processlasso_portable_64[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

processlasso_portable_64.zip
Size

6.5MB
MD5

f6d14295c0c0f5190f07b1602d76927f
SHA1

d188e3ec1d6c87712c0ff6b1d184de3f4c54cb9e
SHA256

ae0d9681cc81177d2fa976060a38ad7cc819b363da0192bca2620f6f285c47cc
SHA512

b8af6142e22960f267f7539d7719bf7b134cb9135095e62a7870728612df0e188f1d8a64019074bd0d42aa164a39fe48041ee857dd92d967db2b07d3987437f1
SSDEEP

196608:IuUFIEMx5Q5V2W8CerGWnw8d0Dd7Pj34jfo2GNheUXo:IfIFxrWfeg8Wxj34MQUXo

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/ProcessGovernor.exe
unpack001/QuickUpgrade.exe
unpack001/plActivate.exe

Files

processlasso_portable_64.zip
.zip
.portable
CPUEater.exe
.exe windows:5 windows x64 arch:x64

958f93953afae695d8ca06065b288459

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

d5:20:a7:3f:e4:8d:37:5f:b8:52:d7:7a:ba:75:ec:10:3d:ec:90:dc:a0:0e:71:f2:86:23:62:09:3e:54:1f:b7
Signer

Actual PE Digest

d5:20:a7:3f:e4:8d:37:5f:b8:52:d7:7a:ba:75:ec:10:3d:ec:90:dc:a0:0e:71:f2:86:23:62:09:3e:54:1f:b7

Digest Algorithm

sha256

PE Digest Matches

true

66:4a:4c:ab:4a:6b:f6:cc:8c:3c:c4:73:80:4e:da:b0:7b:74:3f:dd
Signer

Actual PE Digest

66:4a:4c:ab:4a:6b:f6:cc:8c:3c:c4:73:80:4e:da:b0:7b:74:3f:dd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\pl\output\CPUEater.pdb

Imports

comctl32

InitCommonControlsEx
ord17

kernel32

FindResourceW
LoadResource
LockResource
SizeofResource
ExitProcess
LoadLibraryW
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetCurrentProcess
FindResourceExW
GetModuleHandleW
GetPriorityClass
CloseHandle
CreateEventW
WaitForSingleObject
TerminateProcess
CreateProcessW
GetFileAttributesW
GetStartupInfoW
CreateThread
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetSystemInfo
SetThreadPriority
GetCurrentThread
SetThreadPriorityBoost
GetThreadPriority
RaiseException
GetLastError
GetSystemTimeAsFileTime
SetPriorityClass
SetEvent
LocalFree
GetVersionExW
GetModuleFileNameW
CreateFileW
GetFileSize
GetCurrentProcessId
SetLastError
GetProcAddress
GetVolumeNameForVolumeMountPointW
MoveFileW
RemoveDirectoryW
CopyFileW
CreateDirectoryW
MultiByteToWideChar
WideCharToMultiByte
InitializeCriticalSection
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
Sleep
LocalAlloc
GetTickCount
GetFileTime
ResetEvent
ReadFile
WriteFile
FlushFileBuffers
FindNextFileW
OpenMutexW
lstrlenW
GetUserDefaultUILanguage
GetLocaleInfoW
GetHandleInformation
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
LocalLock
LocalUnlock
IsBadWritePtr
IsDebuggerPresent
OutputDebugStringW
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
EncodePointer
RtlUnwindEx
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
GetACP
GetStringTypeW
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW

user32

MessageBeep
BeginPaint
DrawIcon
EndPaint
GetSystemMetrics
DrawTextW
DestroyIcon
GetClientRect
FillRect
IsWindow
GetClassNameW
EnableMenuItem
GetSystemMenu
SetFocus
GetWindowRect
MoveWindow
GetParent
SetWindowTextW
WinHelpW
RedrawWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetAsyncKeyState
CreateDialogIndirectParamW
PeekMessageW
IsDialogMessageW
WaitMessage
DestroyWindow
GetLastActivePopup
DrawFocusRect
GetSysColor
GetDialogBaseUnits
LoadImageW
GetWindowTextW
GetActiveWindow
RegisterClassExW
DefWindowProcW
PostQuitMessage
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
LoadStringW
SetForegroundWindow
GetDlgItemInt
GetDlgItemTextW
IsWindowVisible
SetTimer
SystemParametersInfoW
CreateWindowExW
AllowSetForegroundWindow
SetDlgItemInt
LoadIconW
SendMessageW
SetDlgItemTextW
DialogBoxParamW
IsDlgButtonChecked
IsWindowEnabled
EndDialog
GetWindowLongPtrW
PostMessageW
MessageBoxW
CheckDlgButton
GetDlgItem
EnableWindow
SetWindowLongPtrW
SetRect
GetWindow
SetWindowPos
ShowWindow
SetActiveWindow

gdi32

ExtTextOutW
SetBkColor
SetTextColor
DeleteDC
GetTextMetricsW
CreateCompatibleDC
SelectObject
BitBlt
CreateSolidBrush
CreateDCW
CreateFontIndirectW
GetTextExtentPoint32W
DeleteObject

oleaut32

SysFreeString
VariantClear

shlwapi

SHDeleteKeyW

advapi32

RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CoInitializeEx

Sections

.text
Size: 359KB - Virtual size: 358KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Insights.exe
.exe windows:5 windows x64 arch:x64

9112897f93335b0015a9b301e5f55785

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

56:6f:fc:5d:3f:64:50:43:aa:c9:c0:48:58:53:45:6c:46:6d:93:a5:19:5a:5a:3f:0e:34:ba:48:24:ae:5d:70
Signer

Actual PE Digest

56:6f:fc:5d:3f:64:50:43:aa:c9:c0:48:58:53:45:6c:46:6d:93:a5:19:5a:5a:3f:0e:34:ba:48:24:ae:5d:70

Digest Algorithm

sha256

PE Digest Matches

true

7f:54:d9:73:dc:fc:12:d0:b3:ab:78:0c:67:11:cb:9e:6a:73:37:f0
Signer

Actual PE Digest

7f:54:d9:73:dc:fc:12:d0:b3:ab:78:0c:67:11:cb:9e:6a:73:37:f0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dev\projs\ProcessSupervisor\output\Insights.pdb

Imports

rpcrt4

UuidCreate

kernel32

OpenMutexW
CloseHandle
CreateEventW
FindResourceExW
FindResourceW
LoadResource
SetEvent
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
WaitForSingleObject
FileTimeToLocalFileTime
FileTimeToSystemTime
CreateMutexW
SetPriorityClass
GetCurrentProcess
CreateThread
InitializeCriticalSectionAndSpinCount
GetLastError
HeapReAlloc
HeapSize
HeapDestroy
RaiseException
DeleteCriticalSection
LockResource
GetLocalTime
GetSystemTimeAsFileTime
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
ResetEvent
OpenEventW
Sleep
IsBadWritePtr
GetSystemInfo
CreateFileW
GetFileTime
EnterCriticalSection
LeaveCriticalSection
GetFileAttributesW
GetTickCount
CreateDirectoryW
GetFileSize
ReadFile
WriteFile
FlushFileBuffers
CopyFileW
MoveFileW
FindNextFileW
RemoveDirectoryW
MultiByteToWideChar
LocalFree
GetVersionExW
GetModuleFileNameW
GetModuleHandleW
GetStartupInfoW
GetCurrentProcessId
SetLastError
GetProcAddress
WinExec
GetVolumeNameForVolumeMountPointW
LoadLibraryW
WideCharToMultiByte
ExitProcess
GetDateFormatW
GetTimeFormatW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
LocalLock
LocalUnlock
SystemTimeToFileTime
SetThreadPriority
GetCurrentThread
SetThreadPriorityBoost
GetPriorityClass
GetThreadPriority
FreeLibrary
GetHandleInformation
lstrlenW
GetUserDefaultUILanguage
GetLocaleInfoW
IsDebuggerPresent
OutputDebugStringW
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwindEx
GetModuleHandleExW
GetStdHandle
GetACP
GetFileType
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo

user32

GetDlgItemInt
EnableWindow
GetWindowTextW
LoadStringW
GetSysColor
LoadImageW
SetRect
GetActiveWindow
GetLastActivePopup
MessageBeep
DrawIcon
GetDialogBaseUnits
GetSystemMetrics
DrawTextW
CheckDlgButton
GetClientRect
FillRect
IsWindow
GetClassNameW
EnableMenuItem
GetSystemMenu
IsDlgButtonChecked
SetWindowPos
GetWindowRect
MoveWindow
GetParent
KillTimer
WinHelpW
RedrawWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetAsyncKeyState
GetWindow
CreateDialogIndirectParamW
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
WaitMessage
GetMessageW
DrawFocusRect
SetActiveWindow
IsWindowEnabled
GetWindowLongPtrW
SetWindowLongPtrW
SetFocus
SetDlgItemInt
DestroyIcon
MessageBoxW
GetDlgItemTextW
EndPaint
BeginPaint
DefWindowProcW
DestroyWindow
ShowWindow
CreateWindowExW
RegisterClassExW
FindWindowW
EndDialog
TrackPopupMenu
GetCursorPos
SetForegroundWindow
GetSubMenu
DialogBoxParamW
PostQuitMessage
PostMessageW
SetTimer
SystemParametersInfoW
SetMenu
LoadMenuW
SetWindowTextW
SendMessageW
LoadIconW
CheckMenuItem
GetMenu
SetDlgItemTextW
GetDlgItem

gdi32

CreateSolidBrush
SelectObject
GetTextExtentPoint32W
DeleteDC
CreateFontIndirectW
DeleteObject
SetBkColor
SetTextColor
ExtTextOutW
GetTextMetricsW
CreateCompatibleDC
BitBlt
CreateDCW

advapi32

RegEnumValueW
RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW
ShellExecuteW

oleaut32

VariantClear

comctl32

ord17
InitCommonControlsEx

shlwapi

SHDeleteKeyW

wininet

InternetReadFile
InternetOpenUrlW
InternetCloseHandle
InternetCanonicalizeUrlW
InternetOpenW

Sections

.text
Size: 415KB - Virtual size: 414KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 227KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
InstallHelper.exe
.exe windows:6 windows x64 arch:x64

99d936eb4eb4b4f6f21731da09dba4a5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4e:cb:17:4d:16:e1:ea:db:8d:8e:b3:f6:82:87:45:64:5e:cc:5f:32:37:5c:82:5b:dd:71:82:43:1a:f1:d7:9b
Signer

Actual PE Digest

4e:cb:17:4d:16:e1:ea:db:8d:8e:b3:f6:82:87:45:64:5e:cc:5f:32:37:5c:82:5b:dd:71:82:43:1a:f1:d7:9b

Digest Algorithm

sha256

PE Digest Matches

true

96:09:b4:ed:6e:5c:d7:c0:ff:65:2f:c3:12:8f:ee:f2:90:91:5d:8c
Signer

Actual PE Digest

96:09:b4:ed:6e:5c:d7:c0:ff:65:2f:c3:12:8f:ee:f2:90:91:5d:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\pl\output\InstallHelper.pdb

Imports

comctl32

InitCommonControlsEx
ord17

kernel32

FindResourceW
FindResourceExW
CreateDirectoryW
FlushFileBuffers
GetCurrentProcessId
LoadResource
MultiByteToWideChar
RaiseException
InitializeCriticalSectionEx
IsBadWritePtr
GetSystemInfo
InitializeCriticalSection
GetStartupInfoW
CreateProcessW
FormatMessageW
RemoveDirectoryW
CopyFileW
GetVersionExW
GetSystemDirectoryW
LockResource
SizeofResource
MoveFileW
DeleteFileW
SetEvent
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
CreateMutexW
OpenMutexW
TerminateThread
CreateEventW
LeaveCriticalSection
EnterCriticalSection
GetLastError
Sleep
ReleaseMutex
ReadFile
GetFileSize
CloseHandle
WriteFile
GetSystemTimeAsFileTime
GetFileTime
CreateFileW
GetFileAttributesW
ExitProcess
GetExitCodeProcess
WaitForSingleObject
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
WriteConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleCP
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetCPInfo
LoadLibraryW
GetModuleHandleW
LocalFree
GetShortPathNameW
GetModuleFileNameW
GetCurrentProcess
OpenProcess
SetLastError
GetProcAddress
GetVolumeNameForVolumeMountPointW
WideCharToMultiByte
GetHandleInformation
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
LocalLock
LocalUnlock
GetTickCount
ResetEvent
FindNextFileW
FreeLibrary
TerminateProcess
GetProcessTimes
lstrlenW
GetUserDefaultUILanguage
GetLocaleInfoW
IsDebuggerPresent
OutputDebugStringW
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
EncodePointer
RtlUnwindEx
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
GetACP
GetStringTypeW
GetFileType
LCMapStringW
FindClose
FindFirstFileExW
IsValidCodePage
GetOEMCP

user32

GetActiveWindow
GetLastActivePopup
MessageBeep
BeginPaint
DrawIcon
EndPaint
GetSysColor
GetDialogBaseUnits
SystemParametersInfoW
DrawTextW
LoadIconW
DestroyIcon
FillRect
IsWindow
GetClassNameW
EnableMenuItem
GetSystemMenu
SetFocus
SetWindowPos
SetForegroundWindow
MoveWindow
GetParent
WinHelpW
RedrawWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetAsyncKeyState
GetWindow
CreateDialogIndirectParamW
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
WaitMessage
SetRect
DestroyWindow
EnumWindows
LoadImageW
DrawFocusRect
SetActiveWindow
DialogBoxParamW
MessageBoxW
GetWindowTextW
ShowWindow
GetWindowThreadProcessId
GetClientRect
CreateWindowExW
GetSystemMetrics
IsDlgButtonChecked
CheckDlgButton
GetWindowRect
LoadStringW
KillTimer
PostMessageW
GetWindowLongPtrW
SetTimer
EnableWindow
SetWindowLongPtrW
SetWindowTextW
EndDialog
GetDlgItemTextW
GetDlgItem
SendMessageW
SetDlgItemTextW
PostQuitMessage

gdi32

BitBlt
CreateCompatibleDC
GetTextMetricsW
ExtTextOutW
GetTextExtentPoint32W
SetTextColor
SetBkColor
DeleteObject
DeleteDC
SelectObject
CreateFontIndirectW
CreateDCW
CreateSolidBrush

advapi32

QueryServiceConfigW
RegEnumKeyW
AdjustTokenPrivileges
StartServiceW
QueryServiceStatus
NotifyBootConfigStatus
ChangeServiceConfigW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegDeleteKeyW
RegDeleteKeyExW
RegDeleteValueW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW
GetUserNameW
LookupPrivilegeValueW
GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegEnumValueW
OpenProcessToken
RegOpenKeyExW

shell32

SHCreateDirectoryExW
ShellExecuteExW
SHGetSpecialFolderPathW
SHBrowseForFolderW
SHGetPathFromIDListW

ole32

CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

shlwapi

SHDeleteKeyW

Sections

.text
Size: 472KB - Virtual size: 472KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LogViewer.exe
.exe windows:5 windows x64 arch:x64

14551c1731a47ef92d5ab3310580accd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

8e:3e:de:5b:c7:87:83:b8:ab:13:86:c3:00:cd:98:15:bc:26:c8:02:2e:c3:cb:bd:bc:49:52:ac:c9:b0:bf:25
Signer

Actual PE Digest

8e:3e:de:5b:c7:87:83:b8:ab:13:86:c3:00:cd:98:15:bc:26:c8:02:2e:c3:cb:bd:bc:49:52:ac:c9:b0:bf:25

Digest Algorithm

sha256

PE Digest Matches

true

90:60:b7:4d:b0:c1:97:ce:6b:ed:71:48:e5:39:2d:bc:24:65:33:ec
Signer

Actual PE Digest

90:60:b7:4d:b0:c1:97:ce:6b:ed:71:48:e5:39:2d:bc:24:65:33:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dev\projs\ProcessSupervisor\x64\Release\LogViewer.pdb

Imports

kernel32

DeleteCriticalSection
RaiseException
InitializeCriticalSectionAndSpinCount
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
MultiByteToWideChar
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
WriteFile
SetEvent
GetModuleHandleW
FindCloseChangeNotification
FindNextChangeNotification
WaitForMultipleObjects
FindFirstChangeNotificationW
ReadFile
ReleaseMutex
DeleteFileW
SetFilePointer
GetFileSize
GetLastError
CreateFileW
EnterCriticalSection
LeaveCriticalSection
TerminateThread
OpenMutexW
CreateMutexW
GetSystemTimeAsFileTime
GetFileAttributesW
MoveFileW
InitializeCriticalSection
GetVersionExW
LoadLibraryW
ExitProcess
GetSystemInfo
GetTickCount
CreateDirectoryW
GetFileTime
ResetEvent
Sleep
FlushFileBuffers
CopyFileW
FindNextFileW
RemoveDirectoryW
LocalFree
GetModuleFileNameW
GetCurrentProcess
GetStartupInfoW
GetCurrentProcessId
SetLastError
GetProcAddress
WinExec
GetVolumeNameForVolumeMountPointW
WideCharToMultiByte
SystemTimeToFileTime
lstrlenW
GetUserDefaultUILanguage
GetLocaleInfoW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
LocalLock
LocalUnlock
FreeLibrary
GetHandleInformation
IsBadWritePtr
IsDebuggerPresent
OutputDebugStringW
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
EncodePointer
RtlUnwindEx
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
GetACP
GetFileType
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
CreateThread
CloseHandle
WaitForSingleObject
CreateEventW

user32

GetLastActivePopup
MessageBeep
DrawIcon
SystemParametersInfoW
GetSystemMetrics
DrawTextW
DestroyIcon
FillRect
IsWindow
GetClassNameW
EnableMenuItem
GetSystemMenu
SetFocus
SetForegroundWindow
GetWindowRect
MoveWindow
GetParent
WinHelpW
RedrawWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetAsyncKeyState
GetWindow
CreateDialogIndirectParamW
PeekMessageW
IsDialogMessageW
WaitMessage
DestroyWindow
GetWindowLongPtrW
LoadStringW
GetSysColor
SetRect
CheckDlgButton
InvalidateRect
EnableWindow
GetDlgItem
EndDialog
PostQuitMessage
EndPaint
BeginPaint
IsWindowVisible
DefWindowProcW
PostMessageW
DialogBoxParamW
MessageBoxW
GetWindowTextW
SetTimer
SetWindowTextW
SetWindowPos
GetWindowDC
GetClientRect
UpdateWindow
ShowWindow
CreateWindowExW
RegisterClassExW
LoadCursorW
LoadIconW
DispatchMessageW
TranslateMessage
TranslateAcceleratorW
GetMessageW
LoadAcceleratorsW
SendMessageW
SetActiveWindow
DrawFocusRect
GetDialogBaseUnits
KillTimer
LoadImageW
GetActiveWindow
SetWindowLongPtrW

gdi32

GetTextExtentPoint32W
CreateFontIndirectW
CreateDCW
CreateSolidBrush
BitBlt
SelectObject
CreateCompatibleDC
GetTextMetricsW
DeleteObject
DeleteDC
SetTextColor
SetBkColor
ExtTextOutW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

shlwapi

SHDeleteKeyW

advapi32

RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegDeleteKeyW
RegOpenKeyExW

shell32

ShellExecuteW
SHGetSpecialFolderPathW
SHCreateDirectoryExW

oleaut32

VariantClear

Sections

.text
Size: 370KB - Virtual size: 369KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 269KB - Virtual size: 269KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ProcessGovernor.exe
.exe windows:6 windows x64 arch:x64

e4469746509504a8535f5f13071d0220

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\pl\output\ProcessGovernor.pdb

Imports

wininet

InternetReadFile
InternetCloseHandle
InternetOpenUrlW
InternetOpenW

kernel32

GetCommandLineW
GetCurrentProcess
SetProcessShutdownParameters
SetThreadPriority
InitializeCriticalSection
CreateMutexW
OpenEventW
GetVersionExW
OpenProcess
CreateEventW
SetEvent
GetCurrentThread
TerminateThread
GetThreadPriority
ResetEvent
GetCurrentDirectoryW
SetThreadPriorityBoost
GetPriorityClass
GetProcAddress
GetComputerNameW
GetCurrentProcessId
CreateProcessW
SetThreadExecutionState
FreeLibrary
GetSystemTime
IsBadReadPtr
GetTickCount
OpenThread
SetUnhandledExceptionFilter
WaitForMultipleObjects
FindFirstChangeNotificationW
FindCloseChangeNotification
FindNextChangeNotification
WriteConsoleW
SetPriorityClass
CreateDirectoryW
SetProcessPriorityBoost
GetExitCodeProcess
GetFileSize
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteFileW
GetFileAttributesW
InitializeCriticalSectionAndSpinCount
WriteFile
ReadFile
GetFileTime
GetSystemTimeAsFileTime
CreateThread
GetSystemInfo
CloseHandle
Sleep
CreateFileW
IsBadWritePtr
GetModuleHandleW
GetProcessHeap
ExitProcess
DeleteCriticalSection
HeapDestroy
SetFilePointerEx
GetConsoleMode
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
LoadLibraryW
RaiseException
HeapReAlloc
LockResource
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
SizeofResource
SetLastError
lstrlenW
GetModuleFileNameW
GetUserDefaultUILanguage
GetLocaleInfoW
LocalFree
GetStartupInfoW
ProcessIdToSessionId
GetVolumeNameForVolumeMountPointW
MoveFileW
RemoveDirectoryW
CopyFileW
MultiByteToWideChar
WideCharToMultiByte
GetHandleInformation
GetTempPathW
GetSystemDirectoryW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
LocalLock
LocalUnlock
TerminateProcess
GetProcessPriorityBoost
GetProcessTimes
SetProcessWorkingSetSize
GetProcessAffinityMask
SetProcessAffinityMask
GetLocalTime
OpenMutexW
FlushFileBuffers
GetDateFormatW
GetTimeFormatW
ReleaseMutex
SetFilePointer
FileTimeToLocalFileTime
FileTimeToSystemTime
SetEndOfFile
GetCurrentThreadId
GetConsoleCP
SuspendThread
ResumeThread
FindNextFileW
OutputDebugStringW
GlobalMemoryStatusEx
IsDebuggerPresent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
InitializeSListHead
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwindEx
GetModuleHandleExW
GetStdHandle
GetCommandLineA
GetACP
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle

user32

SystemParametersInfoW
GetSystemMetrics
DrawTextW
LoadIconW
DestroyIcon
GetClientRect
FillRect
IsWindow
GetClassNameW
EnableMenuItem
GetSystemMenu
CheckDlgButton
SetFocus
SetForegroundWindow
GetWindowRect
MoveWindow
GetParent
WinHelpW
RedrawWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
EndPaint
BeginPaint
CreateDialogIndirectParamW
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
WaitMessage
DestroyWindow
EnumThreadWindows
EnumWindows
wvsprintfW
SetWindowPos
SetActiveWindow
DrawFocusRect
GetSysColor
GetDialogBaseUnits
LoadImageW
MessageBeep
GetLastActivePopup
LoadStringW
GetAsyncKeyState
DrawIcon
GetActiveWindow
SetRect
GetWindowTextW
MessageBoxW
EnableWindow
DialogBoxParamW
KillTimer
GetWindow
GetWindowThreadProcessId
GetLastInputInfo
GetForegroundWindow
FindWindowW
PostQuitMessage
PostMessageW
SetWindowLongPtrW
SendMessageW
EndDialog
SetWindowTextW
GetWindowLongPtrW
SetTimer
GetDlgItem

advapi32

StartServiceW
ControlService
QueryServiceStatus
QueryServiceConfigW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
LookupAccountSidW
RegDeleteKeyW
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
EnumServicesStatusExW
GetUserNameW
RegOpenKeyExW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

oleaut32

SysFreeString
VariantClear

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

shlwapi

SHDeleteKeyW

rpcrt4

UuidCreate

gdi32

GetTextExtentPoint32W
CreateFontIndirectW
ExtTextOutW
CreateSolidBrush
BitBlt
SelectObject
CreateCompatibleDC
GetTextMetricsW
DeleteDC
SetTextColor
SetBkColor
DeleteObject
CreateDCW

ole32

CoInitializeEx
CoCreateGuid

Sections

.text
Size: 550KB - Virtual size: 549KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 115KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ProcessLasso.exe
.exe windows:6 windows x64 arch:x64

ee7f00823a33cdec301a4eb019235164

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c9:15:ae:04:6b:c0:61:c1:e0:79:e8:8e:75:1c:17:41:05:dd:a3:eb:90:54:db:de:2f:aa:39:0c:77:3f:35:74
Signer

Actual PE Digest

c9:15:ae:04:6b:c0:61:c1:e0:79:e8:8e:75:1c:17:41:05:dd:a3:eb:90:54:db:de:2f:aa:39:0c:77:3f:35:74

Digest Algorithm

sha256

PE Digest Matches

true

aa:81:08:4d:88:ca:46:5b:df:e5:1a:b6:c1:b8:ba:ce:96:82:5a:43
Signer

Actual PE Digest

aa:81:08:4d:88:ca:46:5b:df:e5:1a:b6:c1:b8:ba:ce:96:82:5a:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\dev\projs\ProcessSupervisor\output\ProcessLasso.pdb

Imports

comctl32

InitCommonControlsEx
ImageList_Create
ord17
ImageList_GetIcon
ImageList_Remove
ImageList_ReplaceIcon

gdiplus

GdiplusShutdown
GdipFree
GdipDrawRectangleI
GdipAlloc
GdipSetPenDashStyle
GdiplusStartup
GdipDrawLineI
GdipCreateFromHDC
GdipDeleteGraphics
GdipDrawLine
GdipCreatePen1

wininet

InternetReadFile
InternetCloseHandle
InternetOpenW
InternetOpenUrlW
InternetCanonicalizeUrlW

kernel32

FindFirstChangeNotificationW
OpenProcess
CreateEventW
MultiByteToWideChar
Sleep
OutputDebugStringW
SetEvent
FileTimeToSystemTime
TerminateThread
FindCloseChangeNotification
LockResource
QueryPerformanceFrequency
DeleteFileW
GetSystemInfo
CreateThread
FindResourceExW
ResetEvent
LoadResource
FindResourceW
FileTimeToLocalFileTime
GetCurrentDirectoryW
FindNextChangeNotification
GetWindowsDirectoryW
MoveFileExW
GetCurrentProcessId
SystemTimeToFileTime
GlobalMemoryStatusEx
CreateProcessW
SetThreadExecutionState
GetModuleHandleW
CopyFileW
GetTempFileNameW
IsBadReadPtr
SetProcessWorkingSetSize
QueryPerformanceCounter
WideCharToMultiByte
SetThreadPriority
ExitThread
GetCurrentThread
SetThreadPriorityBoost
LoadLibraryW
GetCommandLineW
OpenEventW
CreateDirectoryW
SetProcessShutdownParameters
GetSystemTime
GetTickCount
SetUnhandledExceptionFilter
GetLastError
HeapSize
GetFileAttributesW
CreateFileW
WaitForSingleObject
InitializeCriticalSectionEx
WriteFile
HeapFree
ReadFile
GetHandleInformation
IsBadWritePtr
LocalFree
GetSystemDirectoryW
GetFileSize
ProcessIdToSessionId
SetLastError
DeleteCriticalSection
GetVersionExW
GetTempPathW
SetFilePointer
WriteConsoleW
GetConsoleCP
SetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
IsValidCodePage
FindFirstFileExW
FindClose
GetConsoleMode
SetFilePointerEx
LCMapStringW
GetStringTypeW
GetFileType
GetACP
GetStdHandle
GetModuleHandleExW
RtlUnwindEx
LoadLibraryExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
RtlPcToFileHeader
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
IsDebuggerPresent
GetExitCodeThread
ResumeThread
SuspendThread
Thread32Next
OpenThread
Thread32First
CreateToolhelp32Snapshot
GetCurrentThreadId
SetEndOfFile
InitializeCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
TerminateProcess
GetCurrentProcess
EnterCriticalSection
SetPriorityClass
CompareFileTime
SizeofResource
GetStartupInfoW
GetExitCodeProcess
GetFileTime
GetSystemTimeAsFileTime
GetProcessHeap
ExitProcess
GetProcAddress
WinExec
GetVolumeNameForVolumeMountPointW
MoveFileW
HeapDestroy
HeapAlloc
RaiseException
CloseHandle
GetModuleFileNameW
HeapReAlloc
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
LocalLock
LocalUnlock
GetPriorityClass
GetThreadPriority
CreateMutexW
ReleaseMutex
GetTimeFormatW
GetDateFormatW
GetLocaleInfoW
SetProcessPriorityBoost
GetProcessPriorityBoost
GetProcessTimes
GetProcessAffinityMask
GetUserDefaultUILanguage
lstrlenW
FindNextFileW
FindFirstFileW
GetLocalTime
FlushFileBuffers
OpenMutexW
FreeLibrary
SetProcessAffinityMask
RemoveDirectoryW

user32

InvalidateRect
LoadImageW
SetForegroundWindow
ReleaseDC
DialogBoxParamW
KillTimer
GetDlgItem
GetDlgItemTextW
GetCursorPos
EnableWindow
CheckDlgButton
UpdateWindow
SetDlgItemTextW
SetActiveWindow
SetTimer
GetWindowLongPtrW
SetWindowTextW
EndDialog
SendMessageW
SetWindowLongPtrW
MessageBoxW
PostMessageW
EndPaint
GetMessageW
LoadAcceleratorsW
DispatchMessageW
TranslateAcceleratorW
TranslateMessage
IsIconic
LoadStringW
SetDlgItemInt
IsWindowEnabled
IsDlgButtonChecked
GetDlgItemInt
GetWindowTextW
SetDlgItemTextA
GetMenuItemInfoW
DefWindowProcW
LoadMenuW
CallWindowProcW
GetWindowRect
GetMenu
DestroyWindow
GetDC
IsWindowVisible
SetWindowPos
EnumChildWindows
FillRect
CreateWindowExW
DeleteMenu
ScreenToClient
CreatePopupMenu
RegisterClassExW
TrackPopupMenu
GetSubMenu
ShowWindow
RedrawWindow
DestroyIcon
GetWindowInfo
ClientToScreen
SetMenuItemInfoW
TrackMouseEvent
GetSysColor
LoadBitmapW
DestroyMenu
SetLayeredWindowAttributes
SetFocus
LoadIconW
FindWindowW
LoadCursorW
DrawMenuBar
GetWindowDC
CheckMenuItem
GetClientRect
AppendMenuW
DrawFocusRect
PostQuitMessage
GetSysColorBrush
EnableMenuItem
SystemParametersInfoW
RegisterWindowMessageW
GetWindowThreadProcessId
SetRect
GetActiveWindow
GetLastActivePopup
MessageBeep
DrawIcon
GetDialogBaseUnits
GetSystemMetrics
DrawTextW
IsWindow
GetClassNameW
GetSystemMenu
MoveWindow
GetParent
WinHelpW
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetAsyncKeyState
GetWindow
CreateDialogIndirectParamW
PeekMessageW
IsDialogMessageW
WaitMessage
EnumWindows
BeginPaint

gdi32

BitBlt
CreateCompatibleBitmap
SelectObject
CreateCompatibleDC
CreateFontW
DeleteDC
TextOutW
GetTextExtentPoint32W
SetTextColor
SetBkMode
DeleteObject
CreateSolidBrush
CreateFontIndirectW
CreateDCW
SetBkColor
ExtTextOutW
GetTextMetricsW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

RegDeleteValueW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegSetValueExW
GetUserNameW
RegQueryValueExW
RegOpenKeyExW
RegDeleteKeyW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
DuplicateTokenEx
SetTokenInformation
GetLengthSid
EnumServicesStatusExW
ControlService
QueryServiceStatus
CreateProcessAsUserW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
StartServiceW
LookupAccountSidW
QueryServiceConfigW

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetDesktopFolder
ExtractAssociatedIconW
DragQueryFileW
ShellExecuteW
DragAcceptFiles
DragFinish
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
Shell_NotifyIconW

ole32

CoInitialize
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoInitializeEx

oleaut32

SysFreeString
VariantClear
VariantInit
SysAllocString

pdh

PdhGetFormattedCounterValue
PdhCloseQuery
PdhAddCounterW
PdhOpenQueryW
PdhCollectQueryData

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

shlwapi

SHDeleteKeyW

dbghelp

MiniDumpWriteDump

wevtapi

EvtSeek
EvtRender
EvtNext
EvtQuery
EvtCreateBookmark
EvtClose
EvtUpdateBookmark

rpcrt4

UuidFromStringW

Sections

.text
Size: 926KB - Virtual size: 926KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 249KB - Virtual size: 248KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ProcessLassoLauncher.exe
.exe windows:5 windows x64 arch:x64

55df2fe730fa82825a13f6f221cc907d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

2d:16:1b:a1:25:e8:14:8c:56:c4:98:78:44:86:3b:15:37:51:f8:b5:c1:1d:c5:10:21:66:24:1f:f1:2b:e7:33
Signer

Actual PE Digest

2d:16:1b:a1:25:e8:14:8c:56:c4:98:78:44:86:3b:15:37:51:f8:b5:c1:1d:c5:10:21:66:24:1f:f1:2b:e7:33

Digest Algorithm

sha256

PE Digest Matches

true

88:6e:ff:3b:fd:19:0e:76:51:5b:eb:7a:d8:4b:83:7f:01:eb:9c:cb
Signer

Actual PE Digest

88:6e:ff:3b:fd:19:0e:76:51:5b:eb:7a:d8:4b:83:7f:01:eb:9c:cb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\pl\output\ProcessLassoLauncher.pdb

Imports

kernel32

CreateFileW
CloseHandle
GetVersionExW
GetCurrentProcess
GetStartupInfoW
CreateProcessW
GetCurrentProcessId
OpenProcess
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetHandleInformation
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
OutputDebugStringW
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
GetLocaleInfoW
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
EncodePointer
RtlUnwindEx
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
GetUserDefaultUILanguage
GetModuleFileNameW
WriteFile
lstrlenW
SetLastError
ReadFile
DeleteCriticalSection
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
GetModuleHandleW
ExitProcess
UnhandledExceptionFilter

user32

GetWindowLongPtrW
SetTimer
DrawFocusRect
GetSysColor
GetDialogBaseUnits
GetDlgItem
KillTimer
DialogBoxParamW
LoadImageW
EndDialog
SendMessageW
SetWindowLongPtrW
SetActiveWindow
MessageBoxW
PostMessageW
FindWindowW
SetWindowPos

gdi32

BitBlt
SelectObject
ExtTextOutW
DeleteObject
SetBkColor
SetTextColor
DeleteDC
CreateCompatibleDC
GetTextMetricsW

advapi32

GetSidSubAuthority
GetSidSubAuthorityCount
GetTokenInformation
RegQueryValueExW
RegSetValueExW
RegCreateKeyExW
RegCloseKey
OpenProcessToken

shell32

ShellExecuteExW

Sections

.text
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 45KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
QuickUpgrade.exe
.exe windows:5 windows x64 arch:x64

34072a35891e26b88fc98a26d2d4d1e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\pl\output\QuickUpgrade.pdb

Imports

kernel32

RaiseException
MultiByteToWideChar
LoadLibraryW
GetCommandLineW
GetModuleHandleW
SetCurrentDirectoryW
GetLastError
CreateProcessW
GetStartupInfoW
OpenEventW
SetEvent
CreateEventW
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
Sleep
CreateThread
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
IsBadWritePtr
GetSystemInfo
ReadFile
GetSystemTimeAsFileTime
ExitProcess
GetExitCodeProcess
RemoveDirectoryW
DeleteFileW
WaitForSingleObject
CloseHandle
WriteFile
CreateFileW
CreateDirectoryW
GetTempPathW
GetProcessHeap
GetVersionExW
GetModuleFileNameW
GetCurrentProcess
GetCurrentProcessId
OpenProcess
SetLastError
GetProcAddress
HeapAlloc
WideCharToMultiByte
GetHandleInformation
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
FreeLibrary
TerminateThread
TerminateProcess
GetProcessTimes
lstrlenW
GetUserDefaultUILanguage
GetLocaleInfoW
IsDebuggerPresent
OutputDebugStringW
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwindEx
GetModuleHandleExW
GetStdHandle
GetCommandLineA
GetACP
GetFileType
GetStringTypeW
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
HeapFree
HeapReAlloc
HeapSize
HeapDestroy

user32

SetWindowPos
GetWindow
EnumWindows
LoadImageW
DrawFocusRect
SetActiveWindow
GetWindowThreadProcessId
GetDialogBaseUnits
GetSysColor
MessageBoxW
DialogBoxParamW
SetDlgItemTextW
SendMessageW
GetDlgItem
EndDialog
SetWindowLongPtrW
EnableWindow
ShowWindow
CreateWindowExW
KillTimer
PostMessageW
GetWindowLongPtrW
SetTimer
LoadStringW

shell32

ShellExecuteExW

ole32

CoInitialize

oleaut32

SysAllocString
SysFreeString

wininet

InternetOpenW
InternetReadFile
InternetOpenUrlW
InternetCloseHandle

gdi32

BitBlt
CreateCompatibleDC
GetTextMetricsW
ExtTextOutW
SetTextColor
SetBkColor
DeleteObject
DeleteDC
SelectObject

advapi32

OpenProcessToken
RegCreateKeyExW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority

Sections

.text
Size: 158KB - Virtual size: 158KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ThreadRacer.exe
.exe windows:5 windows x64 arch:x64

6bb9526f0916ce7a33f12c13fd445049

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

fe:7c:2d:89:8b:61:89:ac:88:c9:8d:14:e2:b3:84:56:e5:67:20:46:c8:0e:1b:81:c0:4f:b5:4c:d3:cd:45:b1
Signer

Actual PE Digest

fe:7c:2d:89:8b:61:89:ac:88:c9:8d:14:e2:b3:84:56:e5:67:20:46:c8:0e:1b:81:c0:4f:b5:4c:d3:cd:45:b1

Digest Algorithm

sha256

PE Digest Matches

true

17:80:89:ef:63:50:22:95:67:78:e5:34:54:06:11:76:90:55:b6:c5
Signer

Actual PE Digest

17:80:89:ef:63:50:22:95:67:78:e5:34:54:06:11:76:90:55:b6:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\pl\output\ThreadRacer.exe.pdb

Imports

kernel32

OutputDebugStringA
CreateEventW
CloseHandle
Sleep
WaitForSingleObject
SetEvent
SetThreadPriority
SetThreadAffinityMask
GetCurrentThread
CreateThread
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
GetLastError
RaiseException
LocalFree
GetVersionExW
GetModuleFileNameW
CreateFileW
GetCurrentProcess
GetStartupInfoW
GetCurrentProcessId
SetLastError
MultiByteToWideChar
WideCharToMultiByte
ReadFile
lstrlenW
FindResourceExW
GetUserDefaultUILanguage
GetLocaleInfoW
GetSystemInfo
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
FreeLibrary
GetSystemTimeAsFileTime
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
LocalLock
LocalUnlock
IsBadWritePtr
IsDebuggerPresent
OutputDebugStringW
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
GetModuleHandleExW
GetStdHandle
GetACP
GetFileType
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
WriteConsoleW
FindResourceW
GetModuleHandleW
LoadLibraryW
SizeofResource
LoadResource
ExitProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
WriteFile
LockResource

user32

UpdateWindow
GetWindowRect
RedrawWindow
SetRect
GetActiveWindow
GetLastActivePopup
MessageBeep
DrawIcon
SystemParametersInfoW
GetSystemMetrics
DrawTextW
LoadIconW
DestroyIcon
IsWindow
GetClassNameW
EnableMenuItem
GetSystemMenu
SetFocus
SetForegroundWindow
MoveWindow
GetParent
SetWindowTextW
WinHelpW
OpenClipboard
EmptyClipboard
CallWindowProcW
CloseClipboard
GetAsyncKeyState
GetWindow
CreateDialogIndirectParamW
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
WaitMessage
PostQuitMessage
DestroyWindow
SetActiveWindow
SetWindowLongPtrW
GetWindowLongPtrW
DrawFocusRect
GetSysColor
GetDialogBaseUnits
KillTimer
LoadImageW
GetWindowTextW
ShowWindow
GetDC
ReleaseDC
EndPaint
FillRect
BeginPaint
CreateWindowExW
IsWindowEnabled
PostMessageW
CheckDlgButton
SetClipboardData
MessageBoxW
LoadStringW
SendMessageW
DialogBoxParamW
EndDialog
GetClientRect
EnableWindow
SetTimer
IsDlgButtonChecked
GetDlgItemTextW
SetDlgItemTextW
SetDlgItemInt
GetDlgItem
SetWindowPos

ole32

CoInitialize

comctl32

InitCommonControlsEx

pdh

PdhAddCounterW
PdhOpenQueryW
PdhCollectQueryData
PdhGetFormattedCounterValue

gdi32

DeleteObject
GetTextExtentPoint32W
CreateFontIndirectW
CreateDCW
CreateFontW
CreateSolidBrush
BitBlt
SelectObject
CreateCompatibleDC
GetTextMetricsW
DeleteDC
SetTextColor
SetBkColor
ExtTextOutW

advapi32

RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegSetValueExW
RegOpenKeyExW

Sections

.text
Size: 209KB - Virtual size: 209KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 226KB - Virtual size: 226KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TweakScheduler.exe
.exe windows:6 windows x64 arch:x64

41ad3c0d0a1035b68406a416af55236e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

af:41:6e:0f:91:51:3d:ff:99:58:59:ec:8f:de:93:d9:13:00:bf:26:eb:9b:ab:90:e6:29:43:1c:b1:14:44:31
Signer

Actual PE Digest

af:41:6e:0f:91:51:3d:ff:99:58:59:ec:8f:de:93:d9:13:00:bf:26:eb:9b:ab:90:e6:29:43:1c:b1:14:44:31

Digest Algorithm

sha256

PE Digest Matches

true

97:3d:55:dd:a0:b8:5f:f5:4b:79:a8:4d:7b:e7:15:2c:fb:8c:fb:ac
Signer

Actual PE Digest

97:3d:55:dd:a0:b8:5f:f5:4b:79:a8:4d:7b:e7:15:2c:fb:8c:fb:ac

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\pl\output\TweakScheduler.exe.bsc

Imports

comctl32

InitCommonControlsEx

kernel32

OutputDebugStringW
GetVersionExW
GetCurrentProcess
GetFileTime
GetSystemTimeAsFileTime
CreateThread
CloseHandle
Sleep
CreateFileW
GetModuleHandleW
ExitProcess
LoadLibraryW
InitializeCriticalSectionEx
GetProcessHeap
DeleteCriticalSection
HeapDestroy
DecodePointer
HeapAlloc
FindResourceW
LoadResource
FindResourceExW
GetSystemInfo
RaiseException
HeapReAlloc
LockResource
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
HeapFree
LocalFree
FormatMessageW
GetFileAttributesW
GetShortPathNameW
GetLongPathNameW
GetModuleFileNameW
GetFileSize
GetStartupInfoW
CreateProcessW
ProcessIdToSessionId
OpenEventW
WaitForSingleObject
GetCurrentProcessId
OpenProcess
SetLastError
GetProcAddress
SizeofResource
GetVolumeNameForVolumeMountPointW
MoveFileW
RemoveDirectoryW
CopyFileW
DeleteFileW
CreateDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetTickCount
ReadFile
lstrlenW
WriteFile
GetUserDefaultUILanguage
GetLocaleInfoW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
LocalLock
LocalUnlock
GetHandleInformation
WaitForMultipleObjects
EnterCriticalSection
TryEnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
GetACP
GetCurrentThread
GetFileType
GetStringTypeW
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FindClose
FindFirstFileExA
FindFirstFileExW
FindNextFileA
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEnvironmentVariableW
SetConsoleCtrlHandler
OutputDebugStringA
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
ReadConsoleW
WriteConsoleW
IsBadWritePtr
WinExec

user32

SetActiveWindow
SetWindowPos
SetRect
GetActiveWindow
GetLastActivePopup
MessageBeep
BeginPaint
DrawIcon
EndPaint
SystemParametersInfoW
GetSystemMetrics
DrawTextW
LoadIconW
DestroyIcon
FillRect
IsWindow
GetClassNameW
EnableMenuItem
GetSystemMenu
SetFocus
SetWindowLongPtrW
GetWindowRect
MoveWindow
SetTimer
WinHelpW
RedrawWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetAsyncKeyState
GetWindow
CreateDialogIndirectParamW
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
WaitMessage
PostQuitMessage
DestroyWindow
GetMenuItemInfoW
InvalidateRect
SetForegroundWindow
GetWindowLongPtrW
DrawFocusRect
GetSysColor
GetDialogBaseUnits
KillTimer
MessageBoxW
UnregisterClassW
LoadStringW
GetDlgItem
GetClientRect
LoadImageW
GetWindowTextW
GetWindowThreadProcessId
GetParent
PostMessageW
EndDialog
SetWindowTextW
ShowWindow
wvsprintfW
ExitWindowsEx
SetDlgItemTextW
IsDlgButtonChecked
CheckDlgButton
DialogBoxParamW
EnableWindow
CreateWindowExW
SendMessageW
FindWindowW

advapi32

RegSetValueExW
CreateProcessAsUserW
OpenSCManagerW
OpenServiceW
CloseServiceHandle
QueryServiceConfigW
ChangeServiceConfigW
NotifyBootConfigStatus
QueryServiceStatus
ControlService
StartServiceW
EnumServicesStatusExW
SetTokenInformation
DuplicateTokenEx
GetSidSubAuthority
GetSidSubAuthorityCount
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCloseKey
GetLengthSid
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW
RegEnumValueW
RegEnumKeyW
GetTokenInformation

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHChangeNotify
ShellExecuteW

oleaut32

SysFreeString
SysAllocString

wininet

InternetOpenW
InternetCloseHandle
InternetReadFile
InternetCanonicalizeUrlW
InternetOpenUrlW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

shlwapi

SHDeleteKeyW

gdi32

CreateFontIndirectW
CreateDCW
CreateSolidBrush
BitBlt
SelectObject
GetTextExtentPoint32W
GetTextMetricsW
DeleteDC
SetTextColor
SetBkColor
ExtTextOutW
DeleteObject
CreateCompatibleDC

Sections

.text
Size: 432KB - Virtual size: 432KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 476B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
_Start-ProcessLasso.bat
bitsumms.exe
.exe windows:5 windows x64 arch:x64

82a31c746bb035382c4ea309f3c3aec5

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

55:8b:a0:2b:d3:02:4c:b6:d2:05:ad:0f:cb:0a:9a:e9:e3:f2:99:c1:05:5b:3b:8a:f1:6e:40:2d:92:3e:fe:26
Signer

Actual PE Digest

55:8b:a0:2b:d3:02:4c:b6:d2:05:ad:0f:cb:0a:9a:e9:e3:f2:99:c1:05:5b:3b:8a:f1:6e:40:2d:92:3e:fe:26

Digest Algorithm

sha256

PE Digest Matches

true

c4:39:61:e8:c2:ce:ce:ec:d2:5d:0b:c6:81:2a:7a:ea:46:26:1b:8a
Signer

Actual PE Digest

c4:39:61:e8:c2:ce:ce:ec:d2:5d:0b:c6:81:2a:7a:ea:46:26:1b:8a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\pl\output\MakeService.pdb

Imports

kernel32

GetModuleFileNameW
GetModuleHandleW
CreateFileW
GetCurrentProcess
GetStartupInfoW
GetCurrentProcessId
SetLastError
GetProcAddress
WideCharToMultiByte
RaiseException
DecodePointer
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
MultiByteToWideChar
GetCurrentDirectoryW
GetFileAttributesW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
Sleep
GetLastError
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
OutputDebugStringW
ReadConsoleW
CloseHandle
LeaveCriticalSection
EnterCriticalSection
SetStdHandle
WriteConsoleW
SetFilePointerEx
ReadFile
GetConsoleMode
GetConsoleCP
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
EncodePointer
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
IsDebuggerPresent
SetEvent
ResetEvent
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
TerminateProcess
RtlPcToFileHeader
RtlUnwindEx
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetFileType

advapi32

DeleteService
CreateServiceW
StartServiceW
ControlService
QueryServiceStatus
CloseServiceHandle
OpenServiceW
OpenSCManagerW

Sections

.text
Size: 163KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 87KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 1024B - Virtual size: 768B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
plActivate.exe
.exe windows:5 windows x64 arch:x64

1956925c7a27ad694a6f24bacd86f4c4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\pl\output\plActivate.pdb

Imports

kernel32

MultiByteToWideChar
WideCharToMultiByte
GetVersionExW
GetModuleFileNameW
GetModuleHandleW
GetCurrentProcess
GetStartupInfoW
GetCurrentProcessId
SetLastError
GetProcAddress
GetTickCount
ExitProcess
EnterCriticalSection
LeaveCriticalSection
ReadFile
lstrlenW
WriteFile
GetUserDefaultUILanguage
GetLocaleInfoW
IsDebuggerPresent
OutputDebugStringW
SetEvent
GetSystemTimeAsFileTime
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwindEx
GetModuleHandleExW
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
GetStringTypeW
GetFileType
CompareStringW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
CloseHandle
CreateFileW
Sleep
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
IsBadWritePtr
GetSystemInfo
GetProcessHeap
DeleteCriticalSection
HeapDestroy
HeapAlloc
RaiseException
HeapReAlloc
GetLastError
HeapSize
InitializeCriticalSectionAndSpinCount
ResetEvent
HeapFree

user32

LoadImageW
GetDlgItem
DialogBoxParamW
SetWindowLongPtrW
SendMessageW
MessageBoxW
KillTimer
GetDialogBaseUnits
GetSysColor
DrawFocusRect
SetTimer
GetWindowLongPtrW
EndDialog
SetActiveWindow
SetWindowPos

wininet

InternetCanonicalizeUrlW
InternetOpenUrlW
InternetCloseHandle
InternetReadFile
InternetOpenW

gdi32

BitBlt
SelectObject
CreateCompatibleDC
GetTextMetricsW
DeleteDC
SetTextColor
SetBkColor
DeleteObject
ExtTextOutW

advapi32

RegCreateKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
pl_rsrc_chinese.dll
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

9b:3e:f2:fe:1b:bb:bf:8e:5c:fa:12:08:c0:95:ce:8c:a1:49:7d:e0:67:c1:2f:b2:ae:8b:91:e4:29:7e:3c:5a
Signer

Actual PE Digest

9b:3e:f2:fe:1b:bb:bf:8e:5c:fa:12:08:c0:95:ce:8c:a1:49:7d:e0:67:c1:2f:b2:ae:8b:91:e4:29:7e:3c:5a

Digest Algorithm

sha256

PE Digest Matches

true

73:41:bd:81:d1:f7:09:64:81:cf:f3:56:38:10:2c:67:8e:81:27:80
Signer

Actual PE Digest

73:41:bd:81:d1:f7:09:64:81:cf:f3:56:38:10:2c:67:8e:81:27:80

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese.pdb

Sections

.rdata
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pl_rsrc_chinese_traditional.dll
.dll windows:5 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

51:d6:af:73:e3:80:6a:28:df:2b:3c:c2:50:19:60:9c:7e:92:38:d8:8b:b6:6f:08:d8:f3:05:41:48:60:96:b8
Signer

Actual PE Digest

51:d6:af:73:e3:80:6a:28:df:2b:3c:c2:50:19:60:9c:7e:92:38:d8:8b:b6:6f:08:d8:f3:05:41:48:60:96:b8

Digest Algorithm

sha256

PE Digest Matches

true

ce:0c:86:8c:c6:09:80:4f:06:73:6d:c1:bc:fb:a8:3b:8b:3d:9d:87
Signer

Actual PE Digest

ce:0c:86:8c:c6:09:80:4f:06:73:6d:c1:bc:fb:a8:3b:8b:3d:9d:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\dev\projs\ProcessSupervisor\output\pl_rsrc_chinese_traditional.pdb

Sections

.rdata
Size: 512B - Virtual size: 312B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pl_rsrc_english.dll
.dll windows:6 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

79:84:60:71:9f:53:e3:53:29:dc:2f:9a:4a:a7:de:3a:9e:ad:9a:9d:e6:4b:a7:14:07:99:cd:0b:31:1f:96:be
Signer

Actual PE Digest

79:84:60:71:9f:53:e3:53:29:dc:2f:9a:4a:a7:de:3a:9e:ad:9a:9d:e6:4b:a7:14:07:99:cd:0b:31:1f:96:be

Digest Algorithm

sha256

PE Digest Matches

true

4b:56:94:29:74:40:af:e8:d9:f1:33:24:71:4e:ba:87:0f:31:c1:00
Signer

Actual PE Digest

4b:56:94:29:74:40:af:e8:d9:f1:33:24:71:4e:ba:87:0f:31:c1:00

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.rdata
Size: 512B - Virtual size: 112B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pl_rsrc_finnish.dll
.dll windows:6 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

c1:ae:c9:2c:1b:04:01:e8:77:0d:fd:c1:6b:89:71:4c:19:c0:53:82:ee:e1:9a:21:cc:91:fc:3e:95:0b:99:92
Signer

Actual PE Digest

c1:ae:c9:2c:1b:04:01:e8:77:0d:fd:c1:6b:89:71:4c:19:c0:53:82:ee:e1:9a:21:cc:91:fc:3e:95:0b:99:92

Digest Algorithm

sha256

PE Digest Matches

true

9c:68:31:1e:34:72:3b:d8:02:f1:e8:11:fb:22:a0:df:e5:9e:7c:83
Signer

Actual PE Digest

9c:68:31:1e:34:72:3b:d8:02:f1:e8:11:fb:22:a0:df:e5:9e:7c:83

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\pl\output\pl_rsrc_finnish.pdb

Sections

.rdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pl_rsrc_french.dll
.dll windows:6 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3a:21:e3:32:a7:93:c5:7e:f8:16:ed:19:e0:99:54:db:18:3e:ce:64:4e:e3:a4:77:99:37:82:72:dc:c5:82:f0
Signer

Actual PE Digest

3a:21:e3:32:a7:93:c5:7e:f8:16:ed:19:e0:99:54:db:18:3e:ce:64:4e:e3:a4:77:99:37:82:72:dc:c5:82:f0

Digest Algorithm

sha256

PE Digest Matches

true

af:ec:c5:91:7f:13:32:ca:81:6b:7a:bf:4a:66:cc:44:8e:ad:a6:ab
Signer

Actual PE Digest

af:ec:c5:91:7f:13:32:ca:81:6b:7a:bf:4a:66:cc:44:8e:ad:a6:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\pl\output\pl_rsrc_french.pdb

Sections

.rdata
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pl_rsrc_german.dll
.dll windows:6 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

0f:36:e1:75:19:45:bc:e0:5a:70:3a:0c:7f:ce:ee:b9:37:7e:2a:ce:28:03:3d:ca:04:22:73:22:29:be:c6:25
Signer

Actual PE Digest

0f:36:e1:75:19:45:bc:e0:5a:70:3a:0c:7f:ce:ee:b9:37:7e:2a:ce:28:03:3d:ca:04:22:73:22:29:be:c6:25

Digest Algorithm

sha256

PE Digest Matches

true

ab:87:7c:cb:6e:2f:48:60:a1:dc:73:de:b9:4f:0d:20:b7:01:21:44
Signer

Actual PE Digest

ab:87:7c:cb:6e:2f:48:60:a1:dc:73:de:b9:4f:0d:20:b7:01:21:44

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\pl\output\pl_rsrc_german.pdb

Sections

.rdata
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pl_rsrc_italian.dll
.dll windows:6 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

5c:48:f6:72:89:89:48:e3:68:3c:10:7a:5b:f6:bb:66:99:63:3e:95:3e:ce:7a:99:da:d1:a7:e4:67:a4:94:95
Signer

Actual PE Digest

5c:48:f6:72:89:89:48:e3:68:3c:10:7a:5b:f6:bb:66:99:63:3e:95:3e:ce:7a:99:da:d1:a7:e4:67:a4:94:95

Digest Algorithm

sha256

PE Digest Matches

true

16:f5:d8:74:b4:27:db:b0:29:03:c9:be:d0:fb:52:fa:3c:6a:3e:c4
Signer

Actual PE Digest

16:f5:d8:74:b4:27:db:b0:29:03:c9:be:d0:fb:52:fa:3c:6a:3e:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\pl\output\pl_rsrc_italian.pdb

Sections

.rdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pl_rsrc_japanese.dll
.dll windows:6 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

52:aa:e5:b7:e0:6b:3b:e7:3c:ca:71:55:38:e1:60:77:a5:3b:35:fa:f8:e1:e8:bb:d8:ee:9a:52:db:6c:9b:9f
Signer

Actual PE Digest

52:aa:e5:b7:e0:6b:3b:e7:3c:ca:71:55:38:e1:60:77:a5:3b:35:fa:f8:e1:e8:bb:d8:ee:9a:52:db:6c:9b:9f

Digest Algorithm

sha256

PE Digest Matches

true

87:95:28:a3:ce:10:cc:e4:b4:c4:11:3a:e8:14:20:b6:be:70:b5:43
Signer

Actual PE Digest

87:95:28:a3:ce:10:cc:e4:b4:c4:11:3a:e8:14:20:b6:be:70:b5:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\pl\output\pl_rsrc_japanese.pdb

Sections

.rdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pl_rsrc_polish.dll
.dll windows:6 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

bf:67:5c:9d:09:33:e6:53:3b:1b:86:bb:e8:7a:c2:92:08:18:67:ee:f3:06:4e:ed:6b:de:6c:98:5d:14:a5:eb
Signer

Actual PE Digest

bf:67:5c:9d:09:33:e6:53:3b:1b:86:bb:e8:7a:c2:92:08:18:67:ee:f3:06:4e:ed:6b:de:6c:98:5d:14:a5:eb

Digest Algorithm

sha256

PE Digest Matches

true

6e:60:d2:44:31:e7:a3:b2:c6:38:11:5a:60:f7:f9:39:67:3c:27:c4
Signer

Actual PE Digest

6e:60:d2:44:31:e7:a3:b2:c6:38:11:5a:60:f7:f9:39:67:3c:27:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\pl\output\pl_rsrc_polish.pdb

Sections

.rdata
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pl_rsrc_ptbr.dll
.dll windows:6 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

df:9e:7e:59:15:01:34:85:6e:3d:96:11:69:2c:64:65:20:71:5d:1a:00:be:e1:4a:9f:13:dc:48:0b:46:1b:c6
Signer

Actual PE Digest

df:9e:7e:59:15:01:34:85:6e:3d:96:11:69:2c:64:65:20:71:5d:1a:00:be:e1:4a:9f:13:dc:48:0b:46:1b:c6

Digest Algorithm

sha256

PE Digest Matches

true

8e:9b:ca:ff:c4:1f:34:40:6d:48:4c:f1:50:a5:a6:d1:45:2a:25:89
Signer

Actual PE Digest

8e:9b:ca:ff:c4:1f:34:40:6d:48:4c:f1:50:a5:a6:d1:45:2a:25:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\pl\output\pl_rsrc_ptbr.pdb

Sections

.rdata
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pl_rsrc_russian.dll
.dll windows:6 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f1:89:20:8e:28:39:45:55:f7:6e:1d:c6:2d:a1:44:8e:e9:4c:de:2f:95:c5:e8:bd:67:15:76:e9:52:93:56:ab
Signer

Actual PE Digest

f1:89:20:8e:28:39:45:55:f7:6e:1d:c6:2d:a1:44:8e:e9:4c:de:2f:95:c5:e8:bd:67:15:76:e9:52:93:56:ab

Digest Algorithm

sha256

PE Digest Matches

true

cb:8b:41:76:28:09:a6:44:9f:ba:73:30:ad:20:02:12:8e:7c:8c:06
Signer

Actual PE Digest

cb:8b:41:76:28:09:a6:44:9f:ba:73:30:ad:20:02:12:8e:7c:8c:06

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\pl\output\pl_rsrc_russian.pdb

Sections

.rdata
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
pl_rsrc_spanish.dll
.dll windows:6 windows x64 arch:x64

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

ec:c7:38:1a:f3:eb:ce:6b:7e:99:02:77:85:6b:20:06:96:4f:91:bd:3a:4f:f0:62:e7:d8:91:14:36:76:32:86
Signer

Actual PE Digest

ec:c7:38:1a:f3:eb:ce:6b:7e:99:02:77:85:6b:20:06:96:4f:91:bd:3a:4f:f0:62:e7:d8:91:14:36:76:32:86

Digest Algorithm

sha256

PE Digest Matches

true

f5:1b:df:1a:6e:93:63:5b:75:dc:08:fd:91:dc:61:99:3a:66:b2:7e
Signer

Actual PE Digest

f5:1b:df:1a:6e:93:63:5b:75:dc:08:fd:91:dc:61:99:3a:66:b2:7e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\pl\output\pl_rsrc_spanish.pdb

Sections

.rdata
Size: 512B - Virtual size: 248B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
srvstub.exe
.exe windows:5 windows x64 arch:x64

a94872fdfb34833dae59fe8d5850149d

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

4a:55:4a:ed:88:69:32:96:52:55:b7:a5:4a:13:d0:af:4d:45:8a:80:15:b9:18:f8:50:bf:af:cd:ae:15:56:71
Signer

Actual PE Digest

4a:55:4a:ed:88:69:32:96:52:55:b7:a5:4a:13:d0:af:4d:45:8a:80:15:b9:18:f8:50:bf:af:cd:ae:15:56:71

Digest Algorithm

sha256

PE Digest Matches

true

7b:93:01:b4:7c:f5:43:07:c4:ba:ce:e0:c9:62:d6:f4:12:03:3b:ab
Signer

Actual PE Digest

7b:93:01:b4:7c:f5:43:07:c4:ba:ce:e0:c9:62:d6:f4:12:03:3b:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\pl\output\srvstub.pdb

Imports

kernel32

GetCurrentProcess
TerminateProcess
GetExitCodeProcess
CreateThread
ExitThread
SetEvent
WaitForSingleObject
WaitForMultipleObjects
Sleep
LoadResource
SizeofResource
CloseHandle
CreateEventA
GetProcessHeap
CreateProcessA
GetStartupInfoA
FindResourceW
FindResourceExW
WideCharToMultiByte
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
WriteConsoleW
SetFilePointerEx
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
OpenEventA
LockResource
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
RtlUnwindEx
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
SetLastError
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
CompareStringW
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
GetFileType
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
CreateFileW

advapi32

SetServiceStatus
RegisterServiceCtrlHandlerA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
StartServiceCtrlDispatcherA

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 196B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
start-governor.bat
stop-governor.bat
testlasso.exe
.exe windows:5 windows x64 arch:x64

33aaa9cdd433545986103fff2e151a8e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

cc:2b:58:0d:53:3e:eb:2b:4f:7d:d3:42:d2:b6:a2:e1:2c:a1:45:51:05:dc:06:10:1a:51:56:fe:39:eb:e5:48
Signer

Actual PE Digest

cc:2b:58:0d:53:3e:eb:2b:4f:7d:d3:42:d2:b6:a2:e1:2c:a1:45:51:05:dc:06:10:1a:51:56:fe:39:eb:e5:48

Digest Algorithm

sha256

PE Digest Matches

true

ed:fa:75:80:ec:aa:9b:a4:36:cd:62:ec:bb:5d:ad:be:85:4c:1c:27
Signer

Actual PE Digest

ed:fa:75:80:ec:aa:9b:a4:36:cd:62:ec:bb:5d:ad:be:85:4c:1c:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\pl\output\testlasso.pdb

Imports

kernel32

HeapFree
InitializeCriticalSectionAndSpinCount
HeapSize
GetLastError
HeapReAlloc
RaiseException
HeapAlloc
DeleteCriticalSection
GetProcessHeap
Sleep
GetPriorityClass
GetCurrentProcess
SetThreadPriorityBoost
GetCurrentThread
SetProcessAffinityMask
CreateThread
WaitForMultipleObjects
TerminateThread
GetSystemInfo
WriteConsoleW
GetConsoleCP
FlushFileBuffers
CreateFileW
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
CloseHandle
CreateEventW
GetModuleHandleW
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlPcToFileHeader
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwindEx
SetLastError
TerminateProcess
ExitProcess
GetModuleHandleExW
GetModuleFileNameW
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
CompareStringW
LCMapStringW
GetFileType
GetStringTypeW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
SetFilePointerEx

Sections

.text
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
vistammsc.exe
.exe windows:5 windows x64 arch:x64

a752a2da40241ef2e1a69068f56889d1

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

04/03/2014, 00:00

Not After

03/03/2024, 23:59

Subject

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

Issuer

CN=Symantec Class 3 Extended Validation Code Signing CA - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

29/01/2016, 00:00

Not After

28/01/2019, 23:59

Subject

SERIALNUMBER=000681038,CN=Bitsum LLC,O=Bitsum LLC,L=Morristown,ST=Tennessee,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130954656e6e6573736565,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

82:a1:21:35:ec:02:f1:46:3c:f1:1f:40:0b:34:05:1c:20:d1:59:9e:4d:62:8e:57:44:f7:27:da:16:c2:a6:bc
Signer

Actual PE Digest

82:a1:21:35:ec:02:f1:46:3c:f1:1f:40:0b:34:05:1c:20:d1:59:9e:4d:62:8e:57:44:f7:27:da:16:c2:a6:bc

Digest Algorithm

sha256

PE Digest Matches

true

00:03:4f:00:78:42:f0:a7:04:2c:ec:30:06:65:de:27:ad:97:da:2b
Signer

Actual PE Digest

00:03:4f:00:78:42:f0:a7:04:2c:ec:30:06:65:de:27:ad:97:da:2b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\pl\output\vistammsc.exe.pdb

Imports

comctl32

InitCommonControlsEx

shell32

ShellExecuteW

kernel32

GetExitCodeProcess
WaitForSingleObject
CreateProcessW
GetStartupInfoW
GetWindowsDirectoryW
GetVersionExW
OutputDebugStringW
MultiByteToWideChar
DeleteCriticalSection
RaiseException
GetLastError
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
CloseHandle
CreateFileW
GetModuleHandleW
ExitProcess
LoadLibraryW
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
WideCharToMultiByte
LocalFree
GetModuleFileNameW
GetCurrentProcess
SetLastError
GetProcAddress
ReadFile
lstrlenW
WriteFile
GetUserDefaultUILanguage
GetLocaleInfoW
MulDiv
GlobalAlloc
GlobalLock
GlobalUnlock
LocalAlloc
LocalLock
LocalUnlock
EnterCriticalSection
LeaveCriticalSection
IsDebuggerPresent
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentThreadId
InitializeSListHead
RtlPcToFileHeader
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
RtlUnwindEx
GetModuleHandleExW
GetStdHandle
GetACP
GetFileType
GetStringTypeW
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointerEx
FlushFileBuffers
WriteConsoleW
GetSystemInfo
GetCurrentProcessId

user32

SetActiveWindow
SetWindowPos
SetRect
GetActiveWindow
GetLastActivePopup
MessageBeep
BeginPaint
DrawIcon
EndPaint
SystemParametersInfoW
GetSystemMetrics
DrawTextW
LoadIconW
DestroyIcon
FillRect
IsWindow
GetClassNameW
EnableMenuItem
GetSystemMenu
CheckDlgButton
SetFocus
SetForegroundWindow
SetTimer
MoveWindow
SetWindowLongPtrW
SetWindowTextW
GetWindowTextW
RedrawWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetAsyncKeyState
GetWindow
CreateDialogIndirectParamW
PeekMessageW
IsDialogMessageW
TranslateMessage
DispatchMessageW
WaitMessage
PostQuitMessage
DestroyWindow
IsWindowEnabled
IsDlgButtonChecked
DrawFocusRect
GetSysColor
GetDialogBaseUnits
KillTimer
GetParent
GetWindowLongPtrW
GetWindowRect
LoadImageW
MessageBoxW
LoadStringW
GetDlgItem
SendMessageW
CreateWindowExW
GetClientRect
WinHelpW
EndDialog
EnableWindow
ShowWindow
PostMessageW
GetDlgItemInt
GetDlgItemTextW
SetDlgItemInt
SetDlgItemTextW
DialogBoxParamW

comdlg32

GetSaveFileNameW

advapi32

RegEnumKeyExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCloseKey
RegQueryValueExW
RegCreateKeyExW

gdi32

CreateFontIndirectW
CreateDCW
CreateSolidBrush
BitBlt
SelectObject
GetTextExtentPoint32W
GetTextMetricsW
DeleteDC
SetTextColor
SetBkColor
ExtTextOutW
DeleteObject
CreateCompatibleDC

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 54KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 228B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

958f93953afae695d8ca06065b288459

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1fCertificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1fCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

d5:20:a7:3f:e4:8d:37:5f:b8:52:d7:7a:ba:75:ec:10:3d:ec:90:dc:a0:0e:71:f2:86:23:62:09:3e:54:1f:b7Signer

66:4a:4c:ab:4a:6b:f6:cc:8c:3c:c4:73:80:4e:da:b0:7b:74:3f:ddSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

comctl32

kernel32

user32

gdi32

oleaut32

shlwapi

advapi32

shell32

ole32

Sections

.text Size: 359KB - Virtual size: 358KB

.rdata Size: 78KB - Virtual size: 77KB

.data Size: 4KB - Virtual size: 26KB

.pdata Size: 13KB - Virtual size: 12KB

.gfids Size: 512B - Virtual size: 252B

.tls Size: 512B - Virtual size: 9B

.rsrc Size: 72KB - Virtual size: 72KB

.reloc Size: 2KB - Virtual size: 1KB

9112897f93335b0015a9b301e5f55785

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1fCertificate

Extended Key Usages

Key Usages

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49Certificate

Extended Key Usages

Key Usages

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1fCertificate

Extended Key Usages

Key Usages

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77Certificate

Extended Key Usages

Key Usages

56:6f:fc:5d:3f:64:50:43:aa:c9:c0:48:58:53:45:6c:46:6d:93:a5:19:5a:5a:3f:0e:34:ba:48:24:ae:5d:70Signer

7f:54:d9:73:dc:fc:12:d0:b3:ab:78:0c:67:11:cb:9e:6a:73:37:f0Signer

Headers

DLL Characteristics

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

d5:20:a7:3f:e4:8d:37:5f:b8:52:d7:7a:ba:75:ec:10:3d:ec:90:dc:a0:0e:71:f2:86:23:62:09:3e:54:1f:b7
Signer

66:4a:4c:ab:4a:6b:f6:cc:8c:3c:c4:73:80:4e:da:b0:7b:74:3f:dd
Signer

.text
Size: 359KB - Virtual size: 358KB

.rdata
Size: 78KB - Virtual size: 77KB

.data
Size: 4KB - Virtual size: 26KB

.pdata
Size: 13KB - Virtual size: 12KB

.gfids
Size: 512B - Virtual size: 252B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 72KB - Virtual size: 72KB

.reloc
Size: 2KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

56:6f:fc:5d:3f:64:50:43:aa:c9:c0:48:58:53:45:6c:46:6d:93:a5:19:5a:5a:3f:0e:34:ba:48:24:ae:5d:70
Signer

7f:54:d9:73:dc:fc:12:d0:b3:ab:78:0c:67:11:cb:9e:6a:73:37:f0
Signer

.text
Size: 415KB - Virtual size: 414KB

.rdata
Size: 88KB - Virtual size: 88KB

.data
Size: 17KB - Virtual size: 40KB

.pdata
Size: 15KB - Virtual size: 15KB

.gfids
Size: 512B - Virtual size: 252B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 227KB - Virtual size: 226KB

.reloc
Size: 2KB - Virtual size: 1KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

19:1a:32:cb:75:9c:97:b8:cf:ac:11:8d:d5:12:7f:49
Certificate

74:86:aa:00:50:d4:50:8b:72:a4:fb:cf:fd:5e:35:1f
Certificate

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

4e:cb:17:4d:16:e1:ea:db:8d:8e:b3:f6:82:87:45:64:5e:cc:5f:32:37:5c:82:5b:dd:71:82:43:1a:f1:d7:9b
Signer

96:09:b4:ed:6e:5c:d7:c0:ff:65:2f:c3:12:8f:ee:f2:90:91:5d:8c
Signer

.text
Size: 472KB - Virtual size: 472KB

.rdata
Size: 106KB - Virtual size: 105KB

.data
Size: 17KB - Virtual size: 55KB

.pdata
Size: 17KB - Virtual size: 17KB

.gfids
Size: 512B - Virtual size: 252B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 226KB - Virtual size: 226KB