThreatScanner_CommitTransaction
ThreatScanner_CreateDirTransaction
ThreatScanner_CreateDirTransactionEx
ThreatScanner_CreateInstance
ThreatScanner_CreateInstanceEx
ThreatScanner_DeleteException
ThreatScanner_DestroyInstance
ThreatScanner_DisableGZfltIntegration
ThreatScanner_EnableGZfltIntegration
ThreatScanner_EnumerateDatabaseRecords
ThreatScanner_GetAppReputationData
ThreatScanner_GetDatabaseInformation
ThreatScanner_GetDebugInfo
ThreatScanner_GetKeys
ThreatScanner_GetLicenseInformation
ThreatScanner_GetOption
ThreatScanner_GetScanStatistics
ThreatScanner_GetSmartDBFunctions
ThreatScanner_GetVersion
ThreatScanner_Initialize
ThreatScanner_InitializeEx
ThreatScanner_InitializeMemoryScan
ThreatScanner_InitializeMemoryScanEx
ThreatScanner_InvalidateDirTransaction
ThreatScanner_MoveToQuarantine
ThreatScanner_ScanBuffer
ThreatScanner_ScanBufferEx
ThreatScanner_ScanMappedMemory
ThreatScanner_ScanMemory
ThreatScanner_ScanObject
ThreatScanner_ScanObjectByHandle
ThreatScanner_ScanPath
ThreatScanner_ScanQuarantineFile
ThreatScanner_ScanStream
ThreatScanner_SearchDirectory
ThreatScanner_SearchDirectoryEx
ThreatScanner_SetEnginesUnloadCallback
ThreatScanner_SetExtCallback
ThreatScanner_SetExtraOption
ThreatScanner_SetGlobalOption
ThreatScanner_SetHashCallback
ThreatScanner_SetIntOption
ThreatScanner_SetObjectCallback
ThreatScanner_SetPasswordCallback
ThreatScanner_SetScanCallback
ThreatScanner_SetScanCallback2
ThreatScanner_SetScanCallback3
ThreatScanner_SetScanPriority
ThreatScanner_SetStringOption
ThreatScanner_Uninitialize
ThreatScanner_UninitializeMemoryScan
ThreatScanner_VerifyCert
ThreatScanner_VerifyCert2

Sections

.text
Size: 344KB - Virtual size: 344KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.orpc
Size: 512B - Virtual size: 283B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 156KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
settings.xml
sqlite3.dll
.dll windows:4 windows x86 arch:x86

cd4a5c39f36662a6a2f5167f71af9796

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
EnterCriticalSection
FlushFileBuffers
GetCurrentThreadId
GetFileAttributesA
GetFileAttributesW
GetFileSize
GetFullPathNameA
GetFullPathNameW
GetLastError
GetSystemTime
GetSystemTimeAsFileTime
GetTempPathA
GetTempPathW
GetVersionExA
InitializeCriticalSection
InterlockedIncrement
LeaveCriticalSection
LockFile
LockFileEx
MultiByteToWideChar
ReadFile
SetEndOfFile
SetFilePointer
Sleep
TlsAlloc
TlsGetValue
TlsSetValue
UnlockFile
WideCharToMultiByte
WriteFile

msvcrt

_iob
atof
atoi
free
isalnum
isdigit
isspace
isxdigit
localtime
malloc
memcpy
memset
realloc
sprintf
strcat
strcmp
strcpy
strncmp
strncpy
tolower
toupper

Exports

Exports

sqlite3_aggregate_context
sqlite3_aggregate_count
sqlite3_bind_blob
sqlite3_bind_double
sqlite3_bind_int
sqlite3_bind_int64
sqlite3_bind_null
sqlite3_bind_parameter_count
sqlite3_bind_parameter_index
sqlite3_bind_parameter_name
sqlite3_bind_text
sqlite3_bind_text16
sqlite3_busy_handler
sqlite3_busy_timeout
sqlite3_changes
sqlite3_close
sqlite3_collation_needed
sqlite3_collation_needed16
sqlite3_column_blob
sqlite3_column_bytes
sqlite3_column_bytes16
sqlite3_column_count
sqlite3_column_decltype
sqlite3_column_decltype16
sqlite3_column_double
sqlite3_column_int
sqlite3_column_int64
sqlite3_column_name
sqlite3_column_name16
sqlite3_column_text
sqlite3_column_text16
sqlite3_column_type
sqlite3_commit_hook
sqlite3_complete
sqlite3_complete16
sqlite3_create_collation
sqlite3_create_collation16
sqlite3_create_function
sqlite3_create_function16
sqlite3_data_count
sqlite3_db_handle
sqlite3_enable_shared_cache
sqlite3_errcode
sqlite3_errmsg
sqlite3_errmsg16
sqlite3_exec
sqlite3_expired
sqlite3_finalize
sqlite3_free
sqlite3_free_table
sqlite3_get_autocommit
sqlite3_get_auxdata
sqlite3_get_table
sqlite3_global_recover
sqlite3_interrupt
sqlite3_last_insert_rowid
sqlite3_libversion
sqlite3_libversion_number
sqlite3_mprintf
sqlite3_open
sqlite3_open16
sqlite3_prepare
sqlite3_prepare16
sqlite3_progress_handler
sqlite3_reset
sqlite3_result_blob
sqlite3_result_double
sqlite3_result_error
sqlite3_result_error16
sqlite3_result_int
sqlite3_result_int64
sqlite3_result_null
sqlite3_result_text
sqlite3_result_text16
sqlite3_result_text16be
sqlite3_result_text16le
sqlite3_result_value
sqlite3_rollback_hook
sqlite3_set_authorizer
sqlite3_set_auxdata
sqlite3_snprintf
sqlite3_step
sqlite3_thread_cleanup
sqlite3_total_changes
sqlite3_trace
sqlite3_transfer_bindings
sqlite3_update_hook
sqlite3_user_data
sqlite3_value_blob
sqlite3_value_bytes
sqlite3_value_bytes16
sqlite3_value_double
sqlite3_value_int
sqlite3_value_int64
sqlite3_value_text
sqlite3_value_text16
sqlite3_value_text16be
sqlite3_value_text16le
sqlite3_value_type
sqlite3_vmprintf

Sections

.text
Size: 241KB - Virtual size: 240KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 448B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.stab
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.stabstr
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
trufos.dll
.dll windows:5 windows x64 arch:x64

89f5ea4b0d9de0f97d7231bf27ea394c

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:0f:10:9d:92:32:32:2c:28:0e:f2:c2:d3:f2:b9:53
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

08/02/2016, 23:59

Subject

CN=Bitdefender SRL,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=PD,O=Bitdefender SRL,L=Bucharest,ST=Romania,C=RO

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:67:64:f6:5c:0a:36:c7:27:82:e9:ce:10:26:34:64:18:36:9f:45
Signer

Actual PE Digest

12:67:64:f6:5c:0a:36:c7:27:82:e9:ce:10:26:34:64:18:36:9f:45

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\projects\ark2\bin\x64\Release\trufos.pdb

Imports

kernel32

GetFileSize
GetCurrentProcessId
GetCurrentThread
OpenProcess
DeviceIoControl
RtlCompareMemory
GetCurrentProcess
SetFilePointer
GetEnvironmentVariableW
QueryDosDeviceW
GetLogicalDrives
ReleaseMutex
WaitForSingleObject
OpenMutexW
CreateMutexW
GetCurrentThreadId
GetModuleHandleW
GetVolumeNameForVolumeMountPointW
SetStdHandle
SetEnvironmentVariableW
CompareStringW
LoadLibraryW
FreeLibrary
SetConsoleCtrlHandler
FlushFileBuffers
GetModuleFileNameW
WriteConsoleW
IsValidLocale
EnumSystemLocalesA
VirtualAlloc
VirtualFree
InitializeCriticalSection
DeleteCriticalSection
SetLastError
FindFirstFileW
FindNextFileW
FindClose
ReadFile
DeleteFileW
CreateFileW
WriteFile
CloseHandle
EnterCriticalSection
GetVersion
GetComputerNameW
GetLastError
GetLogicalDriveStringsW
GetDriveTypeW
GetDiskFreeSpaceW
GetSystemTimeAsFileTime
GetTickCount
UnlockFileEx
LockFileEx
GetFileAttributesW
HeapReAlloc
GetFileSizeEx
LeaveCriticalSection
GetProcAddress
Sleep
RaiseException
GetLocalTime
SetEvent
InitializeCriticalSectionAndSpinCount
ReleaseSemaphore
ResetEvent
CreateSemaphoreW
CreateEventW
WaitForMultipleObjects
CreateThread
SetWaitableTimer
ConnectNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetOverlappedResult
DisconnectNamedPipe
CancelIo
CreateWaitableTimerW
ExpandEnvironmentStringsW
SetFilePointerEx
MapViewOfFile
UnmapViewOfFile
VirtualQuery
CreateFileMappingW
RtlUnwindEx
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
FlsSetValue
GetCommandLineA
DecodePointer
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
EncodePointer
TerminateProcess
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
FlsGetValue
FlsFree
FlsAlloc
HeapFree
HeapAlloc
FatalAppExitA
LCMapStringW
GetStringTypeW
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoW
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapSetInformation
HeapCreate
HeapDestroy
QueryPerformanceCounter
MultiByteToWideChar
GetConsoleCP
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
HeapSize

ntdll

RtlInitUnicodeString
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
NtQueryInformationFile
NtQueryFullAttributesFile
ZwOpenFile
RtlNtStatusToDosError
ZwQueryDirectoryFile
ZwClose

advapi32

CryptSetKeyParam
GetTokenInformation
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
CryptGetKeyParam
GetUserNameW
CryptImportKey
OpenEncryptedFileRawW
ReadEncryptedFileRaw
CloseEncryptedFileRaw
CryptAcquireContextW
CryptGetUserKey
CryptDecrypt
CryptDestroyKey
CryptReleaseContext

fltlib

FilterGetMessage
FilterSendMessage
FilterConnectCommunicationPort
FilterLoad
FilterReplyMessage

crypt32

CertFreeCertificateContext

Exports

Exports

RBCStrMatchW
RBCalcAvgW
RBCalcDev
RBCalcMaxW
RBCalcMed
RBCalcMin
RBCalcSum
RBCompMed
RBCompMin
RBGetto
RBGrayscale
RBInvertColor
RBMetto
RBMonochrome
RBTrueColor

Sections

.text
Size: 457KB - Virtual size: 456KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
unrar.dll
.dll windows:4 windows x86 arch:x86

244d2f9772f4886a651db44514a2a29b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueA
OpenProcessToken
SetFileSecurityA
SetFileSecurityW

kernel32

CloseHandle
CompareStringA
CompareStringW
CreateDirectoryA
CreateDirectoryW
CreateFileA
CreateFileW
DeleteFileA
DeleteFileW
DeviceIoControl
ExitProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
FreeEnvironmentStringsA
FreeLibrary
GetACP
GetCPInfo
GetCurrentProcess
GetCurrentThreadId
GetEnvironmentStrings
GetFileAttributesA
GetFileAttributesW
GetFileType
GetFullPathNameA
GetLastError
GetLocalTime
GetModuleFileNameA
GetModuleHandleA
GetOEMCP
GetProcAddress
GetProcessHeap
GetStartupInfoA
GetStdHandle
GetStringTypeW
GetVersion
GetVersionExA
GlobalMemoryStatus
HeapAlloc
HeapFree
IsDBCSLeadByte
LCMapStringA
LoadLibraryA
LocalFileTimeToFileTime
MoveFileA
MultiByteToWideChar
RaiseException
ReadFile
RtlUnwind
SetConsoleCtrlHandler
SetEndOfFile
SetFileAttributesA
SetFileAttributesW
SetFilePointer
SetFileTime
SetHandleCount
Sleep
SystemTimeToFileTime
UnhandledExceptionFilter
VirtualAlloc
VirtualFree
WideCharToMultiByte
WriteFile

user32

CharLowerA
CharLowerW
CharToOemA
CharToOemBuffA
CharUpperA
CharUpperW
EnumThreadWindows
MessageBoxA
OemToCharA
OemToCharBuffA
wsprintfA

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc
___CPPdebugHook

Sections

.text
Size: 131KB - Virtual size: 132KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
whitelist.dat

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

0e:a9:7a:ee:3b:04:78:f8:5b:16:cc:08:8a:3f:ee:76Certificate

Extended Key Usages

Key Usages

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08Certificate

Extended Key Usages

Key Usages

78:32:f5:fe:98:63:7b:f9:73:92:00:fd:2a:88:ee:93:1b:54:87:7fSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 1.3MB

.rsrc Size: 70KB - Virtual size: 70KB

.reloc Size: 4KB - Virtual size: 3KB

Headers

File Characteristics

Exports

Exports

Sections

UPX0 Size: - Virtual size: 72KB

UPX1 Size: 35KB - Virtual size: 36KB

.rsrc Size: 2KB - Virtual size: 4KB

Headers

File Characteristics

Sections

.text Size: 53KB - Virtual size: 53KB

.rdata Size: 15KB - Virtual size: 15KB

.data Size: 5KB - Virtual size: 7KB

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 8KB - Virtual size: 8KB

14a3860e30b9e9b7d8593963364c41b2

Headers

File Characteristics

Imports

kernel32

Exports

Exports

Sections

.text Size: 82KB - Virtual size: 82KB

.rdata Size: 58KB - Virtual size: 57KB

.data Size: 6KB - Virtual size: 47KB

.reloc Size: 6KB - Virtual size: 5KB

0b5ebf524f3364a6e46fa57d8d2ff79c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 48KB - Virtual size: 48KB

.rdata Size: 15KB - Virtual size: 14KB

.data Size: 4KB - Virtual size: 7KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0e:a9:7a:ee:3b:04:78:f8:5b:16:cc:08:8a:3f:ee:76
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

78:32:f5:fe:98:63:7b:f9:73:92:00:fd:2a:88:ee:93:1b:54:87:7f
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 1.3MB

.rsrc
Size: 70KB - Virtual size: 70KB

.reloc
Size: 4KB - Virtual size: 3KB

UPX0
Size: - Virtual size: 72KB

UPX1
Size: 35KB - Virtual size: 36KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 53KB - Virtual size: 53KB

.rdata
Size: 15KB - Virtual size: 15KB

.data
Size: 5KB - Virtual size: 7KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 8KB - Virtual size: 8KB

.text
Size: 82KB - Virtual size: 82KB

.rdata
Size: 58KB - Virtual size: 57KB

.data
Size: 6KB - Virtual size: 47KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 48KB - Virtual size: 48KB

.rdata
Size: 15KB - Virtual size: 14KB

.data
Size: 4KB - Virtual size: 7KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 8KB - Virtual size: 7KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: - Virtual size: 48B

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 590B

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 1KB - Virtual size: 4KB

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 28B

.rsrc
Size: 1024B - Virtual size: 888B

.reloc
Size: 512B - Virtual size: 446B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

0e:a9:7a:ee:3b:04:78:f8:5b:16:cc:08:8a:3f:ee:76
Certificate

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate