70dd358d8d9b1c9fe064a14c58bdf778_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

70dd358d8d9b1c9fe064a14c58bdf778_JaffaCakes118
Size

2.2MB
MD5

70dd358d8d9b1c9fe064a14c58bdf778
SHA1

bfd116fe1ea532e60c599adffdee7e19d9a1ef78
SHA256

992dde2e62d9db05ed392c4dbebfe4f74b582da58e6b92b95b8492785a6222f9
SHA512

0a8b5210029690858c6ce5c0bf314ccbf6e2bc3b2d667fca79a2ec47b4fa5888f279dd079755d6c7b408bbf9bd03cbcfc322355745bbf6b3cef1e5257bb01416
SSDEEP

49152:Dyxz5NMRYa7SKui8Uyp5Ki6Zgs6q68+rNlFcsZz0rs+yxf0pDemxmWtd0vmAR:Dwzs7zJ0czgJR8+vFzZQg+u8pDoW/0vB

Score

3^/10

Malware Config

Signatures

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/StartMenu.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/StatViewer.exe
unpack001/sqlite.dll
unpack001/sqlite.new.dll

Files

70dd358d8d9b1c9fe064a14c58bdf778_JaffaCakes118
.exe windows:4 windows x86 arch:x86

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/02/2008, 00:00

Not After

05/02/2011, 23:59

Subject

CN=MDO,O=MDO,POSTALCODE=109319,STREET=Volgogradskiy prospekt 26-1,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

ca:91:df:7a:ab:ad:14:53:9c:f9:28:a8:0b:2f:89:9a:34:19:04:e8
Signer

Actual PE Digest

ca:91:df:7a:ab:ad:14:53:9c:f9:28:a8:0b:2f:89:9a:34:19:04:e8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 409KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 596KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 120KB - Virtual size: 119KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

8fbbf807b5bf33729f0092d4b8c483c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalUnlock
GetPrivateProfileIntW
lstrcmpiW
GetModuleHandleW
GetPrivateProfileStringW
lstrcatW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
GlobalAlloc
GlobalLock
lstrcpynW

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
SetWindowLongW
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
LoadCursorW
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
CharNextW
wsprintfW
MessageBoxW
GetWindowTextW
SetWindowTextW
SendMessageW
DestroyIcon

gdi32

SetTextColor
CreateCompatibleDC
GetObjectW
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderW
SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

2be79521ab92f834267b9728a9762af6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MulDiv
GetModuleHandleW
GlobalAlloc
lstrlenW
lstrcpynW
lstrcpyW
GlobalFree
lstrcmpW

user32

SetWindowTextW
SetDlgItemTextW
EndDialog
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 282B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/StartMenu.dll
.dll windows:4 windows x86 arch:x86

72ab97fccc18249c090aefd986c05a61

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
FindClose
FindNextFileW
lstrcmpW
lstrcpynW
lstrcatW
MulDiv
GetModuleHandleW
lstrcmpiW
lstrcpyW
FindFirstFileW
GlobalFree

user32

PostMessageW
CallWindowProcW
GetWindowLongW
SendMessageW
IsDialogMessageW
ShowWindow
LoadIconW
GetClientRect
MoveWindow
ScreenToClient
GetWindowRect
ReleaseDC
GetDC
EnableWindow
SetWindowTextW
IsDlgButtonChecked
GetWindowTextW
GetDlgItem
wsprintfW
CreateDialogParamW
GetMessageW
TranslateMessage
DispatchMessageW
DestroyWindow
SetWindowLongW
CheckDlgButton

gdi32

GetTextMetricsW
SelectObject

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

CoTaskMemFree

Exports

Exports

Init
Select
Show

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 296B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

bd0c5e2173fde31d22cb05fc3c2a33dc

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
GetLastError
VirtualAlloc
VirtualProtect
lstrlenW
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 502B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/summary.ini
$SYSDIR/Drivers/eBoost.sys
.sys windows:6 windows x64 arch:x64

2dbb384380794792ee9aea5c7d0e5da2

Code Sign

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:1b:f8:be:2b:0a
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

25/08/2008, 07:22

Not After

25/08/2009, 07:22

Subject

CN=MDO,O=MDO,C=RU,1.2.840.113549.1.9.1=#0c0b696e666f406d646f2e7275

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:17:ab:50:b9:15
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:7a:3b:53:90:43:b5:86:c7:b4:75:f4:34:20:3c:c2:0b:b5:ad:23
Signer

Actual PE Digest

04:7a:3b:53:90:43:b5:86:c7:b4:75:f4:34:20:3c:c2:0b:b5:ad:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\work\eboostr\driver\objchk_wnet_amd64\amd64\EBoost.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
ExAllocatePoolWithTag
ExInitializePagedLookasideList
ExDeletePagedLookasideList
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExQueryDepthSList
ExDeleteNPagedLookasideList
ExpInterlockedPopEntrySList
IoAllocateWorkItem
KeSetEvent
IoFreeIrp
IoFreeMdl
IoInitializeIrp
IoAllocateIrp
KeInitializeEvent
KeWaitForSingleObject
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
IoGetRequestorProcessId
IofCompleteRequest
IoFreeWorkItem
IoQueueWorkItem
RtlVolumeDeviceToDosName
RtlUpcaseUnicodeString
IoRegisterPlugPlayNotification
RtlAppendUnicodeStringToString
RtlEqualUnicodeString
RtlCopyUnicodeString
IoUnregisterPlugPlayNotification
ObfDereferenceObject
RtlInitUnicodeString
RtlAppendUnicodeToString
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoUnregisterShutdownNotification
MmIsAddressValid
ZwOpenKey
ZwQueryValueKey
ZwClose
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
ObQueryNameString
KeEnterCriticalRegion
InitSafeBootMode
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
KeLeaveCriticalRegion
ExInitializeResourceLite
IoRegisterFsRegistrationChange
RtlAssert
PoCallDriver
IofCallDriver
IoDetachDevice
IoGetDeviceObjectPointer
IoBuildDeviceIoControlRequest
IoGetTopLevelIrp
IoSetTopLevelIrp
RtlInitAnsiString
_vsnprintf
DbgPrint
DbgBreakPoint
IoReuseIrp
ObReferenceObjectByHandle
FsRtlDissectName
KeClearEvent
ObfReferenceObject
ExAcquireResourceSharedLite
FsRtlLookupPerStreamContextInternal
FsRtlInsertPerStreamContext
FsRtlRemovePerStreamContext
MmUnlockPages
PsGetCurrentProcessId
ZwQueryInformationFile
ZwSetInformationFile
ZwQueryVolumeInformationFile
ZwReadFile
ZwWriteFile
IoIsOperationSynchronous
MmFreePagesFromMdl
MmAllocatePagesForMdl
IoBuildPartialMdl
_purecall
PsLookupProcessByProcessId
ObOpenObjectByPointer
IoIs32bitProcess
IoStopTimer
IoInitializeTimer
IoStartTimer
IoRegisterShutdownNotification
PsSetCreateProcessNotifyRoutine
IoAcquireVpbSpinLock
IoReleaseVpbSpinLock
IoGetCurrentProcess
PsGetVersion
MmGetSystemRoutineAddress
RtlCompareMemory
KeBugCheckEx
KeQueryTimeIncrement
__C_specific_handler

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 486B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CacheViewer.exe
.exe windows:5 windows x86 arch:x86

728571856e57cd26e5774595ae9a689c

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/02/2008, 00:00

Not After

05/02/2011, 23:59

Subject

CN=MDO,O=MDO,POSTALCODE=109319,STREET=Volgogradskiy prospekt 26-1,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f9:28:59:60:00:df:62:6f:6c:34:c7:d7:9d:a2:cb:39:10:48:ef:ee
Signer

Actual PE Digest

f9:28:59:60:00:df:62:6f:6c:34:c7:d7:9d:a2:cb:39:10:48:ef:ee

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
CreateFileW
VirtualAlloc
VirtualFree
ReadFile
FileTimeToSystemTime
FileTimeToLocalFileTime
SetFilePointerEx
GetFileInformationByHandle
SetFilePointer
WriteFile
SetLastError
DeviceIoControl
SetEnvironmentVariableA
CompareStringW
CompareStringA
SetEndOfFile
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FlushFileBuffers
SetStdHandle
GetTimeZoneInformation
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
InitializeCriticalSection
GetTickCount
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleMode
GetConsoleCP
WideCharToMultiByte
GetDateFormatA
GetTimeFormatA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapSize
GetModuleFileNameA
GetStdHandle
ExitProcess
Sleep
HeapCreate
HeapReAlloc
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
GetLastError
GetModuleHandleW
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LeaveCriticalSection
EnterCriticalSection
lstrcpynW
lstrlenA
lstrcpynA
FlushInstructionCache
DeleteCriticalSection
RaiseException
GetVersionExW
GetCurrentThreadId
lstrlenW
GetModuleFileNameW
UnhandledExceptionFilter
TerminateProcess
RtlUnwind
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
CloseHandle
GetCurrentProcessId

user32

GetClientRect
GetMonitorInfoW
MonitorFromWindow
GetParent
EndDialog
MapWindowPoints
SetWindowPos
SetMenu
PostMessageW
TranslateAcceleratorW
SetDlgItemTextW
GetDlgItemTextW
TrackPopupMenu
MessageBoxW
DialogBoxParamW
GetSubMenu
GetActiveWindow
CharNextW
AppendMenuW
MonitorFromPoint
TrackPopupMenuEx
GetMenuItemCount
DestroyMenu
LoadStringA
PostQuitMessage
SetFocus
SetMenuDefaultItem
GetMenuItemInfoW
SetMenuItemInfoW
wvsprintfW
GetClassInfoExW
LoadCursorW
LoadImageW
RegisterClassExW
GetDlgItem
ShowWindow
SetWindowLongW
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
CallWindowProcW
RemoveMenu
CreatePopupMenu
InvalidateRect
PeekMessageW
PtInRect
IsWindow
MessageBeep
CreateWindowExW
LoadStringW
LoadMenuW
LoadAcceleratorsW
SendMessageW
DefWindowProcW
GetWindow
GetWindowRect
GetWindowLongW
UnregisterClassA

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegOpenKeyExW
LookupPrivilegeValueW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
AdjustTokenPrivileges
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
OpenProcessToken

shell32

SHGetSpecialFolderPathW
ShellExecuteW

ole32

CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoInitialize
CoUninitialize

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

Sections

.text
Size: 177KB - Virtual size: 176KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EBstrSvc.exe
.exe windows:5 windows x86 arch:x86

7b7ffb54a2157545d6051ea55f1cd1ec

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/02/2008, 00:00

Not After

05/02/2011, 23:59

Subject

CN=MDO,O=MDO,POSTALCODE=109319,STREET=Volgogradskiy prospekt 26-1,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:15:87:a8:a0:37:47:48:e4:4a:99:80:04:35:16:d8:6e:43:aa:77
Signer

Actual PE Digest

39:15:87:a8:a0:37:47:48:e4:4a:99:80:04:35:16:d8:6e:43:aa:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

y:\projects\eBoostr\_Release\EBstrSvc.pdb

Imports

kernel32

GetPrivateProfileStringA
GetLongPathNameA
OpenProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
GetTempPathW
GetCurrentThreadId
GetCurrentProcessId
lstrcmpiW
SetConsoleCtrlHandler
DebugBreak
OutputDebugStringW
lstrlenA
SetLastError
ReleaseMutex
MultiByteToWideChar
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
GetProcessHeap
SetEndOfFile
GetShortPathNameA
GetLongPathNameW
FindClose
FindNextFileA
FindFirstFileA
SystemTimeToFileTime
GetModuleFileNameW
GetTickCount
FlushFileBuffers
LocalFree
FormatMessageW
SetFilePointer
WriteFile
ReadFile
SetFilePointerEx
VirtualFree
VirtualAlloc
InterlockedExchange
Sleep
SetThreadPriority
GetCurrentThread
SetErrorMode
GetSystemTime
CreateEventW
SetEvent
ResetEvent
FreeLibrary
GetProcAddress
LoadLibraryW
DuplicateHandle
GetCurrentProcess
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
DeviceIoControl
GetFileInformationByHandle
MapViewOfFile
GetLastError
CreateFileMappingW
CreateMutexW
UnmapViewOfFile
CloseHandle
CreateFileW
WideCharToMultiByte
GetPrivateProfileIntW
GetShortPathNameW
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetModuleHandleA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
WaitForSingleObject
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapReAlloc
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
GetCurrentDirectoryA
GetFullPathNameW
HeapSize
QueryPerformanceCounter
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
HeapFree
GetTimeFormatA
GetDateFormatA
HeapAlloc
DeleteFileA
ExitProcess
GetStartupInfoW
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree

user32

CharNextW
MessageBoxW
CharUpperW
CharUpperBuffA
wvsprintfW
CharLowerW
LoadStringW
GetLastInputInfo
CharUpperBuffW

advapi32

UnlockServiceDatabase
LockServiceDatabase
OpenServiceW
EnumServicesStatusW
OpenSCManagerW
DeleteService
CreateServiceW
QueryServiceConfigW
QueryServiceStatus
StartServiceW
ControlService
CloseServiceHandle
DeregisterEventSource
ReportEventW
RegisterEventSourceW
StartServiceCtrlDispatcherW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegFlushKey
RegDeleteKeyW
RegisterServiceCtrlHandlerW
SetServiceStatus
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHCreateDirectoryExA
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

sqlite

??4CppSQLite3Query@@QAEAAV0@ABV0@@Z
?format@CppSQLite3Buffer@@UAAPBDPBDZZ
??1CppSQLite3Buffer@@UAE@XZ
??0CppSQLite3Buffer@@QAE@XZ
?getStringField@CppSQLite3Query@@UAEPBDPBD0@Z
??1CppSQLite3Statement@@UAE@XZ
??1CppSQLite3Query@@UAE@XZ
??1CTransaction@@UAE@XZ
??0CTransaction@@QAE@AAVCppSQLite3DB@@@Z
??0CppSQLite3DB@@QAE@XZ
??1CppSQLite3DB@@UAE@XZ
?finalize@CppSQLite3Query@@UAEXXZ
?eof@CppSQLite3Query@@UAE_NXZ
?getInt64Field@CppSQLite3Query@@UAE_JPBDH@Z
?bind@CppSQLite3Statement@@UAEXHH@Z
?execQuery@CppSQLite3Statement@@UAE?AVCppSQLite3Query@@XZ
?nextRow@CppSQLite3Query@@UAEXXZ
?getIntField@CppSQLite3Query@@UAEHPBDH@Z
?reset@CppSQLite3Statement@@UAEXXZ

shlwapi

SHGetValueW

pdh

PdhCollectQueryData
PdhAddCounterW
PdhOpenQueryW
PdhLookupPerfNameByIndexW
PdhGetFormattedCounterValue

psapi

GetModuleFileNameExA

Sections

.text
Size: 493KB - Virtual size: 493KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
EBstrSvc.new.exe
.exe windows:5 windows x86 arch:x86

7b7ffb54a2157545d6051ea55f1cd1ec

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/02/2008, 00:00

Not After

05/02/2011, 23:59

Subject

CN=MDO,O=MDO,POSTALCODE=109319,STREET=Volgogradskiy prospekt 26-1,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:15:87:a8:a0:37:47:48:e4:4a:99:80:04:35:16:d8:6e:43:aa:77
Signer

Actual PE Digest

39:15:87:a8:a0:37:47:48:e4:4a:99:80:04:35:16:d8:6e:43:aa:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

y:\projects\eBoostr\_Release\EBstrSvc.pdb

Imports

kernel32

GetPrivateProfileStringA
GetLongPathNameA
OpenProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetModuleHandleW
GetTempPathW
GetCurrentThreadId
GetCurrentProcessId
lstrcmpiW
SetConsoleCtrlHandler
DebugBreak
OutputDebugStringW
lstrlenA
SetLastError
ReleaseMutex
MultiByteToWideChar
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
GetProcessHeap
SetEndOfFile
GetShortPathNameA
GetLongPathNameW
FindClose
FindNextFileA
FindFirstFileA
SystemTimeToFileTime
GetModuleFileNameW
GetTickCount
FlushFileBuffers
LocalFree
FormatMessageW
SetFilePointer
WriteFile
ReadFile
SetFilePointerEx
VirtualFree
VirtualAlloc
InterlockedExchange
Sleep
SetThreadPriority
GetCurrentThread
SetErrorMode
GetSystemTime
CreateEventW
SetEvent
ResetEvent
FreeLibrary
GetProcAddress
LoadLibraryW
DuplicateHandle
GetCurrentProcess
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
lstrlenW
DeviceIoControl
GetFileInformationByHandle
MapViewOfFile
GetLastError
CreateFileMappingW
CreateMutexW
UnmapViewOfFile
CloseHandle
CreateFileW
WideCharToMultiByte
GetPrivateProfileIntW
GetShortPathNameW
GetLocaleInfoW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetStringTypeW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetModuleHandleA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetModuleFileNameA
WaitForSingleObject
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapReAlloc
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
GetTimeZoneInformation
GetCurrentDirectoryA
GetFullPathNameW
HeapSize
QueryPerformanceCounter
RaiseException
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
HeapFree
GetTimeFormatA
GetDateFormatA
HeapAlloc
DeleteFileA
ExitProcess
GetStartupInfoW
RtlUnwind
LCMapStringA
LCMapStringW
GetCPInfo
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree

user32

CharNextW
MessageBoxW
CharUpperW
CharUpperBuffA
wvsprintfW
CharLowerW
LoadStringW
GetLastInputInfo
CharUpperBuffW

advapi32

UnlockServiceDatabase
LockServiceDatabase
OpenServiceW
EnumServicesStatusW
OpenSCManagerW
DeleteService
CreateServiceW
QueryServiceConfigW
QueryServiceStatus
StartServiceW
ControlService
CloseServiceHandle
DeregisterEventSource
ReportEventW
RegisterEventSourceW
StartServiceCtrlDispatcherW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegSetValueExW
RegDeleteValueW
RegCloseKey
RegFlushKey
RegDeleteKeyW
RegisterServiceCtrlHandlerW
SetServiceStatus
FreeSid
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetSecurityDescriptorDacl
InitializeSecurityDescriptor

shell32

SHCreateDirectoryExA
SHGetSpecialFolderPathA
SHGetSpecialFolderPathW

sqlite

??4CppSQLite3Query@@QAEAAV0@ABV0@@Z
?format@CppSQLite3Buffer@@UAAPBDPBDZZ
??1CppSQLite3Buffer@@UAE@XZ
??0CppSQLite3Buffer@@QAE@XZ
?getStringField@CppSQLite3Query@@UAEPBDPBD0@Z
??1CppSQLite3Statement@@UAE@XZ
??1CppSQLite3Query@@UAE@XZ
??1CTransaction@@UAE@XZ
??0CTransaction@@QAE@AAVCppSQLite3DB@@@Z
??0CppSQLite3DB@@QAE@XZ
??1CppSQLite3DB@@UAE@XZ
?finalize@CppSQLite3Query@@UAEXXZ
?eof@CppSQLite3Query@@UAE_NXZ
?getInt64Field@CppSQLite3Query@@UAE_JPBDH@Z
?bind@CppSQLite3Statement@@UAEXHH@Z
?execQuery@CppSQLite3Statement@@UAE?AVCppSQLite3Query@@XZ
?nextRow@CppSQLite3Query@@UAEXXZ
?getIntField@CppSQLite3Query@@UAEHPBDH@Z
?reset@CppSQLite3Statement@@UAEXXZ

shlwapi

SHGetValueW

pdh

PdhCollectQueryData
PdhAddCounterW
PdhOpenQueryW
PdhLookupPerfNameByIndexW
PdhGetFormattedCounterValue

psapi

GetModuleFileNameExA

Sections

.text
Size: 493KB - Virtual size: 493KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
StatViewer.exe
.exe windows:5 windows x86 arch:x86

577aefed6bb6e604a82afab0872a89b0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

FindFirstFileA
CreateMutexW
WaitForSingleObject
ReleaseMutex
GetLongPathNameW
GetFileInformationByHandle
GetPrivateProfileStringA
GetShortPathNameA
GetTickCount
GetLongPathNameA
OpenProcess
WideCharToMultiByte
MultiByteToWideChar
GetPrivateProfileIntW
GetShortPathNameW
InterlockedIncrement
InterlockedDecrement
lstrlenW
GetModuleFileNameW
GetVersionExW
DeleteCriticalSection
lstrcpynA
lstrlenA
lstrcpynW
GetModuleHandleW
InitializeCriticalSection
FreeLibrary
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
VirtualAlloc
VirtualFree
ReadFile
CreateThread
GetCommandLineW
DebugBreak
OutputDebugStringW
CreateFileA
SetEndOfFile
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
FindNextFileA
GetStringTypeA
LCMapStringW
LCMapStringA
GetLocaleInfoA
FlushFileBuffers
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapCreate
GetModuleFileNameA
WriteFile
GetStartupInfoA
GetFileType
GetStdHandle
SetHandleCount
HeapReAlloc
ExitProcess
HeapSize
Sleep
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetStartupInfoW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
FindClose
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcess
CreateFileW
FlushInstructionCache
RaiseException
SetLastError
GetCurrentThreadId
DeviceIoControl
GetLastError
TerminateProcess
DeleteFileA
RtlUnwind
IsProcessorFeaturePresent
LoadLibraryA
GetProcAddress
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
CloseHandle
GetStringTypeW

user32

GetWindowLongW
GetWindowRect
GetWindow
GetActiveWindow
TranslateAcceleratorW
DialogBoxParamW
CreateWindowExW
SetWindowLongW
PostMessageW
MonitorFromWindow
LoadCursorW
RegisterClassExW
CharUpperBuffW
CharUpperBuffA
DefWindowProcW
SendMessageW
GetMonitorInfoW
GetClientRect
LoadAcceleratorsW
LoadMenuW
LoadStringW
MessageBeep
IsWindow
MapWindowPoints
SetWindowPos
GetParent
EndDialog
GetClassInfoExW
SetWindowTextW
GetSubMenu
TrackPopupMenu
CharNextW
LoadStringA
PostQuitMessage
SetFocus
SetMenuDefaultItem
SetMenuItemInfoW
wvsprintfW
LoadImageW
MessageBoxW
GetDlgItem
ShowWindow
DestroyWindow
GetMessageW
TranslateMessage
DispatchMessageW
CallWindowProcW
MonitorFromPoint
GetMenuItemInfoW
RemoveMenu
GetMenuItemCount
AppendMenuW
TrackPopupMenuEx
DestroyMenu
CreatePopupMenu
InvalidateRect
PeekMessageW
PtInRect
UnregisterClassA

advapi32

RegCloseKey
InitializeSecurityDescriptor
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
SetSecurityDescriptorDacl

shell32

SHCreateDirectoryExA
SHGetSpecialFolderPathA
ShellExecuteW
SHGetSpecialFolderPathW

ole32

CoInitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
CoUninitialize

oleaut32

VarUI4FromStr

sqlite

?errorCodeAsString@CppSQLite3Exception@@SAPBDH@Z
?reset@CppSQLite3Statement@@UAEXXZ
?finalize@CppSQLite3Query@@UAEXXZ
?bind@CppSQLite3Statement@@UAEXHH@Z
?execQuery@CppSQLite3Statement@@UAE?AVCppSQLite3Query@@XZ
?getStringField@CppSQLite3Query@@UAEPBDPBD0@Z
??0CTransaction@@QAE@AAVCppSQLite3DB@@@Z
?nextRow@CppSQLite3Query@@UAEXXZ
?getInt64Field@CppSQLite3Query@@UAE_JPBDH@Z
??1CTransaction@@UAE@XZ
?format@CppSQLite3Buffer@@UAAPBDPBDZZ
??4CppSQLite3Query@@QAEAAV0@ABV0@@Z
??0CppSQLite3DB@@QAE@XZ
??0CppSQLite3Buffer@@QAE@XZ
?eof@CppSQLite3Query@@UAE_NXZ
?getIntField@CppSQLite3Query@@UAEHPBDH@Z
??1CppSQLite3Query@@UAE@XZ
??1CppSQLite3DB@@UAE@XZ
??1CppSQLite3Buffer@@UAE@XZ
??1CppSQLite3Statement@@UAE@XZ

comctl32

InitCommonControlsEx

psapi

GetModuleFileNameExA

Sections

.text
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 118KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
eBoost.sys
.sys windows:6 windows x64 arch:x64

2dbb384380794792ee9aea5c7d0e5da2

Code Sign

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

16/12/2003, 13:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 12:00

Not After

27/01/2014, 11:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:10:92:eb:82:95
Certificate

Issuer

CN=GlobalSign RootSign Partners CA,OU=RootSign Partners CA,O=GlobalSign nv-sa,C=BE

Not Before

05/02/2007, 09:00

Not After

27/01/2014, 09:00

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign,1.2.840.113549.1.9.1=#0c1c74696d657374616d70696e666f40676c6f62616c7369676e2e636f6d

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:1b:f8:be:2b:0a
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

25/08/2008, 07:22

Not After

25/08/2009, 07:22

Subject

CN=MDO,O=MDO,C=RU,1.2.840.113549.1.9.1=#0c0b696e666f406d646f2e7275

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:17:ab:50:b9:15
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 09:00

Not After

27/01/2014, 10:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0b:7f:6b:00:00:00:00:00:19
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:00

Not After

23/05/2016, 17:10

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:7a:3b:53:90:43:b5:86:c7:b4:75:f4:34:20:3c:c2:0b:b5:ad:23
Signer

Actual PE Digest

04:7a:3b:53:90:43:b5:86:c7:b4:75:f4:34:20:3c:c2:0b:b5:ad:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\work\eboostr\driver\objchk_wnet_amd64\amd64\EBoost.pdb

Imports

ntoskrnl.exe

ExFreePoolWithTag
ExAllocatePoolWithTag
ExInitializePagedLookasideList
ExDeletePagedLookasideList
ExInitializeNPagedLookasideList
ExpInterlockedPushEntrySList
ExQueryDepthSList
ExDeleteNPagedLookasideList
ExpInterlockedPopEntrySList
IoAllocateWorkItem
KeSetEvent
IoFreeIrp
IoFreeMdl
IoInitializeIrp
IoAllocateIrp
KeInitializeEvent
KeWaitForSingleObject
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
IoGetRequestorProcessId
IofCompleteRequest
IoFreeWorkItem
IoQueueWorkItem
RtlVolumeDeviceToDosName
RtlUpcaseUnicodeString
IoRegisterPlugPlayNotification
RtlAppendUnicodeStringToString
RtlEqualUnicodeString
RtlCopyUnicodeString
IoUnregisterPlugPlayNotification
ObfDereferenceObject
RtlInitUnicodeString
RtlAppendUnicodeToString
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoUnregisterShutdownNotification
MmIsAddressValid
ZwOpenKey
ZwQueryValueKey
ZwClose
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
ObQueryNameString
KeEnterCriticalRegion
InitSafeBootMode
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
KeLeaveCriticalRegion
ExInitializeResourceLite
IoRegisterFsRegistrationChange
RtlAssert
PoCallDriver
IofCallDriver
IoDetachDevice
IoGetDeviceObjectPointer
IoBuildDeviceIoControlRequest
IoGetTopLevelIrp
IoSetTopLevelIrp
RtlInitAnsiString
_vsnprintf
DbgPrint
DbgBreakPoint
IoReuseIrp
ObReferenceObjectByHandle
FsRtlDissectName
KeClearEvent
ObfReferenceObject
ExAcquireResourceSharedLite
FsRtlLookupPerStreamContextInternal
FsRtlInsertPerStreamContext
FsRtlRemovePerStreamContext
MmUnlockPages
PsGetCurrentProcessId
ZwQueryInformationFile
ZwSetInformationFile
ZwQueryVolumeInformationFile
ZwReadFile
ZwWriteFile
IoIsOperationSynchronous
MmFreePagesFromMdl
MmAllocatePagesForMdl
IoBuildPartialMdl
_purecall
PsLookupProcessByProcessId
ObOpenObjectByPointer
IoIs32bitProcess
IoStopTimer
IoInitializeTimer
IoStartTimer
IoRegisterShutdownNotification
PsSetCreateProcessNotifyRoutine
IoAcquireVpbSpinLock
IoReleaseVpbSpinLock
IoGetCurrentProcess
PsGetVersion
MmGetSystemRoutineAddress
RtlCompareMemory
KeBugCheckEx
KeQueryTimeIncrement
__C_specific_handler

Sections

.text
Size: 121KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 486B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
eBoostrCP.exe
.exe windows:5 windows x86 arch:x86

fda5e0cae9da66b7d5e5fb189271fcf7

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/02/2008, 00:00

Not After

05/02/2011, 23:59

Subject

CN=MDO,O=MDO,POSTALCODE=109319,STREET=Volgogradskiy prospekt 26-1,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e8:be:f6:d1:c7:2e:89:9f:91:ba:b5:80:01:1c:78:08:3c:cc:4f:b5
Signer

Actual PE Digest

e8:be:f6:d1:c7:2e:89:9f:91:ba:b5:80:01:1c:78:08:3c:cc:4f:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

y:\projects\eBoostr\_Release\eBoostrCP.pdb

Imports

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
CM_Get_Parent
CM_Request_Device_EjectW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW

kernel32

CreateThread
GetTickCount
Sleep
SetEvent
OpenEventW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GlobalSize
DeviceIoControl
GetCurrentProcessId
GetTempPathW
GetProcAddress
LoadLibraryW
UnmapViewOfFile
InterlockedExchange
lstrcpynW
FindClose
FindNextFileW
GetPrivateProfileStringW
FindFirstFileW
GetSystemDirectoryW
GetShortPathNameW
GetModuleHandleW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
WinExec
GetSystemPowerStatus
MapViewOfFile
CreateFileMappingW
CreateMutexW
ReleaseMutex
SetThreadPriority
SetEndOfFile
SetFilePointerEx
SetFilePointer
WriteFile
VirtualAlloc
VirtualFree
GetExitCodeThread
TerminateThread
lstrcmpW
lstrcpyW
GetVersionExW
WideCharToMultiByte
ExpandEnvironmentStringsW
GetLongPathNameW
QueryDosDeviceW
GetSystemTime
GetVolumeInformationW
GetDiskFreeSpaceExW
GetShortPathNameA
GetPrivateProfileIntA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
LeaveCriticalSection
CompareStringA
CreateFileA
GetDriveTypeA
WriteConsoleW
WaitForMultipleObjects
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
HeapReAlloc
HeapCreate
ExitProcess
HeapSize
GetModuleFileNameA
GetStdHandle
GetModuleHandleA
GetCurrentDirectoryA
GetFullPathNameW
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
RemoveDirectoryW
DeleteFileW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlUnwind
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
QueryPerformanceCounter
ResetEvent
CreateEventW
CreateFileW
EnterCriticalSection
ReadFile
GetLastError
WaitForSingleObject
GetOverlappedResult
DeleteCriticalSection
InterlockedDecrement
CloseHandle
InitializeCriticalSection
FormatMessageW
LocalFree
InterlockedIncrement
GetDriveTypeW
GlobalMemoryStatusEx
GetConsoleOutputCP
GetModuleFileNameW
lstrlenA
OutputDebugStringW
DebugBreak
lstrlenW
GetCurrentProcess
FlushInstructionCache
RaiseException
GetCurrentThreadId
SetLastError
CompareStringW

user32

DialogBoxParamW
SendMessageW
SetDlgItemTextW
GetParent
LoadImageW
DestroyIcon
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
EndDialog
GetWindowLongW
GetWindowRect
GetWindow
CharNextW
wvsprintfW
LoadStringW
SetWindowLongW
GetDesktopWindow
GetDlgItemInt
SetDlgItemInt
MessageBoxW
ShowWindow
UnregisterClassA
GetActiveWindow
MonitorFromWindow
GetKeyState
IsDlgButtonChecked
ExitWindowsEx
CharLowerW
CharUpperBuffW
GetWindowTextLengthW
GetMenuItemInfoW
SetMenuItemInfoW
GetMenu
SendInput
wsprintfW
DefWindowProcW
CreateDialogParamW
RegisterWindowMessageW
SetForegroundWindow
DrawMenuBar
CreateWindowExW
InvalidateRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
OffsetRect
IsDialogMessageW
GetDlgItemTextW
EnableWindow
KillTimer
SetTimer
BringWindowToTop
MoveWindow
IsIconic
SetWindowTextW
RemoveMenu
CheckMenuItem
AppendMenuW
ClientToScreen
GetDlgCtrlID
GetSysColorBrush
IsMenu
IsWindowVisible
PostQuitMessage
GetLastInputInfo
LoadIconW
SetFocus
ScreenToClient
GetSystemMetrics
CallWindowProcW
SetMenuDefaultItem
MonitorFromPoint
GetMenuItemID
TrackPopupMenu
IsWindow
PostMessageW
DestroyWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetSubMenu
LoadMenuW
DestroyMenu
GetCursorPos
EnableMenuItem

gdi32

DeleteObject
GetObjectW
SetTextColor
SetBkMode
ExcludeClipRect
GetViewportOrgEx
CreateFontIndirectW
SetMapMode

advapi32

RegOpenKeyExA
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
CloseServiceHandle
RegCreateKeyExW
RegSetValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerW
RegDeleteKeyW
CreateServiceW
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
Shell_NotifyIconW
SHGetFileInfoW
SHGetDataFromIDListW
SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationW
ord165
SHBindToParent
DragFinish
DragQueryFileW
SHGetSpecialFolderPathA
ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoInitialize
DoDragDrop
ReleaseStgMedium

oleaut32

VarUI4FromStr

sqlite

?open@CppSQLite3DB@@UAEXPBD_N@Z
?execDML@CppSQLite3DB@@UAEHPBD@Z
?isInitialized@CppSQLite3DB@@UAE_NXZ
?close@CppSQLite3DB@@UAEXXZ
?eof@CppSQLite3Query@@UAE_NXZ
??0CTransaction@@QAE@AAVCppSQLite3DB@@@Z
?nextRow@CppSQLite3Query@@UAEXXZ
??1CppSQLite3Query@@UAE@XZ
??1CTransaction@@UAE@XZ
??1CppSQLite3Buffer@@UAE@XZ
?format@CppSQLite3Buffer@@UAAPBDPBDZZ
?lastRowId@CppSQLite3DB@@UAE_JXZ
??0CppSQLite3Buffer@@QAE@XZ
??0CppSQLite3DB@@QAE@XZ
??1CppSQLite3DB@@UAE@XZ
?execQuery@CppSQLite3DB@@UAE?AVCppSQLite3Query@@PBD@Z
?getStringField@CppSQLite3Query@@UAEPBDPBD0@Z

shlwapi

StrRetToBufW
StrFromTimeIntervalW
PathCompactPathExW

comctl32

ImageList_Create
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_SetImageCount
ImageList_SetOverlayImage
InitCommonControlsEx

urlmon

URLDownloadToCacheFileW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 655KB - Virtual size: 655KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 571KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
eBoostrCP.new.exe
.exe windows:5 windows x86 arch:x86

fda5e0cae9da66b7d5e5fb189271fcf7

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/02/2008, 00:00

Not After

05/02/2011, 23:59

Subject

CN=MDO,O=MDO,POSTALCODE=109319,STREET=Volgogradskiy prospekt 26-1,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

e8:be:f6:d1:c7:2e:89:9f:91:ba:b5:80:01:1c:78:08:3c:cc:4f:b5
Signer

Actual PE Digest

e8:be:f6:d1:c7:2e:89:9f:91:ba:b5:80:01:1c:78:08:3c:cc:4f:b5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

y:\projects\eBoostr\_Release\eBoostrCP.pdb

Imports

setupapi

SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList
CM_Get_Parent
CM_Request_Device_EjectW
SetupDiGetDeviceInterfaceDetailW
SetupDiGetClassDevsW

kernel32

CreateThread
GetTickCount
Sleep
SetEvent
OpenEventW
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
GlobalSize
DeviceIoControl
GetCurrentProcessId
GetTempPathW
GetProcAddress
LoadLibraryW
UnmapViewOfFile
InterlockedExchange
lstrcpynW
FindClose
FindNextFileW
GetPrivateProfileStringW
FindFirstFileW
GetSystemDirectoryW
GetShortPathNameW
GetModuleHandleW
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
WinExec
GetSystemPowerStatus
MapViewOfFile
CreateFileMappingW
CreateMutexW
ReleaseMutex
SetThreadPriority
SetEndOfFile
SetFilePointerEx
SetFilePointer
WriteFile
VirtualAlloc
VirtualFree
GetExitCodeThread
TerminateThread
lstrcmpW
lstrcpyW
GetVersionExW
WideCharToMultiByte
ExpandEnvironmentStringsW
GetLongPathNameW
QueryDosDeviceW
GetSystemTime
GetVolumeInformationW
GetDiskFreeSpaceExW
GetShortPathNameA
GetPrivateProfileIntA
ExpandEnvironmentStringsA
SetEnvironmentVariableA
LeaveCriticalSection
CompareStringA
CreateFileA
GetDriveTypeA
WriteConsoleW
WaitForMultipleObjects
WriteConsoleA
SetStdHandle
InitializeCriticalSectionAndSpinCount
GetLocaleInfoW
GetStringTypeA
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
GetStartupInfoA
GetFileType
SetHandleCount
HeapReAlloc
HeapCreate
ExitProcess
HeapSize
GetModuleFileNameA
GetStdHandle
GetModuleHandleA
GetCurrentDirectoryA
GetFullPathNameW
GetTimeZoneInformation
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
IsValidCodePage
GetOEMCP
GetACP
GetStringTypeW
GetCPInfo
LCMapStringW
LCMapStringA
GetStartupInfoW
GetDateFormatA
GetTimeFormatA
GetSystemTimeAsFileTime
RemoveDirectoryW
DeleteFileW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
FileTimeToLocalFileTime
FileTimeToSystemTime
RtlUnwind
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
QueryPerformanceCounter
ResetEvent
CreateEventW
CreateFileW
EnterCriticalSection
ReadFile
GetLastError
WaitForSingleObject
GetOverlappedResult
DeleteCriticalSection
InterlockedDecrement
CloseHandle
InitializeCriticalSection
FormatMessageW
LocalFree
InterlockedIncrement
GetDriveTypeW
GlobalMemoryStatusEx
GetConsoleOutputCP
GetModuleFileNameW
lstrlenA
OutputDebugStringW
DebugBreak
lstrlenW
GetCurrentProcess
FlushInstructionCache
RaiseException
GetCurrentThreadId
SetLastError
CompareStringW

user32

DialogBoxParamW
SendMessageW
SetDlgItemTextW
GetParent
LoadImageW
DestroyIcon
GetDlgItem
SetWindowPos
MapWindowPoints
GetClientRect
GetMonitorInfoW
EndDialog
GetWindowLongW
GetWindowRect
GetWindow
CharNextW
wvsprintfW
LoadStringW
SetWindowLongW
GetDesktopWindow
GetDlgItemInt
SetDlgItemInt
MessageBoxW
ShowWindow
UnregisterClassA
GetActiveWindow
MonitorFromWindow
GetKeyState
IsDlgButtonChecked
ExitWindowsEx
CharLowerW
CharUpperBuffW
GetWindowTextLengthW
GetMenuItemInfoW
SetMenuItemInfoW
GetMenu
SendInput
wsprintfW
DefWindowProcW
CreateDialogParamW
RegisterWindowMessageW
SetForegroundWindow
DrawMenuBar
CreateWindowExW
InvalidateRect
BeginDeferWindowPos
DeferWindowPos
EndDeferWindowPos
OffsetRect
IsDialogMessageW
GetDlgItemTextW
EnableWindow
KillTimer
SetTimer
BringWindowToTop
MoveWindow
IsIconic
SetWindowTextW
RemoveMenu
CheckMenuItem
AppendMenuW
ClientToScreen
GetDlgCtrlID
GetSysColorBrush
IsMenu
IsWindowVisible
PostQuitMessage
GetLastInputInfo
LoadIconW
SetFocus
ScreenToClient
GetSystemMetrics
CallWindowProcW
SetMenuDefaultItem
MonitorFromPoint
GetMenuItemID
TrackPopupMenu
IsWindow
PostMessageW
DestroyWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
GetSubMenu
LoadMenuW
DestroyMenu
GetCursorPos
EnableMenuItem

gdi32

DeleteObject
GetObjectW
SetTextColor
SetBkMode
ExcludeClipRect
GetViewportOrgEx
CreateFontIndirectW
SetMapMode

advapi32

RegOpenKeyExA
RegQueryValueExW
RegQueryInfoKeyW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
CloseServiceHandle
RegCreateKeyExW
RegSetValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
OpenSCManagerW
RegDeleteKeyW
CreateServiceW
RegQueryValueExA

shell32

SHGetSpecialFolderPathW
Shell_NotifyIconW
SHGetFileInfoW
SHGetDataFromIDListW
SHGetPathFromIDListW
SHBrowseForFolderW
SHFileOperationW
ord165
SHBindToParent
DragFinish
DragQueryFileW
SHGetSpecialFolderPathA
ShellExecuteW

ole32

CoTaskMemFree
CoTaskMemRealloc
CoUninitialize
OleInitialize
CoCreateInstance
CoTaskMemAlloc
CoInitialize
DoDragDrop
ReleaseStgMedium

oleaut32

VarUI4FromStr

sqlite

?open@CppSQLite3DB@@UAEXPBD_N@Z
?execDML@CppSQLite3DB@@UAEHPBD@Z
?isInitialized@CppSQLite3DB@@UAE_NXZ
?close@CppSQLite3DB@@UAEXXZ
?eof@CppSQLite3Query@@UAE_NXZ
??0CTransaction@@QAE@AAVCppSQLite3DB@@@Z
?nextRow@CppSQLite3Query@@UAEXXZ
??1CppSQLite3Query@@UAE@XZ
??1CTransaction@@UAE@XZ
??1CppSQLite3Buffer@@UAE@XZ
?format@CppSQLite3Buffer@@UAAPBDPBDZZ
?lastRowId@CppSQLite3DB@@UAE_JXZ
??0CppSQLite3Buffer@@QAE@XZ
??0CppSQLite3DB@@QAE@XZ
??1CppSQLite3DB@@UAE@XZ
?execQuery@CppSQLite3DB@@UAE?AVCppSQLite3Query@@PBD@Z
?getStringField@CppSQLite3Query@@UAEPBDPBD0@Z

shlwapi

StrRetToBufW
StrFromTimeIntervalW
PathCompactPathExW

comctl32

ImageList_Create
ImageList_GetIconSize
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_SetImageCount
ImageList_SetOverlayImage
InitCommonControlsEx

urlmon

URLDownloadToCacheFileW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 655KB - Virtual size: 655KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 571KB - Virtual size: 570KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
eBoostrMeasure.exe
.exe windows:5 windows x86 arch:x86

85534292537a00cdc53d581f7de33eca

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/02/2008, 00:00

Not After

05/02/2011, 23:59

Subject

CN=MDO,O=MDO,POSTALCODE=109319,STREET=Volgogradskiy prospekt 26-1,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:1b:48:27:50:fe:eb:04:f4:5a:10:92:36:51:5f:0c:0d:9c:a3:e0
Signer

Actual PE Digest

6a:1b:48:27:50:fe:eb:04:f4:5a:10:92:36:51:5f:0c:0d:9c:a3:e0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

ResetEvent
WinExec
OpenEventW
GetCurrentProcess
SetLastError
GetCurrentThreadId
RaiseException
FlushInstructionCache
InterlockedIncrement
FreeLibrary
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
lstrcmpiW
DebugBreak
OutputDebugStringW
lstrlenA
GetVersionExW
lstrcpynW
SetEnvironmentVariableA
CompareStringW
CompareStringA
CreateFileA
GetDriveTypeA
ReadFile
SetEndOfFile
WriteConsoleW
DeviceIoControl
WriteConsoleA
GetStringTypeW
GetStringTypeA
LCMapStringW
lstrlenW
FlushFileBuffers
SetStdHandle
GetLocaleInfoA
InitializeCriticalSectionAndSpinCount
GetConsoleMode
GetConsoleCP
SetFilePointer
GetCurrentProcessId
QueryPerformanceCounter
GetStartupInfoA
GetFileType
SetHandleCount
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetTimeZoneInformation
GetCurrentDirectoryA
GetFullPathNameW
WideCharToMultiByte
GetDateFormatA
GetLastError
GetConsoleOutputCP
CreateFileW
InterlockedDecrement
FormatMessageW
LocalFree
CreateThread
LeaveCriticalSection
EnterCriticalSection
Sleep
GetModuleHandleW
GetProcAddress
CreateEventW
GetModuleFileNameW
SetEvent
VirtualAlloc
VirtualFree
WaitForSingleObject
InitializeCriticalSection
GetTickCount
CreateProcessW
GetProcessIoCounters
TerminateProcess
GlobalMemoryStatus
DeleteCriticalSection
GetTimeFormatA
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapReAlloc
HeapCreate
GetModuleFileNameA
GetStdHandle
WriteFile
ExitProcess
HeapSize
CloseHandle
LCMapStringA
GetModuleHandleA
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
InterlockedCompareExchange
HeapFree
GetProcessHeap
HeapAlloc
LoadLibraryA
IsProcessorFeaturePresent
RtlUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileW
GetSystemTimeAsFileTime
GetStartupInfoW

user32

GetClientRect
MapWindowPoints
SetWindowPos
MonitorFromWindow
GetWindowLongW
GetWindowRect
GetWindow
PostMessageW
GetWindowThreadProcessId
GetParent
EndDialog
GetMonitorInfoW
GetSystemMetrics
LoadStringW
wvsprintfW
IsDialogMessageW
SetDlgItemInt
GetDlgItemTextW
GetDlgItemInt
DialogBoxParamW
PostQuitMessage
GetKeyState
GetActiveWindow
UnregisterClassA
LoadImageW
CharNextW
ShowWindow
DestroyWindow
PeekMessageW
GetMessageW
TranslateMessage
DispatchMessageW
CreateDialogParamW
DefWindowProcW
SetWindowLongW
MessageBoxW
GetDlgItem
SetDlgItemTextW
SendMessageW
SendInput
WaitForInputIdle
EnumWindows

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

CreateServiceW
InitializeSecurityDescriptor
RegQueryValueExW
OpenServiceW
ControlService
DeleteService
OpenSCManagerW
StartServiceW
CloseServiceHandle
RegQueryInfoKeyW
RegSetValueExW
RegEnumKeyExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
SetSecurityDescriptorDacl

shell32

ShellExecuteW
SHGetSpecialFolderPathW
ShellExecuteExW

ole32

CoInitialize
CoUninitialize
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

VarUI4FromStr

comctl32

InitCommonControlsEx

pdh

PdhCollectQueryData
PdhAddCounterW
PdhOpenQueryW
PdhLookupPerfNameByIndexW
PdhGetFormattedCounterValue

Sections

.text
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
memeat.exe
.exe windows:5 windows x86 arch:x86

bb85172f6de2f7726e6e71dab302b732

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

17/05/2005, 00:00

Not After

16/05/2010, 23:59

Subject

CN=Comodo Time Stamping Signer,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

06/02/2008, 00:00

Not After

05/02/2011, 23:59

Subject

CN=MDO,O=MDO,POSTALCODE=109319,STREET=Volgogradskiy prospekt 26-1,L=Moscow,ST=n/a,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

b2:4f:4c:21:a1:11:5f:78:3e:bd:23:ff:b5:98:e2:23:e9:50:d8:5b
Signer

Actual PE Digest

b2:4f:4c:21:a1:11:5f:78:3e:bd:23:ff:b5:98:e2:23:e9:50:d8:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

y:\projects\eBoostr\_Release\memeat.pdb

Imports

kernel32

OpenEventW
WaitForSingleObject
VirtualAlloc
Sleep
VirtualFree
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
GetLastError
HeapFree
HeapAlloc
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
WideCharToMultiByte
LCMapStringW

Sections

.text
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
sqlite.dll
.dll windows:5 windows x86 arch:x86

3234b36957078ea567e6ca8a72204226

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

y:\projects\eBoostr\_Release\sqlite.pdb

Imports

kernel32

GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
SetEndOfFile
FreeLibrary
InterlockedIncrement
QueryPerformanceCounter
UnlockFile
LockFile
GetTickCount
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
GetVersionExW
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
LockFileEx
EnterCriticalSection
LoadLibraryA
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
GetSystemTime
DeleteFileA
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetTimeZoneInformation
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleA
GetConsoleCP
GetConsoleMode
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
RaiseException

Exports

Exports

??0CTransaction@@QAE@AAVCppSQLite3DB@@@Z
??0CTransaction@@QAE@ABV0@@Z
??0CppSQLite3Binary@@QAE@ABV0@@Z
??0CppSQLite3Binary@@QAE@XZ
??0CppSQLite3Buffer@@QAE@ABV0@@Z
??0CppSQLite3Buffer@@QAE@XZ
??0CppSQLite3DB@@AAE@ABV0@@Z
??0CppSQLite3DB@@QAE@XZ
??0CppSQLite3Exception@@QAE@ABV0@@Z
??0CppSQLite3Exception@@QAE@HPAD_N@Z
??0CppSQLite3Query@@QAE@ABV0@@Z
??0CppSQLite3Query@@QAE@PAUsqlite3@@PAUsqlite3_stmt@@_N2@Z
??0CppSQLite3Query@@QAE@XZ
??0CppSQLite3Statement@@QAE@ABV0@@Z
??0CppSQLite3Statement@@QAE@PAUsqlite3@@PAUsqlite3_stmt@@@Z
??0CppSQLite3Statement@@QAE@XZ
??0CppSQLite3Table@@QAE@ABV0@@Z
??0CppSQLite3Table@@QAE@PAPADHH@Z
??0CppSQLite3Table@@QAE@XZ
??1CTransaction@@UAE@XZ
??1CppSQLite3Binary@@UAE@XZ
??1CppSQLite3Buffer@@UAE@XZ
??1CppSQLite3DB@@UAE@XZ
??1CppSQLite3Exception@@UAE@XZ
??1CppSQLite3Query@@UAE@XZ
??1CppSQLite3Statement@@UAE@XZ
??1CppSQLite3Table@@UAE@XZ
??4CppSQLite3Binary@@QAEAAV0@ABV0@@Z
??4CppSQLite3Buffer@@QAEAAV0@ABV0@@Z
??4CppSQLite3DB@@AAEAAV0@ABV0@@Z
??4CppSQLite3Exception@@QAEAAV0@ABV0@@Z
??4CppSQLite3Query@@QAEAAV0@ABV0@@Z
??4CppSQLite3Statement@@UAEAAV0@ABV0@@Z
??4CppSQLite3Table@@UAEAAV0@ABV0@@Z
??BCppSQLite3Buffer@@UAEPBDXZ
??_7CTransaction@@6B@
??_7CppSQLite3Binary@@6B@
??_7CppSQLite3Buffer@@6B@
??_7CppSQLite3DB@@6B@
??_7CppSQLite3Exception@@6B@
??_7CppSQLite3Query@@6B@
??_7CppSQLite3Statement@@6B@
??_7CppSQLite3Table@@6B@
?SQLiteVersion@CppSQLite3DB@@SAPBDXZ
?allocBuffer@CppSQLite3Binary@@UAEPAEH@Z
?bind@CppSQLite3Statement@@UAEXHH@Z
?bind@CppSQLite3Statement@@UAEXHN@Z
?bind@CppSQLite3Statement@@UAEXHPBD@Z
?bind@CppSQLite3Statement@@UAEXHPBEH@Z
?bindNull@CppSQLite3Statement@@UAEXH@Z
?checkDB@CppSQLite3DB@@AAEXXZ
?checkDB@CppSQLite3Statement@@AAEXXZ
?checkResults@CppSQLite3Table@@AAEXXZ
?checkVM@CppSQLite3Query@@AAEXXZ
?checkVM@CppSQLite3Statement@@AAEXXZ
?clear@CppSQLite3Binary@@UAEXXZ
?clear@CppSQLite3Buffer@@UAEXXZ
?close@CppSQLite3DB@@UAEXXZ
?compile@CppSQLite3DB@@AAEPAUsqlite3_stmt@@PBD@Z
?compileStatement@CppSQLite3DB@@UAE?AVCppSQLite3Statement@@PBD@Z
?eof@CppSQLite3Query@@UAE_NXZ
?errorCode@CppSQLite3Exception@@UAE?BHXZ
?errorCodeAsString@CppSQLite3Exception@@SAPBDH@Z
?errorMessage@CppSQLite3Exception@@UAEPBDXZ
?execDML@CppSQLite3DB@@UAEHPBD@Z
?execDML@CppSQLite3Statement@@UAEHXZ
?execQuery@CppSQLite3DB@@UAE?AVCppSQLite3Query@@PBD@Z
?execQuery@CppSQLite3Statement@@UAE?AVCppSQLite3Query@@XZ
?execScalar@CppSQLite3DB@@UAEHPBD@Z
?fieldDataType@CppSQLite3Query@@UAEHH@Z
?fieldDeclType@CppSQLite3Query@@UAEPBDH@Z
?fieldIndex@CppSQLite3Query@@UAEHPBD@Z
?fieldIsNull@CppSQLite3Query@@UAE_NH@Z
?fieldIsNull@CppSQLite3Query@@UAE_NPBD@Z
?fieldIsNull@CppSQLite3Table@@UAE_NH@Z
?fieldIsNull@CppSQLite3Table@@UAE_NPBD@Z
?fieldName@CppSQLite3Query@@UAEPBDH@Z
?fieldName@CppSQLite3Table@@UAEPBDH@Z
?fieldValue@CppSQLite3Query@@UAEPBDH@Z
?fieldValue@CppSQLite3Query@@UAEPBDPBD@Z
?fieldValue@CppSQLite3Table@@UAEPBDH@Z
?fieldValue@CppSQLite3Table@@UAEPBDPBD@Z
?finalize@CppSQLite3Query@@UAEXXZ
?finalize@CppSQLite3Statement@@UAEXXZ
?finalize@CppSQLite3Table@@UAEXXZ
?format@CppSQLite3Buffer@@UAAPBDPBDZZ
?getBinary@CppSQLite3Binary@@UAEPBEXZ
?getBinaryLength@CppSQLite3Binary@@UAEHXZ
?getBlobField@CppSQLite3Query@@UAEPBEHAAH@Z
?getBlobField@CppSQLite3Query@@UAEPBEPBDAAH@Z
?getEncoded@CppSQLite3Binary@@UAEPBEXZ
?getFloatField@CppSQLite3Query@@UAENHN@Z
?getFloatField@CppSQLite3Query@@UAENPBDN@Z
?getFloatField@CppSQLite3Table@@UAENHN@Z
?getFloatField@CppSQLite3Table@@UAENPBDN@Z
?getInt64Field@CppSQLite3Query@@UAE_JHH@Z
?getInt64Field@CppSQLite3Query@@UAE_JPBDH@Z
?getIntField@CppSQLite3Query@@UAEHHH@Z
?getIntField@CppSQLite3Query@@UAEHPBDH@Z
?getIntField@CppSQLite3Table@@UAEHHH@Z
?getIntField@CppSQLite3Table@@UAEHPBDH@Z
?getStringField@CppSQLite3Query@@UAEPBDHPBD@Z
?getStringField@CppSQLite3Query@@UAEPBDPBD0@Z
?getStringField@CppSQLite3Table@@UAEPBDHPBD@Z
?getStringField@CppSQLite3Table@@UAEPBDPBD0@Z
?getTable@CppSQLite3DB@@UAE?AVCppSQLite3Table@@PBD@Z
?interrupt@CppSQLite3DB@@UAEXXZ
?isInitialized@CppSQLite3DB@@UAE_NXZ
?lastRowId@CppSQLite3DB@@UAE_JXZ
?nextRow@CppSQLite3Query@@UAEXXZ
?numFields@CppSQLite3Query@@UAEHXZ
?numFields@CppSQLite3Table@@UAEHXZ
?numRows@CppSQLite3Table@@UAEHXZ
?open@CppSQLite3DB@@UAEXPBD_N@Z
?reset@CppSQLite3Statement@@UAEXXZ
?setBinary@CppSQLite3Binary@@UAEXPBEH@Z
?setBusyTimeout@CppSQLite3DB@@UAEXH@Z
?setEncoded@CppSQLite3Binary@@UAEXPBE@Z
?setRow@CppSQLite3Table@@UAEXH@Z
?sqlite3RollbackAll@CppSQLite3DB@@UAEXXZ
?tableExists@CppSQLite3DB@@UAE_NPBD@Z

Sections

.text
Size: 430KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
sqlite.new.dll
.dll windows:5 windows x86 arch:x86

3234b36957078ea567e6ca8a72204226

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

y:\projects\eBoostr\_Release\sqlite.pdb

Imports

kernel32

GetFullPathNameW
GetFullPathNameA
CreateFileA
GetFileSize
SetFilePointer
SetEndOfFile
FreeLibrary
InterlockedIncrement
QueryPerformanceCounter
UnlockFile
LockFile
GetTickCount
GetSystemTimeAsFileTime
FormatMessageA
WriteFile
InitializeCriticalSection
WideCharToMultiByte
LoadLibraryW
Sleep
GetVersionExW
LeaveCriticalSection
GetFileAttributesA
GetFileAttributesW
ReadFile
CreateFileW
MultiByteToWideChar
FlushFileBuffers
GetTempPathW
GetLastError
GetProcAddress
LockFileEx
EnterCriticalSection
LoadLibraryA
DeleteCriticalSection
GetCurrentThreadId
CloseHandle
DeleteFileW
GetCurrentProcessId
GetTempPathA
GetSystemTime
DeleteFileA
HeapAlloc
HeapFree
HeapReAlloc
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetModuleHandleW
ExitProcess
GetStdHandle
GetModuleFileNameA
GetCPInfo
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
GetTimeZoneInformation
LCMapStringA
LCMapStringW
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
RtlUnwind
InitializeCriticalSectionAndSpinCount
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
GetModuleHandleA
GetConsoleCP
GetConsoleMode
HeapSize
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CompareStringA
CompareStringW
SetEnvironmentVariableA
RaiseException

Exports

Exports

??0CTransaction@@QAE@AAVCppSQLite3DB@@@Z
??0CTransaction@@QAE@ABV0@@Z
??0CppSQLite3Binary@@QAE@ABV0@@Z
??0CppSQLite3Binary@@QAE@XZ
??0CppSQLite3Buffer@@QAE@ABV0@@Z
??0CppSQLite3Buffer@@QAE@XZ
??0CppSQLite3DB@@AAE@ABV0@@Z
??0CppSQLite3DB@@QAE@XZ
??0CppSQLite3Exception@@QAE@ABV0@@Z
??0CppSQLite3Exception@@QAE@HPAD_N@Z
??0CppSQLite3Query@@QAE@ABV0@@Z
??0CppSQLite3Query@@QAE@PAUsqlite3@@PAUsqlite3_stmt@@_N2@Z
??0CppSQLite3Query@@QAE@XZ
??0CppSQLite3Statement@@QAE@ABV0@@Z
??0CppSQLite3Statement@@QAE@PAUsqlite3@@PAUsqlite3_stmt@@@Z
??0CppSQLite3Statement@@QAE@XZ
??0CppSQLite3Table@@QAE@ABV0@@Z
??0CppSQLite3Table@@QAE@PAPADHH@Z
??0CppSQLite3Table@@QAE@XZ
??1CTransaction@@UAE@XZ
??1CppSQLite3Binary@@UAE@XZ
??1CppSQLite3Buffer@@UAE@XZ
??1CppSQLite3DB@@UAE@XZ
??1CppSQLite3Exception@@UAE@XZ
??1CppSQLite3Query@@UAE@XZ
??1CppSQLite3Statement@@UAE@XZ
??1CppSQLite3Table@@UAE@XZ
??4CppSQLite3Binary@@QAEAAV0@ABV0@@Z
??4CppSQLite3Buffer@@QAEAAV0@ABV0@@Z
??4CppSQLite3DB@@AAEAAV0@ABV0@@Z
??4CppSQLite3Exception@@QAEAAV0@ABV0@@Z
??4CppSQLite3Query@@QAEAAV0@ABV0@@Z
??4CppSQLite3Statement@@UAEAAV0@ABV0@@Z
??4CppSQLite3Table@@UAEAAV0@ABV0@@Z
??BCppSQLite3Buffer@@UAEPBDXZ
??_7CTransaction@@6B@
??_7CppSQLite3Binary@@6B@
??_7CppSQLite3Buffer@@6B@
??_7CppSQLite3DB@@6B@
??_7CppSQLite3Exception@@6B@
??_7CppSQLite3Query@@6B@
??_7CppSQLite3Statement@@6B@
??_7CppSQLite3Table@@6B@
?SQLiteVersion@CppSQLite3DB@@SAPBDXZ
?allocBuffer@CppSQLite3Binary@@UAEPAEH@Z
?bind@CppSQLite3Statement@@UAEXHH@Z
?bind@CppSQLite3Statement@@UAEXHN@Z
?bind@CppSQLite3Statement@@UAEXHPBD@Z
?bind@CppSQLite3Statement@@UAEXHPBEH@Z
?bindNull@CppSQLite3Statement@@UAEXH@Z
?checkDB@CppSQLite3DB@@AAEXXZ
?checkDB@CppSQLite3Statement@@AAEXXZ
?checkResults@CppSQLite3Table@@AAEXXZ
?checkVM@CppSQLite3Query@@AAEXXZ
?checkVM@CppSQLite3Statement@@AAEXXZ
?clear@CppSQLite3Binary@@UAEXXZ
?clear@CppSQLite3Buffer@@UAEXXZ
?close@CppSQLite3DB@@UAEXXZ
?compile@CppSQLite3DB@@AAEPAUsqlite3_stmt@@PBD@Z
?compileStatement@CppSQLite3DB@@UAE?AVCppSQLite3Statement@@PBD@Z
?eof@CppSQLite3Query@@UAE_NXZ
?errorCode@CppSQLite3Exception@@UAE?BHXZ
?errorCodeAsString@CppSQLite3Exception@@SAPBDH@Z
?errorMessage@CppSQLite3Exception@@UAEPBDXZ
?execDML@CppSQLite3DB@@UAEHPBD@Z
?execDML@CppSQLite3Statement@@UAEHXZ
?execQuery@CppSQLite3DB@@UAE?AVCppSQLite3Query@@PBD@Z
?execQuery@CppSQLite3Statement@@UAE?AVCppSQLite3Query@@XZ
?execScalar@CppSQLite3DB@@UAEHPBD@Z
?fieldDataType@CppSQLite3Query@@UAEHH@Z
?fieldDeclType@CppSQLite3Query@@UAEPBDH@Z
?fieldIndex@CppSQLite3Query@@UAEHPBD@Z
?fieldIsNull@CppSQLite3Query@@UAE_NH@Z
?fieldIsNull@CppSQLite3Query@@UAE_NPBD@Z
?fieldIsNull@CppSQLite3Table@@UAE_NH@Z
?fieldIsNull@CppSQLite3Table@@UAE_NPBD@Z
?fieldName@CppSQLite3Query@@UAEPBDH@Z
?fieldName@CppSQLite3Table@@UAEPBDH@Z
?fieldValue@CppSQLite3Query@@UAEPBDH@Z
?fieldValue@CppSQLite3Query@@UAEPBDPBD@Z
?fieldValue@CppSQLite3Table@@UAEPBDH@Z
?fieldValue@CppSQLite3Table@@UAEPBDPBD@Z
?finalize@CppSQLite3Query@@UAEXXZ
?finalize@CppSQLite3Statement@@UAEXXZ
?finalize@CppSQLite3Table@@UAEXXZ
?format@CppSQLite3Buffer@@UAAPBDPBDZZ
?getBinary@CppSQLite3Binary@@UAEPBEXZ
?getBinaryLength@CppSQLite3Binary@@UAEHXZ
?getBlobField@CppSQLite3Query@@UAEPBEHAAH@Z
?getBlobField@CppSQLite3Query@@UAEPBEPBDAAH@Z
?getEncoded@CppSQLite3Binary@@UAEPBEXZ
?getFloatField@CppSQLite3Query@@UAENHN@Z
?getFloatField@CppSQLite3Query@@UAENPBDN@Z
?getFloatField@CppSQLite3Table@@UAENHN@Z
?getFloatField@CppSQLite3Table@@UAENPBDN@Z
?getInt64Field@CppSQLite3Query@@UAE_JHH@Z
?getInt64Field@CppSQLite3Query@@UAE_JPBDH@Z
?getIntField@CppSQLite3Query@@UAEHHH@Z
?getIntField@CppSQLite3Query@@UAEHPBDH@Z
?getIntField@CppSQLite3Table@@UAEHHH@Z
?getIntField@CppSQLite3Table@@UAEHPBDH@Z
?getStringField@CppSQLite3Query@@UAEPBDHPBD@Z
?getStringField@CppSQLite3Query@@UAEPBDPBD0@Z
?getStringField@CppSQLite3Table@@UAEPBDHPBD@Z
?getStringField@CppSQLite3Table@@UAEPBDPBD0@Z
?getTable@CppSQLite3DB@@UAE?AVCppSQLite3Table@@PBD@Z
?interrupt@CppSQLite3DB@@UAEXXZ
?isInitialized@CppSQLite3DB@@UAE_NXZ
?lastRowId@CppSQLite3DB@@UAE_JXZ
?nextRow@CppSQLite3Query@@UAEXXZ
?numFields@CppSQLite3Query@@UAEHXZ
?numFields@CppSQLite3Table@@UAEHXZ
?numRows@CppSQLite3Table@@UAEHXZ
?open@CppSQLite3DB@@UAEXPBD_N@Z
?reset@CppSQLite3Statement@@UAEXXZ
?setBinary@CppSQLite3Binary@@UAEXPBEH@Z
?setBusyTimeout@CppSQLite3DB@@UAEXH@Z
?setEncoded@CppSQLite3Binary@@UAEXPBE@Z
?setRow@CppSQLite3Table@@UAEXH@Z
?sqlite3RollbackAll@CppSQLite3DB@@UAEXXZ
?tableExists@CppSQLite3DB@@UAE_NPBD@Z

Sections

.text
Size: 430KB - Virtual size: 429KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

b729b61eb1515fcf7b3e511e4e66258b

Code Sign

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89Certificate

Extended Key Usages

Key Usages

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23Certificate

Extended Key Usages

Key Usages

ca:91:df:7a:ab:ad:14:53:9c:f9:28:a8:0b:2f:89:9a:34:19:04:e8Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 25KB - Virtual size: 24KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 409KB

.ndata Size: - Virtual size: 596KB

.rsrc Size: 120KB - Virtual size: 119KB

8fbbf807b5bf33729f0092d4b8c483c4

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 4KB - Virtual size: 3KB

.data Size: 1024B - Virtual size: 17KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

2be79521ab92f834267b9728a9762af6

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 729B

.data Size: - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 282B

72ab97fccc18249c090aefd986c05a61

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

ole32

Exports

Exports

Sections

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

ca:91:df:7a:ab:ad:14:53:9c:f9:28:a8:0b:2f:89:9a:34:19:04:e8
Signer

.text
Size: 25KB - Virtual size: 24KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 409KB

.ndata
Size: - Virtual size: 596KB

.rsrc
Size: 120KB - Virtual size: 119KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 1024B - Virtual size: 17KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 729B

.data
Size: - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 282B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 296B

.reloc
Size: 512B - Virtual size: 480B

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 1024B - Virtual size: 848B

.data
Size: - Virtual size: 56B

.reloc
Size: 512B - Virtual size: 502B

04:00:00:00:00:00:f9:7f:aa:2e:1e
Certificate

04:00:00:00:00:01:08:d9:61:1c:d6
Certificate

04:00:00:00:00:01:10:92:eb:82:95
Certificate

01:00:00:00:00:01:1b:f8:be:2b:0a
Certificate

04:00:00:00:00:01:17:ab:50:b9:15
Certificate

61:0b:7f:6b:00:00:00:00:00:19
Certificate

04:7a:3b:53:90:43:b5:86:c7:b4:75:f4:34:20:3c:c2:0b:b5:ad:23
Signer

.text
Size: 121KB - Virtual size: 121KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 1KB - Virtual size: 1KB

.pdata
Size: 5KB - Virtual size: 5KB

PAGE
Size: 4KB - Virtual size: 4KB

INIT
Size: 7KB - Virtual size: 7KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 486B

4f:63:d0:30:f8:15:a3:a5:b3:44:69:40:06:3d:16:89
Certificate

9a:42:ce:56:77:47:e6:ff:d7:66:ba:21:93:ef:27:23
Certificate

f9:28:59:60:00:df:62:6f:6c:34:c7:d7:9d:a2:cb:39:10:48:ef:ee
Signer