7a843738b89a6f1fc7bf344098b4fee0_NeikiAnalytics[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

7a843738b89a6f1fc7bf344098b4fee0_NeikiAnalytics.exe
Size

4.9MB
MD5

7a843738b89a6f1fc7bf344098b4fee0
SHA1

9c08e1d1ebe0d64d691ef8103a0b60b085f69821
SHA256

19c41f03e7e31253611c9ee2d315af16d0b5f7b7052d98f71a7890730b0c0211
SHA512

b7030a8c8922450f70d15d265cefc60f8271ce0c33f71c2b81a55f7c388b10f71cdb52faab35d1d47ddf3a7ff867da92c56bb23b5aa5d122b2544099d38a4340
SSDEEP

98304:MJoDgo2deVqTXIkv+STalO4LoCI1tEO2k8V6Z+i4OY+3FOVLpVDtUk:Son2deVSYsTaQzJtEO+6Z+K/YVNF

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 2 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack002/$PLUGINSDIR/UAC.dll	acprotect
static1/unpack002/$PLUGINSDIR/newtextreplace.dll	acprotect

UPX packed file 2 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack002/$PLUGINSDIR/UAC.dll	upx
static1/unpack002/$PLUGINSDIR/newtextreplace.dll	upx

Unsigned PE 22 IoCs

Checks for missing Authenticode signature.

resource
7a843738b89a6f1fc7bf344098b4fee0_NeikiAnalytics.exe
unpack001/$PLUGINSDIR/System.dll
unpack001/$TEMP/PowerISO/App/PowerISO64/$R0
unpack001/$TEMP/PowerISO/App/PowerISO64/7z-x64.dll
unpack001/$TEMP/PowerISO/App/PowerISO64/MACDll.DLL
unpack001/$TEMP/PowerISO/App/PowerISO64/devcon.exe
unpack001/$TEMP/PowerISO/App/PowerISO64/lame_enc.dll
unpack001/$TEMP/PowerISO/App/PowerISO64/libFLAC.DLL
unpack001/$TEMP/PowerISO/App/PowerISO64/libvorbis.DLL
unpack001/$TEMP/PowerISO/PowerISOPortable.exe
unpack002/$PLUGINSDIR/Banner.dll
unpack002/$PLUGINSDIR/ExecDos.dll
unpack002/$PLUGINSDIR/LockedList.dll
unpack002/$PLUGINSDIR/LockedList64.dll
unpack002/$PLUGINSDIR/StdUtils.dll
unpack002/$PLUGINSDIR/System.dll
unpack002/$PLUGINSDIR/UAC.dll
unpack003/out.upx
unpack002/$PLUGINSDIR/newtextreplace.dll
unpack004/out.upx
unpack002/$PLUGINSDIR/nsExec.dll
unpack002/$PLUGINSDIR/registry.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

7a843738b89a6f1fc7bf344098b4fee0_NeikiAnalytics.exe
.exe windows:4 windows x86 arch:x86

7c2c71dfce9a27650634dc8b1ca03bf0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetFileAttributesA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileTime
GetFileAttributesA
SetCurrentDirectoryA
MoveFileA
GetFullPathNameA
GetShortPathNameA
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
DeleteFileA
FindFirstFileA
FindNextFileA
FindClose
SetFilePointer
GetPrivateProfileStringA
WritePrivateProfileStringA
MulDiv
MultiByteToWideChar
FreeLibrary
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

GetSystemMenu
SetClassLongA
EnableMenuItem
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
ScreenToClient
GetWindowRect
GetDlgItem
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
LoadImageA
CreateDialogParamA
SetTimer
SetWindowTextA
SetForegroundWindow
ShowWindow
SetWindowLongA
SendMessageTimeoutA
FindWindowExA
IsWindow
AppendMenuA
TrackPopupMenu
CreatePopupMenu
DrawTextA
EndPaint
DestroyWindow
wsprintfA
PostQuitMessage

gdi32

SelectObject
SetTextColor
SetBkMode
CreateFontIndirectA
CreateBrushIndirect
DeleteObject
GetDeviceCaps
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ord17
ImageList_Destroy

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PowerISO/App/AppInfo/AppIcon.ico
$TEMP/PowerISO/App/AppInfo/AppIcon2.ico
$TEMP/PowerISO/App/AppInfo/AppInfo.ini
$TEMP/PowerISO/App/AppInfo/Launcher/Custom.nsh
$TEMP/PowerISO/App/AppInfo/Launcher/PowerISOPortable.ini
$TEMP/PowerISO/App/DefaultData/settings/PowerISO.reg
$TEMP/PowerISO/App/DefaultData/settings/scdemu.sys
.sys windows:5 windows x86 arch:x86

126620b149c9cfb6b8f0dbcc0cf6de08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:7e:fd:f2:28:25:ba:27:05:30:fb:09:d5:2b:32:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/03/2014, 00:00

Not After

25/06/2017, 23:59

Subject

CN=Power Software Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Power Software Limited,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:3b:3d:03:63:ac:ec:80:69:9f:4c:bf:1a:5f:09:dd
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

18/12/2015, 00:00

Not After

25/06/2017, 23:59

Subject

CN=Power Software Limited,O=Power Software Limited,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

80:e1:36:45:fa:78:45:e3:8e:1a:55:33:ee:ad:ad:0c:1e:d9:dc:0b:f0:e0:e1:5e:e2:a5:5c:bc:21:b6:ee:a7
Signer

Actual PE Digest

80:e1:36:45:fa:78:45:e3:8e:1a:55:33:ee:ad:ad:0c:1e:d9:dc:0b:f0:e0:e1:5e:e2:a5:5c:bc:21:b6:ee:a7

Digest Algorithm

sha256

PE Digest Matches

true

2e:45:8f:50:53:8d:24:6f:d2:d6:ec:2f:5e:93:ec:54:9f:6d:d4:82
Signer

Actual PE Digest

2e:45:8f:50:53:8d:24:6f:d2:d6:ec:2f:5e:93:ec:54:9f:6d:d4:82

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

ZwClose
ZwMakeTemporaryObject
ZwCreateDirectoryObject
RtlInitUnicodeString
KeSetEvent
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeEvent
KeInitializeSpinLock
IoDeleteDevice
IoCreateSymbolicLink
IoCreateDevice
swprintf
IoDeleteSymbolicLink
ExFreePool
SeTokenType
ObfDereferenceObject
KeWaitForSingleObject
IofCompleteRequest
ExfInterlockedInsertTailList
SeCreateClientSecurity
KeGetCurrentThread
ExAllocatePoolWithTag
MmMapLockedPagesSpecifyCache
PsRevertToSelf
SeImpersonateClient
ExfInterlockedRemoveHeadList
PsTerminateSystemThread
KeSetPriorityThread
KeQueryPriorityThread
_alldiv
_allshr
_aullshr
ZwDeleteKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwOpenKey
RtlWriteRegistryValue
RtlDeleteRegistryValue
RtlCreateRegistryKey
wcschr
wcsstr
wcslen
ZwQueryInformationFile
ZwCreateFile
_allmul
ZwReadFile
_allrem
KeTickCount
wcscpy
_wcsicmp
strncmp
wcscat
wcsrchr
wcscmp
_wcslwr
_aulldiv
_allshl

Sections

.text
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 288B - Virtual size: 286B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PowerISO/App/DefaultData/settings/scdemu64.sys
.sys windows:5 windows x64 arch:x64

8cc86026769dacc3439639a1321b72f8

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:7e:fd:f2:28:25:ba:27:05:30:fb:09:d5:2b:32:f8
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/03/2014, 00:00

Not After

25/06/2017, 23:59

Subject

CN=Power Software Limited,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Power Software Limited,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2e:3b:3d:03:63:ac:ec:80:69:9f:4c:bf:1a:5f:09:dd
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

18/12/2015, 00:00

Not After

25/06/2017, 23:59

Subject

CN=Power Software Limited,O=Power Software Limited,L=Hong Kong,ST=Hong Kong,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ce:2b:8e:70:8d:7d:3e:3c:43:a2:96:1f:ac:31:2b:c3:a1:e9:f1:53:d1:3a:00:ac:d8:20:5a:03:5e:55:36:09
Signer

Actual PE Digest

ce:2b:8e:70:8d:7d:3e:3c:43:a2:96:1f:ac:31:2b:c3:a1:e9:f1:53:d1:3a:00:ac:d8:20:5a:03:5e:55:36:09

Digest Algorithm

sha256

PE Digest Matches

true

5f:3b:82:84:ec:7f:8e:3e:1d:ce:7e:1d:dc:9e:3d:64:0e:45:32:16
Signer

Actual PE Digest

5f:3b:82:84:ec:7f:8e:3e:1d:ce:7e:1d:dc:9e:3d:64:0e:45:32:16

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

z:\untitled-1\ddk\obj\amd64\scdemu.pdb

Imports

ntoskrnl.exe

IoDeleteDevice
IoDeleteSymbolicLink
RtlInitUnicodeString
swprintf
ExFreePoolWithTag
SeTokenType
ObfDereferenceObject
KeWaitForSingleObject
KeSetEvent
IofCompleteRequest
ExInterlockedInsertTailList
MmMapLockedPagesSpecifyCache
ZwClose
SeCreateClientSecurity
ExAllocatePoolWithTag
PsRevertToSelf
SeImpersonateClient
ExInterlockedRemoveHeadList
PsTerminateSystemThread
KeSetPriorityThread
KeQueryPriorityThread
ObReferenceObjectByHandle
PsCreateSystemThread
KeInitializeEvent
IoCreateSymbolicLink
IoCreateDevice
ZwMakeTemporaryObject
ZwCreateDirectoryObject
ZwDeleteKey
ZwEnumerateKey
ZwEnumerateValueKey
ZwOpenKey
RtlWriteRegistryValue
RtlDeleteRegistryValue
RtlCreateRegistryKey
wcschr
wcsstr
ZwQueryInformationFile
ZwCreateFile
ZwReadFile
_wcsicmp
strncmp
wcsrchr
_wcslwr
KeBugCheckEx

Sections

.text
Size: 91KB - Virtual size: 90KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

PAGE
Size: 512B - Virtual size: 448B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 264B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PowerISO/App/PowerISO64/$R0
.exe windows:5 windows x64 arch:x64

24129f939da41cc56515e833be608d60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

z:\devcon\objfre_wnet_AMD64\amd64\devcon.pdb

Imports

msvcrt

__set_app_type
_fmode
_commode
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
memset
wprintf
__argc
__wargv
_itow
wcsrchr
_wcsicmp
_wcsnicmp
iswalpha
towupper
towlower
wcschr
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
_iob
fputs
fputws

advapi32

RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegDeleteValueW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegSetValueExW

kernel32

GetFullPathNameW
GetFileAttributesW
LoadLibraryW
GetProcAddress
FreeLibrary
lstrcpynW
FileTimeToSystemTime
GetTickCount
lstrcpyW
lstrlenW
GetLastError
GetCurrentProcess
CloseHandle
FormatMessageW
LocalFree
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetStartupInfoW
GetDateFormatW

user32

LoadStringW
CharNextW
ExitWindowsEx
CharPrevW

setupapi

CM_Get_Res_Des_Data_Size_Ex
CM_Free_Res_Des_Handle
CM_Get_Next_Res_Des_Ex
CM_Free_Log_Conf_Handle
CM_Get_First_Log_Conf_Ex
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiOpenDevRegKey
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupCloseFileQueue
SetupScanFileQueueW
SetupDiCallClassInstaller
SetupOpenFileQueue
SetupDiSetSelectedDriverW
SetupDiGetDriverInstallParamsW
SetupDiOpenClassRegKeyExW
SetupDiGetClassDescriptionExW
SetupDiClassNameFromGuidExW
SetupDiBuildClassInfoListExW
SetupDiSetClassInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
CM_Disconnect_Machine
CM_Reenumerate_DevNode_Ex
CM_Locate_DevNode_ExW
CM_Connect_MachineW
CM_Get_Res_Des_Data_Ex
CM_Get_DevNode_Status_Ex
SetupDiClassGuidsFromNameExW
SetupDiCreateDeviceInfoListExW
SetupDiGetClassDevsExW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
CM_Get_Device_ID_ExW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailW

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/PowerISO/App/PowerISO64/7z-x64.dll
.dll windows:4 windows x64 arch:x64

ce27eb7b93c6a2a178c82454ef850190

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

oleaut32

SysAllocStringByteLen
SysAllocStringLen
VariantClear
SysFreeString
SysStringLen
SysAllocString
VariantCopy

user32

CharPrevExA
CharUpperW

advapi32

SystemFunction036

kernel32

TerminateProcess
RtlVirtualUnwind
VirtualQuery
VirtualProtect
SetThreadAffinityMask
GetLastError
MultiByteToWideChar
WideCharToMultiByte
CloseHandle
SetFileTime
CreateFileW
SetFileAttributesW
GetProcAddress
GetModuleHandleW
CreateDirectoryW
DeleteFileW
GetTempPathW
SetLastError
GetCurrentProcessId
GetTickCount
GetCurrentThreadId
GetFileInformationByHandle
FindClose
FindFirstFileW
GetModuleHandleA
GetFileAttributesW
ReadFile
WriteFile
CompareFileTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetProcessAffinityMask
GetCurrentProcess
GetSystemInfo
GlobalMemoryStatusEx
DosDateTimeToFileTime
FileTimeToDosDateTime
GetSystemTimeAsFileTime
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
LocalFileTimeToFileTime
DeleteCriticalSection
GetOEMCP
QueryPerformanceCounter
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
WaitForSingleObject
ResumeThread
RtlCaptureContext
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
ReleaseSemaphore
InitializeCriticalSection
RaiseException
RtlPcToFileHeader
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
ExitThread
CreateThread
GetCommandLineA
GetVersionExA
GetProcessHeap
SetUnhandledExceptionFilter
TlsAlloc
TlsFree
TlsSetValue
TlsGetValue
HeapSetInformation
HeapCreate
HeapDestroy
Sleep
HeapSize
UnhandledExceptionFilter
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetACP
GetCPInfo
LoadLibraryA
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

CreateDecoder
CreateEncoder
CreateObject
GetHandlerProperty
GetHandlerProperty2
GetHashers
GetIsArc
GetMethodProperty
GetModuleProp
GetNumberOfFormats
GetNumberOfMethods
SetCaseSensitive
SetCodecs
SetLargePageMode

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 336KB - Virtual size: 336KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 99KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PowerISO/App/PowerISO64/Lang/Arabic.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Armenian.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Azerbaijani.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Belarusian.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Bosnian.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Bulgarian.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Burmese.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Croatian.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Czech.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Danish.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Dutch.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Farsi.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Finnish.lng
$TEMP/PowerISO/App/PowerISO64/Lang/French.lng
$TEMP/PowerISO/App/PowerISO64/Lang/German.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Greek.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Hungarian.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Indonesian.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Italian.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Japanese.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Kazakh.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Korean.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Lithuanian.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Malay.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Norsk.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Polish.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Portuguese(Brazil).lng
$TEMP/PowerISO/App/PowerISO64/Lang/Romanian.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Russian.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Serbian(cyrl).lng
$TEMP/PowerISO/App/PowerISO64/Lang/SimpChinese.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Slovak.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Slovenian.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Spanish.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Swedish.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Thai.lng
$TEMP/PowerISO/App/PowerISO64/Lang/TradChinese.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Turkish.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Ukrainian.lng
$TEMP/PowerISO/App/PowerISO64/Lang/Urdu(Pakistan).lng
$TEMP/PowerISO/App/PowerISO64/Lang/Vietnamese.lng
$TEMP/PowerISO/App/PowerISO64/License.txt
$TEMP/PowerISO/App/PowerISO64/MACDll.DLL
.dll windows:4 windows x64 arch:x64

5173b83356153baed25f36114d9e31a2

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

Sleep
CloseHandle
ReadFile
WriteFile
SetFilePointer
SetEndOfFile
GetFileSize
CreateFileW
DeleteFileW
WideCharToMultiByte
MultiByteToWideChar
FlushFileBuffers
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlUnwindEx
RaiseException
RtlPcToFileHeader
GetCommandLineA
HeapFree
GetVersionExA
HeapAlloc
GetProcessHeap
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitProcess
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetACP
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
InitializeCriticalSection
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
LCMapStringA
LCMapStringW
LoadLibraryA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle

user32

DispatchMessageW
PeekMessageW
TranslateMessage

Exports

Exports

CompressFile
CompressFileW
ConvertFile
ConvertFileW
DecompressFile
DecompressFileW
FillWaveFormatEx
FillWaveHeader
GetChecksum
GetFieldTagW
GetID3Tag
GetInterfaceCompatibility
GetVersionNumber
RemoveTag
SetFieldTagW
ShowFileInfoDialog
TagFileSimple
VerifyFile
VerifyFileW
c_APECompress_AddData
c_APECompress_Create
c_APECompress_Destroy
c_APECompress_Finish
c_APECompress_GetBufferBytesAvailable
c_APECompress_Kill
c_APECompress_LockBuffer
c_APECompress_Start
c_APECompress_StartW
c_APECompress_UnlockBuffer
c_APEDecompress_Create
c_APEDecompress_CreateW
c_APEDecompress_Destroy
c_APEDecompress_GetData
c_APEDecompress_GetInfo
c_APEDecompress_Seek

Sections

.text
Size: 111KB - Virtual size: 111KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PowerISO/App/PowerISO64/PWRISOSH.dll
.dll regsvr32 windows:4 windows x64 arch:x64

a4d287b9303de7d98f4f607103a2e826

Code Sign

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/03/2023, 04:13

Not After

08/03/2026, 04:13

Subject

CN=Power Software Limited,O=Power Software Limited,L=Sheung Wan,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/03/2023, 04:13

Not After

08/03/2026, 04:13

Subject

CN=Power Software Limited,O=Power Software Limited,L=Sheung Wan,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

45:d2:8a:06:a1:45:f1:f3:49:e3:64:40:26:e0:6f:12:7e:42:f2:c9:f7:d7:80:2f:cf:0b:b4:a7:62:67:43:86
Signer

Actual PE Digest

45:d2:8a:06:a1:45:f1:f3:49:e3:64:40:26:e0:6f:12:7e:42:f2:c9:f7:d7:80:2f:cf:0b:b4:a7:62:67:43:86

Digest Algorithm

sha256

PE Digest Matches

true

6b:17:25:4f:9d:c3:9a:77:c2:a4:92:49:84:4f:5b:72:c8:f2:91:c0
Signer

Actual PE Digest

6b:17:25:4f:9d:c3:9a:77:c2:a4:92:49:84:4f:5b:72:c8:f2:91:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetLogicalDrives
DeviceIoControl
DefineDosDeviceW
QueryDosDeviceW
GetLastError
GetVolumeInformationW
GetDriveTypeW
ReadFile
GetFileSize
GetSystemDefaultLangID
lstrcpynW
lstrlenW
lstrcpyW
GetTempPathW
GetTempFileNameW
DeleteFileW
GetModuleHandleW
GetCurrentProcess
GetVersionExW
GetProcessHeap
HeapAlloc
HeapFree
GetModuleFileNameW
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
CreateEventW
CreateProcessW
Sleep
WaitForSingleObject
CreateFileW
LoadLibraryW
GetProcAddress
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
WriteFile
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GlobalDeleteAtom
GlobalAlloc
lstrcmpW
GlobalLock
GetCurrentThread
SetLastError
lstrlenA
GetModuleHandleA
GlobalUnlock
LocalFree
FreeResource
LockResource
LoadResource
FindResourceW
GlobalFree
GetVersionExA
lstrcatW
FreeLibrary
GlobalFindAtomW
GlobalAddAtomW
GetVersion
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
SetErrorMode
WritePrivateProfileStringW
GlobalFlags
GetProcessVersion
FlushFileBuffers
RtlUnwindEx
GetCommandLineA
RaiseException
RtlPcToFileHeader
HeapSize
HeapReAlloc
LCMapStringA
LCMapStringW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetACP
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
SetFilePointer
CloseHandle
CreateThread
lstrcmpiW
MulDiv
FindFirstFileW
FindNextFileW
UnhandledExceptionFilter
FindClose
LoadLibraryA

user32

SetWindowsHookExW
GetMenuCheckMarkDimensions
EnableMenuItem
GetMenuState
ModifyMenuW
GetNextDlgTabItem
GetFocus
UnhookWindowsHookEx
TabbedTextOutW
GrayStringW
BeginPaint
EndPaint
CopyRect
IsWindow
EndDialog
GetDlgItem
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
SendDlgItemMessageW
IsDialogMessageW
SetWindowTextW
GetWindowTextW
GetDlgCtrlID
MoveWindow
ShowWindow
SetFocus
SetWindowPos
GetWindow
GetWindowPlacement
IsIconic
SystemParametersInfoA
CallWindowProcW
DefWindowProcW
RegisterClassW
GetClassInfoW
GetMenuItemID
GetSubMenu
CallNextHookEx
AdjustWindowRectEx
GetMenu
UpdateWindow
MapWindowPoints
GetForegroundWindow
GetTopWindow
SetWindowLongPtrW
GetMessagePos
GetMessageTime
GetWindowLongPtrW
SendDlgItemMessageA
RemovePropW
GetPropW
SetPropW
CreateWindowExW
WinHelpW
GetCapture
RegisterWindowMessageW
UnregisterClassW
GetSysColorBrush
LoadCursorW
LoadStringW
DestroyMenu
ValidateRect
GetActiveWindow
GetMessageW
PeekMessageW
GetCursorPos
MessageBoxW
GetLastActivePopup
IsWindowEnabled
SetCursor
PostMessageW
PostQuitMessage
MessageBoxA
SetForegroundWindow
GetWindowLongW
GetParent
MessageBoxIndirectW
ReleaseDC
DrawTextW
GetDC
TranslateMessage
DispatchMessageW
GetKeyState
wsprintfW
LoadIconW
CreateMenu
InsertMenuW
DeleteMenu
SetMenuItemBitmaps
InsertMenuItemW
GetMenuItemCount
GetMenuStringW
LoadBitmapW
GetSystemMetrics
SetRect
DrawIconEx
DestroyIcon
GetIconInfo
SendMessageW
KillTimer
SetTimer
EnableWindow
GetClassNameW
GetSysColor
IsWindowVisible
GetClientRect
PtInRect
SetMenuItemInfoW
CheckMenuItem
BroadcastSystemMessage
FindWindowW
ScreenToClient
ClientToScreen
GetDesktopWindow
GetWindowRect

advapi32

RegQueryValueExA
RegCreateKeyExA
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteExW
DragQueryFileW
SHChangeNotify

ole32

StringFromIID
CoGetMalloc
ReleaseStgMedium

gdi32

CreateBitmap
RestoreDC
SetBkColor
SetBkMode
SetTextColor
SaveDC
SetMapMode
GetClipBox
GetBitmapBits
SetBitmapBits
SelectObject
GetDIBits
GetObjectW
CreateDIBSection
GetStockObject
CreateSolidBrush
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetDeviceCaps
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap

comdlg32

GetOpenFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

comctl32

ord17

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PowerISO/App/PowerISO64/PWRISOSH64.dll
.dll regsvr32 windows:4 windows x64 arch:x64

a4d287b9303de7d98f4f607103a2e826

Code Sign

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11/09/2018, 09:26

Not After

11/09/2023, 09:26

Subject

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/03/2023, 04:13

Not After

08/03/2026, 04:13

Subject

CN=Power Software Limited,O=Power Software Limited,L=Sheung Wan,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11/09/2018, 09:26

Not After

11/09/2023, 09:26

Subject

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11/09/2018, 09:26

Not After

11/09/2023, 09:26

Subject

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/03/2023, 04:13

Not After

08/03/2026, 04:13

Subject

CN=Power Software Limited,O=Power Software Limited,L=Sheung Wan,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e4:27:04:95:f6:8c:91:d6:d0:ec:7b:49:4e:a4:df:1c
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

11/09/2018, 09:26

Not After

11/09/2023, 09:26

Subject

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b1:5e:31:ab:3f:05:f8:89:fc:2f:ee:b5:af:11:01:15:e5:f3:f9:ba:bb:d3:98:3d:a6:6e:f4:98:4a:9e:ed:5b
Signer

Actual PE Digest

b1:5e:31:ab:3f:05:f8:89:fc:2f:ee:b5:af:11:01:15:e5:f3:f9:ba:bb:d3:98:3d:a6:6e:f4:98:4a:9e:ed:5b

Digest Algorithm

sha256

PE Digest Matches

true

4e:84:6a:fd:f9:f1:2d:af:db:a0:63:55:7f:90:0c:4f:a4:2d:35:2e
Signer

Actual PE Digest

4e:84:6a:fd:f9:f1:2d:af:db:a0:63:55:7f:90:0c:4f:a4:2d:35:2e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

ExitProcess
GetLogicalDrives
DeviceIoControl
DefineDosDeviceW
QueryDosDeviceW
GetLastError
GetVolumeInformationW
GetDriveTypeW
ReadFile
GetFileSize
GetSystemDefaultLangID
lstrcpynW
lstrlenW
lstrcpyW
GetTempPathW
GetTempFileNameW
DeleteFileW
GetModuleHandleW
GetCurrentProcess
GetVersionExW
GetProcessHeap
HeapAlloc
HeapFree
GetModuleFileNameW
GetFileAttributesW
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
CreateEventW
CreateProcessW
Sleep
WaitForSingleObject
CreateFileW
LoadLibraryW
GetProcAddress
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
WriteFile
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GlobalDeleteAtom
GlobalAlloc
lstrcmpW
GlobalLock
GetCurrentThread
SetLastError
lstrlenA
GetModuleHandleA
GlobalUnlock
LocalFree
FreeResource
LockResource
LoadResource
FindResourceW
GlobalFree
GetVersionExA
lstrcatW
FreeLibrary
GlobalFindAtomW
GlobalAddAtomW
GetVersion
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
SetErrorMode
WritePrivateProfileStringW
GlobalFlags
GetProcessVersion
FlushFileBuffers
RtlUnwindEx
GetCommandLineA
RaiseException
RtlPcToFileHeader
HeapSize
HeapReAlloc
LCMapStringA
LCMapStringW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
HeapSetInformation
HeapCreate
HeapDestroy
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetACP
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
SetFilePointer
CloseHandle
CreateThread
lstrcmpiW
MulDiv
FindFirstFileW
FindNextFileW
UnhandledExceptionFilter
FindClose
LoadLibraryA

user32

SetWindowsHookExW
GetMenuCheckMarkDimensions
EnableMenuItem
GetMenuState
ModifyMenuW
GetNextDlgTabItem
GetFocus
UnhookWindowsHookEx
TabbedTextOutW
GrayStringW
BeginPaint
EndPaint
CopyRect
IsWindow
EndDialog
GetDlgItem
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
SendDlgItemMessageW
IsDialogMessageW
SetWindowTextW
GetWindowTextW
GetDlgCtrlID
MoveWindow
ShowWindow
SetFocus
SetWindowPos
GetWindow
GetWindowPlacement
IsIconic
SystemParametersInfoA
CallWindowProcW
DefWindowProcW
RegisterClassW
GetClassInfoW
GetMenuItemID
GetSubMenu
CallNextHookEx
AdjustWindowRectEx
GetMenu
UpdateWindow
MapWindowPoints
GetForegroundWindow
GetTopWindow
SetWindowLongPtrW
GetMessagePos
GetMessageTime
GetWindowLongPtrW
SendDlgItemMessageA
RemovePropW
GetPropW
SetPropW
CreateWindowExW
WinHelpW
GetCapture
RegisterWindowMessageW
UnregisterClassW
GetSysColorBrush
LoadCursorW
LoadStringW
DestroyMenu
ValidateRect
GetActiveWindow
GetMessageW
PeekMessageW
GetCursorPos
MessageBoxW
GetLastActivePopup
IsWindowEnabled
SetCursor
PostMessageW
PostQuitMessage
MessageBoxA
SetForegroundWindow
GetWindowLongW
GetParent
MessageBoxIndirectW
ReleaseDC
DrawTextW
GetDC
TranslateMessage
DispatchMessageW
GetKeyState
wsprintfW
LoadIconW
CreateMenu
InsertMenuW
DeleteMenu
SetMenuItemBitmaps
InsertMenuItemW
GetMenuItemCount
GetMenuStringW
LoadBitmapW
GetSystemMetrics
SetRect
DrawIconEx
DestroyIcon
GetIconInfo
SendMessageW
KillTimer
SetTimer
EnableWindow
GetClassNameW
GetSysColor
IsWindowVisible
GetClientRect
PtInRect
SetMenuItemInfoW
CheckMenuItem
BroadcastSystemMessage
FindWindowW
ScreenToClient
ClientToScreen
GetDesktopWindow
GetWindowRect

advapi32

RegQueryValueExA
RegCreateKeyExA
RegQueryValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteKeyW
RegDeleteValueW
RegSetValueExW
RegCloseKey

shell32

ShellExecuteExW
DragQueryFileW
SHChangeNotify

ole32

StringFromIID
CoGetMalloc
ReleaseStgMedium

gdi32

CreateBitmap
RestoreDC
SetBkColor
SetBkMode
SetTextColor
SaveDC
SetMapMode
GetClipBox
GetBitmapBits
SetBitmapBits
SelectObject
GetDIBits
GetObjectW
CreateDIBSection
GetStockObject
CreateSolidBrush
DeleteObject
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetDeviceCaps
DeleteDC
BitBlt
CreateCompatibleDC
CreateCompatibleBitmap

comdlg32

GetOpenFileNameW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

comctl32

ord17

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 161KB - Virtual size: 160KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PowerISO/App/PowerISO64/PWRISOVM.exe
.exe windows:4 windows x64 arch:x64

022c402ae019a280b7ab516c9cca994a

Code Sign

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/03/2023, 04:13

Not After

08/03/2026, 04:13

Subject

CN=Power Software Limited,O=Power Software Limited,L=Sheung Wan,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/03/2023, 04:13

Not After

08/03/2026, 04:13

Subject

CN=Power Software Limited,O=Power Software Limited,L=Sheung Wan,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8d:e8:e3:60:d3:23:f1:ed:98:1f:c4:8a:a0:ac:e9:17:94:30:27:90:57:4c:e2:f6:80:c0:97:0e:f3:6f:ba:46
Signer

Actual PE Digest

8d:e8:e3:60:d3:23:f1:ed:98:1f:c4:8a:a0:ac:e9:17:94:30:27:90:57:4c:e2:f6:80:c0:97:0e:f3:6f:ba:46

Digest Algorithm

sha256

PE Digest Matches

true

d7:04:6d:cd:98:e2:3c:b8:99:5d:36:4b:b1:c9:64:79:51:fd:12:42
Signer

Actual PE Digest

d7:04:6d:cd:98:e2:3c:b8:99:5d:36:4b:b1:c9:64:79:51:fd:12:42

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetPrivateProfileIntW
DeleteFileW
GetPrivateProfileStringW
FormatMessageW
LocalFree
MulDiv
FindNextFileW
FindClose
GetSystemDefaultLangID
GetModuleHandleW
GetCurrentProcess
GetVersionExW
GetModuleFileNameW
FindFirstFileW
ReadFile
WriteFile
GetFileSize
SetFilePointer
CloseHandle
CreateThread
lstrcmpiW
GetLastError
QueryDosDeviceW
DefineDosDeviceW
DeviceIoControl
GetLogicalDrives
lstrcpynW
CreateDirectoryW
GetFileAttributesW
SetLastError
MultiByteToWideChar
WideCharToMultiByte
CreateEventW
CreateProcessW
Sleep
WaitForSingleObject
CreateFileW
GetVersion
LoadLibraryW
GetProcAddress
GetTickCount
ExitProcess
LoadLibraryA
SetStdHandle
GetStringTypeW
GetStringTypeA
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GlobalDeleteAtom
GlobalAlloc
lstrcmpW
GlobalLock
lstrlenW
GetCurrentThread
lstrlenA
GetVersionExA
lstrcatW
FreeLibrary
GetModuleHandleA
GlobalFindAtomW
GlobalAddAtomW
FreeResource
LockResource
LoadResource
FindResourceW
GlobalUnlock
GlobalFree
WritePrivateProfileStringW
lstrcpyW
GlobalFlags
LocalAlloc
LeaveCriticalSection
GlobalReAlloc
GlobalHandle
EnterCriticalSection
TlsGetValue
InitializeCriticalSection
TlsAlloc
TlsSetValue
LocalReAlloc
DeleteCriticalSection
TlsFree
GetProcessVersion
SetErrorMode
FlushFileBuffers
HeapFree
HeapAlloc
GetProcessHeap
GetStartupInfoW
RtlUnwindEx
RaiseException
RtlPcToFileHeader
HeapReAlloc
HeapSize
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
HeapSetInformation
HeapCreate
LCMapStringA
LCMapStringW
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetACP
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetLocaleInfoA

user32

UnhookWindowsHookEx
SetCursor
IsWindowEnabled
GetLastActivePopup
MessageBoxW
PeekMessageW
ValidateRect
GetKeyState
DispatchMessageW
TranslateMessage
GetMessageW
GetActiveWindow
CallNextHookEx
SetWindowsHookExW
LoadBitmapW
GetMenuCheckMarkDimensions
GetMenuState
GetNextDlgTabItem
GetFocus
SetMenuItemBitmaps
GetWindow
GetWindowPlacement
IsIconic
SystemParametersInfoA
SetWindowPos
CallWindowProcW
GetDlgCtrlID
GetWindowTextLengthW
GetDlgItem
RegisterClassW
GetClassInfoW
wsprintfW
AdjustWindowRectEx
GetMenu
UpdateWindow
MapWindowPoints
SetActiveWindow
GetForegroundWindow
DestroyWindow
TrackPopupMenu
GetTopWindow
SetWindowLongPtrW
PostQuitMessage
GetMessageTime
GetWindowLongPtrW
SetFocus
IsWindow
SendDlgItemMessageA
SendDlgItemMessageW
RemovePropW
GetPropW
SetPropW
CreateWindowExW
WinHelpW
GetCapture
TabbedTextOutW
GrayStringW
BeginPaint
EndPaint
DestroyMenu
EndDialog
CreateDialogIndirectParamW
GetSubMenu
IsDialogMessageW
MoveWindow
ShowWindow
LoadStringW
GetSysColorBrush
InsertMenuW
GetMenuItemInfoW
GetMenuStringW
GetMenuItemID
GetMenuItemCount
ModifyMenuW
LoadCursorW
LoadIconW
MessageBoxA
DefWindowProcW
PostMessageW
FindWindowW
CopyRect
UnregisterClassW
GetDC
GetMessagePos
GetWindowTextW
SetWindowTextW
SendMessageW
KillTimer
SetTimer
GetClassNameW
IsWindowVisible
GetClientRect
PtInRect
BroadcastSystemMessage
SetMenuItemInfoW
EnableMenuItem
CreatePopupMenu
RegisterWindowMessageW
DestroyIcon
GetSystemMetrics
LoadImageW
GetCursorPos
EnableWindow
CheckMenuItem
ScreenToClient
ClientToScreen
GetDesktopWindow
GetWindowRect
DrawTextW
SystemParametersInfoW
MessageBoxIndirectW
EnumWindows
GetParent
GetWindowLongW
SetForegroundWindow
GetSysColor
LoadMenuW
RemoveMenu
ReleaseDC

advapi32

RegEnumValueW
RegDeleteKeyW
RegOpenKeyExW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegDeleteValueW
RegSetValueExW

shell32

SHGetSpecialFolderPathW
Shell_NotifyIconW
SHChangeNotify
ShellExecuteExW

gdi32

DeleteDC
GetStockObject
CreateCompatibleBitmap
DeleteObject
GetTextExtentPoint32W
Rectangle
CreateSolidBrush
CreatePen
SetStretchBltMode
BitBlt
StretchBlt
SetPixel
GetPixel
SelectObject
CreateCompatibleDC
CreateBitmap
GetDeviceCaps
SetBkMode
SetMapMode
RestoreDC
SaveDC
ScaleWindowExtEx
SetWindowExtEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
MoveToEx
LineTo
GetObjectW
SetBkColor
SetTextColor
GetClipBox

comdlg32

GetOpenFileNameW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

comctl32

ord17

wininet

InternetConnectW
InternetOpenW
InternetCloseHandle
HttpSendRequestW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetReadFile
HttpQueryInfoW
InternetAttemptConnect

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 194KB - Virtual size: 193KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/PowerISO/App/PowerISO64/PowerISO.chm
.chm
$TEMP/PowerISO/App/PowerISO64/PowerISO.exe
.exe windows:4 windows x64 arch:x64

9e5a36df18c50be553716c2181253bf4

Code Sign

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/03/2023, 04:13

Not After

08/03/2026, 04:13

Subject

CN=Power Software Limited,O=Power Software Limited,L=Sheung Wan,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/03/2023, 04:13

Not After

08/03/2026, 04:13

Subject

CN=Power Software Limited,O=Power Software Limited,L=Sheung Wan,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:a7:0f:17:a2:25:dd:02:cc:ca:f1:64:42:9d:c4:fe:1f:49:9a:39:79:b0:48:7f:e3:24:52:1d:63:97:e3:ea
Signer

Actual PE Digest

aa:a7:0f:17:a2:25:dd:02:cc:ca:f1:64:42:9d:c4:fe:1f:49:9a:39:79:b0:48:7f:e3:24:52:1d:63:97:e3:ea

Digest Algorithm

sha256

PE Digest Matches

true

f2:20:5b:80:43:ce:c6:eb:88:d2:a9:db:d3:98:d4:39:8d:a1:58:d6
Signer

Actual PE Digest

f2:20:5b:80:43:ce:c6:eb:88:d2:a9:db:d3:98:d4:39:8d:a1:58:d6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_BIND
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

LCMapStringW
LCMapStringA
HeapCreate
HeapSetInformation
GetStartupInfoA
SetHandleCount
GetCommandLineW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetModuleFileNameA
GetStdHandle
HeapSize
GetFileType
RtlPcToFileHeader
RaiseException
GetCurrentDirectoryA
HeapReAlloc
RtlUnwindEx
GetStartupInfoW
GetProcessHeap
HeapAlloc
HeapFree
VirtualQuery
GetSystemInfo
VirtualAlloc
SetErrorMode
GetTimeZoneInformation
GetProcessVersion
TlsFree
LocalReAlloc
GlobalReAlloc
GlobalFlags
GetProfileIntW
GlobalGetAtomNameW
lstrcpyW
UnlockFile
LockFile
GlobalAddAtomW
GlobalFindAtomW
GetModuleHandleA
lstrcatW
GetVersionExA
FreeResource
WritePrivateProfileStringW
lstrlenA
lstrcmpW
GlobalDeleteAtom
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetDateFormatA
GetTimeFormatA
GetStringTypeA
GetStringTypeW
SetStdHandle
GetACP
GetOEMCP
GetCPInfo
IsBadReadPtr
IsBadWritePtr
IsBadCodePtr
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
IsValidCodePage
GetDriveTypeA
CompareStringA
CompareStringW
lstrlenW
GetFileInformationByHandle
MoveFileExW
TlsAlloc
DosDateTimeToFileTime
TlsSetValue
TlsGetValue
GetVersionExW
RemoveDirectoryW
GetSystemDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
VirtualProtect
WinExec
CopyFileW
GetTempPathW
CreatePipe
DuplicateHandle
GetCurrentDirectoryW
GetModuleFileNameW
GetPrivateProfileIntW
GetPrivateProfileStringW
GlobalSize
SetCurrentDirectoryW
GetCurrentProcessId
OpenEventW
GetLongPathNameW
GetSystemWindowsDirectoryW
ExitThread
CreateProcessW
GetExitCodeProcess
QueryPerformanceFrequency
QueryPerformanceCounter
GetFileTime
GlobalHandle
LoadLibraryExW
FormatMessageW
LoadLibraryA
GetCurrentProcess
GetVersion
GetFullPathNameW
DefineDosDeviceW
SetFileTime
ResetEvent
WriteFile
FlushFileBuffers
QueryDosDeviceW
CloseHandle
CreateDirectoryW
SetFileAttributesW
MoveFileW
SuspendThread
ResumeThread
lstrcmpiW
FreeLibrary
lstrcpynW
GetWindowsDirectoryW
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetFileAttributesW
GetThreadPriority
GetFileAttributesExW
GetLogicalDriveStringsW
GetTempFileNameW
SetThreadExecutionState
GetLogicalDrives
LocalAlloc
LocalFree
CreateEventA
DeviceIoControl
GetOverlappedResult
CreateEventW
CreateThread
SetEvent
EnterCriticalSection
LeaveCriticalSection
FindResourceW
LoadResource
LockResource
SizeofResource
MulDiv
GetSystemDefaultLangID
SetFilePointer
GetFileSize
GetCurrentThread
SetThreadPriority
SetEndOfFile
GetTickCount
GetLastError
SetLastError
ReadFile
MultiByteToWideChar
WideCharToMultiByte
FindNextFileW
WaitForSingleObject
Sleep
GetLocaleInfoW
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
LocalFileTimeToFileTime
FindFirstFileW
GetDriveTypeW
FileTimeToLocalFileTime
FileTimeToSystemTime
GetLocalTime
FindClose
DeleteFileW
CreateFileW
GetCurrentThreadId
ExitProcess
InitializeCriticalSection
LoadLibraryW
GetProcAddress
GetModuleHandleW
CreateMutexW
GetVolumeInformationW
GetDiskFreeSpaceExW
DeleteCriticalSection
FindResourceExW
SetEnvironmentVariableA

user32

OffsetRect
DrawEdge
GetWindowDC
DrawStateW
CreateIconIndirect
GetClassNameW
OpenClipboard
CloseClipboard
EmptyClipboard
GetDCEx
PostThreadMessageW
WindowFromPoint
TrackPopupMenuEx
ModifyMenuW
LoadImageW
RegisterClipboardFormatW
IsZoomed
SetMenu
GetKeyboardLayout
IsRectEmpty
IntersectRect
CreateCaret
SetCaretPos
HideCaret
ShowCaret
DestroyCaret
DrawIconEx
SendMessageA
SetClassLongPtrW
MessageBoxIndirectW
CharUpperW
ShowScrollBar
FindWindowW
InsertMenuW
RemoveMenu
BroadcastSystemMessage
GetSystemMenu
GetClipboardData
IsClipboardFormatAvailable
EqualRect
EndDeferWindowPos
BeginDeferWindowPos
GetKeyState
GetCapture
GetMessagePos
GetDesktopWindow
LoadStringW
SetRect
SetParent
UnpackDDElParam
ReuseDDElParam
SetClipboardData
GetIconInfo
ShowWindow
SetFocus
GrayStringW
TabbedTextOutW
DestroyIcon
SystemParametersInfoW
GetScrollInfo
IsWindow
PtInRect
ReleaseCapture
GetFocus
SetCapture
SetMenuDefaultItem
ClientToScreen
CheckMenuRadioItem
GetMenuItemID
EnableMenuItem
CreatePopupMenu
SetWindowsHookExW
CallNextHookEx
SetDlgItemTextW
GetWindowPlacement
MessageBoxW
CopyRect
UnhookWindowsHookEx
MoveWindow
GetClassInfoExW
RegisterClassExW
CreateWindowExW
SetPropW
SetWindowLongPtrW
RemovePropW
GetDlgItem
SetWindowPos
GetParent
InflateRect
DrawFrameControl
GetSysColorBrush
FrameRect
DrawTextW
DrawFocusRect
GetWindowLongPtrW
GetPropW
CallWindowProcW
InvalidateRgn
DefWindowProcW
SetForegroundWindow
PostMessageW
MessageBeep
IsWindowVisible
GetClientRect
IsIconic
DrawIcon
GetSystemMetrics
LockWindowUpdate
GetSysColor
RedrawWindow
LoadBitmapW
FillRect
GetWindowLongW
SetWindowLongW
GetCursorPos
ScreenToClient
SetCursor
LoadCursorW
KillTimer
SetTimer
EnableWindow
GetWindowRect
LoadMenuW
GetMenuStringW
GetMenuItemInfoW
SetMenuItemInfoW
GetDlgCtrlID
SetWindowTextW
EnumChildWindows
GetWindowTextW
InvalidateRect
GetSubMenu
GetMenuItemCount
CheckMenuItem
ReleaseDC
LoadIconW
SendMessageW
UpdateWindow
GetDC
MessageBoxA
UnregisterClassW
PostQuitMessage
ShowOwnedPopups
IsWindowEnabled
GetLastActivePopup
PeekMessageW
ValidateRect
DispatchMessageW
TranslateMessage
GetMessageW
GetActiveWindow
GetMenuCheckMarkDimensions
GetMenuState
GetNextDlgTabItem
SetMenuItemBitmaps
CheckRadioButton
SendDlgItemMessageW
IsDlgButtonChecked
IsDialogMessageW
GetWindowTextLengthW
wsprintfW
EndDialog
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
DestroyMenu
GetWindow
SystemParametersInfoA
RegisterClassW
GetClassInfoW
SetScrollInfo
DeferWindowPos
AdjustWindowRectEx
GetMenu
MapWindowPoints
GetForegroundWindow
GetScrollPos
SetScrollPos
GetScrollRange
SetScrollRange
TrackPopupMenu
GetTopWindow
ScrollWindow
GetMessageTime
IsChild
SendDlgItemMessageA
WinHelpW
RegisterWindowMessageW
BeginPaint
EndPaint
wvsprintfW
SetRectEmpty
GetAsyncKeyState
MapDialogRect
SetCursorPos
DestroyCursor
TranslateAcceleratorW
BringWindowToTop
LoadAcceleratorsW

advapi32

RegEnumKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW
RegDeleteValueW
RegSetValueExW
RegCreateKeyExW
GetTokenInformation
OpenProcessToken
RegSetValueW
LookupAccountNameW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetNamedSecurityInfoW
SetEntriesInAclW
BuildExplicitAccessWithNameW
GetNamedSecurityInfoW
DeleteAce
EqualSid
GetAce
GetAclInformation
RegUnLoadKeyW
RegLoadKeyW

shell32

SHGetSpecialFolderLocation
ShellExecuteExW
SHChangeNotify
SHGetMalloc
SHGetDesktopFolder
DragQueryFileW
DragFinish
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
SHGetSpecialFolderPathW
DragAcceptFiles

gdi32

SetBkColor
SetTextColor
ExtTextOutW
CreateDIBSection
GetObjectW
CreateCompatibleBitmap
StretchBlt
BitBlt
SelectObject
CreateCompatibleDC
DeleteObject
CreateICW
DeleteDC
CreateFontIndirectW
CreateSolidBrush
GetDeviceCaps
EnumFontFamiliesExW
ScaleWindowExtEx
GetBkColor
GetTextMetricsW
GetStockObject
CreatePen
GetTextExtentPoint32W
CreateBitmap
Ellipse
CreateRectRgn
Rectangle
RoundRect
CreateDIBitmap
LineTo
MoveToEx
CreateRectRgnIndirect
SetRectRgn
TranslateCharsetInfo
SetBoundsRect
SetBkMode
PolyPolyline
CopyMetaFileW
LPtoDP
CombineRgn
CreateFontW
GetCharWidthW
StretchDIBits
CreatePatternBrush
PtVisible
RectVisible
TextOutW
Escape
SetDIBits
GetDIBits
GetPixel
SetPixel
SetStretchBltMode
GetTextColor
SetWindowExtEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
IntersectClipRect
ExcludeClipRect
SetMapMode
RestoreDC
SaveDC
GetClipBox
PatBlt

comdlg32

GetOpenFileNameW
GetSaveFileNameW
GetFileTitleW
ChooseFontW

winmm

mciSendCommandW
mciGetErrorStringW
waveOutOpen
waveOutWrite
waveOutPrepareHeader
waveOutUnprepareHeader
waveOutClose
waveOutReset
mixerGetDevCapsW
mixerOpen
mixerGetNumDevs
mixerClose
mixerGetLineControlsW
mixerGetLineInfoW
mixerGetControlDetailsW
mixerSetControlDetails
waveOutGetDevCapsW

rpcrt4

UuidFromStringW

winspool.drv

DocumentPropertiesW
ClosePrinter
OpenPrinterW

comctl32

ImageList_Create
CreatePropertySheetPageW
DestroyPropertySheetPage
PropertySheetW
ord17
ImageList_AddMasked
ImageList_Add
_TrackMouseEvent
ImageList_Destroy
ImageList_SetBkColor
ImageList_ReplaceIcon

oledlg

OleUIBusyW

ole32

CoTaskMemFree
OleGetClipboard
CoRevokeClassObject
CoFreeUnusedLibraries
OleUninitialize
PropVariantClear
CoCreateGuid
ReleaseStgMedium
CreateStreamOnHGlobal
CoCreateInstance
CoUninitialize
CoInitialize
OleSetClipboard
OleIsCurrentClipboard
CoLockObjectExternal
RevokeDragDrop
OleFlushClipboard
CoRegisterMessageFilter
CoTaskMemAlloc
OleDuplicateData
DoDragDrop
RegisterDragDrop
OleInitialize

oleaut32

SysFreeString
SysAllocString
VariantClear
SysStringByteLen
OleLoadPicture

wininet

HttpQueryInfoW
InternetReadFile
HttpOpenRequestW
HttpAddRequestHeadersW
HttpSendRequestW
InternetCloseHandle
InternetOpenW
InternetConnectW
InternetAttemptConnect

Sections

.text
Size: 2.4MB - Virtual size: 2.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEXT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.2MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 549KB - Virtual size: 548KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/PowerISO/App/PowerISO64/Readme.txt
$TEMP/PowerISO/App/PowerISO64/devcon.exe
.exe windows:5 windows x64 arch:x64

24129f939da41cc56515e833be608d60

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

z:\devcon\objfre_wnet_AMD64\amd64\devcon.pdb

Imports

msvcrt

__set_app_type
_fmode
_commode
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
memset
wprintf
__argc
__wargv
_itow
wcsrchr
_wcsicmp
_wcsnicmp
iswalpha
towupper
towlower
wcschr
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
_iob
fputs
fputws

advapi32

RegQueryValueExW
RegCloseKey
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegDeleteValueW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegSetValueExW

kernel32

GetFullPathNameW
GetFileAttributesW
LoadLibraryW
GetProcAddress
FreeLibrary
lstrcpynW
FileTimeToSystemTime
GetTickCount
lstrcpyW
lstrlenW
GetLastError
GetCurrentProcess
CloseHandle
FormatMessageW
LocalFree
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
QueryPerformanceCounter
GetStartupInfoW
GetDateFormatW

user32

LoadStringW
CharNextW
ExitWindowsEx
CharPrevW

setupapi

CM_Get_Res_Des_Data_Size_Ex
CM_Free_Res_Des_Handle
CM_Get_Next_Res_Des_Ex
CM_Free_Log_Conf_Handle
CM_Get_First_Log_Conf_Ex
SetupDiDestroyDriverInfoList
SetupDiGetDriverInfoDetailW
SetupDiOpenDevRegKey
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupCloseFileQueue
SetupScanFileQueueW
SetupDiCallClassInstaller
SetupOpenFileQueue
SetupDiSetSelectedDriverW
SetupDiGetDriverInstallParamsW
SetupDiOpenClassRegKeyExW
SetupDiGetClassDescriptionExW
SetupDiClassNameFromGuidExW
SetupDiBuildClassInfoListExW
SetupDiSetClassInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiGetINFClassW
CM_Disconnect_Machine
CM_Reenumerate_DevNode_Ex
CM_Locate_DevNode_ExW
CM_Connect_MachineW
CM_Get_Res_Des_Data_Ex
CM_Get_DevNode_Status_Ex
SetupDiClassGuidsFromNameExW
SetupDiCreateDeviceInfoListExW
SetupDiGetClassDevsExW
SetupDiOpenDeviceInfoW
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
CM_Get_Device_ID_ExW
SetupDiEnumDeviceInfo
SetupDiGetDeviceInfoListDetailW

Sections

.text
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/PowerISO/App/PowerISO64/lame_enc.dll
.dll windows:4 windows x64 arch:x64

f7bb0cc37ee70cbc4854a501494922c5

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetModuleFileNameA
OutputDebugStringA
HeapAlloc
HeapFree
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetProcAddress
GetModuleHandleA
GetCurrentThreadId
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapSetInformation
HeapCreate
HeapDestroy
TlsAlloc
SetLastError
GetLastError
TlsFree
TlsSetValue
TlsGetValue
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
LCMapStringW
SetFilePointer
RtlUnwindEx
CloseHandle
WriteFile
GetStdHandle
FlushFileBuffers
DeleteCriticalSection
SetHandleCount
GetFileType
GetStartupInfoA
Sleep
ReadFile
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetStringTypeA
GetStringTypeW
GetCPInfo
GetLocaleInfoA
UnhandledExceptionFilter
GetACP
GetOEMCP
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
SetStdHandle
LoadLibraryA
InitializeCriticalSection
CreateFileW
CreateFileA
SetEndOfFile
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RaiseException

Exports

Exports

beCloseStream
beDeinitStream
beEncodeChunk
beEncodeChunkFloatS16NI
beFlushNoGap
beInitStream
beVersion
beWriteInfoTag
beWriteInfoTagW
beWriteVBRHeader
beWriteVBRHeaderW
id3tag_add_v2
id3tag_init
id3tag_set_album
id3tag_set_artist
id3tag_set_comment
id3tag_set_genre
id3tag_set_title
id3tag_set_track
id3tag_set_year
id3tag_v1_only
id3tag_v2_only
lame_init_bitstream
lame_set_bWriteVbrTag

Sections

.text
Size: 270KB - Virtual size: 269KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEXT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PowerISO/App/PowerISO64/libFLAC.DLL
.dll windows:4 windows x64 arch:x64

1252f49ffdf6fd762d6afd028aeac45a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
HeapFree
HeapReAlloc
GetLastError
MoveFileA
EnterCriticalSection
LeaveCriticalSection
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapSetInformation
HeapCreate
HeapDestroy
RtlUnwindEx
RaiseException
SetFilePointer
ReadFile
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
GetProcAddress
GetModuleHandleA
WriteFile
CloseHandle
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
Sleep
ExitProcess
SetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
FlushFileBuffers
GetACP
GetOEMCP
GetCPInfo
CreateFileA
InitializeCriticalSection
CreateFileW
LoadLibraryA
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
SetEndOfFile
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetTimeZoneInformation
CompareStringA
CompareStringW
SetEnvironmentVariableA
DeleteFileA
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeA
FindFirstFileA
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetFileAttributesA
GetFileAttributesA
GetFileInformationByHandle
PeekNamedPipe
GetFullPathNameA
GetCurrentDirectoryA

Exports

Exports

FLAC_API_SUPPORTS_OGG_FLAC
FLAC__ChannelAssignmentString
FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE2_ESCAPE_PARAMETER
FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE2_PARAMETER_LEN
FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE_ESCAPE_PARAMETER
FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE_ORDER_LEN
FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE_PARAMETER_LEN
FLAC__ENTROPY_CODING_METHOD_PARTITIONED_RICE_RAW_LEN
FLAC__ENTROPY_CODING_METHOD_TYPE_LEN
FLAC__EntropyCodingMethodTypeString
FLAC__FRAME_FOOTER_CRC_LEN
FLAC__FRAME_HEADER_BITS_PER_SAMPLE_LEN
FLAC__FRAME_HEADER_BLOCKING_STRATEGY_LEN
FLAC__FRAME_HEADER_BLOCK_SIZE_LEN
FLAC__FRAME_HEADER_CHANNEL_ASSIGNMENT_LEN
FLAC__FRAME_HEADER_CRC_LEN
FLAC__FRAME_HEADER_RESERVED_LEN
FLAC__FRAME_HEADER_SAMPLE_RATE_LEN
FLAC__FRAME_HEADER_SYNC
FLAC__FRAME_HEADER_SYNC_LEN
FLAC__FRAME_HEADER_ZERO_PAD_LEN
FLAC__FrameNumberTypeString
FLAC__MetadataTypeString
FLAC__Metadata_ChainStatusString
FLAC__Metadata_SimpleIteratorStatusString
FLAC__STREAM_METADATA_APPLICATION_ID_LEN
FLAC__STREAM_METADATA_CUESHEET_INDEX_NUMBER_LEN
FLAC__STREAM_METADATA_CUESHEET_INDEX_OFFSET_LEN
FLAC__STREAM_METADATA_CUESHEET_INDEX_RESERVED_LEN
FLAC__STREAM_METADATA_CUESHEET_IS_CD_LEN
FLAC__STREAM_METADATA_CUESHEET_LEAD_IN_LEN
FLAC__STREAM_METADATA_CUESHEET_MEDIA_CATALOG_NUMBER_LEN
FLAC__STREAM_METADATA_CUESHEET_NUM_TRACKS_LEN
FLAC__STREAM_METADATA_CUESHEET_RESERVED_LEN
FLAC__STREAM_METADATA_CUESHEET_TRACK_ISRC_LEN
FLAC__STREAM_METADATA_CUESHEET_TRACK_NUMBER_LEN
FLAC__STREAM_METADATA_CUESHEET_TRACK_NUM_INDICES_LEN
FLAC__STREAM_METADATA_CUESHEET_TRACK_OFFSET_LEN
FLAC__STREAM_METADATA_CUESHEET_TRACK_PRE_EMPHASIS_LEN
FLAC__STREAM_METADATA_CUESHEET_TRACK_RESERVED_LEN
FLAC__STREAM_METADATA_CUESHEET_TRACK_TYPE_LEN
FLAC__STREAM_METADATA_IS_LAST_LEN
FLAC__STREAM_METADATA_LENGTH_LEN
FLAC__STREAM_METADATA_PICTURE_COLORS_LEN
FLAC__STREAM_METADATA_PICTURE_DATA_LENGTH_LEN
FLAC__STREAM_METADATA_PICTURE_DEPTH_LEN
FLAC__STREAM_METADATA_PICTURE_DESCRIPTION_LENGTH_LEN
FLAC__STREAM_METADATA_PICTURE_HEIGHT_LEN
FLAC__STREAM_METADATA_PICTURE_MIME_TYPE_LENGTH_LEN
FLAC__STREAM_METADATA_PICTURE_TYPE_LEN
FLAC__STREAM_METADATA_PICTURE_WIDTH_LEN
FLAC__STREAM_METADATA_SEEKPOINT_FRAME_SAMPLES_LEN
FLAC__STREAM_METADATA_SEEKPOINT_PLACEHOLDER
FLAC__STREAM_METADATA_SEEKPOINT_SAMPLE_NUMBER_LEN
FLAC__STREAM_METADATA_SEEKPOINT_STREAM_OFFSET_LEN
FLAC__STREAM_METADATA_STREAMINFO_BITS_PER_SAMPLE_LEN
FLAC__STREAM_METADATA_STREAMINFO_CHANNELS_LEN
FLAC__STREAM_METADATA_STREAMINFO_MAX_BLOCK_SIZE_LEN
FLAC__STREAM_METADATA_STREAMINFO_MAX_FRAME_SIZE_LEN
FLAC__STREAM_METADATA_STREAMINFO_MD5SUM_LEN
FLAC__STREAM_METADATA_STREAMINFO_MIN_BLOCK_SIZE_LEN
FLAC__STREAM_METADATA_STREAMINFO_MIN_FRAME_SIZE_LEN
FLAC__STREAM_METADATA_STREAMINFO_SAMPLE_RATE_LEN
FLAC__STREAM_METADATA_STREAMINFO_TOTAL_SAMPLES_LEN
FLAC__STREAM_METADATA_TYPE_LEN
FLAC__STREAM_METADATA_VORBIS_COMMENT_ENTRY_LENGTH_LEN
FLAC__STREAM_METADATA_VORBIS_COMMENT_NUM_COMMENTS_LEN
FLAC__STREAM_SYNC
FLAC__STREAM_SYNC_LEN
FLAC__STREAM_SYNC_STRING
FLAC__SUBFRAME_LPC_QLP_COEFF_PRECISION_LEN
FLAC__SUBFRAME_LPC_QLP_SHIFT_LEN
FLAC__SUBFRAME_TYPE_CONSTANT_BYTE_ALIGNED_MASK
FLAC__SUBFRAME_TYPE_FIXED_BYTE_ALIGNED_MASK
FLAC__SUBFRAME_TYPE_LEN
FLAC__SUBFRAME_TYPE_LPC_BYTE_ALIGNED_MASK
FLAC__SUBFRAME_TYPE_VERBATIM_BYTE_ALIGNED_MASK
FLAC__SUBFRAME_WASTED_BITS_FLAG_LEN
FLAC__SUBFRAME_ZERO_PAD_LEN
FLAC__StreamDecoderErrorStatusString
FLAC__StreamDecoderInitStatusString
FLAC__StreamDecoderLengthStatusString
FLAC__StreamDecoderReadStatusString
FLAC__StreamDecoderSeekStatusString
FLAC__StreamDecoderStateString
FLAC__StreamDecoderTellStatusString
FLAC__StreamDecoderWriteStatusString
FLAC__StreamEncoderInitStatusString
FLAC__StreamEncoderSeekStatusString
FLAC__StreamEncoderStateString
FLAC__StreamEncoderTellStatusString
FLAC__StreamEncoderWriteStatusString
FLAC__StreamMetadata_Picture_TypeString
FLAC__SubframeTypeString
FLAC__VENDOR_STRING
FLAC__VERSION_STRING
FLAC__format_cuesheet_is_legal
FLAC__format_picture_is_legal
FLAC__format_sample_rate_is_subset
FLAC__format_sample_rate_is_valid
FLAC__format_seektable_is_legal
FLAC__format_seektable_sort
FLAC__format_vorbiscomment_entry_is_legal
FLAC__format_vorbiscomment_entry_name_is_legal
FLAC__format_vorbiscomment_entry_value_is_legal
FLAC__metadata_chain_check_if_tempfile_needed
FLAC__metadata_chain_delete
FLAC__metadata_chain_merge_padding
FLAC__metadata_chain_new
FLAC__metadata_chain_read
FLAC__metadata_chain_read_ogg
FLAC__metadata_chain_read_ogg_with_callbacks
FLAC__metadata_chain_read_with_callbacks
FLAC__metadata_chain_sort_padding
FLAC__metadata_chain_status
FLAC__metadata_chain_write
FLAC__metadata_chain_write_with_callbacks
FLAC__metadata_chain_write_with_callbacks_and_tempfile
FLAC__metadata_get_cuesheet
FLAC__metadata_get_picture
FLAC__metadata_get_streaminfo
FLAC__metadata_get_tags
FLAC__metadata_get_tagsW
FLAC__metadata_iterator_delete
FLAC__metadata_iterator_delete_block
FLAC__metadata_iterator_get_block
FLAC__metadata_iterator_get_block_type
FLAC__metadata_iterator_init
FLAC__metadata_iterator_insert_block_after
FLAC__metadata_iterator_insert_block_before
FLAC__metadata_iterator_new
FLAC__metadata_iterator_next
FLAC__metadata_iterator_prev
FLAC__metadata_iterator_set_block
FLAC__metadata_object_application_set_data
FLAC__metadata_object_clone
FLAC__metadata_object_cuesheet_calculate_cddb_id
FLAC__metadata_object_cuesheet_delete_track
FLAC__metadata_object_cuesheet_insert_blank_track
FLAC__metadata_object_cuesheet_insert_track
FLAC__metadata_object_cuesheet_is_legal
FLAC__metadata_object_cuesheet_resize_tracks
FLAC__metadata_object_cuesheet_set_track
FLAC__metadata_object_cuesheet_track_clone
FLAC__metadata_object_cuesheet_track_delete
FLAC__metadata_object_cuesheet_track_delete_index
FLAC__metadata_object_cuesheet_track_insert_blank_index
FLAC__metadata_object_cuesheet_track_insert_index
FLAC__metadata_object_cuesheet_track_new
FLAC__metadata_object_cuesheet_track_resize_indices
FLAC__metadata_object_delete
FLAC__metadata_object_is_equal
FLAC__metadata_object_new
FLAC__metadata_object_picture_is_legal
FLAC__metadata_object_picture_set_data
FLAC__metadata_object_picture_set_description
FLAC__metadata_object_picture_set_mime_type
FLAC__metadata_object_seektable_delete_point
FLAC__metadata_object_seektable_insert_point
FLAC__metadata_object_seektable_is_legal
FLAC__metadata_object_seektable_resize_points
FLAC__metadata_object_seektable_set_point
FLAC__metadata_object_seektable_template_append_placeholders
FLAC__metadata_object_seektable_template_append_point
FLAC__metadata_object_seektable_template_append_points
FLAC__metadata_object_seektable_template_append_spaced_points
FLAC__metadata_object_seektable_template_append_spaced_points_by_samples
FLAC__metadata_object_seektable_template_sort
FLAC__metadata_object_vorbiscomment_append_comment
FLAC__metadata_object_vorbiscomment_delete_comment
FLAC__metadata_object_vorbiscomment_entry_from_name_value_pair
FLAC__metadata_object_vorbiscomment_entry_matches
FLAC__metadata_object_vorbiscomment_entry_to_name_value_pair
FLAC__metadata_object_vorbiscomment_find_entry_from
FLAC__metadata_object_vorbiscomment_insert_comment
FLAC__metadata_object_vorbiscomment_remove_entries_matching
FLAC__metadata_object_vorbiscomment_remove_entry_matching
FLAC__metadata_object_vorbiscomment_replace_comment
FLAC__metadata_object_vorbiscomment_resize_comments
FLAC__metadata_object_vorbiscomment_set_comment
FLAC__metadata_object_vorbiscomment_set_vendor_string
FLAC__metadata_simple_iterator_delete
FLAC__metadata_simple_iterator_delete_block
FLAC__metadata_simple_iterator_get_application_id
FLAC__metadata_simple_iterator_get_block
FLAC__metadata_simple_iterator_get_block_length
FLAC__metadata_simple_iterator_get_block_offset
FLAC__metadata_simple_iterator_get_block_type
FLAC__metadata_simple_iterator_init
FLAC__metadata_simple_iterator_insert_block_after
FLAC__metadata_simple_iterator_is_last
FLAC__metadata_simple_iterator_is_writable
FLAC__metadata_simple_iterator_new
FLAC__metadata_simple_iterator_next
FLAC__metadata_simple_iterator_prev
FLAC__metadata_simple_iterator_set_block
FLAC__metadata_simple_iterator_status
FLAC__stream_decoder_delete
FLAC__stream_decoder_finish
FLAC__stream_decoder_flush
FLAC__stream_decoder_get_bits_per_sample
FLAC__stream_decoder_get_blocksize
FLAC__stream_decoder_get_channel_assignment
FLAC__stream_decoder_get_channels
FLAC__stream_decoder_get_decode_position
FLAC__stream_decoder_get_md5_checking
FLAC__stream_decoder_get_resolved_state_string
FLAC__stream_decoder_get_sample_rate
FLAC__stream_decoder_get_state
FLAC__stream_decoder_get_total_samples
FLAC__stream_decoder_init_FILE
FLAC__stream_decoder_init_file
FLAC__stream_decoder_init_fileW
FLAC__stream_decoder_init_ogg_FILE
FLAC__stream_decoder_init_ogg_file
FLAC__stream_decoder_init_ogg_stream
FLAC__stream_decoder_init_stream
FLAC__stream_decoder_new
FLAC__stream_decoder_process_single
FLAC__stream_decoder_process_until_end_of_metadata
FLAC__stream_decoder_process_until_end_of_stream
FLAC__stream_decoder_reset
FLAC__stream_decoder_seek_absolute
FLAC__stream_decoder_set_md5_checking
FLAC__stream_decoder_set_metadata_ignore
FLAC__stream_decoder_set_metadata_ignore_all
FLAC__stream_decoder_set_metadata_ignore_application
FLAC__stream_decoder_set_metadata_respond
FLAC__stream_decoder_set_metadata_respond_all
FLAC__stream_decoder_set_metadata_respond_application
FLAC__stream_decoder_set_ogg_serial_number
FLAC__stream_decoder_skip_single_frame
FLAC__stream_encoder_delete
FLAC__stream_encoder_disable_constant_subframes
FLAC__stream_encoder_disable_fixed_subframes
FLAC__stream_encoder_disable_verbatim_subframes
FLAC__stream_encoder_finish
FLAC__stream_encoder_get_bits_per_sample
FLAC__stream_encoder_get_blocksize
FLAC__stream_encoder_get_channels
FLAC__stream_encoder_get_do_escape_coding
FLAC__stream_encoder_get_do_exhaustive_model_search
FLAC__stream_encoder_get_do_md5
FLAC__stream_encoder_get_do_mid_side_stereo
FLAC__stream_encoder_get_do_qlp_coeff_prec_search
FLAC__stream_encoder_get_loose_mid_side_stereo
FLAC__stream_encoder_get_max_lpc_order
FLAC__stream_encoder_get_max_residual_partition_order
FLAC__stream_encoder_get_min_residual_partition_order
FLAC__stream_encoder_get_qlp_coeff_precision
FLAC__stream_encoder_get_resolved_state_string
FLAC__stream_encoder_get_rice_parameter_search_dist
FLAC__stream_encoder_get_sample_rate
FLAC__stream_encoder_get_state
FLAC__stream_encoder_get_streamable_subset
FLAC__stream_encoder_get_total_samples_estimate
FLAC__stream_encoder_get_verify
FLAC__stream_encoder_get_verify_decoder_error_stats
FLAC__stream_encoder_get_verify_decoder_state
FLAC__stream_encoder_init_FILE
FLAC__stream_encoder_init_file
FLAC__stream_encoder_init_fileW
FLAC__stream_encoder_init_ogg_FILE
FLAC__stream_encoder_init_ogg_file
FLAC__stream_encoder_init_ogg_stream
FLAC__stream_encoder_init_stream
FLAC__stream_encoder_new
FLAC__stream_encoder_process
FLAC__stream_encoder_process_interleaved
FLAC__stream_encoder_set_apodization
FLAC__stream_encoder_set_bits_per_sample
FLAC__stream_encoder_set_blocksize
FLAC__stream_encoder_set_channels
FLAC__stream_encoder_set_compression_level
FLAC__stream_encoder_set_do_escape_coding
FLAC__stream_encoder_set_do_exhaustive_model_search
FLAC__stream_encoder_set_do_md5
FLAC__stream_encoder_set_do_mid_side_stereo
FLAC__stream_encoder_set_do_qlp_coeff_prec_search
FLAC__stream_encoder_set_loose_mid_side_stereo
FLAC__stream_encoder_set_max_lpc_order
FLAC__stream_encoder_set_max_residual_partition_order
FLAC__stream_encoder_set_metadata
FLAC__stream_encoder_set_min_residual_partition_order
FLAC__stream_encoder_set_ogg_serial_number
FLAC__stream_encoder_set_qlp_coeff_precision
FLAC__stream_encoder_set_rice_parameter_search_dist
FLAC__stream_encoder_set_sample_rate
FLAC__stream_encoder_set_streamable_subset
FLAC__stream_encoder_set_total_samples_estimate
FLAC__stream_encoder_set_verify
FLAC__treamEncoderReadStatusString

Sections

.text
Size: 170KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PowerISO/App/PowerISO64/libvorbis.DLL
.dll windows:4 windows x64 arch:x64

fcc5e6e50eca35124d15b1ab0b3d5015

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
HeapAlloc
HeapFree
HeapReAlloc
ExitProcess
GetProcAddress
GetModuleHandleA
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapSetInformation
HeapCreate
HeapDestroy
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
RtlUnwindEx
LCMapStringA
WideCharToMultiByte
MultiByteToWideChar
GetLastError
LCMapStringW
TlsAlloc
SetLastError
TlsFree
TlsSetValue
TlsGetValue
RaiseException
SetFilePointer
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
CloseHandle
ReadFile
Sleep
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
WriteFile
InitializeCriticalSection
GetLocaleInfoA
GetCPInfo
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetStringTypeA
GetStringTypeW
GetACP
GetOEMCP
SetStdHandle
FlushFileBuffers
CreateFileA
CreateFileW
LoadLibraryA
SetEndOfFile

Exports

Exports

_floor_P
_mapping_P
_residue_P
ogg_packet_clear
ogg_page_bos
ogg_page_checksum_set
ogg_page_continued
ogg_page_eos
ogg_page_granulepos
ogg_page_packets
ogg_page_pageno
ogg_page_serialno
ogg_page_version
ogg_stream_clear
ogg_stream_destroy
ogg_stream_eos
ogg_stream_flush
ogg_stream_init
ogg_stream_packetin
ogg_stream_packetout
ogg_stream_packetpeek
ogg_stream_pagein
ogg_stream_pageout
ogg_stream_reset
ogg_stream_reset_serialno
ogg_sync_buffer
ogg_sync_clear
ogg_sync_destroy
ogg_sync_init
ogg_sync_pageout
ogg_sync_pageseek
ogg_sync_reset
ogg_sync_wrote
oggpackB_adv
oggpackB_adv1
oggpackB_bits
oggpackB_bytes
oggpackB_get_buffer
oggpackB_look
oggpackB_look1
oggpackB_read
oggpackB_read1
oggpackB_readinit
oggpackB_reset
oggpackB_write
oggpackB_writealign
oggpackB_writeclear
oggpackB_writecopy
oggpackB_writeinit
oggpackB_writetrunc
oggpack_adv
oggpack_adv1
oggpack_bits
oggpack_bytes
oggpack_get_buffer
oggpack_look
oggpack_look1
oggpack_read
oggpack_read1
oggpack_readinit
oggpack_reset
oggpack_write
oggpack_writealign
oggpack_writeclear
oggpack_writecopy
oggpack_writeinit
oggpack_writetrunc
ov_bitrate
ov_bitrate_instant
ov_clear
ov_comment
ov_crosslap
ov_fopen
ov_fopenW
ov_halfrate
ov_halfrate_p
ov_info
ov_open
ov_open_callbacks
ov_pcm_seek
ov_pcm_seek_lap
ov_pcm_seek_page
ov_pcm_seek_page_lap
ov_pcm_tell
ov_pcm_total
ov_raw_seek
ov_raw_seek_lap
ov_raw_tell
ov_raw_total
ov_read
ov_read_float
ov_seekable
ov_serialnumber
ov_streams
ov_test
ov_test_callbacks
ov_test_open
ov_time_seek
ov_time_seek_lap
ov_time_seek_page
ov_time_seek_page_lap
ov_time_tell
ov_time_total
vorbis_analysis
vorbis_analysis_blockout
vorbis_analysis_buffer
vorbis_analysis_headerout
vorbis_analysis_init
vorbis_analysis_wrote
vorbis_bitrate_addblock
vorbis_bitrate_flushpacket
vorbis_block_clear
vorbis_block_init
vorbis_comment_add
vorbis_comment_add_tag
vorbis_comment_clear
vorbis_comment_init
vorbis_comment_query
vorbis_comment_query_count
vorbis_commentheader_out
vorbis_dsp_clear
vorbis_encode_ctl
vorbis_encode_init
vorbis_encode_init_vbr
vorbis_encode_setup_init
vorbis_encode_setup_managed
vorbis_encode_setup_vbr
vorbis_granule_time
vorbis_info_blocksize
vorbis_info_clear
vorbis_info_init
vorbis_packet_blocksize
vorbis_synthesis
vorbis_synthesis_blockin
vorbis_synthesis_halfrate
vorbis_synthesis_halfrate_p
vorbis_synthesis_headerin
vorbis_synthesis_idheader
vorbis_synthesis_init
vorbis_synthesis_lapout
vorbis_synthesis_pcmout
vorbis_synthesis_read
vorbis_synthesis_restart
vorbis_synthesis_trackonly
vorbis_version_string
vorbis_window

Sections

.text
Size: 151KB - Virtual size: 151KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

TEXT
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PowerISO/App/PowerISO64/piso.exe
.exe windows:4 windows x86 arch:x86

4818d48c3807fc5303b8c1c43730d4fa

Code Sign

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/03/2023, 04:13

Not After

08/03/2026, 04:13

Subject

CN=Power Software Limited,O=Power Software Limited,L=Sheung Wan,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/03/2023, 04:13

Not After

08/03/2026, 04:13

Subject

CN=Power Software Limited,O=Power Software Limited,L=Sheung Wan,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a2:d8:2a:b0:2d:dc:6d:c1:a0:54:75:46:4f:ec:9a:00:59:63:04:79:36:df:b3:28:4a:11:d3:94:2c:3b:90:47
Signer

Actual PE Digest

a2:d8:2a:b0:2d:dc:6d:c1:a0:54:75:46:4f:ec:9a:00:59:63:04:79:36:df:b3:28:4a:11:d3:94:2c:3b:90:47

Digest Algorithm

sha256

PE Digest Matches

true

54:d8:9f:7d:58:2d:5f:30:42:49:ec:d9:d0:19:ca:80:85:45:69:1b
Signer

Actual PE Digest

54:d8:9f:7d:58:2d:5f:30:42:49:ec:d9:d0:19:ca:80:85:45:69:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvcirt

??6ostream@@QAEAAV0@PBD@Z
?cout@@3Vostream_withassign@@A
?cerr@@3Vostream_withassign@@A
?flush@@YAAAVostream@@AAV1@@Z

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
_splitpath
strchr
printf
sprintf

kernel32

GetConsoleMode
CreateMutexA
CreateNamedPipeA
CloseHandle
GetCurrentDirectoryA
CreateProcessA
ResumeThread
WaitForSingleObject
Sleep
GetExitCodeProcess
GetStdHandle
WriteFile
ConnectNamedPipe
ReadFile
CreateThread
SetConsoleMode

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$TEMP/PowerISO/App/PowerISO64/setup64.exe
.exe windows:5 windows x64 arch:x64

f40095f40192b72a4724ee8f537ca1d9

Code Sign

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/03/2023, 04:13

Not After

08/03/2026, 04:13

Subject

CN=Power Software Limited,O=Power Software Limited,L=Sheung Wan,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

20:45:6e:ff:67:25:04:b0:d5:ff:21:fa:45:55:82:65
Certificate

Issuer

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/03/2023, 04:13

Not After

08/03/2026, 04:13

Subject

CN=Power Software Limited,O=Power Software Limited,L=Sheung Wan,C=HK

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

64:33:51:d3:c7:38:9f:08
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

24/06/2016, 20:44

Not After

24/06/2031, 20:44

Subject

CN=SSL.com Code Signing Intermediate CA RSA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1a:d6:08:a7:d6:34:b5:cd:de:97:cb:a3:cc:f0:d0:4b
Certificate

Issuer

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Not Before

09/12/2022, 18:30

Not After

06/12/2032, 18:30

Subject

CN=SSL.com Timestamping Unit 2022,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6d:52:18:70:87:e8:23:4d:85:60:00:d0:80:8f:93:56
Certificate

Issuer

CN=SSL.com Root Certification Authority RSA,O=SSL Corporation,L=Houston,ST=Texas,C=US

Not Before

13/11/2019, 18:50

Not After

12/11/2034, 18:50

Subject

CN=SSL.com Timestamping Issuing RSA CA R1,O=SSL Corp,L=Houston,ST=Texas,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ea:05:53:36:f9:3f:2e:4a:dc:d0:c3:70:57:62:b3:cc:af:4f:c8:b8:8c:21:81:bc:9c:fe:de:0d:b5:b2:6a:bd
Signer

Actual PE Digest

ea:05:53:36:f9:3f:2e:4a:dc:d0:c3:70:57:62:b3:cc:af:4f:c8:b8:8c:21:81:bc:9c:fe:de:0d:b5:b2:6a:bd

Digest Algorithm

sha256

PE Digest Matches

true

e8:1e:fc:88:b6:29:84:35:95:e1:0f:1e:be:93:d7:14:6f:6d:ef:da
Signer

Actual PE Digest

e8:1e:fc:88:b6:29:84:35:95:e1:0f:1e:be:93:d7:14:6f:6d:ef:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

z:\setup64\objfre_wnet_AMD64\amd64\setup64.pdb

Imports

kernel32

ExitProcess
MoveFileExA
DeleteFileA
GetTempFileNameA
CopyFileA
GetCommandLineA
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.CRT
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$TEMP/PowerISO/App/PowerISO64/unrar64.dll
.dll windows:5 windows x64 arch:x64

d6b7a1f68b8136b7eae008902c68ef40

Code Sign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:1d:40:ae:3f:3a:1f:b2:bc:3d:83:95
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/08/2020, 13:42

Not After

26/08/2023, 13:42

Subject

CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

48:1b:6a:07:26:d2:e8:3f:26:02:d4:82:5a:cd
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

15/06/2016, 00:00

Not After

15/06/2024, 00:00

Subject

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageOCSPSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

73:1d:40:ae:3f:3a:1f:b2:bc:3d:83:95
Certificate

Issuer

CN=GlobalSign CodeSigning CA - SHA256 - G3,O=GlobalSign nv-sa,C=BE

Not Before

25/08/2020, 13:42

Not After

26/08/2023, 13:42

Subject

CN=win.rar GmbH,O=win.rar GmbH,L=Berlin,ST=Berlin,C=DE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:00:46:69:50:a6:04:a9:d9:70:e8:1d:d2:4d:41:9f
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

27/05/2021, 09:55

Not After

28/06/2032, 09:55

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fd:2b:7a:ed:5f:c7:76:e3:6e:d8:db:27:ef:f2:c0:07:97:94:62:59:58:be:17:56:b8:7e:6a:c4:24:54:56:61
Signer

Actual PE Digest

fd:2b:7a:ed:5f:c7:76:e3:6e:d8:db:27:ef:f2:c0:07:97:94:62:59:58:be:17:56:b8:7e:6a:c4:24:54:56:61

Digest Algorithm

sha256

PE Digest Matches

true

56:e7:05:66:2a:83:d3:af:6c:9c:36:6f:3b:b4:4a:4f:82:4d:b3:23
Signer

Actual PE Digest

56:e7:05:66:2a:83:d3:af:6c:9c:36:6f:3b:b4:4a:4f:82:4d:b3:23

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Projects\WinRAR\rar\build\unrardll64\Release\UnRAR64.pdb

Imports

kernel32

RemoveDirectoryW
CreateFileW
DeleteFileW
CreateHardLinkW
GetShortPathNameW
GetLongPathNameW
MoveFileW
WriteFile
ReadFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
SetFileAttributesW
GetFileAttributesW
FindClose
FindFirstFileW
FindNextFileW
GetVersionExW
GetCurrentDirectoryW
GetFullPathNameW
FoldStringW
FreeLibrary
GetProcAddress
GetCurrentProcessId
SetThreadPriority
SetThreadExecutionState
CreateEventW
CreateDirectoryW
GetModuleHandleW
GetSystemDirectoryW
GetProcessAffinityMask
CreateThread
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
GetSystemTime
SystemTimeToTzSpecificLocalTime
TzSpecificLocalTimeToSystemTime
SystemTimeToFileTime
FileTimeToLocalFileTime
LocalFileTimeToFileTime
FileTimeToSystemTime
GetCPInfo
IsDBCSLeadByte
MultiByteToWideChar
WideCharToMultiByte
CompareStringW
WriteConsoleW
SetFilePointerEx
HeapSize
GetConsoleCP
GetProcessHeap
CloseHandle
SetFileTime
DeviceIoControl
GetCurrentProcess
Sleep
SetLastError
GetLastError
AreFileApisANSI
GetConsoleMode
GetStdHandle
GetFileType
LoadLibraryW
GetCommandLineW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
IsValidCodePage
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
QueryPerformanceFrequency
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
HeapFree
HeapAlloc
HeapReAlloc
GetACP
GetStringTypeW
LCMapStringW
SetStdHandle
FindFirstFileExA
FindNextFileA

user32

CharUpperW
CharToOemBuffW
CharToOemA
OemToCharBuffA
OemToCharA
CharLowerW

advapi32

CheckTokenMembership
FreeSid
AllocateAndInitializeSid
LookupPrivilegeValueW
SetFileSecurityW
AdjustTokenPrivileges
OpenProcessToken

Exports

Exports

RARCloseArchive
RARGetDllVersion
RAROpenArchive
RAROpenArchiveEx
RARProcessFile
RARProcessFileW
RARReadHeader
RARReadHeaderEx
RARSetCallback
RARSetChangeVolProc
RARSetPassword
RARSetProcessDataProc

Sections

.text
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/PowerISO/PowerISOPortable.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Banner.dll
.dll windows:4 windows x86 arch:x86

767a5b32183c6c4ff645882480adc9a6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
GetModuleHandleW
CloseHandle
Sleep
CreateThread
GetCurrentThreadId
GlobalFree
lstrcmpW
lstrcpynW
GlobalAlloc

user32

DestroyWindow
SetWindowLongW
GetWindowLongW
SetWindowTextW
SetDlgItemTextW
DispatchMessageW
PeekMessageW
WaitMessage
IsWindow
CreateDialogParamW
ShowWindow
AttachThreadInput
IsWindowVisible
wsprintfW
PostMessageW

Exports

Exports

destroy
getWindow
show

Sections

.text
Size: 1024B - Virtual size: 874B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 808B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ExecDos.dll
.dll windows:6 windows x86 arch:x86

95fc86e678981f716d756a01610eb55d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateFileW
FlushFileBuffers
ReadFile
WriteFile
CloseHandle
DuplicateHandle
CreatePipe
PeekNamedPipe
WaitForSingleObject
Sleep
GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateThread
GetExitCodeThread
CreateProcessW
GetModuleHandleW
GetProcAddress
GlobalAlloc
GlobalFree
lstrcmpiW
lstrcatW
lstrlenW
WideCharToMultiByte
lstrcpynW
lstrcpyW

user32

SendMessageW
GetDlgItem
FindWindowExW
GetClassNameW
wsprintfW

Exports

Exports

exec
isdone
wait

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 816B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LockedList.dll
.dll windows:6 windows x86 arch:x86

c26621761683a926589c7f7a96aa5d75

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

comctl32

ImageList_ReplaceIcon
ImageList_Create

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathAppendW

kernel32

QueryDosDeviceW
DuplicateHandle
CreateEventW
GetCurrentProcess
WaitForSingleObject
GetModuleHandleW
OpenProcess
GlobalAlloc
Sleep
TerminateProcess
GetModuleFileNameW
CreateFileW
lstrcmpW
lstrlenW
GetLastError
GlobalFree
LocalAlloc
GetExitCodeThread
WaitForMultipleObjects
lstrcmpiW
lstrcatW
CloseHandle
GetCurrentProcessId
LocalFree
lstrcpyW
CreateThread
lstrcpynW
SetEvent
LoadLibraryW
TerminateThread
GetProcAddress
ResetEvent
GetVersion

user32

DestroyIcon
SetWindowTextW
CallWindowProcW
SetClipboardData
EnableWindow
MapWindowPoints
SendMessageW
GetSystemMetrics
MessageBoxW
OpenClipboard
CreateWindowExW
IsWindow
CreateDialogParamW
SendMessageTimeoutW
CreatePopupMenu
ShowWindow
GetCursorPos
SetWindowPos
SetWindowLongW
GetDlgItem
EmptyClipboard
GetClassNameW
MoveWindow
GetWindowTextW
AppendMenuW
SetCursorPos
IsDialogMessageW
TranslateMessage
wsprintfW
CharLowerW
GetClientRect
MsgWaitForMultipleObjects
PostMessageW
LoadImageW
TrackPopupMenu
GetMessageW
SetActiveWindow
GetWindowRect
ScreenToClient
CloseClipboard
SetCursor
DestroyWindow
GetWindow
GetWindowThreadProcessId
GetWindowLongW
EnumWindows
DispatchMessageW
PeekMessageW
DestroyMenu

advapi32

AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

shell32

ExtractIconExW
ShellExecuteExW

Exports

Exports

AddApplications
AddCaption
AddClass
AddCustom
AddFile
AddFolder
AddModule
CloseProcess
Dialog
EnumProcesses
FindProcess
InitDialog
IsFileLocked
Show
SilentPercentComplete
SilentSearch
SilentWait

Sections

.text
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LockedList64.dll
.dll windows:6 windows x64 arch:x64

30682cbcd9e51d263811845cece41fd0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetCurrentProcess
lstrcmpW
CloseHandle
GlobalAlloc
lstrcpynW
GlobalFree
lstrcpyW
WaitForSingleObject
GetModuleHandleW
OpenProcess
LoadLibraryW
lstrlenW
GetProcAddress
ResetEvent
CreateEventW
lstrcatW
GetVersion
QueryDosDeviceW

user32

wsprintfW
GetWindow
GetWindowThreadProcessId
GetWindowTextW
EnumWindows
GetWindowLongPtrW
IsWindow
SendMessageW

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken

shell32

CommandLineToArgvW

Exports

Exports

EnumSystemProcesses64W
GetSystemModulesCount64W

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 168B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/PortableWares.p12
$PLUGINSDIR/StdUtils.dll
.dll windows:5 windows x86 arch:x86

afc0276b5cd87f66996699e6e2d2c643

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

_snprintf
swscanf
_snwprintf
rand
memset
srand
time
??2@YAPAXI@Z
wcsncpy
??3@YAXPAX@Z
wcschr
_beginthreadex
_wcsicmp

shlwapi

ord176

kernel32

GetSystemTime
lstrcpynW
GlobalFree
MultiByteToWideChar
GetExitCodeProcess
GetProcAddress
LeaveCriticalSection
EnterCriticalSection
SystemTimeToFileTime
InitializeCriticalSection
DeleteCriticalSection
GetCommandLineW
WaitForSingleObject
GetLastError
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
CloseHandle
Sleep
CreateEventW
GetTickCount
FreeLibrary
LoadLibraryW
GetModuleHandleW
TerminateThread
GlobalAlloc

user32

MessageBoxA
LoadStringW
MessageBoxW
wsprintfW
MsgWaitForMultipleObjects
DispatchMessageW
PeekMessageW

shell32

ShellExecuteExW
SHFileOperationW
ShellExecuteW

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

Exports

Exports

DisableVerboseMode
Dummy
EnableVerboseMode
ExecShellAsUser
ExecShellWaitEx
FormatStr
FormatStr2
FormatStr3
GetAllParameters
GetDays
GetHours
GetLibVersion
GetMinutes
GetParameter
GetRealOsBuildNo
GetRealOsName
GetRealOsVersion
InvokeShellVerb
Rand
RandList
RandMax
RandMinMax
RevStr
SHFileCopy
SHFileMove
ScanStr
ScanStr2
ScanStr3
Time
TrimStr
TrimStrLeft
TrimStrRight
VerifyRealOsBuildNo
VerifyRealOsVersion
WaitForProcEx

Sections

.text
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 232B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UAC.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

_

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 7KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/newtextreplace.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Exports

Exports

_FillReadBuffer
_FindInFile
_FreeReadBuffer
_ReplaceInFile
_Unload

Sections

UPX0
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX2
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED
IMAGE_FILE_DLL

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.bss
Size: - Virtual size: 8KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 456B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/registry.dll
.dll windows:4 windows x86 arch:x86

421a02aae559045e04759aae146087eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateProcessA
CreateProcessW
GlobalAlloc
SearchPathA
SearchPathW
GetFileAttributesA
GetFileAttributesW
CreateFileA
CreateFileW
WriteFile
WideCharToMultiByte
GetWindowsDirectoryW
lstrlenA
lstrlenW
MultiByteToWideChar
GlobalFree

user32

FindWindowExA
SetWindowTextA
SetWindowTextW
MessageBoxW
GetDlgItem

advapi32

RegQueryValueExA
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
RegCreateKeyExA
RegCreateKeyExW
RegEnumValueA
RegEnumValueW
RegEnumKeyExA
RegEnumKeyExW
RegCloseKey
RegSetValueExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegSetValueExW

Exports

Exports

_Close
_CopyKey
_CopyValue
_CreateKey
_DeleteKey
_DeleteKeyEmpty
_DeleteValue
_Find
_HexToStrA
_HexToStrW
_KeyExists
_MoveKey
_MoveValue
_Open
_Read
_ReadExtra
_RestoreKey
_SaveKey
_StrToHexA
_StrToHexW
_Unload
_Write
_WriteExtra

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7c2c71dfce9a27650634dc8b1ca03bf0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 36KB

.rsrc Size: 28KB - Virtual size: 27KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 8KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 867B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 636B

126620b149c9cfb6b8f0dbcc0cf6de08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

22:7e:fd:f2:28:25:ba:27:05:30:fb:09:d5:2b:32:f8Certificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fdCertificate

Extended Key Usages

Key Usages

2e:3b:3d:03:63:ac:ec:80:69:9f:4c:bf:1a:5f:09:ddCertificate

Extended Key Usages

Key Usages

61:0c:12:06:00:00:00:00:00:1bCertificate

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6Certificate

Extended Key Usages

Key Usages

80:e1:36:45:fa:78:45:e3:8e:1a:55:33:ee:ad:ad:0c:1e:d9:dc:0b:f0:e0:e1:5e:e2:a5:5c:bc:21:b6:ee:a7Signer

2e:45:8f:50:53:8d:24:6f:d2:d6:ec:2f:5e:93:ec:54:9f:6d:d4:82Signer

Headers

File Characteristics

Imports

ntoskrnl.exe

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 36KB

.rsrc
Size: 28KB - Virtual size: 27KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

22:7e:fd:f2:28:25:ba:27:05:30:fb:09:d5:2b:32:f8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

2e:3b:3d:03:63:ac:ec:80:69:9f:4c:bf:1a:5f:09:dd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

80:e1:36:45:fa:78:45:e3:8e:1a:55:33:ee:ad:ad:0c:1e:d9:dc:0b:f0:e0:e1:5e:e2:a5:5c:bc:21:b6:ee:a7
Signer

2e:45:8f:50:53:8d:24:6f:d2:d6:ec:2f:5e:93:ec:54:9f:6d:d4:82
Signer

.text
Size: 66KB - Virtual size: 66KB

.rdata
Size: 3KB - Virtual size: 3KB

.data
Size: 23KB - Virtual size: 23KB

PAGE
Size: 288B - Virtual size: 286B

INIT
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 2KB - Virtual size: 2KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

22:7e:fd:f2:28:25:ba:27:05:30:fb:09:d5:2b:32:f8
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

2e:3b:3d:03:63:ac:ec:80:69:9f:4c:bf:1a:5f:09:dd
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

ce:2b:8e:70:8d:7d:3e:3c:43:a2:96:1f:ac:31:2b:c3:a1:e9:f1:53:d1:3a:00:ac:d8:20:5a:03:5e:55:36:09
Signer

5f:3b:82:84:ec:7f:8e:3e:1d:ce:7e:1d:dc:9e:3d:64:0e:45:32:16
Signer

.text
Size: 91KB - Virtual size: 90KB

.rdata
Size: 11KB - Virtual size: 11KB

.data
Size: 4KB - Virtual size: 23KB

.pdata
Size: 4KB - Virtual size: 4KB

PAGE
Size: 512B - Virtual size: 448B

INIT
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 1024B - Virtual size: 1016B

.reloc
Size: 512B - Virtual size: 264B