New folder (2)[.]rar

Sharing

Copy URL Twitter E-mail

General

Target

New folder (2).rar
Size

86.7MB
MD5

01cef569dfb98a4180e4d289faca152d
SHA1

fe95129e15b9239b0bd72a4aae8da78b1a536216
SHA256

3c0f0376f2b50b40db7907aef87db50842ae4c92368730c2a1fd1f2578c89fea
SHA512

295f9689a1886e6d2c7b9ef333883375d9b63a38c3db39fa4f41e46435bf666ab11b73714d2697fe898304ab9d7bb41d6babef2a3d49f3f75b8fa2f6a9fb90ad
SSDEEP

1572864:JdlT1DmdI/YoykOYI+g7TQhiTFl8cjfiCEVP3KMh4Yf047/8v4qY5t:JdF1DmdeYWrI+g7TUiTzqn3rhA47/CY/

Score

1^/10

Malware Config

Signatures

Files

New folder (2).rar
.rar
New folder (2)/Crack/Readme.txt
New folder (2)/Crack/Registration.dll
.dll windows:6 windows x64 arch:x64

d3c473ff390ce5b60657d157ae1c19fb

Code Sign

05:96:37:35:c0:e0:1c:f3:7d:3e:39:31:40:eb:af:4b
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

19/12/2020, 00:00

Not After

21/12/2022, 23:59

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Premiere Pro\, AME\, After Effects\, Speedgrade,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b5:ed:cb:0d:db:52:e7:82:01:1d:5e:3e:68:15:6e:56:dc:72:89:35:4b:a7:5e:11:79:0a:89:3f:61:a2:ae:7d
Signer

Actual PE Digest

b5:ed:cb:0d:db:52:e7:82:01:1d:5e:3e:68:15:6e:56:dc:72:89:35:4b:a7:5e:11:79:0a:89:3f:61:a2:ae:7d

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\releases\dva\PremierePro\Registration\Targets\Win\Release\64\Registration.pdb

Imports

ws2_32

getnameinfo
WSACleanup
WSAStartup

prm

?GetIsHeadless@PRM@@YA_NXZ
?GetApplicationVersion@PRM@@YAPEBDXZ

aslfoundation

??0RegistryKey@ASL@@QEAA@XZ
?kPathSeparator@PathUtils@ASL@@3V?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@B
?SetLanguageString@ASL@@YAXAEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@@Z
?GetRegistryBaseKey@ASL@@YAAEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@XZ
?SetStringValue@RegistryKey@ASL@@QEAAHAEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@0@Z
?Create@RegistryKey@ASL@@QEAAHW4Type@RegistryRootKeys@2@AEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@@Z
??1RegistryKey@ASL@@QEAA@XZ
?ConstructDirectory@Directory@ASL@@SA?AV12@AEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@@Z
?RemoveTrailingSlash@PathUtils@ASL@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@AEBV34@@Z
?AddTrailingSlash@PathUtils@ASL@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@AEBV34@@Z
?ExistsOnDisk@PathUtils@ASL@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@_N@Z
?GetFullDirectoryPart@PathUtils@ASL@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@AEBV34@@Z
?GetContainedFilePaths@Directory@ASL@@QEBAXAEAV?$vector@V?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@U?$STLAllocator@V?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@@allocator@dvacore@@@std@@_NIV?$function@$$A6A_NXZ@boost@@@Z

mlfoundation

?IsSubscribedVersion@IRegistration@ML@@UEBA_NXZ
?GetIMSClientSecret@IRegistration@ML@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetIMSClientID@IRegistration@ML@@UEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?SetRegistrationServer@ML@@YAXV?$InterfaceRef@UIRegistration@ML@@@classref@dvacore@@@Z

uiframework

?GetPositionFromCommandID@MenuUtils@UIF@@YAHHV?$intrusive_ptr@VOS_Menu@utility@dvaui@@@boost@@@Z
?GetMainDVAMenu@MenuUtils@UIF@@YA?AV?$intrusive_ptr@VOS_Menu@utility@dvaui@@@boost@@XZ
?PostCommand@Commander@UIF@@QEAA_NAEBVCommand@2@@Z
?GetTarget@Commander@UIF@@SAPEAV12@XZ
??1Command@UIF@@QEAA@XZ
??0Command@UIF@@QEAA@H@Z
?UnregisterCommand@SyntheticCommand@UIF@@YAXAEBH@Z
?RegisterCommand@SyntheticCommand@UIF@@YAXAEBHAEBUSyntheticCommandInfo@2@@Z
?FindSubMenuWith@MenuUtils@UIF@@YA?AV?$intrusive_ptr@VOS_Menu@utility@dvaui@@@boost@@V34@H@Z
?AppendMenuCommand@MenuUtils@UIF@@YAXV?$intrusive_ptr@VOS_Menu@utility@dvaui@@@boost@@AEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@H_N@Z
?MakeID@SyntheticCommand@UIF@@YAHXZ

csxsmanager

?InitializeCCLibraries@CSXSManager@@YA_NAEBV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@0AEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@3@AEBV?$vector@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$allocator@V?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@2@@3@@Z
?SetUserID@CSXSManager@@YAXAEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@@Z
?SetPlugPlugNGLProfileData@CSXSManager@@YAXAEBV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@@Z

dvaappsupport

?IMSDeserializeResponse@dvaappsupport@@YAXAEBV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@AEAUIMSResponse@1@@Z
?RegisterLicenseInfo@LicenseInfo@dvaappsupport@@YAXAEBVLicenseInfoData@12@@Z
?RegisterUserID@LicenseInfo@dvaappsupport@@YAXV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@@Z
?RegisterHostBannerHandlerFunction@LicenseInfo@dvaappsupport@@YAXAEBV?$function@$$A6A_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@std@@@Z
?EnableRegulatedServices@feature@dvaappsupport@@YAXXZ
?SetEntitlementForFeatures@feature@dvaappsupport@@YAXW4FeatureEntitlement@12@@Z
?GetIsStagingEnvironment@cloudservice@dvaappsupport@@YA_NXZ
?SetIsStagingEnvironment@cloudservice@dvaappsupport@@YAX_N@Z
?RegisterRequestIMSProfileFxn@LicenseInfo@dvaappsupport@@YAXAEBV?$function@$$A6A_NAEBVImmutableString@utility@dvacore@@AEBV?$function@$$A6AXHAEBV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@@Z@std@@@Z@std@@@Z
?RegisterRequestContinueTokenFxn@LicenseInfo@dvaappsupport@@YAXAEBV?$function@$$A6A_NAEBVImmutableString@utility@dvacore@@0000AEBV?$function@$$A6AXHAEBV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@@Z@std@@@Z@std@@@Z
?RegulatedServicesWillNotEnable@feature@dvaappsupport@@YAXXZ
?GetFeatureEntitlementForUserID@feature@dvaappsupport@@YA?AW4FeatureEntitlement@12@AEBV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@@Z
?RegisterRequestAccessTokenFxn@LicenseInfo@dvaappsupport@@YAXAEBV?$function@$$A6A_NAEBVImmutableString@utility@dvacore@@00AEBV?$function@$$A6AXHAEBV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@@Z@std@@_N@Z@std@@@Z

dvaui

?HasTouchCapture@UI_NodeManager@ui@dvaui@@QEBA_NXZ
?HasModalWindow@UI_NodeManager@ui@dvaui@@QEBA_NXZ
?Get@UI_NodeManager@ui@dvaui@@SAPEAV123@_N@Z
?ShowNote@messagebox@dialogs@dvaui@@YAXPEBUSupplierInterface@drawbot@3@AEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@1PEAVUI_Node@ui@3@@Z
?GetOSDrawSupplier@UI_NodeManager@ui@dvaui@@QEAAPEAUSupplierInterface@drawbot@3@XZ
?HasGestureCapture@UI_NodeManager@ui@dvaui@@QEBA_NXZ
?HasInputCapture@UI_NodeManager@ui@dvaui@@QEBA_NXZ

dvaworkspace

?FindMainTopLevelWindow@WorkspaceUtils@workspace@dvaworkspace@@YAPEAVTopLevelWindow@23@XZ

dvacore

?TempDir@Dir@filesupport@dvacore@@SA?AV123@XZ
?EndFiles@Dir@filesupport@dvacore@@QEBA?AVFileIterator@123@XZ
??4Dir@filesupport@dvacore@@QEAAAEAV012@AEBV012@@Z
?BeginFiles@Dir@filesupport@dvacore@@QEBA?AVFileIterator@123@_NPEAV?$function@$$A6A_NXZ@std@@0V?$shared_ptr@V?$function@$$A6A_NAEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@0@Z@std@@@6@@Z
?GetTitle@File@filesupport@dvacore@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@XZ
?GetExtension@File@filesupport@dvacore@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@_N@Z
??EFileIterator@Dir@filesupport@dvacore@@QEAAAEAV0123@XZ
??DFileIterator@Dir@filesupport@dvacore@@QEAA?AVFile@23@XZ
??9FileIterator@Dir@filesupport@dvacore@@QEBA_NAEBV0123@@Z
?TraceEnabled@debug@dvacore@@YA_NPEBEH_N@Z
?Trace@debug@dvacore@@YAXHAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@0@Z
??1FileIterator@Dir@filesupport@dvacore@@QEAA@XZ
?FullPath@File@filesupport@dvacore@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@XZ
?Get@Localizer@config@dvacore@@SAPEAV123@XZ
?Exists@Dir@filesupport@dvacore@@QEBA_NXZ
?IsSuppressingModalDialogs@config@dvacore@@YA_NXZ
?SetConfigurationForModule@config@dvacore@@YAXPEBDAEBV?$function@$$A6AXXZ@std@@@Z
?Recycle@MemoryRecycler@allocator@dvacore@@YAXPEAX_K@Z
?Allocate@MemoryRecycler@allocator@dvacore@@YAPEAX_KAEA_K@Z
?sNullString@ImmutableString@utility@dvacore@@0QBEB
?BreakAfterContractDialog@debug@dvacore@@YA_NPEBD00H@Z
?MainExecutableFile@commondirs@filesupport@dvacore@@YA?AVFile@23@XZ
?GetAppVersionInfo@versioninfo@dvacore@@YA?AUAppVersion@12@XZ
?GetHashResult@utility@dvacore@@YA_NAEBUHashValueMixerState@12@AEAVGuid@12@@Z
?ExecutableDir@commondirs@filesupport@dvacore@@YA?AVDir@23@XZ
?ResourcesDir@commondirs@filesupport@dvacore@@YA?AVDir@23@XZ
?TraceChangeCount@debug@dvacore@@YAHXZ
?UTF8toStdString@string@dvacore@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@V?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@4@@Z
?StdToUTF8String@string@dvacore@@YA?AV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@PEBD@Z
?RegisterLogFilePathsCallback@logging@dvacore@@YA_NPEBDAEBV?$function@$$A6A?AV?$set@V?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@U?$less@V?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@@2@U?$STLAllocator@V?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@@allocator@dvacore@@@std@@XZ@std@@@Z
?UnregisterLogFilePathsCallback@logging@dvacore@@YA_NPEBD@Z
?UTF16toStdString@string@dvacore@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@4@@Z
?StdToUTF16String@string@dvacore@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@PEBD@Z
?UTF8to16@string@dvacore@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@AEBV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@4@PEAW4UnicodeErrorCode@12@PEA_K@Z
?UTF16to8@string@dvacore@@YA?AV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@AEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@4@@Z
?AsciiToUTF16@string@dvacore@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@PEBD_K@Z
??0ImmutableString@utility@dvacore@@QEAA@AEBV012@@Z
??1ImmutableString@utility@dvacore@@QEAA@XZ
?_PrivateCreateStatic@ImmutableString@utility@dvacore@@SA?AV123@PEBD@Z
??0Guid@utility@dvacore@@QEAA@XZ
??1Dir@filesupport@dvacore@@QEAA@XZ
?FullPath@Dir@filesupport@dvacore@@QEBA?AV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@XZ
?AppDir@Dir@filesupport@dvacore@@SA?AV123@XZ
??0File@filesupport@dvacore@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@W4StorageType@12@@Z
??1File@filesupport@dvacore@@QEAA@XZ
?Exists@File@filesupport@dvacore@@QEBA_NXZ
?GetApplicationName@config@dvacore@@YAAEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@XZ
?GetClientVersion@config@dvacore@@YAAEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@XZ
?GetSAPCode@config@dvacore@@YA?BV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@_N@Z
?GetModulePath@utility@dvacore@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@PEAUHINSTANCE__@@@Z
?DoesLanguageRequireSigning@dvacore@@YA_NAEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@@Z
?Instance@DebugDatabase@debug@dvacore@@SAAEAV123@XZ
?GetEntry@DebugDatabase@debug@dvacore@@QEBA?AV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@AEBV45@0@Z
?JSONParse@serialization@dvacore@@YA?AV?$shared_ptr@Vany@boost@@@boost@@AEBV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@@Z
??0Dir@filesupport@dvacore@@QEAA@XZ
?UpdateHashState@utility@dvacore@@YAXAEAUHashValueMixerState@12@PEBX_K@Z
??0File@filesupport@dvacore@@QEAA@AEBVDir@12@AEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@@Z
?WcharToUTF16@string@dvacore@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@PEB_W@Z
?GetVariantInObject@serialization@dvacore@@YA?AV?$shared_ptr@Vany@boost@@@boost@@AEBV34@PEBD@Z
??0ReplacementValue@config@dvacore@@QEAA@XZ
??0ReplacementValue@config@dvacore@@QEAA@_J@Z
??0ReplacementValue@config@dvacore@@QEAA@AEBV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@@Z
?ReplaceInString@string@dvacore@@YA?AV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@AEBV34@0000000000@Z
?AsyncCallFromMainThread@threads@dvacore@@YA_NAEBV?$function@$$A6AXXZ@boost@@I@Z
??1ReplacementValue@config@dvacore@@QEAA@XZ
?BreakAfterAssertDialog@debug@dvacore@@YA_NPEBDPEBE0H0_N@Z
?IsDebuggerAttached@debug@dvacore@@YA_NXZ
?ThrowError@config@dvacore@@YAXW4ErrorLevel@12@PEBDIH_NAEBVReplacementValue@12@333@Z
??0HashValueMixerState@utility@dvacore@@QEAA@XZ
?GetAppVersionString@versioninfo@dvacore@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ

kernel32

IsDebuggerPresent
OutputDebugStringW
InitializeCriticalSectionAndSpinCount
WaitForSingleObjectEx
RtlCaptureContext
InitOnceComplete
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
RtlLookupFunctionEntry
InitOnceBeginInitialize
GetTimeFormatW
GetDateFormatW
GetLocalTime
LocalAlloc
CreateSemaphoreW
OpenSemaphoreW
ReleaseSemaphore
CreateThread
Sleep
CreateNamedPipeW
SetNamedPipeHandleState
ConnectNamedPipe
WriteFile
MulDiv
IsBadWritePtr
ReadDirectoryChangesW
CreateWaitableTimerW
WaitForMultipleObjects
CancelWaitableTimer
SetWaitableTimer
CreateEventW
ResetEvent
GetOverlappedResult
GetCurrentThreadId
OpenMutexW
CreateMutexW
WaitForSingleObject
ReleaseMutex
InitializeCriticalSection
GetModuleFileNameW
SetFileAttributesW
GetFileSizeEx
GetFileAttributesW
FindNextFileW
FindFirstFileW
DeleteFileW
FileTimeToSystemTime
LoadLibraryW
FreeLibrary
GetNativeSystemInfo
GetVersionExW
GetComputerNameExW
GetWindowsDirectoryW
GetSystemDirectoryW
GetCurrentProcess
DeviceIoControl
CreatePipe
SetHandleInformation
GetTempPathW
ReadFile
CreateFileW
CreateProcessA
GetCurrentProcessId
TerminateProcess
MultiByteToWideChar
CreateProcessW
CloseHandle
GetLastError
EnterCriticalSection
LeaveCriticalSection
SetEvent
TlsAlloc
TlsFree
GetModuleHandleW
LocalFree
FormatMessageA
FormatMessageW
WideCharToMultiByte
RaiseException
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetLocaleInfoA
EnumSystemLocalesW
GetProcAddress
GetUserDefaultUILanguage
GetUserDefaultLangID
FindClose

user32

GetClassInfoExW
RegisterClassExW
PostQuitMessage
DefWindowProcW
SendMessageW
DispatchMessageW
TranslateMessage
GetMonitorInfoW
DestroyWindow
EnableWindow
GetActiveWindow
MessageBoxW
ShowWindow
SetWindowPos
GetClientRect
GetWindowRect
MonitorFromRect
CreateWindowExW
GetWindowLongPtrW
SetWindowLongPtrW
GetDesktopWindow
LoadCursorW
GetSystemMetrics
GetDC
SetRect
GetAsyncKeyState
PostMessageW
ReleaseDC
AdjustWindowRectEx
GetAncestor
GetMessageW

gdi32

GetDeviceCaps

advapi32

RegCreateKeyExW
SetEntriesInAclW
SetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExA
RegQueryValueExA
CredFree
CredDeleteW
CredEnumerateW
CredReadW
CredWriteW
RegSetValueExW
RegQueryValueExW
RegFlushKey
InitializeSecurityDescriptor
GetUserNameW
RegOpenKeyExW
RegDeleteKeyExW
RegEnumValueW
AllocateAndInitializeSid
FreeSid

shell32

SHGetKnownFolderPath
SHCreateDirectoryExW
ShellExecuteW

ole32

OleInitialize
OleCreate
OleSetContainedObject
OleLockRunning
CoTaskMemAlloc
OleUninitialize
CoTaskMemFree
CoCreateGuid

oleaut32

VariantChangeType
VariantInit
SafeArrayAccessData
SafeArrayGetLBound
SysAllocString
SysStringLen
SysAllocStringLen
VariantClear
SysFreeString
SafeArrayGetUBound

msvcp140

?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@D@std@@2V0locale@2@A
?id@?$ctype@_W@std@@2V0locale@2@A
?id@?$collate@D@std@@2V0locale@2@A
?id@?$collate@_W@std@@2V0locale@2@A
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@I@Z
??5?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@AEAI@Z
_Thrd_id
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?__ExceptionPtrCopy@@YAXPEAXPEBX@Z
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEBA?AVlocale@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAXXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAA?AVlocale@2@AEBV32@@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?_Fiopen@std@@YAPEAU_iobuf@@PEB_WHH@Z
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?_Random_device@std@@YAIXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?write@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEBD_J@Z
?read@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@PEAD_J@Z
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@PEA_W_J@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
_Thrd_join
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_J@Z
?get@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$istreambuf_iterator@DU?$char_traits@D@std@@@2@V32@0AEAVios_base@2@AEAHPEAUtm@@PEBD4@Z
?_Getcat@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?put@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@QEBA?AV?$ostreambuf_iterator@DU?$char_traits@D@std@@@2@V32@AEAVios_base@2@DPEBUtm@@PEBD3@Z
?_Getcat@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@_W@std@@QEBA_W_W@Z
?id@?$time_get@DV?$istreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?id@?$time_put@DV?$ostreambuf_iterator@DU?$char_traits@D@std@@@std@@@std@@2V0locale@2@A
?is@?$ctype@_W@std@@QEBA_NF_W@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEA_W3AEAPEA_W@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPEAV123@PEAVfacet@23@_K@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
??1facet@locale@std@@MEAA@XZ
??0facet@locale@std@@IEAA@_K@Z
?c_str@?$_Yarn@D@std@@QEBAPEBDXZ
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ
??1_Locinfo@std@@QEAA@XZ
??0_Locinfo@std@@QEAA@PEBD@Z
_Wcsxfrm
_Wcscoll
_Strxfrm
_Strcoll
?_Xinvalid_argument@std@@YAXPEBD@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Rethrow_future_exception@std@@YAXVexception_ptr@1@@Z
?_Throw_future_error@std@@YAXAEBVerror_code@1@@Z
?_LogWorkItemCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogWorkItemStarted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskExecutionCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogTaskCompleted@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogCancelTask@_TaskEventLogger@details@Concurrency@@QEAAXXZ
?_LogScheduleTask@_TaskEventLogger@details@Concurrency@@QEAAX_N@Z
??0task_continuation_context@Concurrency@@AEAA@XZ
?ReportUnhandledError@_ExceptionHolder@details@Concurrency@@AEAAXXZ
?_Capture@_ContextCallback@details@Concurrency@@AEAAXXZ
?_Reset@_ContextCallback@details@Concurrency@@AEAAXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@H@Z
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?good@ios_base@std@@QEBA_NXZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
_Thrd_sleep
?seekg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
?tellg@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA?AV?$fpos@U_Mbstatet@@@2@XZ
_Thrd_detach
?tolower@?$ctype@_W@std@@QEBAPEB_WPEA_WPEB_W@Z
?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z
?tolower@?$ctype@D@std@@QEBADD@Z
?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z
_Mtx_current_owns
_Cnd_init_in_situ
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
?_CallInContext@_ContextCallback@details@Concurrency@@QEBAXV?$function@$$A6AXXZ@std@@_N@Z
?GetCurrentThreadId@platform@details@Concurrency@@YAJXZ
?_ReportUnobservedException@details@Concurrency@@YAXXZ
?_Release_chore@details@Concurrency@@YAXPEAU_Threadpool_chore@12@@Z
?_Schedule_chore@details@Concurrency@@YAHPEAU_Threadpool_chore@12@@Z
?_Fiopen@std@@YAPEAU_iobuf@@PEBDHH@Z
?_Throw_Cpp_error@std@@YAXH@Z
_Cnd_do_broadcast_at_thread_exit
_Cnd_unregister_at_thread_exit
_Cnd_register_at_thread_exit
_Cnd_signal
_Cnd_broadcast
_Cnd_timedwait
_Query_perf_frequency
_Query_perf_counter
_Xtime_get_ticks
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA_N_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UEAA@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAXXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHXZ
_Cnd_wait
?_Xlength_error@std@@YAXPEBD@Z
?_Xout_of_range@std@@YAXPEBD@Z
?uncaught_exception@std@@YA_NXZ
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z
?_Xbad_alloc@std@@YAXXZ
?_Syserror_map@std@@YAPEBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Xbad_function_call@std@@YAXXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@K@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ
_Mtx_init_in_situ
_Mtx_destroy_in_situ
_Mtx_lock
_Mtx_unlock
?_Throw_C_error@std@@YAXH@Z
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
?__ExceptionPtrCreate@@YAXPEAX@Z
?__ExceptionPtrDestroy@@YAXPEAX@Z
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEBA?AVlocale@2@XZ
?__ExceptionPtrAssign@@YAXPEAXPEBX@Z
?__ExceptionPtrToBool@@YA_NPEBX@Z
?__ExceptionPtrCurrentException@@YAXPEAX@Z
?__ExceptionPtrRethrow@@YAXPEBX@Z
??Bid@locale@std@@QEAA_KXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QEBA_NXZ
?in@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEBD1AEAPEBDPEAD3AEAPEAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEAD1AEAPEAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
_Cnd_destroy_in_situ

shlwapi

PathIsFileSpecW
PathFindFileNameW
PathIsDirectoryW
PathFileExistsW
PathAppendW
PathAddExtensionW
PathRemoveExtensionW
PathRemoveFileSpecW
PathRenameExtensionW
UrlCanonicalizeW
UrlEscapeW

iphlpapi

GetAdaptersAddresses

secur32

GetUserNameExW

bcrypt

BCryptDestroyHash
BCryptHashData
BCryptCreateHash
BCryptOpenAlgorithmProvider
BCryptVerifySignature
BCryptGenerateSymmetricKey
BCryptDestroyKey
BCryptDecrypt
BCryptEncrypt
BCryptGetProperty
BCryptFinishHash
BCryptSetProperty
BCryptCloseAlgorithmProvider

vcruntime140

__std_terminate
_purecall
_CxxThrowException
__std_exception_copy
memcpy
memmove
memset
__std_type_info_compare
memcmp
memchr
strchr
__C_specific_handler
__current_exception
__current_exception_context
__std_type_info_destroy_list
__std_exception_destroy

vcruntime140_1

__CxxFrameHandler4

api-ms-win-crt-runtime-l1-1-0

terminate
abort
_errno
_initterm_e
_initterm
_cexit
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
strerror
exit
_invalid_parameter_noinfo_noreturn
_beginthreadex

api-ms-win-crt-stdio-l1-1-0

_fseeki64
__acrt_iob_func
fsetpos
fread
fputc
ungetwc
fputwc
fgetpos
__stdio_common_vswprintf_s
__stdio_common_vsnwprintf_s
__stdio_common_vsprintf
__stdio_common_vfwprintf
fgetc
fflush
fclose
fwrite
__stdio_common_vswscanf
__stdio_common_vsnprintf_s
_get_stream_buffer_pointers
__stdio_common_vsscanf
__stdio_common_vsprintf_s
setvbuf
fgetwc
ungetc

api-ms-win-crt-string-l1-1-0

toupper
strncpy
isspace
tolower
isalpha
isdigit
strncmp
_strdup
wcscpy_s
isalnum
islower
isupper

api-ms-win-crt-heap-l1-1-0

free
malloc
realloc
calloc
_callnewh

api-ms-win-crt-convert-l1-1-0

strtoull
wcstoul
strtoul
atoi
strtol

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_lock_file
_waccess_s
_wstat64i32

api-ms-win-crt-time-l1-1-0

_ftime64_s
_time64
_mktime64
_localtime64_s
_mkgmtime64
wcsftime
strftime
_localtime64

api-ms-win-crt-math-l1-1-0

modf
_dclass
ceilf

api-ms-win-crt-locale-l1-1-0

localeconv

api-ms-win-crt-environment-l1-1-0

_dupenv_s

winhttp

WinHttpOpenRequest
WinHttpSetStatusCallback
WinHttpCrackUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpSetCredentials
WinHttpSendRequest
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpSetTimeouts
WinHttpSetOption
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpConnect
WinHttpCloseHandle

crypt32

CryptProtectData
CertFindCertificateInStore
CertCloseStore
CertCreateCertificateContext
CryptUnprotectData
CertFreeCertificateContext
CertOpenStore
CertAddCertificateContextToStore
CryptImportPublicKeyInfoEx2
CryptHashCertificate2
CertVerifySubjectCertificateContext
CryptStringToBinaryW

wininet

InternetSetOptionW

Exports

Exports

?AddRegistrationMenus@Registration@@YAXXZ
?BannerRefreshLicenseButtonClicked@Registration@@YAXXZ
?CheckRegistration@Registration@@YAXXZ
?CheckRegistrationMenuCommandStatus@Registration@@YA_NHAEAV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@@Z
?CloseRegistration@Registration@@YAXXZ
?CloseRegistrationUI@Registration@@YAXXZ
?Create@RegistrationServer@Registration@@SA?AV?$InterfaceRef@UIRegistration@ML@@@classref@dvacore@@XZ
?GetAlternateUserImsAccessToken@Registration@@YA_NIAEAV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@00@Z
?GetAppEntitlementStatus@Registration@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetAuthenticationLibraryPath@Registration@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetCCUserID@Registration@@YA_NAEAV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@@Z
?GetClientIDForCreativeCloud@Registration@@YA?AV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@XZ
?GetClientSecretForCreativeCloud@Registration@@YA?AV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@XZ
?GetIMSClientID@RegistrationServer@Registration@@MEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetIMSClientSecret@RegistrationServer@Registration@@MEBA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetIMSLibPath@RegistrationServer@Registration@@MEBA?AV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@XZ
?GetPrimaryUserImsAccessToken@Registration@@YA_NIAEAV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@00@Z
?GetProxyPassword@Registration@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetProxyUserName@Registration@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetRegistration@Registration@@YA_NAEAV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@00@Z
?GetRegistration@RegistrationServer@Registration@@MEBA_NAEAV?$basic_string@_WU?$char_traits@_W@std@@U?$STLAllocator@_W@allocator@dvacore@@@std@@00@Z
?GetRegistrationAuthorizationInfo@Registration@@YA_NAEAV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@@Z
?GetRegistrationFlags@RegistrationServer@Registration@@MEBA?AVGuid@utility@dvacore@@XZ
?GetRemainingDurationInSeconds@Registration@@YA_JXZ
?GetSerialNumber@Registration@@YA_NAEAV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@@Z
?GetSerializedFreemiumWorkflow@Registration@@YA?AV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@XZ
?GetUserCountryCode@Registration@@YA?AV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@std@@XZ
?HandleBannerClicked@Registration@@YA_NAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z
?IsAMTEnabled@Registration@@YA_NXZ
?IsApplicationLicensed@Registration@@YA_NXZ
?IsCodecEnabled@RegistrationServer@Registration@@MEAA_NPEBD_N@Z
?IsEnabled@RegistrationServer@Registration@@MEBA_NXZ
?IsHelloDialogSupported@Registration@@YA_NXZ
?IsInitialized@Registration@@YA_NXZ
?IsLicenseValidateStatusComplete@Registration@@YA_NXZ
?IsNGLEnabled@RegistrationServer@Registration@@MEBA_NXZ
?IsPreReleaseLicense@Registration@@YA_NXZ
?IsPreReleaseLicense@RegistrationServer@Registration@@MEBA_NXZ
?IsSubscribedVersion@Registration@@YA_NXZ
?IsSubscribedVersion@RegistrationServer@Registration@@MEBA_NXZ
?IsTryoutVersion@Registration@@YA_NXZ
?NGLEnabled@Registration@@YA_NXZ
?OnRegistrationMenuCommand@Registration@@YAXH@Z
?PreObtainProductLicense@Registration@@YAXXZ
?ProfileChangedCallback@Registration@@YAXXZ
?RegisterCSXSStationID@Registration@@YAXVImmutableString@utility@dvacore@@@Z
?RequestAlternateUserImsAccessToken@Registration@@YAXAEBV?$function@$$A6AXI@Z@boost@@@Z
?RequestPrimaryUserImsAccessToken@Registration@@YAXAEBV?$function@$$A6AXI@Z@boost@@@Z
?SetUpRegistrationConfig@Registration@@YAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@EEAEBV?$basic_string@EU?$char_traits@E@std@@U?$STLAllocator@E@allocator@dvacore@@@3@11@Z
?SetupHomeScreenCallbacks@Registration@@YAXXZ
?SetupLicenseInfo@Registration@@YA_NAEAVLicenseInfoData@LicenseInfo@dvaappsupport@@@Z
?SetupNGLConfigData@Registration@@YAXAEBV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@000@Z
?ShouldQuit@Registration@@YA_NXZ
?ValidateProductLicense@Registration@@YA_NXZ

Sections

.text
Size: 2.9MB - Virtual size: 2.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 739KB - Virtual size: 739KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 180KB - Virtual size: 189KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 142KB - Virtual size: 141KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
New folder (2)/Set-up.exe
.exe windows:5 windows x86 arch:x86

a4b5be933fe74c23bd7bffb044fc8cd1

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:fd:ec:cf:58:99:53:6e:1b:7e:23:e6:9f:df:47:7c:ca:42:4c:d0:48:74:eb:c0:2d:ff:7a:4e:85:56:34:34
Signer

Actual PE Digest

5d:fd:ec:cf:58:99:53:6e:1b:7e:23:e6:9f:df:47:7c:ca:42:4c:d0:48:74:eb:c0:2d:ff:7a:4e:85:56:34:34

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Set-up.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

PathRemoveBackslashW
PathIsNetworkPathW
PathIsUNCW
PathStripPathW
UrlIsW
SHGetValueW
UrlEscapeW
PathFindFileNameW
PathRemoveFileSpecW
PathRemoveExtensionW
PathFileExistsW
PathAddExtensionW
PathIsFileSpecW
PathAppendW
PathIsDirectoryW
PathRenameExtensionW
PathIsSystemFolderW
PathFileExistsA
PathIsRelativeW
PathIsRootW
PathAddBackslashW
PathStripToRootW

shell32

SHGetKnownFolderPath
ord51
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderLocation
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ord680
SHGetMalloc
SHGetFolderLocation
SHGetPathFromIDListW
SHGetFolderPathW
CommandLineToArgvW
SHBrowseForFolderW

kernel32

FindNextFileW
WaitForMultipleObjects
CreateFileW
CreateEventW
SetEvent
ResetEvent
GetOverlappedResult
ReadDirectoryChangesW
MultiByteToWideChar
WideCharToMultiByte
GetFileSizeEx
FindClose
GetFileAttributesW
SetFileAttributesW
DeleteFileW
GetLocalTime
GetTimeFormatW
GetDateFormatW
GetCurrentProcess
DeviceIoControl
GetTempPathW
GetVersionExW
GetComputerNameExW
FileTimeToSystemTime
GetNativeSystemInfo
RaiseException
LoadLibraryW
GetProcAddress
CreateProcessW
GetModuleHandleW
FreeLibrary
InitializeCriticalSectionEx
DecodePointer
MulDiv
GetModuleFileNameW
TerminateProcess
RemoveDirectoryW
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
CopyFileW
GetExitCodeProcess
ReadFile
SetLastError
lstrlenW
LocalAlloc
GetDiskFreeSpaceExW
GetCurrentDirectoryW
SetCurrentDirectoryW
MoveFileExW
GetFileSize
lstrcpyW
lstrcmpiW
lstrcmpW
GetDriveTypeW
GetFullPathNameW
HeapSize
HeapReAlloc
HeapDestroy
GlobalAlloc
GlobalLock
GlobalUnlock
GetSystemDirectoryW
SetDllDirectoryW
GetStdHandle
AttachConsole
FreeConsole
GetConsoleWindow
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
LeaveCriticalSection
SetEndOfFile
UnlockFileEx
UnmapViewOfFile
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
SizeofResource
LockResource
LoadResource
FindResourceW
GlobalFree
VerSetConditionMask
FindFirstFileW
GetUserDefaultLCID
LCMapStringW
DuplicateHandle
ProcessIdToSessionId
TerminateThread
CreateThread
FindResourceExW
GetThreadTimes
QueryFullProcessImageNameW
GetUserDefaultLangID
GetUserDefaultUILanguage
SetNamedPipeHandleState
CreateNamedPipeW
ConnectNamedPipe
CreateDirectoryW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
ReleaseSemaphore
OpenSemaphoreW
CreateSemaphoreW
GetTimeZoneInformation
QueryPerformanceFrequency
GetCurrentThread
SetFilePointerEx
ResumeThread
EnterCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
CompareStringW
GetCPInfo
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetStringTypeW
SwitchToThread
GetModuleHandleExW
QueueUserWorkItem
IsProcessorFeaturePresent
LoadLibraryExA
VirtualQuery
VirtualProtect
GetCurrentProcessId
GetCurrentThreadId
OpenMutexW
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetProcessHeap
HeapAlloc
HeapFree
LocalFree
GetLastError
FormatMessageW
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
DeleteCriticalSection
GetModuleHandleA
LoadLibraryExW
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
SetStdHandle
WriteConsoleW
ExitProcess
GetConsoleCP
GetConsoleMode
IsValidLocale
EnumSystemLocalesW
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetACP
VerifyVersionInfoW
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSection
SetEnvironmentVariableW
GetFullPathNameA

user32

CharNextW
BringWindowToTop
TranslateAcceleratorW
GetClassNameW
SetCapture
GetDlgItem
GetParent
RegisterWindowMessageW
GetForegroundWindow
GetSysColor
AttachThreadInput
IsChild
DestroyAcceleratorTable
ClientToScreen
RedrawWindow
InvalidateRgn
IsWindow
SetWindowTextW
ScreenToClient
FillRect
GetFocus
GetWindow
ReleaseCapture
SetForegroundWindow
InvalidateRect
IsIconic
BeginPaint
EndPaint
GetWindowTextW
GetSystemMetrics
GetWindowLongW
GetMessageW
DefWindowProcW
CreateAcceleratorTableW
DestroyWindow
SetWindowPos
CreateWindowExW
SendMessageW
MoveWindow
SetFocus
CallWindowProcW
GetWindowTextLengthW
GetWindowThreadProcessId
wsprintfW
PostThreadMessageW
RegisterClassExW
GetActiveWindow
DispatchMessageW
TranslateMessage
LoadCursorW
SetWindowLongW
PostQuitMessage
GetDesktopWindow
GetClassInfoExW
GetDC
MessageBoxW
ShowWindow
GetAsyncKeyState
ReleaseDC
PostMessageW
UnregisterClassW
GetClientRect
EnumWindows
GetShellWindow
AllowSetForegroundWindow
LoadImageW
SystemParametersInfoW
EnableMenuItem
LoadIconW
GetSystemMenu
GetClassLongW
AppendMenuW
SetClassLongW
GetWindowRect

gdi32

CreateCompatibleDC
GetStockObject
GetDeviceCaps
GetObjectW
DeleteObject
CreateSolidBrush
DeleteDC
SelectObject
CreateCompatibleBitmap
BitBlt

advapi32

LookupAccountSidW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
CreateWellKnownSid
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegFlushKey
RegCloseKey
RegDeleteKeyExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
EqualSid
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
DuplicateTokenEx
ConvertSidToStringSidW
ImpersonateLoggedOnUser
ConvertStringSidToSidW
RevertToSelf
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegQueryValueExW
CredDeleteW
CredFree
CredEnumerateW
CredReadW
CredWriteW
GetUserNameW
GetTokenInformation

ole32

CoCreateGuid
CoAddRefServerProcess
OleRun
CoUninitialize
CoInitialize
CLSIDFromString
CreateStreamOnHGlobal
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
StringFromGUID2
OleInitialize
OleUninitialize
OleLockRunning
CoTaskMemAlloc
CoTaskMemFree
CoReleaseServerProcess

oleaut32

VariantChangeType
SysAllocStringLen
SysStringLen
SysFreeString
VariantInit
SysAllocString
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
SysAllocStringByteLen
VariantCopy
SysStringByteLen
DispCallFunc
GetErrorInfo
VariantClear

bcrypt

BCryptCloseAlgorithmProvider
BCryptVerifySignature
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptDecrypt
BCryptDestroyKey
BCryptEncrypt
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptGetProperty

crypt32

CertGetNameStringW
CertGetIssuerCertificateFromStore
CryptProtectData
CryptUnprotectData
CryptStringToBinaryW
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
CertCreateCertificateContext
CryptHashCertificate2
CryptImportPublicKeyInfoEx2
CertCloseStore
CertAddCertificateContextToStore
CertVerifySubjectCertificateContext

secur32

GetUserNameExW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 904KB - Virtual size: 904KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 135KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
New folder (2)/packages/AAM/IPC/IPC.pima
.zip
AdobeIPCBroker.exe
.exe windows:6 windows x86 arch:x86

b78757e60c78fbd8d0549e7a1e0d29a1

Code Sign

0a:28:51:e5:f0:ff:db:46:e2:c9:cb:66:10:e6:51:2f
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/10/2018, 00:00

Not After

03/11/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Adobe Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ac:7d:c4:d6:78:b5:cd:0d:da:54:a6:bd:90:ba:4d:9e:d0:98:05:62:5d:95:08:08:69:0a:ff:f1:ac:cd:d5:43
Signer

Actual PE Digest

ac:7d:c4:d6:78:b5:cd:0d:da:54:a6:bd:90:ba:4d:9e:d0:98:05:62:5d:95:08:08:69:0a:ff:f1:ac:cd:d5:43

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AdobeIPCBroker.pdb

Imports

ws2_32

htonl
getsockopt
ioctlsocket
connect
closesocket
listen
getsockname
bind
WSAGetLastError
WSASetLastError
WSAStartup
getservbyname
getservbyport
gethostbyname
gethostbyaddr
socket
send
select
recv
ntohs
inet_ntoa
inet_addr
htons
__WSAFDIsSet

kernel32

GetModuleFileNameW
EnterCriticalSection
LeaveCriticalSection
GetLastError
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
CreateSemaphoreW
FindFirstFileW
FindNextFileW
InitializeCriticalSectionEx
FindClose
RaiseException
DecodePointer
ReleaseMutex
CreateMutexA
Sleep
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetVersionExA
GetModuleHandleA
GetModuleFileNameA
GetSystemDirectoryA
CreateMutexW
FreeLibrary
CreateProcessW
GetProcAddress
CloseHandle
LoadLibraryA
MultiByteToWideChar
GetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
InitializeCriticalSection
GetThreadPriority
HeapSize
HeapFree
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
GetOEMCP
IsValidCodePage
FindNextFileA
SwitchToThread
FreeEnvironmentStringsW
GetCommandLineW
GetEnvironmentVariableW
GetCurrentProcessId
ReadFile
WriteFile
ConnectNamedPipe
GetOverlappedResult
OpenProcess
QueryFullProcessImageNameW
GetNamedPipeServerProcessId
GetLocalTime
GetCurrentThread
GetTickCount
GetEnvironmentStringsW
SetStdHandle
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateFileW
FlushFileBuffers
GetFileAttributesExW
GetFileSizeEx
GetFullPathNameW
LockFileEx
SetEndOfFile
SetFilePointerEx
UnlockFile
GetTempPathW
DuplicateHandle
PeekNamedPipe
CreateNamedPipeW
SetEvent
ResetEvent
CreateEventW
GetCurrentProcess
SetThreadPriority
HeapReAlloc
VirtualAlloc
VirtualFree
GetModuleHandleExW
LoadLibraryExW
WaitForMultipleObjects
GetNamedPipeInfo
LocalAlloc
LocalReAlloc
LocalFree
FormatMessageW
LCMapStringW
SetFilePointer
RtlCaptureStackBackTrace
TerminateProcess
GlobalAlloc
GlobalFree
GetSystemTimeAsFileTime
WaitForSingleObjectEx
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
QueryPerformanceCounter
IsDebuggerPresent
GetStartupInfoW
WideCharToMultiByte
EncodePointer
SetLastError
InitializeCriticalSectionAndSpinCount
CompareStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
OutputDebugStringW
RtlUnwind
InterlockedPushEntrySList
GetDriveTypeW
GetFileType
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
CreateThread
ExitThread
FreeLibraryAndExitThread
GetTimeZoneInformation
ExitProcess
GetCommandLineA
GetACP
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetFullPathNameA
HeapAlloc
FindFirstFileExA

user32

SetWindowLongW
RegisterClassW
CreateWindowExW
SetTimer
KillTimer
TranslateMessage
DispatchMessageW
PostMessageW
PostQuitMessage
DestroyWindow
MsgWaitForMultipleObjectsEx
GetWindowLongW
GetShellWindow
EnumWindows
GetWindowThreadProcessId
DefWindowProcW
PeekMessageW

advapi32

GetUserNameW
RegCloseKey
CreateProcessWithTokenW
LookupPrivilegeValueW
GetTokenInformation
FreeSid
EqualSid
DuplicateTokenEx
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
RegOpenKeyExW
RegQueryValueExW

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
OleRun
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

shell32

ShellExecuteExW
SHCreateDirectoryExW
CommandLineToArgvW

Sections

.text
Size: 748KB - Virtual size: 747KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
customhook/AdobeIPCBrokerCustomHook.exe
.exe windows:6 windows x86 arch:x86

85aa1a3ec9a324deb93be1db280c6b57

Code Sign

0a:28:51:e5:f0:ff:db:46:e2:c9:cb:66:10:e6:51:2f
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

26/10/2018, 00:00

Not After

03/11/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Systems Incorporated,OU=Adobe Systems,O=Adobe Systems Incorporated,L=San Jose,ST=California,C=US,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

02/01/2017, 00:00

Not After

01/04/2028, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G2,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

45:89:c1:a8:6a:c2:59:11:0f:f3:d0:dd:de:2c:9f:61:14:dd:37:fb:38:82:82:1c:83:5d:79:6e:28:bc:74:54
Signer

Actual PE Digest

45:89:c1:a8:6a:c2:59:11:0f:f3:d0:dd:de:2c:9f:61:14:dd:37:fb:38:82:82:1c:83:5d:79:6e:28:bc:74:54

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AdobeIPCBrokerCustomHook.pdb

Imports

shlwapi

PathAppendW

kernel32

RaiseException
HeapSize
TerminateProcess
GetTempPathW
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
CloseHandle
CreateFileW
ReadConsoleW
WriteConsoleW
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
RtlUnwind
SetEndOfFile
GetLastError
FreeLibrary
LoadLibraryExW
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetFileType
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
ReadFile
SetFilePointerEx
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetStdHandle

user32

FindWindowExW
PostMessageW

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
New folder (2)/packages/AAM/IPC/IPC.pimx
New folder (2)/packages/AAM/IPC/IPC.sig
.xml
New folder (2)/packages/ADC/Core/Core.pima
.zip
AdobePIM.dll
.dll windows:5 windows x86 arch:x86

dd6ba004004c70f4eb3bbd4c9ec97b28

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:9e:86:75:de:ec:b8:47:4c:ba:a5:7d:83:53:a2:3b:25:dc:dd:a5:31:88:42:96:16:ee:64:6e:89:81:6a:d4
Signer

Actual PE Digest

54:9e:86:75:de:ec:b8:47:4c:ba:a5:7d:83:53:a2:3b:25:dc:dd:a5:31:88:42:96:16:ee:64:6e:89:81:6a:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AdobePIM.pdb

Imports

msi

ord147
ord74
ord145

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcessModules

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

shlwapi

PathIsFileSpecW
PathAddExtensionW
PathRemoveFileSpecA
PathIsDirectoryA
PathIsDirectoryEmptyW
PathIsSystemFolderW
PathIsRootW
PathRenameExtensionW
PathIsDirectoryW
PathAppendW
PathRemoveBackslashW
PathStripPathW
PathAppendA
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsA
PathRemoveExtensionW

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetFolderLocation
SHGetSpecialFolderPathW
SHGetKnownFolderPath
SHGetPathFromIDListW
SHGetFolderPathW
ord680
CommandLineToArgvW
ord51
SHCreateItemFromParsingName

winhttp

WinHttpOpen
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetCredentials
WinHttpSendRequest
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption

kernel32

TlsFree
TlsSetValue
TlsGetValue
CompareStringW
SwitchToThread
InitializeCriticalSectionAndSpinCount
GetStringTypeW
EncodePointer
TlsAlloc
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetTimeZoneInformation
ExitProcess
GetStdHandle
GetFileType
IsValidLocale
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
GetConsoleCP
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
DeleteCriticalSection
ReleaseSemaphore
CreateMutexW
WaitForSingleObject
LocalAlloc
ReleaseMutex
Sleep
OpenSemaphoreW
CloseHandle
LocalFree
GetCurrentProcessId
CreateSemaphoreW
CreateDirectoryW
GetTempPathW
MultiByteToWideChar
SetEvent
ResetEvent
GetCommandLineW
CreateProcessW
GetLocalTime
GetTimeFormatW
GetDateFormatW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
FindFirstFileW
FindNextFileW
TerminateProcess
RemoveDirectoryW
FindClose
SetEnvironmentVariableW
SetFileAttributesW
CreateEventW
GetDiskFreeSpaceExW
CreateThread
CopyFileW
lstrcmpiW
lstrcmpW
GetExitCodeProcess
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LockFileEx
GetFileSize
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetCurrentProcess
GetFileSizeEx
lstrlenW
GetACP
SizeofResource
GetModuleFileNameW
LockResource
LoadResource
FindResourceW
MoveFileExW
GlobalAlloc
GlobalFree
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW
SetLastError
DuplicateHandle
ProcessIdToSessionId
TerminateThread
FindResourceExW
lstrcpyW
QueryFullProcessImageNameW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
FileTimeToSystemTime
OpenMutexW
GetUserDefaultLCID
LCMapStringW
GetUserDefaultLangID
GetUserDefaultUILanguage
SetFilePointerEx
ResumeThread
SetStdHandle
WriteConsoleW
QueryPerformanceFrequency
GetVersionExW
CreateFileMappingW

user32

wsprintfW
EnumWindows
GetWindowThreadProcessId
GetShellWindow

advapi32

InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
RegQueryValueExW
FreeSid
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
LookupAccountSidW
CreateWellKnownSid
EqualSid
GetTokenInformation
DuplicateTokenEx
GetUserNameW
ConvertSidToStringSidW
ImpersonateLoggedOnUser
ConvertStringSidToSidW
RevertToSelf
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoInitialize
CoCreateGuid
StringFromGUID2
CLSIDFromProgID
OleRun
CLSIDFromString

oleaut32

SysStringLen
VariantChangeType
VariantInit
SysFreeString
SysAllocString
VariantClear
VariantCopy
GetErrorInfo

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

Exports

Exports

AAMIU_Uninstall
AAMIU_getDeploymentValidationStatus
AAMIU_preInstallPropertySet
pim_createLibraryRef
pim_freeLibraryRef
pim_freeLiraryRef
pim_freeString
pim_getAppletAndPackageInfo
pim_getAppletRegistrationInfo
pim_getAppletRelationshipInfo
pim_getCurrentCCVersion
pim_getCurrentPackagesVersion
pim_getInstallStatus
pim_getInstalledPackagesInfo
pim_launchACCCUninstallerExecutableAsAdmin
pim_selfUpdateCheck
pim_selfUpdateCheckWithData
pim_startWorkflow
pim_startWorkflowWithData
pim_syncFromPathToACF
pim_syncFromPathToPath
pim_syncUSFToACF
pim_uninstallAAMFromAAMCleanerTool
pim_uninstallAAMUsingAAMCleanerTool
pim_uninstallACCC64FromACCCCleanerTool
pim_uninstallACCCFromACCCCleanerTool
pim_uninstallADC64UsingADCCleanerTool
pim_uninstallADCUsingADCCleanerTool

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Core.dll
.dll windows:5 windows x86 arch:x86

1e96e2606f8761ae6dcec3b237b6a77b

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

31:c1:1e:91:2d:c4:83:97:7c:70:bc:c8:36:7a:75:a4:ca:5e:13:e9:cf:0b:f5:9a:ee:3d:d8:13:e9:1d:b1:09
Signer

Actual PE Digest

31:c1:1e:91:2d:c4:83:97:7c:70:bc:c8:36:7a:75:a4:ca:5e:13:e9:cf:0b:f5:9a:ee:3d:d8:13:e9:1d:b1:09

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Core.pdb

Imports

wtsapi32

WTSUnRegisterSessionNotification
WTSRegisterSessionNotification

kernel32

GetThreadId
ReadFile
WriteFile
CreateNamedPipeW
CreateFileW
DisconnectNamedPipe
WaitNamedPipeW
ConnectNamedPipe
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
LoadLibraryW
GetProcAddress
FreeLibrary
FindNextFileW
GetModuleFileNameW
GetTempPathW
FindClose
DeleteFileW
LocalFree
lstrcmpW
FlushFileBuffers
WideCharToMultiByte
CreateMutexW
ReleaseMutex
Sleep
HeapFree
SetLastError
GetCurrentProcess
TerminateProcess
CreateThread
HeapSize
CreateToolhelp32Snapshot
CreateEventW
Process32NextW
SetEvent
Process32FirstW
HeapReAlloc
ResetEvent
HeapAlloc
GetCurrentProcessId
GetProcessHeap
CreateProcessW
GetModuleHandleW
lstrcpyW
QueryFullProcessImageNameW
GetUserDefaultLCID
LCMapStringW
OutputDebugStringW
GetCPInfo
GetLocaleInfoW
IsValidLocale
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetStringTypeW
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
CloseHandle
GetCurrentThreadId
WaitForSingleObject
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
GetCommandLineA
RtlUnwind
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InterlockedFlushSList
LoadLibraryExW
GetFileSizeEx
ExitProcess
GetModuleHandleExW
SetStdHandle
GetConsoleCP
SetEndOfFile
WriteConsoleW
GetFileType
OpenProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
EnumSystemLocalesW
SetFilePointerEx
GetConsoleMode
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetStdHandle

user32

LoadCursorW
SetCursor
GetMessageW
CreateDialogParamW
PostMessageW
SendMessageW
DispatchMessageW
TranslateMessage
PostThreadMessageW
ShowWindow

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
ConvertSidToStringSidW
GetTokenInformation
LookupAccountSidW
GetUserNameW

shell32

SHGetSpecialFolderPathW
SHGetFolderLocation
ord51
SHGetPathFromIDListW
SHGetKnownFolderPath
ShellExecuteW
SHGetFolderPathW

ole32

CoUninitialize
CoCreateInstance
CLSIDFromProgID
OleRun
CLSIDFromString
CoTaskMemFree
CoCreateGuid
CoInitialize
StringFromGUID2

oleaut32

VariantCopy
SysFreeString
VariantInit
SysAllocString
GetErrorInfo
SysStringLen
VariantClear
VariantChangeType

shlwapi

PathIsDirectoryW
PathRemoveFileSpecW
PathAppendW
PathFileExistsW

Exports

Exports

finalize
initialize
processMessage

Sections

.text
Size: 398KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 131KB - Virtual size: 130KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
New folder (2)/packages/ADC/Core/Core.pimx
New folder (2)/packages/ADC/Core/Core.sig
.xml
New folder (2)/packages/ADC/HDBox/HDBox.pima
.zip
Adobe Update Helper.exe
.exe windows:5 windows x86 arch:x86

949569a1a7b3733857bd52bec228d003

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:a7:b2:c6:10:14:da:0e:24:13:7a:23:d9:30:8e:4c:5b:b5:37:d9:7e:09:f8:18:fb:e2:57:32:f9:b8:b6:c3
Signer

Actual PE Digest

77:a7:b2:c6:10:14:da:0e:24:13:7a:23:d9:30:8e:4c:5b:b5:37:d9:7e:09:f8:18:fb:e2:57:32:f9:b8:b6:c3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Adobe Update Helper.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wininet

InternetCanonicalizeUrlW

kernel32

DeleteCriticalSection
ReadFile
FindFirstFileW
SetLastError
FindNextFileW
RemoveDirectoryW
GetModuleFileNameW
GetTempPathW
FindClose
CreateFileW
GetFileAttributesW
SetFileAttributesW
FormatMessageW
DeleteFileW
CloseHandle
LocalFree
MoveFileExW
GetFileSize
lstrcmpW
GetCurrentProcess
WaitForSingleObject
GetProcAddress
CreateProcessW
GetModuleHandleW
GetVersionExW
SizeofResource
GetFullPathNameW
WriteFile
LockResource
LoadResource
FindResourceW
FlushFileBuffers
LoadLibraryW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLCID
LoadLibraryA
LCMapStringW
GetUserDefaultLangID
GetUserDefaultUILanguage
GetCurrentProcessId
SetFilePointer
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
HeapFree
TerminateProcess
OpenProcess
HeapSize
CreateEventW
Sleep
SetEvent
RaiseException
GlobalFree
HeapReAlloc
CreateThread
ResetEvent
HeapAlloc
HeapDestroy
GetProcessHeap
VerSetConditionMask
VerifyVersionInfoW
GetFileSizeEx
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
CreateMutexW
ReleaseMutex
OpenMutexW
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
SetEndOfFile
UnlockFileEx
UnmapViewOfFile
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
DecodePointer
GetACP
GetStringTypeW
InitializeCriticalSectionAndSpinCount
SwitchToThread
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
CompareStringW
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
GetLastError
GetTimeZoneInformation
GetFileType
LoadLibraryExW
RtlUnwind
GetStartupInfoW
InitializeSListHead
InitializeCriticalSectionEx
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetStdHandle
ExitProcess
GetCommandLineA
GetCommandLineW
IsValidLocale
EnumSystemLocalesW
SetStdHandle
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetConsoleCP
WriteConsoleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
GlobalAlloc
GetTickCount
UnhandledExceptionFilter

user32

EnumWindows
GetShellWindow
AllowSetForegroundWindow
MessageBoxW
GetWindowThreadProcessId

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
AllocateAndInitializeSid
FreeSid
DuplicateTokenEx
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
EqualSid
OpenProcessToken
GetTokenInformation

ole32

CoCreateInstance
CoInitialize
CLSIDFromProgID
CoUninitialize
OleRun
CLSIDFromString
CoTaskMemFree
CoCreateGuid
StringFromGUID2

shell32

SHGetFolderLocation
SHGetPathFromIDListW
SHGetFolderPathW
SHCreateDirectoryExW
SHGetSpecialFolderPathW

oleaut32

GetErrorInfo
SysAllocString
SysStringLen
VariantClear
SysFreeString

shlwapi

PathAddExtensionW
PathRemoveExtensionW
PathIsFileSpecW
PathFindFileNameW
PathFileExistsW
PathIsRootW
PathRenameExtensionW
PathRemoveFileSpecW
PathFileExistsA
PathAppendW
PathIsSystemFolderW
PathIsDirectoryW

Sections

.text
Size: 941KB - Virtual size: 940KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 175KB - Virtual size: 175KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 11KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 96KB - Virtual size: 96KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CRClient.dll
.dll windows:6 windows x86 arch:x86

0179d143cfd3f9e347091af545e19dca

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:4e:34:ca:db:34:e4:23:6e:a9:a9:70:16:2e:e6:30:c3:3e:6a:9c:87:0c:df:ee:76:ae:99:3e:72:f6:2f:f3
Signer

Actual PE Digest

24:4e:34:ca:db:34:e4:23:6e:a9:a9:70:16:2e:e6:30:c3:3e:6a:9c:87:0c:df:ee:76:ae:99:3e:72:f6:2f:f3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Jenkins\workspace\CR Win Client Release Build\public\CR4.0\Source\CRWindowsClient\CRWindowsClientService\Win32\Release\CRClient.pdb

Imports

dbghelp

SymFromAddr
StackWalk64
SymGetModuleBase64
SymGetModuleInfo64
SymInitialize
SymFunctionTableAccess64

kernel32

GetModuleHandleW
GetProcAddress
LoadLibraryW
CloseHandle
CreateThread
WaitForSingleObject
GetModuleFileNameW
FreeLibrary
ReadFile
GetCurrentThreadId
ReadProcessMemory
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
TerminateThread
OpenThread
CreateNamedPipeW
VirtualProtect
WriteProcessMemory
GetThreadId
GetProcessId
K32GetModuleFileNameExW
GetProcessHeap
CreateProcessW
ConnectNamedPipe
WriteFile
FlushFileBuffers
DisconnectNamedPipe
WerRegisterRuntimeExceptionModule
WerUnregisterRuntimeExceptionModule
LocaleNameToLCID
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
CreateFileW
GetFileAttributesExW
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObjectEx
CreateEventW
HeapSize
ResetEvent
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
MultiByteToWideChar
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent

user32

IsWindowVisible
EnableWindow
IsHungAppWindow
DisableProcessWindowsGhosting
MessageBoxW
GetWindowTextW
GetWindowTextLengthW
ReleaseDC
DrawIconEx
GetSysColor
GetDC
SetFocus
GetDlgCtrlID
IsDlgButtonChecked
PostMessageW
ShowWindow
GetSystemMenu
EnableMenuItem
CheckDlgButton
GetWindowThreadProcessId
EndDialog
GetWindow
SetWindowTextW
SetDlgItemTextW
SetWindowPos
OffsetRect
CopyRect
GetDesktopWindow
GetKeyState
GetDlgItem
GetWindowLongW
GetParent
SetCursor
LoadCursorW
ReleaseCapture
PtInRect
ClientToScreen
GetWindowRect
SetCapture
InvalidateRect
GetCapture
SendMessageW
SetWindowLongW
CallWindowProcW
GetPropW
EnumWindows
GetSysColorBrush
SetPropW
RemovePropW
DialogBoxIndirectParamW

gdi32

DeleteDC
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
SetBkMode
CreateFontIndirectW
GetObjectW
SetTextColor
DeleteObject

advapi32

RegOpenCurrentUser
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

shell32

SHCreateDirectoryExW
SHGetKnownFolderPath
ord6
ShellExecuteW

ole32

CoTaskMemFree
CoCreateGuid

msvcp140

?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
_Wcscoll
_Wcsxfrm
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?id@?$collate@_W@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z
?_Xbad_alloc@std@@YAXXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?empty@locale@std@@SA?AV12@XZ
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Xlength_error@std@@YAXPBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@_W@std@@2V0locale@2@A
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
?_Syserror_map@std@@YAPBDH@Z
?_Throw_C_error@std@@YAXH@Z
_Thrd_start
_Thrd_join
_Mtx_init
_Mtx_lock
_Mtx_trylock
_Mtx_unlock
_Cnd_init
_Cnd_wait
_Cnd_signal
_Cnd_destroy
_Mtx_destroy
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?always_noconv@codecvt_base@std@@QBE_NXZ

shlwapi

PathAppendW
PathFileExistsW

vcruntime140

_purecall
wcsstr
memchr
strchr
__CxxFrameHandler3
memset
__vcrt_InitializeCriticalSectionEx
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list
memmove
__std_exception_destroy
__std_exception_copy
__std_terminate
memcpy

api-ms-win-crt-heap-l1-1-0

_recalloc
malloc
free
calloc
_callnewh
realloc

api-ms-win-crt-string-l1-1-0

strtok_s
strncpy_s
tolower
_strdup
wcsnlen
iswspace
wmemcpy_s
isspace

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_errno
terminate
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_cexit
_initterm
_initterm_e
_seh_filter_dll

api-ms-win-crt-stdio-l1-1-0

fputc
__stdio_common_vswprintf_s
__stdio_common_vswprintf
fclose
_get_stream_buffer_pointers
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
ungetwc
ungetc
fputwc
fgetwc
fgetc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_wremove
_lock_file

api-ms-win-crt-convert-l1-1-0

_itoa_s

Exports

Exports

?AddCRCustomData@@YA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z
?CrashReporterInitialize@@YA_NPAXPBD1111P6AIAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@ZP6AXXZ_NW4AdobeCrashReporterScalingFactor@@@Z
?GetCRLastErrorCode@@YA?AW4ERROR_CR@@XZ
?SetCRDialogSaclingFactor@@YA_NW4AdobeCrashReporterScalingFactor@@@Z
?SetCRDisplayName@@YA_NPBD@Z
?SetCRHighbeamSessionId@@YA_NPBD@Z
?SetCRLocale@@YA_NPBD@Z
?SetCRParentWnd@@YA_NPAX@Z
?SetCRPostHandler@@YA_NP6AXXZ@Z
?SetCRPosthandlerThreadPreference@@YA_N_N@Z
?SetCRPreHandler@@YA_NP6AIAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@Z
?ShowCRDialogOnlyOnFirstCrash@@YA_NXZ
OutOfProcessExceptionEventCallback
OutOfProcessExceptionEventDebuggerLaunchCallback
OutOfProcessExceptionEventSignatureCallback

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CRLogTransport.exe
.exe windows:6 windows x86 arch:x86

ac1cd93fe902743d8dda02b14f96b2aa

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:44:04:7b:aa:19:e2:dd:59:b1:94:4b:ff:e1:ca:07:f5:d9:a2:e8:f3:1b:9b:72:35:e2:5a:bf:6a:16:a2:9f
Signer

Actual PE Digest

c5:44:04:7b:aa:19:e2:dd:59:b1:94:4b:ff:e1:ca:07:f5:d9:a2:e8:f3:1b:9b:72:35:e2:5a:bf:6a:16:a2:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\CR Log Transport\public\CRLogTransport\public\binary\Win\x86\Release\CRLogTransport.pdb

Imports

shlwapi

PathIsDirectoryW
PathFileExistsW

wininet

HttpOpenRequestW
InternetQueryDataAvailable
InternetSetStatusCallbackW
InternetOpenW
InternetSetOptionA
HttpQueryInfoW
InternetCrackUrlW
HttpSendRequestW
InternetCloseHandle
InternetReadFile
InternetSetOptionW
InternetConnectW
InternetQueryOptionW

kernel32

MultiByteToWideChar
WideCharToMultiByte
CompareFileTime
FindFirstFileW
FindNextFileW
FindClose
CreateFileW
DeleteFileW
CloseHandle
GetProcAddress
MoveFileExW
GetFileTime
ReadFile
GetModuleFileNameW
InitializeCriticalSectionEx
Sleep
DeleteCriticalSection
GetSystemTimeAsFileTime
GetModuleHandleA
AreFileApisANSI
LocalFree
FormatMessageA
OutputDebugStringW
SetEvent
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
GetLastError
UnhandledExceptionFilter
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
SetUnhandledExceptionFilter

shell32

SHCreateDirectoryExW
SHGetFolderPathW

msvcp140

?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?bad@ios_base@std@@QBE_NXZ
?fail@ios_base@std@@QBE_NXZ
?good@ios_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?_Incref@facet@locale@std@@UAEXXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??7ios_base@std@@QBE_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Xlength_error@std@@YAXPBD@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_BADOFF@std@@3_JB
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

vcruntime140

memchr
memcmp
_purecall
_except_handler4_common
__std_exception_copy
memcpy
memmove
__std_exception_destroy
memset
__std_terminate
__CxxFrameHandler3
__vcrt_InitializeCriticalSectionEx
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

fwrite
__p__commode
fgetpos
ferror
setvbuf
__stdio_common_vfprintf
ungetc
fsetpos
fgetc
_fseeki64
fclose
fflush
fputc
__stdio_common_vsprintf
_get_stream_buffer_pointers
fread
_wsopen_s
_close
fseek
fopen
_set_fmode
ftell

api-ms-win-crt-string-l1-1-0

wcscmp
strnlen
strlen
wcslen
strncpy_s
strtok_s
tolower

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
terminate
_errno
_controlfp_s
signal
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_register_onexit_function
strerror
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_getpid
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
__p___argc
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_wrename
_unlock_file

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceil
_fdopen

api-ms-win-crt-time-l1-1-0

_time32
_gmtime32_s
strftime

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-utility-l1-1-0

srand
rand
abs

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CRWindowsClientService.exe
.exe windows:6 windows x86 arch:x86

4fa26d3b2aa59b801bf1baa94a1c99be

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:50:83:f9:52:8d:e3:2f:b2:97:d5:47:a2:f1:c4:c0:ab:9d:a9:3b:36:d0:6c:e0:6d:ff:fd:28:ce:62:48:f0
Signer

Actual PE Digest

6e:50:83:f9:52:8d:e3:2f:b2:97:d5:47:a2:f1:c4:c0:ab:9d:a9:3b:36:d0:6c:e0:6d:ff:fd:28:ce:62:48:f0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\CR Win Client Release Build\public\CR4.0\Source\CRWindowsClient\CRWindowsClientService\Win32\Release\CRWindowsClientService.pdb

Imports

dbghelp

MiniDumpWriteDump

wininet

InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetOpenW
HttpQueryInfoW
InternetCloseHandle

kernel32

GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetExitCodeProcess
OpenThread
GetExitCodeThread
OpenProcess
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
LocalFree
RaiseException
WriteFile
IsDebuggerPresent
GetCurrentProcess
GetTimeZoneInformation
GlobalMemoryStatusEx
GetSystemInfo
GetLocaleInfoEx
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
CloseHandle
CreateFileW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
ReadFile

advapi32

RegQueryInfoKeyW
RegOpenCurrentUser
RegEnumValueW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW

shell32

SHCreateDirectoryExW
CommandLineToArgvW
SHGetKnownFolderPath
ShellExecuteW

ole32

CoCreateGuid
CoInitializeEx
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysAllocString

shlwapi

PathFileExistsW
PathAppendW

msvcp140

?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??Bid@locale@std@@QAEIXZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?empty@locale@std@@SA?AV12@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@_W@std@@2V0locale@2@A
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPADK@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Stat
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xinvalid_argument@std@@YAXPBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

vcruntime140

__CxxFrameHandler3
__std_exception_destroy
__std_terminate
wcsrchr
_purecall
_except_handler4_common
__std_exception_copy
wcsstr
memset
memmove
memcpy
memchr
_CxxThrowException
__vcrt_InitializeCriticalSectionEx

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_controlfp_s
terminate
_c_exit
_exit
exit
_initterm_e
_initterm
_initialize_wide_environment
_register_thread_local_exe_atexit_callback
_configure_wide_argv
_errno
_set_app_type
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_get_wide_winmain_command_line

api-ms-win-crt-string-l1-1-0

_wcslwr_s
strtok_s
strncpy_s
wmemcpy_s
wcscspn
wcsspn
iswspace
isspace
tolower
wcsnlen
toupper
strlen

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
calloc
_recalloc
_callnewh
malloc

api-ms-win-crt-utility-l1-1-0

abs

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
fread_s
_wfopen_s
_get_stream_buffer_pointers
_fseeki64
__stdio_common_vswprintf_s
__stdio_common_vswprintf
ungetwc
fputwc
_set_fmode
fgetwc
fflush
fgetc
setvbuf
__p__commode
fgetpos
fputc
fsetpos
fwrite
fclose
ungetc

api-ms-win-crt-filesystem-l1-1-0

_wremove
_wrename
_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64

api-ms-win-crt-convert-l1-1-0

strtol
_wtoi
_itoa_s
atoi

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HDHelper.exe
.exe windows:5 windows x86 arch:x86

36e496b3a026479e6db88ef5da0fe6c8

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:25:5d:e1:8f:90:13:4a:f8:cd:ba:7a:6f:d3:3c:08:d5:ba:05:d1:51:e5:d5:b9:0b:67:70:78:bd:3f:37:69
Signer

Actual PE Digest

63:25:5d:e1:8f:90:13:4a:f8:cd:ba:7a:6f:d3:3c:08:d5:ba:05:d1:51:e5:d5:b9:0b:67:70:78:bd:3f:37:69

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

HDHelper.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

LocalFree
MoveFileExW
lstrcpyW
lstrcmpiW
lstrcmpW
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
GetCurrentProcess
WaitForSingleObject
GetProcAddress
GetModuleHandleW
GetExitCodeProcess
GetVersionExW
Sleep
HeapFree
LoadLibraryW
HeapAlloc
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
CreateEventW
VerSetConditionMask
VerifyVersionInfoW
WriteFile
FlushFileBuffers
FreeLibrary
TerminateProcess
OpenProcess
CloseHandle
CreateToolhelp32Snapshot
Process32NextW
SetEvent
Process32FirstW
HeapReAlloc
ResetEvent
GetCurrentProcessId
GetUserDefaultLCID
LCMapStringW
SetFilePointer
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetUserDefaultLangID
GetFileSizeEx
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
CreateMutexW
ReleaseMutex
OpenMutexW
GetUserDefaultUILanguage
TlsAlloc
SetStdHandle
EnumSystemLocalesW
IsValidLocale
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitProcess
GetStdHandle
GetTimeZoneInformation
DeleteFileW
GetLastError
FormatMessageW
SetFileAttributesW
GetFileAttributesW
CreateFileW
LocalAlloc
FindClose
GetTempPathW
GetModuleFileNameW
TlsGetValue
FindNextFileW
SetLastError
FindFirstFileW
ReadFile
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetConsoleCP
SetEndOfFile
WriteConsoleW
SwitchToThread
InitializeCriticalSectionAndSpinCount
HeapSize
GetFileType
LoadLibraryExW
RtlUnwind
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
WaitForSingleObjectEx
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
CompareStringW
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
GetStringTypeW

user32

AllowSetForegroundWindow

advapi32

RegSetKeySecurity
LookupPrivilegeValueW
AdjustTokenPrivileges
ConvertStringSidToSidW
CreateProcessAsUserW
ConvertSidToStringSidW
GetUserNameW
DuplicateTokenEx
LookupAccountSidW
SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
RegGetKeySecurity
RegCloseKey
RegCreateKeyExW
RegSetValueExW
InitializeSecurityDescriptor
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
SetEntriesInAclW
OpenProcessToken
GetTokenInformation
CreateWellKnownSid

shell32

SHGetSpecialFolderPathW
SHCreateDirectoryExW

ole32

CLSIDFromProgID
OleRun
CLSIDFromString
CoUninitialize
CoInitialize
CoCreateInstance

oleaut32

SysFreeString
SysAllocString
VariantCopy
VariantInit
GetErrorInfo
VariantClear

shlwapi

PathRemoveExtensionW
PathIsDirectoryW
PathIsFileSpecW
PathAppendW
PathFindFileNameW
PathRemoveFileSpecW
PathRenameExtensionW
PathStripPathW
PathAddExtensionW
PathFileExistsW

Sections

.text
Size: 313KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 87KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HDIM.dll
.dll windows:5 windows x86 arch:x86

f9e08de3fbd7f9a5e1c11c76868e82bb

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:ab:c6:89:83:1a:95:3c:91:0e:14:1e:db:9c:3f:db:a8:7c:a7:29:38:8d:d3:5e:7d:13:08:08:b3:de:3d:79
Signer

Actual PE Digest

1f:ab:c6:89:83:1a:95:3c:91:0e:14:1e:db:9c:3f:db:a8:7c:a7:29:38:8d:d3:5e:7d:13:08:08:b3:de:3d:79

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

HDIM.pdb

Imports

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

kernel32

WriteFile
GetModuleFileNameW
GetTempPathW
FindClose
CreateFileW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
CloseHandle
LocalFree
MoveFileExW
lstrcmpW
FlushFileBuffers
LoadLibraryW
GetProcAddress
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
SetFilePointer
GetCurrentThreadId
GetCurrentProcess
GetVersionExW
CreateEventW
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW
GetUserDefaultLCID
LCMapStringW
GetFileSizeEx
FindNextFileW
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
CreateMutexW
WaitForSingleObject
ReleaseMutex
OpenMutexW
GetUserDefaultLangID
GetUserDefaultUILanguage
HeapFree
SetLastError
TerminateProcess
HeapSize
SetEvent
HeapReAlloc
ResetEvent
HeapAlloc
GetProcessHeap
TlsAlloc
GetConsoleMode
EnumSystemLocalesW
IsValidLocale
GetFileType
GetStdHandle
GetModuleHandleExW
ExitProcess
GetTimeZoneInformation
LoadLibraryExW
FindFirstFileW
TlsGetValue
ReadFile
OutputDebugStringW
DeleteCriticalSection
DecodePointer
RaiseException
GetLastError
InitializeCriticalSectionEx
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetConsoleCP
SetEndOfFile
WriteConsoleW
SwitchToThread
InitializeCriticalSectionAndSpinCount
FileTimeToSystemTime
InterlockedFlushSList
RtlUnwind
InitializeSListHead
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
CompareStringW
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
GetStringTypeW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHGetPathFromIDListW
SHGetSpecialFolderPathW
SHGetFolderLocation

ole32

CLSIDFromProgID
OleRun
CLSIDFromString
CoUninitialize
CoTaskMemFree
CoCreateInstance
CoInitialize

oleaut32

GetErrorInfo
VariantClear
SysAllocString
SysFreeString
VariantInit
VariantCopy

shlwapi

PathIsFileSpecW
PathRenameExtensionW
PathAppendW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
PathIsDirectoryW
PathAddExtensionW
PathRemoveExtensionW

Exports

Exports

ccim_GetInformation
ccim_UserAction
ccim_endWorkflow
ccim_startWorkflow
ccim_startWorkflowWithMode
hdimSetLoggerFnPtr

Sections

.text
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 90KB - Virtual size: 89KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HDNative.dll
.dll windows:5 windows x86 arch:x86

c272e63c2ad18b69225206ab4a876bdf

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ab:16:af:c7:df:ba:dc:21:46:96:8b:36:39:2d:00:dc:81:81:34:cd:f6:cd:f0:6e:89:36:28:5c:54:3b:e0:cf
Signer

Actual PE Digest

ab:16:af:c7:df:ba:dc:21:46:96:8b:36:39:2d:00:dc:81:81:34:cd:f6:cd:f0:6e:89:36:28:5c:54:3b:e0:cf

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

HDNative.pdb

Imports

kernel32

LocalFree
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
GetCurrentProcess
GetProcAddress
GetModuleHandleW
HeapFree
LoadLibraryW
HeapAlloc
GetProcessHeap
MultiByteToWideChar
WideCharToMultiByte
CreateEventW
WriteFile
CloseHandle
FreeLibrary
TerminateProcess
HeapSize
HeapReAlloc
GetCurrentProcessId
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleMode
SetFilePointerEx
SetStdHandle
GetStdHandle
GetLastError
CreateFileW
FindClose
GetModuleFileNameW
FindNextFileW
SetLastError
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetConsoleCP
WriteConsoleW
LeaveCriticalSection
EnterCriticalSection
FlushFileBuffers
GetModuleHandleExW
ExitProcess
GetFileType
LoadLibraryExW
InterlockedFlushSList
RtlUnwind
OutputDebugStringW
InitializeSListHead
GetCurrentThreadId
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
EncodePointer
GetStringTypeW

ole32

CLSIDFromProgID
OleRun
CLSIDFromString
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantClear
GetErrorInfo

shlwapi

PathStripPathW
PathAppendW

Exports

Exports

hdNativeGetProductInstallStatus
hdNativeLaunchProduct
hdNativeSetLoggerFnPtr

Sections

.text
Size: 81KB - Virtual size: 81KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 65KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HDPIM.dll
.dll windows:5 windows x86 arch:x86

e68e054d625c4d2b679eb3c94720d459

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:21:9f:a5:95:e0:d8:d6:99:f1:ae:b2:2b:c5:85:81:f0:49:31:6e:af:1a:f2:5e:5d:63:f6:24:9d:95:6d:c8
Signer

Actual PE Digest

43:21:9f:a5:95:e0:d8:d6:99:f1:ae:b2:2b:c5:85:81:f0:49:31:6e:af:1a:f2:5e:5d:63:f6:24:9d:95:6d:c8

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

HDPIM.pdb

Imports

shlwapi

PathIsUNCW
PathIsRelativeW
PathIsRootW
PathGetCharTypeW
PathFileExistsW
PathAddBackslashW
PathIsFileSpecW
PathStripPathW
PathFindExtensionW
PathIsSameRootW
PathIsDirectoryW
PathAddExtensionW
PathRemoveExtensionW
PathIsDirectoryEmptyW
PathIsSystemFolderW
PathFileExistsA
PathStripToRootW
PathRemoveFileSpecW
PathAppendW
PathFindFileNameW
PathRenameExtensionW
PathMakePrettyW
PathRemoveBackslashW

shell32

SHCreateItemFromParsingName
SHCreateDirectoryExW
SHGetFolderPathW
SHGetPathFromIDListW
SHGetFolderLocation
SHSetLocalizedName
ord709
ord51
ord680
SHGetSpecialFolderPathW
SHGetKnownFolderPath
ord75

winhttp

WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpCloseHandle
WinHttpSendRequest
WinHttpSetCredentials
WinHttpQueryAuthSchemes
WinHttpConnect
WinHttpReceiveResponse
WinHttpOpenRequest
WinHttpQueryHeaders
WinHttpSetTimeouts
WinHttpOpen
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleBaseNameW
GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcessModules

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

kernel32

TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
CompareStringW
SwitchToThread
GetCPInfo
UnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetLocaleInfoW
ReadFile
FindFirstFileW
SetLastError
FindNextFileW
lstrlenW
RemoveDirectoryW
GetModuleFileNameW
GetTempPathW
FindClose
LocalAlloc
CreateFileW
GetFileAttributesW
SetFileAttributesW
FormatMessageW
GetLastError
GetDiskFreeSpaceExW
DeleteFileW
CloseHandle
GetCurrentDirectoryW
SetCurrentDirectoryW
LocalFree
MoveFileExW
GetFileSize
CopyFileW
lstrcpyW
lstrcmpiW
lstrcmpW
GetDriveTypeW
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
GetCurrentProcess
GetUserDefaultLangID
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
QueryFullProcessImageNameW
GetFullPathNameW
GetVersionExW
GetTempFileNameW
Sleep
VerSetConditionMask
VerifyVersionInfoW
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
RtlUnwind
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
CreateMutexW
WaitForSingleObject
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LockFileEx
GetCurrentProcessId
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
CreateProcessW
GetModuleHandleW
GetExitCodeProcess
LCMapStringA
GetStringTypeExA
GetUserDefaultLCID
LCMapStringW
SetFileTime
CreateThread
SetFilePointerEx
GetFileSizeEx
TerminateThread
ResumeThread
GlobalFree
CopyFileExW
GetACP
CreateEventW
GlobalAlloc
SizeofResource
GetFinalPathNameByHandleW
LockResource
LoadResource
FindResourceW
TerminateProcess
Thread32Next
Thread32First
DuplicateHandle
ProcessIdToSessionId
SetEvent
FindResourceExW
ResetEvent
GetThreadTimes
OpenThread
InterlockedPushEntrySList
GetUserDefaultUILanguage
ReleaseMutex
CreateDirectoryW
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
GetPhysicallyInstalledSystemMemory
GetLogicalDriveStringsW
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
GetDateFormatW
OpenMutexW
QueryPerformanceFrequency
GetStringTypeW
InterlockedFlushSList
LoadLibraryExW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetTimeZoneInformation
GetStdHandle
WriteConsoleW
ExitProcess
IsValidLocale
EnumSystemLocalesW
SetStdHandle
GetConsoleMode
ReadConsoleW
GetConsoleCP
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
LeaveCriticalSection

user32

GetDC
LoadStringA
GetDesktopWindow
ReleaseDC
GetWindowThreadProcessId
AllowSetForegroundWindow
GetShellWindow
PostMessageW
EnumWindows
PostThreadMessageW
wsprintfW

gdi32

RemoveFontResourceW
AddFontResourceW
GetDeviceCaps

advapi32

RegDeleteValueW
RegQueryValueExW
SetEntriesInAclW
InitializeSecurityDescriptor
RegSetKeySecurity
RegEnumKeyExW
RegQueryInfoKeyW
RegGetKeySecurity
GetSecurityDescriptorDacl
SetSecurityDescriptorDacl
FreeSid
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
AllocateAndInitializeSid
EqualSid
LookupAccountSidW
DuplicateTokenEx
GetUserNameW
ConvertSidToStringSidW
CreateProcessAsUserW
ImpersonateLoggedOnUser
ConvertStringSidToSidW
RevertToSelf
CreateWellKnownSid
GetNamedSecurityInfoW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyW
RegCloseKey
GetTokenInformation
SetNamedSecurityInfoW

ole32

OleRun
CLSIDFromString
CoSetProxyBlanket
CLSIDFromProgID
CoInitializeEx
CoCreateGuid
CoInitializeSecurity
CoCreateInstance
CoUninitialize
CoInitialize
StringFromGUID2
CoTaskMemFree

oleaut32

VariantClear
SysAllocString
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantInit
VariantChangeType
VariantCopy
SafeArrayAccessData
SafeArrayCreateVector
SysAllocStringLen
SafeArrayUnaccessData
SafeArrayDestroy
GetErrorInfo
SysStringLen

crypt32

CertGetNameStringW

wintrust

WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData

Exports

Exports

hdpimAreUpdatesEnabled
hdpimCheckAndReportConflictingProcess
hdpimCheckForUpdate
hdpimControlProgress
hdpimCreateSession
hdpimDownloadProduct
hdpimGetAvailableUpdateInfo
hdpimGetInstalledProductsList
hdpimGetProductInstallDirIsMoved
hdpimGetProductInstallStatus
hdpimGetProductInstalledVersions
hdpimGetProductLaunchPath
hdpimGetProductReferenceInfo
hdpimInstallProduct
hdpimInstallUpdate
hdpimLaunchProduct
hdpimRepairProduct
hdpimSetLogger
hdpimSetLoggerFnPtr
hdpimTerminateSession
hdpimUnInstallProduct

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 500KB - Virtual size: 499KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 29KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HDUWP.dll
.dll windows:5 windows x86 arch:x86

9793392758b7a587fee069b70cce5c4f

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

00:e1:aa:6d:76:34:4c:7f:3c:14:51:31:1a:ea:b0:5b:83:10:3e:30:6c:1d:b8:59:d9:e2:60:2f:7a:d0:0a:d7
Signer

Actual PE Digest

00:e1:aa:6d:76:34:4c:7f:3c:14:51:31:1a:ea:b0:5b:83:10:3e:30:6c:1d:b8:59:d9:e2:60:2f:7a:d0:0a:d7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

HDUWP.pdb

Imports

kernel32

CloseHandle
CreateEventExW
PackageFullNameFromId
PackageFamilyNameFromId
SetEvent
WaitForSingleObject
AcquireSRWLockShared
FreeLibrary
VirtualQuery
GetProcessHeap
HeapFree
HeapAlloc
GetLastError
GetModuleHandleW
GetStartupInfoW
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WideCharToMultiByte
MultiByteToWideChar
RaiseException
IsDebuggerPresent
LoadLibraryExW
GetProcAddress
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
DecodePointer
ReleaseSRWLockShared

ole32

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoInitialize
CoTaskMemFree

vccorlib140

?EventSourceGetTargetArrayEvent@Details@Platform@@YGPAXPAXIPBXPA_J@Z
?EventSourceAdd@Details@Platform@@YG?AVEventRegistrationToken@Foundation@Windows@@PAPAXPAUEventLock@12@P$AAVDelegate@2@@Z
?EventSourceRemove@Details@Platform@@YGXPAPAXPAUEventLock@12@VEventRegistrationToken@Foundation@Windows@@@Z
??0OutOfBoundsException@Platform@@Q$AAA@XZ
??0ChangedStateException@Platform@@Q$AAA@XZ
??0OutOfMemoryException@Platform@@Q$AAA@XZ
??0FailureException@Platform@@Q$AAA@XZ
?Allocate@Heap@Details@Platform@@SAPAXI@Z
??0Delegate@Platform@@Q$AAA@XZ
?get@Message@Exception@Platform@@Q$AAAP$AAVString@3@XZ
?GetIidsFn@@YGJHPAKPBU__s_GUID@@PAPAVGuid@Platform@@@Z
?GetActivationFactoryByPCWSTR@@YGJPAXAAVGuid@Platform@@PAPAX@Z
?EventSourceGetTargetArray@Details@Platform@@YGPAXPAXPAUEventLock@12@@Z
?EventSourceUninitialize@Details@Platform@@YGXPAPAX@Z
?EventSourceInitialize@Details@Platform@@YGXPAPAX@Z
?GetIBoxArrayVtable@Details@Platform@@YGPAXPAX@Z
?AllocateException@Heap@Details@Platform@@SAPAXII@Z
?AlignedFree@Heap@Details@Platform@@SAXPAX@Z
?Free@Heap@Details@Platform@@SAXPAX@Z
?Allocate@Heap@Details@Platform@@SAPAXII@Z
?ReleaseTarget@ControlBlock@Details@Platform@@AAEXXZ
?__abi_WinRTraiseCOMException@@YGXJ@Z
?__abi_WinRTraiseObjectDisposedException@@YGXXZ
?__abi_WinRTraiseDisconnectedException@@YGXXZ
?__abi_WinRTraiseWrongThreadException@@YGXXZ
?__abi_WinRTraiseClassNotRegisteredException@@YGXXZ
?__abi_WinRTraiseChangedStateException@@YGXXZ
?__abi_WinRTraiseOutOfBoundsException@@YGXXZ
?__abi_WinRTraiseInvalidArgumentException@@YGXXZ
?__abi_WinRTraiseOutOfMemoryException@@YGXXZ
?__abi_WinRTraiseAccessDeniedException@@YGXXZ
?__abi_WinRTraiseFailureException@@YGXXZ
?__abi_WinRTraiseOperationCanceledException@@YGXXZ
?__abi_WinRTraiseNullReferenceException@@YGXXZ
?__abi_WinRTraiseInvalidCastException@@YGXXZ
?__abi_WinRTraiseNotImplementedException@@YGXXZ
??0Object@Platform@@Q$AAA@XZ
?__abi_cast_Object_to_String@__abi_details@@YGP$AAVString@Platform@@_NP$AAVObject@3@@Z
?__abi_cast_String_to_Object@__abi_details@@YGP$AAVObject@Platform@@P$AAVString@3@@Z
?__abi_translateCurrentException@@YGJ_N@Z
?EventSourceGetTargetArraySize@Details@Platform@@YGIPAX@Z
?FlushFactoryCache@@YGXXZ
?InitializeData@Details@Platform@@YAJH@Z
?UninitializeData@Details@Platform@@YAXH@Z

msvcp140

?_Xout_of_range@std@@YAXPBD@Z
?_Xlength_error@std@@YAXPBD@Z

api-ms-win-core-winrt-l1-1-0

RoInitialize

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsDeleteString
WindowsCreateString

api-ms-win-core-winrt-error-l1-1-0

RoFailFastWithErrorContext
SetRestrictedErrorInfo

vcruntime140

__current_exception_context
__current_exception
__std_type_info_destroy_list
__CxxFrameHandler3
__vcrt_GetModuleFileNameW
__std_exception_destroy
__std_exception_copy
memset
memmove
memcpy
_except_handler4_common
__vcrt_LoadLibraryExW
_CxxThrowException

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
terminate
_execute_onexit_table
_initterm
_configure_narrow_argv
_initterm_e
_seh_filter_dll
_cexit
_initialize_narrow_environment
_crt_atexit
_register_onexit_function
_invalid_parameter_noinfo_noreturn
_crt_at_quick_exit

api-ms-win-crt-string-l1-1-0

strcat_s
strcpy_s
wcslen
_wcsdup

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

api-ms-win-crt-convert-l1-1-0

_wtoi

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf_s

Exports

Exports

hduwpGetInstalledPackageUsers
hduwpGetPackageFamilyName
hduwpGetPackageFullName
hduwpInstallPackage
hduwpIsPackageInstalledForAnyUser
hduwpIsPackageInstalledForCurrentUser
hduwpIsPackageWithFamilyNameInstalledForCurrentUser
hduwpLaunchPackage
hduwpRegisterPackage
hduwpUninstallPackage

Sections

.text
Size: 288KB - Virtual size: 288KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 52KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.00cfg
Size: 512B - Virtual size: 260B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HDZIP.dll
.dll windows:5 windows x86 arch:x86

110e34a80748bee86aa14eb3f2f71c07

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:2b:bc:34:90:89:47:41:6c:f0:4b:14:d1:ed:3e:3a:ec:63:ba:5c:bf:de:40:e9:f6:14:36:cc:b7:56:98:f5
Signer

Actual PE Digest

80:2b:bc:34:90:89:47:41:6c:f0:4b:14:d1:ed:3e:3a:ec:63:ba:5c:bf:de:40:e9:f6:14:36:cc:b7:56:98:f5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

HDZIP.pdb

Imports

kernel32

LeaveCriticalSection
DeleteCriticalSection
ReleaseSemaphore
InitializeCriticalSection
WaitForSingleObject
CreateEventW
SetEvent
ResetEvent
CreateSemaphoreW
CreateDirectoryW
lstrlenW
SetFileTime
GetFileAttributesW
SetFileAttributesW
MultiByteToWideChar
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
FindFirstFileW
GetFullPathNameW
FindNextFileW
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
InitializeCriticalSectionEx
FormatMessageW
RaiseException
DecodePointer
LocalFree
WideCharToMultiByte
GetModuleFileNameW
GetTempPathW
DeleteFileW
FlushFileBuffers
GetUserDefaultLCID
EnterCriticalSection
FreeLibrary
GetCurrentProcess
GetProcAddress
GetModuleHandleW
HeapFree
SetLastError
TerminateProcess
HeapSize
HeapReAlloc
CreateThread
HeapAlloc
GetCurrentProcessId
GetProcessHeap
InitializeCriticalSectionAndSpinCount
IsValidLocale
ReadConsoleW
GetConsoleMode
GetConsoleCP
ExitProcess
SetFilePointerEx
GetFileType
VirtualAlloc
VirtualFree
GetFileSize
CloseHandle
CreateFileA
GetLastError
CreateFileW
WriteFile
ReadFile
EnumSystemLocalesW
GetStdHandle
GetFileSizeEx
SetEndOfFile
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
WriteConsoleW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
LCMapStringW
SetStdHandle
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
InterlockedFlushSList
RtlUnwind
OutputDebugStringW
GetCPInfo
GetLocaleInfoW
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
GetStringTypeW
QueryPerformanceCounter
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
UnhandledExceptionFilter

ole32

StringFromGUID2
CoCreateGuid

oleaut32

VariantClear

shlwapi

PathFileExistsW
PathAppendW
PathIsDirectoryW

Exports

Exports

hdzipCompressFolder
hdzipDecompressFile
hdzipSetLogger

Sections

.text
Size: 243KB - Virtual size: 243KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 78KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HUM.dll
.dll windows:5 windows x86 arch:x86

26ee46d3b2b5b74725f3a13aef3d917d

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ff:5c:8c:68:cc:79:4f:f3:64:d9:0c:44:44:1c:fd:0b:b5:05:3a:87:40:14:83:62:46:0f:02:e4:21:b6:3c:9c
Signer

Actual PE Digest

ff:5c:8c:68:cc:79:4f:f3:64:d9:0c:44:44:1c:fd:0b:b5:05:3a:87:40:14:83:62:46:0f:02:e4:21:b6:3c:9c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

HUM.pdb

Imports

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

wtsapi32

WTSFreeMemory
WTSEnumerateSessionsW

shlwapi

PathRenameExtensionW
PathFileExistsW
PathFindFileNameW
PathIsDirectoryW
PathIsSystemFolderW
PathRemoveFileSpecW
PathAppendW
PathStripPathW
PathFileExistsA
PathIsRootW
PathIsFileSpecW
PathAddExtensionW
PathRemoveExtensionW

shell32

SHGetSpecialFolderPathW
SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetFolderLocation
ord680
SHGetFolderPathW

winhttp

WinHttpOpen
WinHttpSetTimeouts
WinHttpReadData
WinHttpGetProxyForUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpConnect
WinHttpQueryAuthSchemes
WinHttpCloseHandle
WinHttpSetCredentials
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSendRequest
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpOpenRequest

kernel32

GetFileType
LoadLibraryExW
InterlockedFlushSList
RtlUnwind
InitializeSListHead
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
GetLocaleInfoW
CompareStringW
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeCriticalSectionAndSpinCount
GetStringTypeW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
GetStdHandle
IsValidLocale
EnumSystemLocalesW
SetStdHandle
GetConsoleMode
ReadConsoleW
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
DeleteCriticalSection
ReadFile
FindFirstFileW
SetLastError
FindNextFileW
lstrlenW
RemoveDirectoryW
GetModuleFileNameW
GetTempPathW
FindClose
LocalAlloc
CreateFileW
GetFileAttributesW
SetFileAttributesW
FormatMessageW
DeleteFileW
CloseHandle
LocalFree
MoveFileExW
GetFileSize
lstrcmpiW
lstrcmpW
GetCurrentProcess
WaitForSingleObject
GetProcAddress
GetModuleHandleW
GetVersionExW
GetConsoleCP
GetFullPathNameW
WriteFile
FlushFileBuffers
LoadLibraryW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLCID
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateEventW
GlobalFree
VerSetConditionMask
VerifyVersionInfoW
GetCurrentProcessId
GetFileSizeEx
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
HeapFree
TerminateProcess
OpenProcess
HeapSize
CreateToolhelp32Snapshot
ProcessIdToSessionId
Process32NextW
SetEvent
TerminateThread
Process32FirstW
HeapReAlloc
CreateThread
ResetEvent
HeapAlloc
HeapDestroy
GetProcessHeap
GetUserDefaultLangID
AreFileApisANSI
TryEnterCriticalSection
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
CreateMutexW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
SetFilePointerEx
ResumeThread
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
WriteConsoleW
CreateDirectoryW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
ReleaseMutex
OpenMutexW
GetUserDefaultUILanguage
QueryPerformanceFrequency
LoadLibraryA
GetTimeZoneInformation
Sleep
HeapCreate

user32

wsprintfW

advapi32

RegQueryValueExW
LookupAccountSidW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
OpenProcessToken
CreateWellKnownSid
RegOpenKeyExW
RegCloseKey
GetUserNameW
ImpersonateLoggedOnUser
ConvertStringSidToSidW
RevertToSelf
AdjustTokenPrivileges
LookupPrivilegeValueW
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW

ole32

StringFromGUID2
CoCreateInstance
CoCreateGuid
CLSIDFromString
CLSIDFromProgID
CoUninitialize
CoInitialize
OleRun
CoTaskMemFree

oleaut32

VariantChangeType
SysStringLen
SysAllocString
SysFreeString
VariantInit
VariantCopy
VariantClear
GetErrorInfo

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

Exports

Exports

humCreateSession
humDownloadProductFFC
humGetAllProducts
humGetLatestApplicableUpdates
humGetLatestProducts
humGetLatestUpdates
humParseProductFFC
humSetLoggerFnPtr
humTerminateSession

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Set-up.exe
.exe windows:5 windows x86 arch:x86

a4b5be933fe74c23bd7bffb044fc8cd1

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8b:47:57:9d:39:a5:e7:bb:8e:2a:f5:7f:f1:93:3a:ad:08:a5:b9:68:d1:ed:9b:e4:25:f0:4a:7b:61:9a:4e:03
Signer

Actual PE Digest

8b:47:57:9d:39:a5:e7:bb:8e:2a:f5:7f:f1:93:3a:ad:08:a5:b9:68:d1:ed:9b:e4:25:f0:4a:7b:61:9a:4e:03

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Set-up.pdb

Imports

comctl32

InitCommonControlsEx

shlwapi

PathRemoveBackslashW
PathIsNetworkPathW
PathIsUNCW
PathStripPathW
UrlIsW
SHGetValueW
UrlEscapeW
PathFindFileNameW
PathRemoveFileSpecW
PathRemoveExtensionW
PathFileExistsW
PathAddExtensionW
PathIsFileSpecW
PathAppendW
PathIsDirectoryW
PathRenameExtensionW
PathIsSystemFolderW
PathFileExistsA
PathIsRelativeW
PathIsRootW
PathAddBackslashW
PathStripToRootW

shell32

SHGetKnownFolderPath
ord51
ShellExecuteW
ShellExecuteExW
SHGetSpecialFolderLocation
SHCreateDirectoryExW
SHGetSpecialFolderPathW
ord680
SHGetMalloc
SHGetFolderLocation
SHGetPathFromIDListW
SHGetFolderPathW
CommandLineToArgvW
SHBrowseForFolderW

kernel32

FindNextFileW
WaitForMultipleObjects
CreateFileW
CreateEventW
SetEvent
ResetEvent
GetOverlappedResult
ReadDirectoryChangesW
MultiByteToWideChar
WideCharToMultiByte
GetFileSizeEx
FindClose
GetFileAttributesW
SetFileAttributesW
DeleteFileW
GetLocalTime
GetTimeFormatW
GetDateFormatW
GetCurrentProcess
DeviceIoControl
GetTempPathW
GetVersionExW
GetComputerNameExW
FileTimeToSystemTime
GetNativeSystemInfo
RaiseException
LoadLibraryW
GetProcAddress
CreateProcessW
GetModuleHandleW
FreeLibrary
InitializeCriticalSectionEx
DecodePointer
MulDiv
GetModuleFileNameW
TerminateProcess
RemoveDirectoryW
OpenProcess
CreateToolhelp32Snapshot
Sleep
Process32NextW
Process32FirstW
CopyFileW
GetExitCodeProcess
ReadFile
SetLastError
lstrlenW
LocalAlloc
GetDiskFreeSpaceExW
GetCurrentDirectoryW
SetCurrentDirectoryW
MoveFileExW
GetFileSize
lstrcpyW
lstrcmpiW
lstrcmpW
GetDriveTypeW
GetFullPathNameW
HeapSize
HeapReAlloc
HeapDestroy
GlobalAlloc
GlobalLock
GlobalUnlock
GetSystemDirectoryW
SetDllDirectoryW
GetStdHandle
AttachConsole
FreeConsole
GetConsoleWindow
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
SetFilePointer
LeaveCriticalSection
SetEndOfFile
UnlockFileEx
UnmapViewOfFile
HeapValidate
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
SizeofResource
LockResource
LoadResource
FindResourceW
GlobalFree
VerSetConditionMask
FindFirstFileW
GetUserDefaultLCID
LCMapStringW
DuplicateHandle
ProcessIdToSessionId
TerminateThread
CreateThread
FindResourceExW
GetThreadTimes
QueryFullProcessImageNameW
GetUserDefaultLangID
GetUserDefaultUILanguage
SetNamedPipeHandleState
CreateNamedPipeW
ConnectNamedPipe
CreateDirectoryW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
ReleaseSemaphore
OpenSemaphoreW
CreateSemaphoreW
GetTimeZoneInformation
QueryPerformanceFrequency
GetCurrentThread
SetFilePointerEx
ResumeThread
EnterCriticalSection
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetLocaleInfoW
CompareStringW
GetCPInfo
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetStringTypeW
SwitchToThread
GetModuleHandleExW
QueueUserWorkItem
IsProcessorFeaturePresent
LoadLibraryExA
VirtualQuery
VirtualProtect
GetCurrentProcessId
GetCurrentThreadId
OpenMutexW
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexW
GetProcessHeap
HeapAlloc
HeapFree
LocalFree
GetLastError
FormatMessageW
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
VirtualAlloc
VirtualFree
CreateTimerQueue
SignalObjectAndWait
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
FreeLibraryAndExitThread
DeleteCriticalSection
GetModuleHandleA
LoadLibraryExW
InterlockedFlushSList
QueryDepthSList
UnregisterWaitEx
RtlUnwind
ExitThread
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
SetStdHandle
WriteConsoleW
ExitProcess
GetConsoleCP
GetConsoleMode
IsValidLocale
EnumSystemLocalesW
ReadConsoleW
FindFirstFileExW
IsValidCodePage
GetACP
VerifyVersionInfoW
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSection
SetEnvironmentVariableW
GetFullPathNameA

user32

CharNextW
BringWindowToTop
TranslateAcceleratorW
GetClassNameW
SetCapture
GetDlgItem
GetParent
RegisterWindowMessageW
GetForegroundWindow
GetSysColor
AttachThreadInput
IsChild
DestroyAcceleratorTable
ClientToScreen
RedrawWindow
InvalidateRgn
IsWindow
SetWindowTextW
ScreenToClient
FillRect
GetFocus
GetWindow
ReleaseCapture
SetForegroundWindow
InvalidateRect
IsIconic
BeginPaint
EndPaint
GetWindowTextW
GetSystemMetrics
GetWindowLongW
GetMessageW
DefWindowProcW
CreateAcceleratorTableW
DestroyWindow
SetWindowPos
CreateWindowExW
SendMessageW
MoveWindow
SetFocus
CallWindowProcW
GetWindowTextLengthW
GetWindowThreadProcessId
wsprintfW
PostThreadMessageW
RegisterClassExW
GetActiveWindow
DispatchMessageW
TranslateMessage
LoadCursorW
SetWindowLongW
PostQuitMessage
GetDesktopWindow
GetClassInfoExW
GetDC
MessageBoxW
ShowWindow
GetAsyncKeyState
ReleaseDC
PostMessageW
UnregisterClassW
GetClientRect
EnumWindows
GetShellWindow
AllowSetForegroundWindow
LoadImageW
SystemParametersInfoW
EnableMenuItem
LoadIconW
GetSystemMenu
GetClassLongW
AppendMenuW
SetClassLongW
GetWindowRect

gdi32

CreateCompatibleDC
GetStockObject
GetDeviceCaps
GetObjectW
DeleteObject
CreateSolidBrush
DeleteDC
SelectObject
CreateCompatibleBitmap
BitBlt

advapi32

LookupAccountSidW
SetEntriesInAclW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
CreateWellKnownSid
LookupPrivilegeValueW
AdjustTokenPrivileges
OpenProcessToken
RegFlushKey
RegCloseKey
RegDeleteKeyExW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegEnumValueW
EqualSid
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid
SetSecurityDescriptorDacl
DuplicateTokenEx
ConvertSidToStringSidW
ImpersonateLoggedOnUser
ConvertStringSidToSidW
RevertToSelf
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW
RegQueryValueExW
CredDeleteW
CredFree
CredEnumerateW
CredReadW
CredWriteW
GetUserNameW
GetTokenInformation

ole32

CoCreateGuid
CoAddRefServerProcess
OleRun
CoUninitialize
CoInitialize
CLSIDFromString
CreateStreamOnHGlobal
CLSIDFromProgID
CoGetClassObject
CoCreateInstance
StringFromGUID2
OleInitialize
OleUninitialize
OleLockRunning
CoTaskMemAlloc
CoTaskMemFree
CoReleaseServerProcess

oleaut32

VariantChangeType
SysAllocStringLen
SysStringLen
SysFreeString
VariantInit
SysAllocString
OleCreateFontIndirect
LoadTypeLi
LoadRegTypeLi
SysAllocStringByteLen
VariantCopy
SysStringByteLen
DispCallFunc
GetErrorInfo
VariantClear

bcrypt

BCryptCloseAlgorithmProvider
BCryptVerifySignature
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptDecrypt
BCryptDestroyKey
BCryptEncrypt
BCryptDestroyHash
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptFinishHash
BCryptGetProperty

crypt32

CertGetNameStringW
CertGetIssuerCertificateFromStore
CryptProtectData
CryptUnprotectData
CryptStringToBinaryW
CertOpenStore
CertFindCertificateInStore
CertFreeCertificateContext
CertCreateCertificateContext
CryptHashCertificate2
CryptImportPublicKeyInfoEx2
CertCloseStore
CertAddCertificateContextToStore
CertVerifySubjectCertificateContext

secur32

GetUserNameExW

wintrust

WTHelperProvDataFromStateData
WTHelperGetProvCertFromChain
WinVerifyTrust
WTHelperGetProvSignerFromChain

Sections

.text
Size: 3.4MB - Virtual size: 3.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 904KB - Virtual size: 904KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 135KB - Virtual size: 160KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 197KB - Virtual size: 196KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Setup.exe
.exe windows:5 windows x86 arch:x86

419b46efce1a08898aba5c1ca4c05c7c

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

86:9c:fc:80:59:c5:99:ac:a6:2c:77:5c:25:5a:2c:b1:52:5f:55:fb:3a:8c:de:67:7b:98:a4:ae:ef:04:36:cf
Signer

Actual PE Digest

86:9c:fc:80:59:c5:99:ac:a6:2c:77:5c:25:5a:2c:b1:52:5f:55:fb:3a:8c:de:67:7b:98:a4:ae:ef:04:36:cf

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Setup.pdb

Imports

crclient

?ShowCRDialogOnlyOnFirstCrash@@YA_NXZ
?SetCRDisplayName@@YA_NPBD@Z
?CrashReporterInitialize@@YA_NPAXPBD1111P6AIAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@ZP6AXXZ_NW4AdobeCrashReporterScalingFactor@@@Z

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GetUserDefaultLangID
GetUserDefaultUILanguage
ReadFile
FindFirstFileW
GetFullPathNameW
FindNextFileW
WriteFile
GetModuleFileNameW
GetTempPathW
FindClose
CreateFileW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
CloseHandle
LocalFree
MoveFileExW
lstrcmpW
FlushFileBuffers
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetCurrentProcessId
SetFilePointer
GetCurrentThreadId
WaitForSingleObject
Sleep
CreateThread
LoadLibraryW
GetProcAddress
FreeLibrary
GetUserDefaultLCID
SetDllDirectoryW
CreateEventW
SetEvent
ResetEvent
GetCurrentProcess
GetVersionExW
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW
GetFileSizeEx
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
CreateMutexW
ReleaseMutex
OpenMutexW
HeapFree
SetLastError
TerminateProcess
HeapSize
HeapReAlloc
HeapAlloc
GetProcessHeap
TlsAlloc
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitProcess
GetTimeZoneInformation
GetFileType
SetStdHandle
TlsGetValue
LoadLibraryExW
GetConsoleWindow
DeleteCriticalSection
DecodePointer
FreeConsole
RaiseException
AttachConsole
GetLastError
InitializeCriticalSectionEx
GetStdHandle
IsValidLocale
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleCP
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetEndOfFile
WriteConsoleW
SwitchToThread
InitializeCriticalSectionAndSpinCount
OutputDebugStringW
LCMapStringW
RtlUnwind
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
CompareStringW
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
GetStringTypeW

user32

SendMessageW
wsprintfW

advapi32

RegOpenKeyExW
RegCloseKey
RegQueryValueExW

shell32

SHGetSpecialFolderPathW
SHGetFolderPathW
SHCreateDirectoryExW
SHGetPathFromIDListW
SHGetFolderLocation

ole32

CLSIDFromProgID
OleRun
CLSIDFromString
CoTaskMemFree
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

GetErrorInfo
VariantCopy
VariantClear
SysAllocString
SysFreeString
VariantInit

shlwapi

PathRemoveExtensionW
PathAddExtensionW
PathIsFileSpecW
PathRenameExtensionW
PathIsDirectoryW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsW
PathAppendW

Sections

.text
Size: 326KB - Virtual size: 326KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TokenResolverx64.exe
.exe windows:6 windows x64 arch:x64

5baa56e7c3e406c3a56d258d7bc0f6d7

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e4:32:92:43:36:42:62:18:19:d1:3e:6f:b1:32:82:60:15:85:fa:9a:45:85:73:2a:cd:b1:6d:59:fc:cc:70:72
Signer

Actual PE Digest

e4:32:92:43:36:42:62:18:19:d1:3e:6f:b1:32:82:60:15:85:fa:9a:45:85:73:2a:cd:b1:6d:59:fc:cc:70:72

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

TokenResolverx64.pdb

Imports

kernel32

WriteFile
CreateFileW
GetLastError
CloseHandle
WriteConsoleW
GetConsoleMode
GetConsoleCP
FlushFileBuffers
HeapReAlloc
HeapSize
SetFilePointerEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetStdHandle
GetModuleFileNameW
HeapFree
HeapAlloc
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
LCMapStringW
GetProcessHeap

shell32

SHGetFolderPathW
SHGetPathFromIDListW
SHGetFolderLocation

ole32

CoTaskMemFree

Sections

.text
Size: 62KB - Virtual size: 61KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Uninstaller.exe
.exe windows:5 windows x86 arch:x86

c84c612aa7891758146cf3e6d7d8ec1e

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4c:11:ce:4a:0e:db:23:ac:0d:a5:07:8b:a4:72:68:c8:eb:14:08:a3:41:62:eb:0d:e4:db:a8:5e:d5:21:2e:59
Signer

Actual PE Digest

4c:11:ce:4a:0e:db:23:ac:0d:a5:07:8b:a4:72:68:c8:eb:14:08:a3:41:62:eb:0d:e4:db:a8:5e:d5:21:2e:59

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

Uninstaller.pdb

Imports

kernel32

CreateEventW
GlobalAlloc
GlobalFree
GetProcAddress
GetModuleHandleW
GetFileAttributesW
ReadFile
GetFullPathNameW
FindNextFileW
WriteFile
GetModuleFileNameW
GetTempPathW
FindClose
CreateFileW
DeleteFileW
GetFileSize
FlushFileBuffers
HeapFree
SetLastError
TerminateProcess
WaitForSingleObject
OpenProcess
HeapSize
GetVersionExW
HeapReAlloc
CreateThread
HeapAlloc
HeapDestroy
GetCurrentProcessId
GetProcessHeap
CreateProcessW
MultiByteToWideChar
FormatMessageW
WideCharToMultiByte
LoadLibraryW
FreeLibrary
LoadLibraryA
LCMapStringW
CreateFileA
FindFirstFileExW
GetTimeZoneInformation
ReadConsoleW
GetConsoleMode
SetFilePointerEx
GetCurrentProcess
DeleteCriticalSection
LocalFree
SystemTimeToFileTime
DecodePointer
RaiseException
CloseHandle
GetLastError
InitializeCriticalSectionEx
CreateNamedPipeW
IsValidCodePage
GetOEMCP
GetCommandLineA
WaitForSingleObjectEx
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetVersionExA
SetEnvironmentVariableW
SetStdHandle
GetConsoleCP
DeleteFileA
GetSystemInfo
WriteConsoleW
HeapCompact
UnlockFile
CreateFileMappingA
LockFileEx
Sleep
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
GetTempPathA
HeapValidate
UnmapViewOfFile
GetCurrentThreadId
CreateMutexW
UnlockFileEx
GetFileType
GetStdHandle
ExitProcess
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
LoadLibraryExW
RtlUnwind
InitializeSListHead
GetStartupInfoW
SetEndOfFile
GetFullPathNameA
SetFilePointer
InitializeCriticalSection
LeaveCriticalSection
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
EnterCriticalSection
HeapCreate
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
GetCPInfo
CompareStringW
EncodePointer
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
GetStringTypeW
GetACP
lstrlenW
GetFileSizeEx
GetTickCount
QueryPerformanceCounter
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTime
GetSystemTimeAsFileTime
AreFileApisANSI
TryEnterCriticalSection

user32

GetWindowThreadProcessId
EnumWindows
GetShellWindow
AllowSetForegroundWindow

advapi32

LookupPrivilegeValueW
AdjustTokenPrivileges
DuplicateTokenEx
SetNamedSecurityInfoW
GetNamedSecurityInfoW
EqualSid
AllocateAndInitializeSid
SetEntriesInAclW
OpenProcessToken
FreeSid
GetTokenInformation
GetUserNameW

shell32

SHGetPathFromIDListW
SHCreateDirectoryExW
SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetFolderLocation
CommandLineToArgvW

ole32

CLSIDFromString
OleRun
CLSIDFromProgID
StringFromGUID2
CoTaskMemFree
CoUninitialize
CoCreateInstance
CoInitializeSecurity
CoInitializeEx
CoInitialize
CoCreateGuid

oleaut32

SysStringLen
VariantChangeType
VariantInit
SysFreeString
SysAllocString
VariantClear
GetErrorInfo

shlwapi

PathRemoveBackslashW
PathStripPathW
PathIsDirectoryW
PathAppendW
PathFileExistsA
PathFileExistsW
PathRemoveFileSpecW

Sections

.text
Size: 802KB - Virtual size: 802KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 88KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
cr_win_client_config.cfg
customhook/HDCoreCustomHook.exe
.exe windows:5 windows x86 arch:x86

7efd93324984d35b1b9ca77b53ec55f3

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:31:94:ea:7e:01:6b:12:66:95:39:c4:c8:3d:51:ba:da:57:fe:e7:2e:29:f8:a4:c0:c5:26:8d:4b:72:55:f0
Signer

Actual PE Digest

7d:31:94:ea:7e:01:6b:12:66:95:39:c4:c8:3d:51:ba:da:57:fe:e7:2e:29:f8:a4:c0:c5:26:8d:4b:72:55:f0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

HDCoreCustomHook.pdb

Imports

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

LocalFree
MoveFileExW
GetFileSize
lstrcmpW
GetCurrentProcess
WaitForSingleObject
GetProcAddress
GetModuleHandleW
InitializeCriticalSectionEx
RaiseException
DecodePointer
DeleteCriticalSection
GetVersionExW
HeapFree
LoadLibraryW
HeapAlloc
GetProcessHeap
Sleep
AreFileApisANSI
TryEnterCriticalSection
HeapCreate
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
CreateMutexW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
MultiByteToWideChar
GetTempPathA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
HeapReAlloc
GetSystemInfo
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
CloseHandle
GetCurrentProcessId
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetUserDefaultLCID
LCMapStringW
CreateEventW
VerSetConditionMask
VerifyVersionInfoW
GetFileSizeEx
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
GetDateFormatW
ReleaseMutex
OpenMutexW
TerminateProcess
SetEvent
ExitThread
ResetEvent
GetUserDefaultLangID
GetUserDefaultUILanguage
InitializeSListHead
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
CompareStringW
EncodePointer
SetFilePointerEx
DeleteFileW
GetLastError
FormatMessageW
SetFileAttributesW
GetFileAttributesW
CreateFileW
LocalAlloc
FindClose
GetTempPathW
GetModuleFileNameW
FindNextFileW
SetLastError
FindFirstFileW
ReadFile
FindFirstFileExW
RtlUnwind
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
LoadLibraryExW
FreeEnvironmentStringsW
GetFileType
SetEnvironmentVariableW
GetConsoleCP
WriteConsoleW
LockFileEx
CreateThread
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SwitchToThread
InitializeCriticalSectionAndSpinCount
GetStringTypeW
FreeLibraryAndExitThread
GetModuleHandleExW
GetTimeZoneInformation
ExitProcess
ReadConsoleW
GetConsoleMode
SetStdHandle
EnumSystemLocalesW
IsValidLocale
GetCommandLineW
GetCommandLineA
GetStdHandle

advapi32

SetSecurityDescriptorDacl
GetSecurityDescriptorDacl
RegGetKeySecurity
RegCloseKey
RegQueryInfoKeyW
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegSetKeySecurity
RegSetValueExW
InitializeSecurityDescriptor
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
SetEntriesInAclW
CreateWellKnownSid

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHGetPathFromIDListW
SHGetFolderLocation
SHGetSpecialFolderPathW

ole32

CoCreateGuid
StringFromGUID2
CoInitialize
CoUninitialize
CoCreateInstance
CLSIDFromProgID
OleRun
CLSIDFromString
CoTaskMemFree

oleaut32

VariantClear
SysAllocString
SysFreeString
VariantInit
VariantCopy
GetErrorInfo

shlwapi

PathIsDirectoryW
PathAppendW
PathRemoveExtensionW
PathAddExtensionW
PathIsFileSpecW
PathFileExistsA
PathRemoveFileSpecW
PathRenameExtensionW
PathFindFileNameW
PathFileExistsW

Sections

.text
Size: 897KB - Virtual size: 897KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
New folder (2)/packages/ADC/HDBox/HDBox.pimx
New folder (2)/packages/ADC/HDBox/HDBox.sig
.xml
New folder (2)/packages/ADC/IPCBox/IPCBox.pima
.zip
AdobeIPCBroker.exe
.exe windows:5 windows x86 arch:x86

172292261b08007883d073eeafce4d20

Code Sign

06:f4:e7:98:55:94:06:f8:29:f6:61:c8:33:f7:c7:8d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

04/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Adobe Inc.,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:e4:b1:48:c8:5e:78:78:8e:f1:44:db:9e:9e:1b:c3:66:ed:08:7a:7b:5b:18:f2:8f:5b:79:df:b3:a4:a0:84
Signer

Actual PE Digest

b3:e4:b1:48:c8:5e:78:78:8e:f1:44:db:9e:9e:1b:c3:66:ed:08:7a:7b:5b:18:f2:8f:5b:79:df:b3:a4:a0:84

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AdobeIPCBroker.pdb

Imports

crclient

?CrashReporterInitialize@@YA_NPAXPBD1111P6AIAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@ZP6AXXZ_NW4AdobeCrashReporterScalingFactor@@@Z

ws2_32

listen
getsockname
bind
WSASetLastError
WSAStartup
getservbyname
getservbyport
gethostbyname
gethostbyaddr
socket
send
select
recv
ntohs
inet_ntoa
inet_addr
htons
htonl
getsockopt
ioctlsocket
connect
closesocket
__WSAFDIsSet
WSAGetLastError

kernel32

DeleteCriticalSection
ReleaseSemaphore
InterlockedDecrement
WaitForSingleObject
CreateSemaphoreW
FindFirstFileW
FindNextFileW
InitializeCriticalSectionAndSpinCount
FindClose
RaiseException
DecodePointer
GetModuleFileNameW
ReleaseMutex
CreateMutexA
Sleep
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetVersionExA
GetModuleHandleA
GetModuleFileNameA
GetSystemDirectoryA
InitializeCriticalSection
EnterCriticalSection
GetLastError
CreateMutexW
GetCommandLineW
FreeLibrary
CreateProcessW
GetProcAddress
CloseHandle
LoadLibraryA
MultiByteToWideChar
GetStdHandle
LeaveCriticalSection
HeapSize
WriteConsoleW
GetProcessHeap
SetEnvironmentVariableA
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
SwitchToThread
GetCurrentProcess
TerminateProcess
OpenProcess
GlobalAlloc
GlobalFree
LocalAlloc
LocalFree
FreeEnvironmentStringsW
GetEnvironmentVariableW
GetCurrentProcessId
GetLocalTime
GetEnvironmentStringsW
SetStdHandle
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateFileW
FlushFileBuffers
GetFileAttributesExW
GetFileSizeEx
GetFullPathNameW
ReadFile
SetEndOfFile
SetFilePointerEx
WriteFile
GetTempPathW
DuplicateHandle
ConnectNamedPipe
PeekNamedPipe
CreateNamedPipeW
GetOverlappedResult
SetEvent
ResetEvent
CreateEventW
SetThreadPriority
GetThreadPriority
VirtualAlloc
VirtualFree
GetModuleHandleExW
LoadLibraryExW
WaitForMultipleObjects
GetNamedPipeInfo
GetCurrentThread
GetTickCount
SetFilePointer
FormatMessageW
LocalReAlloc
LCMapStringW
RtlCaptureStackBackTrace
GetSystemTimeAsFileTime
WaitForSingleObjectEx
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
QueryPerformanceCounter
IsDebuggerPresent
GetStartupInfoW
WideCharToMultiByte
EncodePointer
SetLastError
CompareStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
OutputDebugStringW
RtlUnwind
InterlockedPushEntrySList
CreateThread
ExitThread
FreeLibraryAndExitThread
GetTimeZoneInformation
ExitProcess
GetDriveTypeW
GetFileType
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetCommandLineA
GetACP
GetConsoleMode
ReadConsoleW
GetConsoleCP
GetFullPathNameA
HeapAlloc
HeapReAlloc
HeapFree
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW

user32

TranslateMessage
DispatchMessageW
PeekMessageW
PostMessageW
PostQuitMessage
DestroyWindow
MsgWaitForMultipleObjectsEx
GetWindowLongW
KillTimer
SetTimer
GetWindowThreadProcessId
EnumWindows
GetShellWindow
RegisterClassW
DefWindowProcW
CreateWindowExW
SetWindowLongW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoCreateInstance
CoUninitialize

oleaut32

VariantClear
SysFreeString
SysAllocString

advapi32

OpenProcessToken
CreateProcessWithTokenW
GetUserNameW
AdjustTokenPrivileges
AllocateAndInitializeSid
DuplicateTokenEx
EqualSid
FreeSid
GetLengthSid
GetSidSubAuthority
GetTokenInformation
SetTokenInformation
LookupPrivilegeValueW
ConvertStringSidToSidW

shell32

ShellExecuteExW
CommandLineToArgvW
SHCreateDirectoryExW

Sections

.text
Size: 754KB - Virtual size: 754KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 198KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 596B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CRClient.dll
.dll windows:6 windows x86 arch:x86

0179d143cfd3f9e347091af545e19dca

Code Sign

06:f4:e7:98:55:94:06:f8:29:f6:61:c8:33:f7:c7:8d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

04/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Adobe Inc.,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:4e:34:ca:db:34:e4:23:6e:a9:a9:70:16:2e:e6:30:c3:3e:6a:9c:87:0c:df:ee:76:ae:99:3e:72:f6:2f:f3
Signer

Actual PE Digest

24:4e:34:ca:db:34:e4:23:6e:a9:a9:70:16:2e:e6:30:c3:3e:6a:9c:87:0c:df:ee:76:ae:99:3e:72:f6:2f:f3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Jenkins\workspace\CR Win Client Release Build\public\CR4.0\Source\CRWindowsClient\CRWindowsClientService\Win32\Release\CRClient.pdb

Imports

dbghelp

SymFromAddr
StackWalk64
SymGetModuleBase64
SymGetModuleInfo64
SymInitialize
SymFunctionTableAccess64

kernel32

GetModuleHandleW
GetProcAddress
LoadLibraryW
CloseHandle
CreateThread
WaitForSingleObject
GetModuleFileNameW
FreeLibrary
ReadFile
GetCurrentThreadId
ReadProcessMemory
SetUnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
GetCurrentProcessId
TerminateThread
OpenThread
CreateNamedPipeW
VirtualProtect
WriteProcessMemory
GetThreadId
GetProcessId
K32GetModuleFileNameExW
GetProcessHeap
CreateProcessW
ConnectNamedPipe
WriteFile
FlushFileBuffers
DisconnectNamedPipe
WerRegisterRuntimeExceptionModule
WerUnregisterRuntimeExceptionModule
LocaleNameToLCID
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
CreateFileW
GetFileAttributesExW
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
SetEvent
WaitForSingleObjectEx
CreateEventW
HeapSize
ResetEvent
HeapReAlloc
HeapFree
HeapAlloc
HeapDestroy
FindResourceExW
FindResourceW
SizeofResource
LockResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionEx
GetLastError
RaiseException
MultiByteToWideChar
UnhandledExceptionFilter
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent

user32

IsWindowVisible
EnableWindow
IsHungAppWindow
DisableProcessWindowsGhosting
MessageBoxW
GetWindowTextW
GetWindowTextLengthW
ReleaseDC
DrawIconEx
GetSysColor
GetDC
SetFocus
GetDlgCtrlID
IsDlgButtonChecked
PostMessageW
ShowWindow
GetSystemMenu
EnableMenuItem
CheckDlgButton
GetWindowThreadProcessId
EndDialog
GetWindow
SetWindowTextW
SetDlgItemTextW
SetWindowPos
OffsetRect
CopyRect
GetDesktopWindow
GetKeyState
GetDlgItem
GetWindowLongW
GetParent
SetCursor
LoadCursorW
ReleaseCapture
PtInRect
ClientToScreen
GetWindowRect
SetCapture
InvalidateRect
GetCapture
SendMessageW
SetWindowLongW
CallWindowProcW
GetPropW
EnumWindows
GetSysColorBrush
SetPropW
RemovePropW
DialogBoxIndirectParamW

gdi32

DeleteDC
CreateSolidBrush
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
SetBkMode
CreateFontIndirectW
GetObjectW
SetTextColor
DeleteObject

advapi32

RegOpenCurrentUser
RegSetValueExW
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

shell32

SHCreateDirectoryExW
SHGetKnownFolderPath
ord6
ShellExecuteW

ole32

CoTaskMemFree
CoCreateGuid

msvcp140

?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@_N@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@K@Z
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
_Wcscoll
_Wcsxfrm
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?id@?$collate@_W@std@@2V0locale@2@A
?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z
?tolower@?$ctype@_W@std@@QBEPB_WPA_WPB_W@Z
?tolower@?$ctype@_W@std@@QBE_W_W@Z
?is@?$ctype@_W@std@@QBE_NF_W@Z
??1facet@locale@std@@MAE@XZ
??0facet@locale@std@@IAE@I@Z
?_Getcoll@_Locinfo@std@@QBE?AU_Collvec@@XZ
??1_Locinfo@std@@QAE@XZ
??0_Locinfo@std@@QAE@PBD@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?read@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@PA_W_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?seekg@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_JH@Z
?_Xbad_alloc@std@@YAXXZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?_Xout_of_range@std@@YAXPBD@Z
_Mtx_init_in_situ
_Mtx_destroy_in_situ
?empty@locale@std@@SA?AV12@XZ
?_BADOFF@std@@3_JB
?uncaught_exception@std@@YA_NXZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Xlength_error@std@@YAXPBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@_W@std@@2V0locale@2@A
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$ctype@_W@std@@QBE_WD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
??Bid@locale@std@@QAEIXZ
?_Ipfx@?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sbumpc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
?sgetc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEGXZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@J@Z
?_Syserror_map@std@@YAPBDH@Z
?_Throw_C_error@std@@YAXH@Z
_Thrd_start
_Thrd_join
_Mtx_init
_Mtx_lock
_Mtx_trylock
_Mtx_unlock
_Cnd_init
_Cnd_wait
_Cnd_signal
_Cnd_destroy
_Mtx_destroy
_Cnd_do_broadcast_at_thread_exit
?_Throw_Cpp_error@std@@YAXH@Z
_Thrd_id
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?always_noconv@codecvt_base@std@@QBE_NXZ

shlwapi

PathAppendW
PathFileExistsW

vcruntime140

_purecall
wcsstr
memchr
strchr
__CxxFrameHandler3
memset
__vcrt_InitializeCriticalSectionEx
_CxxThrowException
_except_handler4_common
__std_type_info_destroy_list
memmove
__std_exception_destroy
__std_exception_copy
__std_terminate
memcpy

api-ms-win-crt-heap-l1-1-0

_recalloc
malloc
free
calloc
_callnewh
realloc

api-ms-win-crt-string-l1-1-0

strtok_s
strncpy_s
tolower
_strdup
wcsnlen
iswspace
wmemcpy_s
isspace

api-ms-win-crt-runtime-l1-1-0

_configure_narrow_argv
_initialize_narrow_environment
_errno
terminate
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_cexit
_initterm
_initterm_e
_seh_filter_dll

api-ms-win-crt-stdio-l1-1-0

fputc
__stdio_common_vswprintf_s
__stdio_common_vswprintf
fclose
_get_stream_buffer_pointers
fwrite
fgetpos
_fseeki64
fsetpos
setvbuf
fflush
ungetwc
ungetc
fputwc
fgetwc
fgetc

api-ms-win-crt-filesystem-l1-1-0

_unlock_file
_wremove
_lock_file

api-ms-win-crt-convert-l1-1-0

_itoa_s

Exports

Exports

?AddCRCustomData@@YA_NV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@I@Z
?CrashReporterInitialize@@YA_NPAXPBD1111P6AIAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@ZP6AXXZ_NW4AdobeCrashReporterScalingFactor@@@Z
?GetCRLastErrorCode@@YA?AW4ERROR_CR@@XZ
?SetCRDialogSaclingFactor@@YA_NW4AdobeCrashReporterScalingFactor@@@Z
?SetCRDisplayName@@YA_NPBD@Z
?SetCRHighbeamSessionId@@YA_NPBD@Z
?SetCRLocale@@YA_NPBD@Z
?SetCRParentWnd@@YA_NPAX@Z
?SetCRPostHandler@@YA_NP6AXXZ@Z
?SetCRPosthandlerThreadPreference@@YA_N_N@Z
?SetCRPreHandler@@YA_NP6AIAAV?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@@Z@Z
?ShowCRDialogOnlyOnFirstCrash@@YA_NXZ
OutOfProcessExceptionEventCallback
OutOfProcessExceptionEventDebuggerLaunchCallback
OutOfProcessExceptionEventSignatureCallback

Sections

.text
Size: 153KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 88B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CRLogTransport.exe
.exe windows:6 windows x86 arch:x86

ac1cd93fe902743d8dda02b14f96b2aa

Code Sign

06:f4:e7:98:55:94:06:f8:29:f6:61:c8:33:f7:c7:8d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

04/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Adobe Inc.,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c5:44:04:7b:aa:19:e2:dd:59:b1:94:4b:ff:e1:ca:07:f5:d9:a2:e8:f3:1b:9b:72:35:e2:5a:bf:6a:16:a2:9f
Signer

Actual PE Digest

c5:44:04:7b:aa:19:e2:dd:59:b1:94:4b:ff:e1:ca:07:f5:d9:a2:e8:f3:1b:9b:72:35:e2:5a:bf:6a:16:a2:9f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\CR Log Transport\public\CRLogTransport\public\binary\Win\x86\Release\CRLogTransport.pdb

Imports

shlwapi

PathIsDirectoryW
PathFileExistsW

wininet

HttpOpenRequestW
InternetQueryDataAvailable
InternetSetStatusCallbackW
InternetOpenW
InternetSetOptionA
HttpQueryInfoW
InternetCrackUrlW
HttpSendRequestW
InternetCloseHandle
InternetReadFile
InternetSetOptionW
InternetConnectW
InternetQueryOptionW

kernel32

MultiByteToWideChar
WideCharToMultiByte
CompareFileTime
FindFirstFileW
FindNextFileW
FindClose
CreateFileW
DeleteFileW
CloseHandle
GetProcAddress
MoveFileExW
GetFileTime
ReadFile
GetModuleFileNameW
InitializeCriticalSectionEx
Sleep
DeleteCriticalSection
GetSystemTimeAsFileTime
GetModuleHandleA
AreFileApisANSI
LocalFree
FormatMessageA
OutputDebugStringW
SetEvent
LeaveCriticalSection
EnterCriticalSection
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
GetLastError
UnhandledExceptionFilter
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
IsDebuggerPresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
InitializeSListHead
SetUnhandledExceptionFilter

shell32

SHCreateDirectoryExW
SHGetFolderPathW

msvcp140

?fill@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDXZ
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAE_JPBD_J@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHD@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?setg@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAPAD0PAH001@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
?eback@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?gptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?pptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?egptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?epptr@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?_Gndec@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?_Gninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?rdbuf@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_streambuf@DU?$char_traits@D@std@@@2@XZ
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??0?$basic_ostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
??1?$basic_ostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?width@ios_base@std@@QAE_J_J@Z
?width@ios_base@std@@QBE_JXZ
?flags@ios_base@std@@QBEHXZ
?bad@ios_base@std@@QBE_NXZ
?fail@ios_base@std@@QBE_NXZ
?good@ios_base@std@@QBE_NXZ
??Bios_base@std@@QBE_NXZ
?always_noconv@codecvt_base@std@@QBE_NXZ
??Bid@locale@std@@QAEIXZ
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?id@?$ctype@D@std@@2V0locale@2@A
?_Getcat@?$ctype@D@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?is@?$ctype@D@std@@QBE_NFD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@D@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
?_Fiopen@std@@YAPAU_iobuf@@PBDHH@Z
?pbase@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IBEPADXZ
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD00@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@H@Z
?setp@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXPAD0@Z
?_Incref@facet@locale@std@@UAEXXZ
?gbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
?pbump@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXH@Z
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
?getline@?$basic_istream@DU?$char_traits@D@std@@@std@@QAEAAV12@PAD_J@Z
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
??7ios_base@std@@QBE_NXZ
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV01@I@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEAAV12@XZ
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QAEXXZ
?tie@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEPAV?$basic_ostream@DU?$char_traits@D@std@@@2@XZ
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?_Xlength_error@std@@YAXPBD@Z
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_BADOFF@std@@3_JB
?_Xout_of_range@std@@YAXPBD@Z
?_Xbad_alloc@std@@YAXXZ
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Locimp_Addfac@_Locimp@locale@std@@CAXPAV123@PAVfacet@23@I@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEPADXZ
?clear@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z

vcruntime140

memchr
memcmp
_purecall
_except_handler4_common
__std_exception_copy
memcpy
memmove
__std_exception_destroy
memset
__std_terminate
__CxxFrameHandler3
__vcrt_InitializeCriticalSectionEx
_CxxThrowException

api-ms-win-crt-stdio-l1-1-0

fwrite
__p__commode
fgetpos
ferror
setvbuf
__stdio_common_vfprintf
ungetc
fsetpos
fgetc
_fseeki64
fclose
fflush
fputc
__stdio_common_vsprintf
_get_stream_buffer_pointers
fread
_wsopen_s
_close
fseek
fopen
_set_fmode
ftell

api-ms-win-crt-string-l1-1-0

wcscmp
strnlen
strlen
wcslen
strncpy_s
strtok_s
tolower

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo
terminate
_errno
_controlfp_s
signal
_invalid_parameter_noinfo_noreturn
_initialize_onexit_table
_register_onexit_function
strerror
_crt_atexit
_cexit
_seh_filter_exe
_set_app_type
_getpid
_configure_wide_argv
_initialize_wide_environment
_get_initial_wide_environment
_initterm
_initterm_e
exit
_exit
__p___argc
__p___wargv
_c_exit
_register_thread_local_exe_atexit_callback

api-ms-win-crt-filesystem-l1-1-0

_lock_file
_wrename
_unlock_file

api-ms-win-crt-math-l1-1-0

__setusermatherr
ceil
_fdopen

api-ms-win-crt-time-l1-1-0

_time32
_gmtime32_s
strftime

api-ms-win-crt-heap-l1-1-0

malloc
_set_new_mode
_callnewh
free

api-ms-win-crt-utility-l1-1-0

srand
rand
abs

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 133KB - Virtual size: 133KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1.0MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CRWindowsClientService.exe
.exe windows:6 windows x86 arch:x86

4fa26d3b2aa59b801bf1baa94a1c99be

Code Sign

06:f4:e7:98:55:94:06:f8:29:f6:61:c8:33:f7:c7:8d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

04/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Adobe Inc.,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:50:83:f9:52:8d:e3:2f:b2:97:d5:47:a2:f1:c4:c0:ab:9d:a9:3b:36:d0:6c:e0:6d:ff:fd:28:ce:62:48:f0
Signer

Actual PE Digest

6e:50:83:f9:52:8d:e3:2f:b2:97:d5:47:a2:f1:c4:c0:ab:9d:a9:3b:36:d0:6c:e0:6d:ff:fd:28:ce:62:48:f0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Jenkins\workspace\CR Win Client Release Build\public\CR4.0\Source\CRWindowsClient\CRWindowsClientService\Win32\Release\CRWindowsClientService.pdb

Imports

dbghelp

MiniDumpWriteDump

wininet

InternetConnectW
HttpOpenRequestW
HttpSendRequestW
InternetOpenW
HttpQueryInfoW
InternetCloseHandle

kernel32

GetLastError
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
InitializeCriticalSectionEx
DeleteCriticalSection
GetExitCodeProcess
OpenThread
GetExitCodeThread
OpenProcess
FindResourceExW
LoadResource
LockResource
SizeofResource
FindResourceW
MultiByteToWideChar
WideCharToMultiByte
GetCommandLineW
LocalFree
RaiseException
WriteFile
IsDebuggerPresent
GetCurrentProcess
GetTimeZoneInformation
GlobalMemoryStatusEx
GetSystemInfo
GetLocaleInfoEx
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcAddress
GetModuleHandleW
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
LeaveCriticalSection
EnterCriticalSection
CloseHandle
CreateFileW
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
OutputDebugStringW
ReadFile

advapi32

RegQueryInfoKeyW
RegOpenCurrentUser
RegEnumValueW
RegCreateKeyExW
RegQueryValueExW
RegCloseKey
RegOpenKeyExW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegSetValueExW

shell32

SHCreateDirectoryExW
CommandLineToArgvW
SHGetKnownFolderPath
ShellExecuteW

ole32

CoCreateGuid
CoInitializeEx
CoSetProxyBlanket
CoTaskMemFree
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SysFreeString
SysAllocString

shlwapi

PathFileExistsW
PathAppendW

msvcp140

?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEPAV12@PA_W_J@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEHXZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEXABVlocale@2@@Z
?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPBD_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAEGXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_istream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0?$basic_istream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QBEDD@Z
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAEXXZ
??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UAE@XZ
?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEXABVlocale@2@@Z
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
??0_Lockit@std@@QAE@H@Z
??1_Lockit@std@@QAE@XZ
?uncaught_exception@std@@YA_NXZ
?_Xbad_alloc@std@@YAXXZ
?_Xlength_error@std@@YAXPBD@Z
?_Xout_of_range@std@@YAXPBD@Z
??4?$_Yarn@D@std@@QAEAAV01@PBD@Z
??Bid@locale@std@@QAEIXZ
?_New_Locimp@_Locimp@locale@std@@CAPAV123@ABV123@@Z
?_Addfac@_Locimp@locale@std@@AAEXPAVfacet@23@I@Z
?empty@locale@std@@SA?AV12@XZ
?_Getgloballocale@locale@std@@CAPAV_Locimp@12@XZ
?always_noconv@codecvt_base@std@@QBE_NXZ
?in@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPA_W3AAPA_W@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PB_W1AAPB_WPAD3AAPAD@Z
?unshift@?$codecvt@_WDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
??0?$codecvt@_WDU_Mbstatet@@@std@@QAE@I@Z
?_Getcat@?$codecvt@_WDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MAE@XZ
?widen@?$ctype@_W@std@@QBE_WD@Z
?_Getcat@?$ctype@_W@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?good@ios_base@std@@QBE_NXZ
?flags@ios_base@std@@QBEHXZ
?width@ios_base@std@@QBE_JXZ
?width@ios_base@std@@QAE_J_J@Z
?getloc@ios_base@std@@QBE?AVlocale@2@XZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QBE?AVlocale@2@XZ
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAEG_W@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QAE_JPB_W_J@Z
?_Init@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IAEXXZ
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?clear@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAEXH_N@Z
?rdbuf@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBEPAV?$basic_streambuf@_WU?$char_traits@_W@std@@@2@XZ
?imbue@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QAE?AVlocale@2@ABV32@@Z
?fill@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WXZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QBE_WD@Z
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IAE@XZ
??0?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@_N@Z
??1?$basic_ostream@_WU?$char_traits@_W@std@@@std@@UAE@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEXXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAV01@AAV01@@Z@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@H@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@PBX@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@_W@Z
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV12@XZ
?_Fiopen@std@@YAPAU_iobuf@@PB_WHH@Z
?_Decref@facet@locale@std@@UAEPAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UAEXXZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPA_W_J@Z
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MAE_JPB_W_J@Z
?_BADOFF@std@@3_JB
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
?id@?$ctype@_W@std@@2V0locale@2@A
?_Init@locale@std@@CAPAV_Locimp@12@_N@Z
?in@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?out@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PBD1AAPBDPAD3AAPAD@Z
?unshift@?$codecvt@DDU_Mbstatet@@@std@@QBEHAAU_Mbstatet@@PAD1AAPAD@Z
?_Getcat@?$codecvt@DDU_Mbstatet@@@std@@SAIPAPBVfacet@locale@2@PBV42@@Z
?_Syserror_map@std@@YAPBDH@Z
?_Winerror_map@std@@YAHH@Z
?_Winerror_message@std@@YAKKPADK@Z
??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAE@XZ
??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAE@XZ
?getloc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QBE?AVlocale@2@XZ
?_Init@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IAEXXZ
??1?$basic_ios@DU?$char_traits@D@std@@@std@@UAE@XZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QAEXH_N@Z
??0?$basic_ios@DU?$char_traits@D@std@@@std@@IAE@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@I@Z
??0?$basic_istream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@_N@Z
??1?$basic_istream@DU?$char_traits@D@std@@@std@@UAE@XZ
_Stat
?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JXZ
?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAE_JPAD_J@Z
?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?id@?$codecvt@DDU_Mbstatet@@@std@@2V0locale@2@A
?_Xinvalid_argument@std@@YAXPBD@Z
?_Ipfx@?$basic_istream@DU?$char_traits@D@std@@@std@@QAE_N_N@Z
?snextc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sbumpc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
?sgetc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QAEHXZ
??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QAE@PAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QAE@PAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UAEXXZ
?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEHXZ
?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MAEPAV12@PAD_J@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QAEAAV01@P6AAAVios_base@1@AAV21@@Z@Z

vcruntime140

__CxxFrameHandler3
__std_exception_destroy
__std_terminate
wcsrchr
_purecall
_except_handler4_common
__std_exception_copy
wcsstr
memset
memmove
memcpy
memchr
_CxxThrowException
__vcrt_InitializeCriticalSectionEx

api-ms-win-crt-runtime-l1-1-0

_invalid_parameter_noinfo_noreturn
_invalid_parameter_noinfo
_controlfp_s
terminate
_c_exit
_exit
exit
_initterm_e
_initterm
_initialize_wide_environment
_register_thread_local_exe_atexit_callback
_configure_wide_argv
_errno
_set_app_type
_seh_filter_exe
_initialize_onexit_table
_register_onexit_function
_crt_atexit
_cexit
_get_wide_winmain_command_line

api-ms-win-crt-string-l1-1-0

_wcslwr_s
strtok_s
strncpy_s
wmemcpy_s
wcscspn
wcsspn
iswspace
isspace
tolower
wcsnlen
toupper
strlen

api-ms-win-crt-heap-l1-1-0

_set_new_mode
free
calloc
_recalloc
_callnewh
malloc

api-ms-win-crt-utility-l1-1-0

abs

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vsprintf
fread_s
_wfopen_s
_get_stream_buffer_pointers
_fseeki64
__stdio_common_vswprintf_s
__stdio_common_vswprintf
ungetwc
fputwc
_set_fmode
fgetwc
fflush
fgetc
setvbuf
__p__commode
fgetpos
fputc
fsetpos
fwrite
fclose
ungetc

api-ms-win-crt-filesystem-l1-1-0

_wremove
_wrename
_unlock_file
_lock_file

api-ms-win-crt-time-l1-1-0

_localtime64_s
_time64

api-ms-win-crt-convert-l1-1-0

strtol
_wtoi
_itoa_s
atoi

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 134KB - Virtual size: 134KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 116B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 93KB - Virtual size: 93KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
StartupOptions.xml
.xml
cr_win_client_config.cfg
customhook/AdobeIPCBrokerCustomHook.exe
.exe windows:6 windows x86 arch:x86

f867b0a50d19d3b8bb73c089094d5916

Code Sign

06:f4:e7:98:55:94:06:f8:29:f6:61:c8:33:f7:c7:8d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

04/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=Adobe Inc.,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

70:bb:d6:43:22:97:e3:c4:4f:fa:48:e5:df:b0:2a:84:44:a4:19:13:0c:7b:b7:83:5b:5d:6c:2a:7c:58:c9:c7
Signer

Actual PE Digest

70:bb:d6:43:22:97:e3:c4:4f:fa:48:e5:df:b0:2a:84:44:a4:19:13:0c:7b:b7:83:5b:5d:6c:2a:7c:58:c9:c7

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

AdobeIPCBrokerCustomHook.pdb

Imports

shlwapi

PathAppendW
PathRemoveFileSpecW

kernel32

GetCurrentProcessId
HeapSize
CreateFileW
TerminateProcess
GetModuleFileNameW
GetTempPathW
WaitForSingleObject
OpenProcess
CreateToolhelp32Snapshot
Sleep
GetLastError
Process32NextW
Process32FirstW
CloseHandle
CreateProcessW
ReadConsoleW
WriteConsoleW
SetStdHandle
WideCharToMultiByte
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
SetEndOfFile
GetCurrentThreadId
InitializeSListHead
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetStdHandle
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
GetProcessHeap
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA

user32

FindWindowExW
PostMessageW

shell32

SHGetFolderPathW

Sections

.text
Size: 137KB - Virtual size: 136KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 512B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
New folder (2)/packages/ADC/IPCBox/IPCBox.pimx
New folder (2)/packages/ADC/IPCBox/IPCBox.sig
.xml
New folder (2)/packages/ADC/LCC/LCC.pima
.zip
IMSLib.dll
.dll windows:5 windows x86 arch:x86

40814f5b7859965691b9179df06ced28

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:b1:c2:37:35:65:92:d1:6e:f8:dc:92:e6:ad:c3:19:de:84:45:fe:8e:e5:9f:2d:1d:d1:7b:1c:72:43:cb:37
Signer

Actual PE Digest

0e:b1:c2:37:35:65:92:d1:6e:f8:dc:92:e6:ad:c3:19:de:84:45:fe:8e:e5:9f:2d:1d:d1:7b:1c:72:43:cb:37

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\builds\AAM\10.0\source\dev\aamcore\target\win\Release\OOBECommon\IMSLib.pdb

Imports

winhttp

WinHttpOpen
WinHttpCrackUrl
WinHttpConnect
WinHttpSetStatusCallback
WinHttpSetCredentials
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpQueryAuthSchemes
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status

kernel32

CloseHandle
CreateThread
ResetEvent
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ReadFile
SetLastError
GetCurrentProcess
WriteFile
TerminateProcess
GetModuleFileNameW
GetTempPathW
CreateMutexW
FindClose
LocalAlloc
CreateFileW
GetFileAttributesW
GetVersionExW
ReleaseMutex
SetFileAttributesW
Sleep
DeleteFileW
RaiseException
DecodePointer
GetProcAddress
LocalFree
MoveFileExW
GetFileSize
SystemTimeToFileTime
CreateProcessW
GetModuleHandleW
CopyFileW
WideCharToMultiByte
GetSystemTime
FlushFileBuffers
InterlockedDecrement
InterlockedIncrement
ReleaseSemaphore
GetCurrentProcessId
CreateDirectoryW
LoadLibraryW
FreeLibrary
GetLastError
GetTimeFormatW
GetDateFormatW
GlobalFree
QueryPerformanceCounter
GetStdHandle
GetFileType
GetCurrentThreadId
GetModuleHandleA
GetTickCount
LoadLibraryA
GlobalMemoryStatus
FlushConsoleInputBuffer
SetFilePointer
GetFileSizeEx
OpenMutexW
GetFileAttributesExW
CreateSymbolicLinkW
AreFileApisANSI
HeapCreate
HeapFree
GetFullPathNameW
InterlockedCompareExchange
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
SetEndOfFile
UnlockFileEx
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
OutputDebugStringW
CreateFileA
GetVersionExA
DeleteFileA
HeapReAlloc
GetSystemInfo
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
GetTimeZoneInformation
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
MultiByteToWideChar
CreateEventW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
WaitForMultipleObjects
GetModuleFileNameA
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
SetEvent
GetCurrentDirectoryW
SetStdHandle
SetFilePointerEx
ReadConsoleW
GetConsoleCP
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
GetLocalTime
SetConsoleCtrlHandler
GetModuleHandleExW
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
EncodePointer
GetStringTypeW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter

user32

MessageBoxA
wsprintfW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
ReportEventA
RegisterEventSourceA
DeregisterEventSource
SetEntriesInAclW
CreateWellKnownSid
SetNamedSecurityInfoW
GetNamedSecurityInfoW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetKnownFolderPath
SHCreateDirectoryExW

ole32

CoSetProxyBlanket
CoUninitialize
CoInitialize
CLSIDFromString
OleRun
CLSIDFromProgID
CoCreateInstance
StringFromGUID2
CoInitializeSecurity
CoInitializeEx
CoCreateGuid

oleaut32

SysStringLen
GetErrorInfo
VariantClear
VariantChangeType
VariantCopy
SysAllocString
SysAllocStringByteLen
SysFreeString
VariantInit

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathIsFileSpecW
PathIsDirectoryW
PathRemoveExtensionW
PathAddExtensionW
PathAppendW
PathRenameExtensionW
PathFindFileNameW

Exports

Exports

IMS_EEPLogin
IMS_createRef
IMS_createRefEx
IMS_createRefExWithXMLParams
IMS_createRefForProductVersion
IMS_deregisterClientFromGroup
IMS_fetchAccessToken
IMS_fetchAccessToken2
IMS_fetchAccounts
IMS_fetchContinueToken
IMS_fetchDefaultUserInfoForClientId
IMS_fetchFeatureFlags
IMS_fetchIDPResponseForKey
IMS_fetchReleaseFlag
IMS_fetchUserProfileData
IMS_getDeviceID
IMS_getProxyCredentialsFromIMSLibSession
IMS_logOutUserForClient
IMS_registerClientToGroup
IMS_releaseData
IMS_releaseRef
IMS_revokeDeviceToken
IMS_setProxyCredentials
IMS_setProxyCredentialsInIMSLibSession
IMS_setRetryAfterResponseHandlingData
IMS_setUserAsDefaultForClientId
IMS_storeDeviceTokenAndUserProfile
IMS_storeDeviceTokenAndUserProfileEx

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 442KB - Virtual size: 441KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 71KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
P7Native.dll
.dll windows:5 windows x86 arch:x86

cf80743055a2d0100b8134c1b6e3d72a

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a6:bb:8d:ce:35:1f:03:a5:47:d7:91:0a:d5:dc:1f:94:1c:fa:15:2a:77:5f:ba:b5:e7:8e:8f:bd:17:86:ab:de
Signer

Actual PE Digest

a6:bb:8d:ce:35:1f:03:a5:47:d7:91:0a:d5:dc:1f:94:1c:fa:15:2a:77:5f:ba:b5:e7:8e:8f:bd:17:86:ab:de

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\builds\AAM\10.0\source\dev\aamcore\target\win\Release\P7Native.pdb

Imports

setupapi

CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW

kernel32

GetLastError
FindClose
GetSystemInfo
FindFirstFileW
FindNextFileW
GetVersionExW
DecodePointer
GetProcAddress
LocalAlloc
LocalFree
GetCurrentProcess
TerminateProcess
RaiseException
SetLastError
DeleteCriticalSection
SetEvent
ResetEvent
ReleaseMutex
WaitForSingleObject
Sleep
GetFileSize
WriteFile
ReadFile
FlushFileBuffers
CloseHandle
GetSystemTime
SystemTimeToFileTime
CreateMutexW
CreateEventW
GetModuleFileNameW
GetModuleHandleW
CreateProcessW
GetTempPathW
RemoveDirectoryW
CreateFileW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
CopyFileW
MoveFileExW
MultiByteToWideChar
WideCharToMultiByte
InterlockedIncrement
GetCurrentProcessId
CreateDirectoryW
FreeLibrary
LoadLibraryW
CreateThread
ConnectNamedPipe
SetDllDirectoryW
CreateNamedPipeW
InterlockedDecrement
LeaveCriticalSection
InitializeCriticalSection
GetTickCount
InitializeCriticalSectionAndSpinCount
MapViewOfFile
CreateFileMappingW
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
LockFileEx
CreateFileMappingA
UnlockFile
HeapDestroy
HeapCompact
HeapAlloc
HeapReAlloc
DeleteFileA
GetVersionExA
WaitForSingleObjectEx
LoadLibraryA
CreateFileA
FlushViewOfFile
OutputDebugStringW
GetFileAttributesExW
GetFileAttributesA
GetDiskFreeSpaceA
FormatMessageW
GetTempPathA
HeapSize
HeapValidate
UnmapViewOfFile
UnlockFileEx
SetEndOfFile
GetFullPathNameA
SetFilePointer
LockFile
OutputDebugStringA
GetDiskFreeSpaceW
InterlockedCompareExchange
GetFullPathNameW
HeapFree
HeapCreate
AreFileApisANSI
GetCurrentThreadId
TryEnterCriticalSection
GetFileSizeEx
lstrlenW
GetACP
CreateSymbolicLinkW
GetLocalTime
GetTimeFormatW
GetDateFormatW
OpenMutexW
CompareStringW
GetStdHandle
GetFileType
GetModuleHandleA
GlobalMemoryStatus
FlushConsoleInputBuffer
ReadConsoleW
SetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetCurrentDirectoryW
GetModuleFileNameA
SetFilePointerEx
GetConsoleCP
FindFirstFileExA
QueryPerformanceCounter
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
TlsFree
TlsSetValue
TlsGetValue
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
TlsAlloc
EncodePointer
EnterCriticalSection
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
SetConsoleCtrlHandler
ExitProcess
GetTimeZoneInformation
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
LCMapStringW
GetLocaleInfoW
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStringTypeW

user32

wsprintfW
GetProcessWindowStation
MessageBoxA
GetUserObjectInformationW

advapi32

RegisterEventSourceA
DeregisterEventSource
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
SetNamedSecurityInfoW
GetNamedSecurityInfoW
SetEntriesInAclW
FreeSid
AllocateAndInitializeSid
CreateWellKnownSid
GetUserNameW
ReportEventA

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW
SHGetKnownFolderPath
SHGetFolderLocation
SHGetPathFromIDListW
SHGetFolderPathW

ole32

CoInitializeEx
CoTaskMemFree
OleRun
CLSIDFromProgID
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoUninitialize
CLSIDFromString
CoInitialize

oleaut32

SysAllocStringByteLen
SysStringLen
VariantInit
SysFreeString
SysAllocString
VariantCopy
VariantClear
GetErrorInfo

shlwapi

PathFileExistsW
PathIsDirectoryW
PathFindFileNameW
PathIsFileSpecW
PathRemoveFileSpecW
PathStripPathW
PathAppendW
PathRemoveBackslashW
PathRemoveExtensionW
PathAddExtensionW
PathRenameExtensionW
StrToIntExA

Exports

Exports

finalizeApplet
freeMemory
initializeApplet
processMessage

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 475KB - Virtual size: 475KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 21KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 644B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 77KB - Virtual size: 77KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VulcanBridge.dll
.dll windows:5 windows x86 arch:x86

7ff1aabf9c9f731022064df0d33b8ed1

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e7:5d:ee:5c:aa:34:a4:b4:37:cc:6e:e5:89:4e:47:ff:69:e6:b3:44:d0:00:32:85:61:3b:43:1c:cb:46:10:26
Signer

Actual PE Digest

e7:5d:ee:5c:aa:34:a4:b4:37:cc:6e:e5:89:4e:47:ff:69:e6:b3:44:d0:00:32:85:61:3b:43:1c:cb:46:10:26

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\builds\AAM\10.0\source\dev\aamcore\target\win\Release\VulcanBridge.pdb

Imports

vulcanmessage5

?TYPE_PREFIX@SuiteMessage@api5@vulcan@adobe@@2QBDB
?SetConfig@IVulcanMessageDispatcher@api5@vulcan@adobe@@SA?AW4VulcanMessageErrorCode@@PBD0@Z
?GetInstance@IVulcanMessageDispatcher@api5@vulcan@adobe@@SA?AW4VulcanMessageErrorCode@@PAPAV1234@@Z
?ReleaseInstance@IVulcanMessageDispatcher@api5@vulcan@adobe@@SAXXZ
?SetPayload@SuiteMessage@api5@vulcan@adobe@@QAEXPBD@Z
?SetSource@SuiteMessage@api5@vulcan@adobe@@QAEXABVEndPoint@234@@Z
??1SuiteMessage@api5@vulcan@adobe@@UAE@XZ
??0SuiteMessage@api5@vulcan@adobe@@QAE@PBD@Z
??1EndPoint@api5@vulcan@adobe@@UAE@XZ

kernel32

SetEnvironmentVariableW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
CreateMutexW
WaitForSingleObject
ReleaseMutex
Sleep
GetLastError
CloseHandle
GetCurrentProcessId
CreateDirectoryW
FlushFileBuffers
GetTempPathW
MultiByteToWideChar
WriteFile
SetFilePointer
CreateFileW
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ReadFile
GetFileSizeEx
GetLocalTime
GetTimeFormatW
WideCharToMultiByte
GetDateFormatW
OpenMutexW
IsValidCodePage
GetConsoleCP
SetFilePointerEx
HeapSize
SetEndOfFile
InitializeCriticalSectionAndSpinCount
TlsSetValue
FindNextFileA
FindFirstFileExA
FindClose
GetProcessHeap
ReadConsoleW
GetConsoleMode
SetStdHandle
GetFullPathNameW
GetCurrentDirectoryW
GetStringTypeW
EncodePointer
DecodePointer
SetLastError
CreateEventW
TlsAlloc
TlsGetValue
WriteConsoleW
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
GetProcAddress
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
SetEvent
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
RaiseException
RtlUnwind
FreeLibrary
LoadLibraryExW
InterlockedFlushSList
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
MoveFileExW
GetTimeZoneInformation
HeapAlloc
HeapReAlloc
HeapFree
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
GetACP
GetStdHandle
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW

user32

wsprintfW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

shell32

SHCreateDirectoryExW

shlwapi

PathIsDirectoryW
PathAppendW
PathIsFileSpecW
PathRenameExtensionW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathFileExistsW
PathAddExtensionW

Exports

Exports

broadcastVulcanEvent
broadcastVulcanEventForLicenseRefresh
broadcastVulcanEventForSignout

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 65KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 552B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VulcanMessage4.dll
.dll windows:5 windows x86 arch:x86

fc5b54b3753cd053154301e29bc8b0a6

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7c:4b:a8:38:2b:fe:ee:56:63:97:ff:03:93:bd:9f:ee:b3:98:80:33:75:43:aa:50:07:62:ed:fa:68:b9:88:d1
Signer

Actual PE Digest

7c:4b:a8:38:2b:fe:ee:56:63:97:ff:03:93:bd:9f:ee:b3:98:80:33:75:43:aa:50:07:62:ed:fa:68:b9:88:d1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins_slave_all\workspace\Vulcan_4.0.0\s\w-1\vulcan\4.0.0\projects\native\VulcanMessageLib\Binaries\Win32\Release\VulcanMessage4.pdb

Imports

kernel32

FreeLibrary
WideCharToMultiByte
LoadLibraryW
GetProcAddress
InterlockedIncrement
InterlockedDecrement
EncodePointer
DecodePointer
Sleep
InterlockedExchange
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetLastError
HeapFree
FindClose
FileTimeToSystemTime
FileTimeToLocalFileTime
GetDriveTypeW
FindFirstFileExW
GetCurrentThreadId
GetCommandLineA
RaiseException
RtlUnwind
HeapAlloc
LCMapStringW
MultiByteToWideChar
GetCPInfo
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
GetModuleHandleW
ExitProcess
IsProcessorFeaturePresent
HeapCreate
HeapDestroy
WriteFile
GetStdHandle
GetModuleFileNameW
GetLocaleInfoW
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
FatalAppExitA
GetFullPathNameW
CloseHandle
GetFileInformationByHandle
PeekNamedPipe
GetFileType
CreateFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SetLastError
GetCurrentThread
SetHandleCount
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetACP
GetOEMCP
IsValidCodePage
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
SetConsoleCtrlHandler
CompareStringW
SetEnvironmentVariableW
SetStdHandle
GetConsoleCP
GetConsoleMode
SetFilePointer
SetEndOfFile
GetProcessHeap
ReadFile
GetTimeZoneInformation
GetFullPathNameA
WriteConsoleW
SetEnvironmentVariableA

Exports

Exports

??0EndPoint@api@vulcan@adobe@@QAE@ABV0123@@Z
??0EndPoint@api@vulcan@adobe@@QAE@XZ
??0ErrorMessage@api@vulcan@adobe@@QAE@ABV0123@@Z
??0ErrorMessage@api@vulcan@adobe@@QAE@XZ
??0GetAppPathMessage@api@vulcan@adobe@@QAE@ABV0123@@Z
??0GetAppPathMessage@api@vulcan@adobe@@QAE@XZ
??0GetTargetSpecifiersMessage@api@vulcan@adobe@@QAE@ABV0123@@Z
??0GetTargetSpecifiersMessage@api@vulcan@adobe@@QAE@XZ
??0HostMessage@api@vulcan@adobe@@QAE@ABV0123@@Z
??0HostMessage@api@vulcan@adobe@@QAE@PBD@Z
??0IVulcanMessageDispatcher@api@vulcan@adobe@@QAE@ABV0123@@Z
??0IVulcanMessageDispatcher@api@vulcan@adobe@@QAE@XZ
??0IVulcanMessageListener@api@vulcan@adobe@@QAE@ABV0123@@Z
??0IVulcanMessageListener@api@vulcan@adobe@@QAE@XZ
??0IsAppInstalledMessage@api@vulcan@adobe@@QAE@ABV0123@@Z
??0IsAppInstalledMessage@api@vulcan@adobe@@QAE@XZ
??0IsAppRunningMessage@api@vulcan@adobe@@QAE@ABV0123@@Z
??0IsAppRunningMessage@api@vulcan@adobe@@QAE@XZ
??0LaunchAppMessage@api@vulcan@adobe@@QAE@ABV0123@@Z
??0LaunchAppMessage@api@vulcan@adobe@@QAE@XZ
??0SuiteMessage@api@vulcan@adobe@@QAE@ABV0123@@Z
??0SuiteMessage@api@vulcan@adobe@@QAE@PBD@Z
??0VulcanMessage@api@vulcan@adobe@@QAE@ABV0123@@Z
??0VulcanMessage@api@vulcan@adobe@@QAE@XZ
??1EndPoint@api@vulcan@adobe@@UAE@XZ
??1ErrorMessage@api@vulcan@adobe@@UAE@XZ
??1GetAppPathMessage@api@vulcan@adobe@@UAE@XZ
??1GetTargetSpecifiersMessage@api@vulcan@adobe@@UAE@XZ
??1HostMessage@api@vulcan@adobe@@UAE@XZ
??1IVulcanMessageDispatcher@api@vulcan@adobe@@UAE@XZ
??1IsAppInstalledMessage@api@vulcan@adobe@@UAE@XZ
??1IsAppRunningMessage@api@vulcan@adobe@@UAE@XZ
??1LaunchAppMessage@api@vulcan@adobe@@UAE@XZ
??1SuiteMessage@api@vulcan@adobe@@UAE@XZ
??1VulcanMessage@api@vulcan@adobe@@UAE@XZ
??4EndPoint@api@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4ErrorMessage@api@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4GetAppPathMessage@api@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4GetTargetSpecifiersMessage@api@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4HostMessage@api@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4IVulcanMessageDispatcher@api@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4IVulcanMessageListener@api@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4IsAppInstalledMessage@api@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4IsAppRunningMessage@api@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4LaunchAppMessage@api@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4MessageUtil@api@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4SuiteMessage@api@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4VulcanMessage@api@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??8EndPoint@api@vulcan@adobe@@QBE_NABV0123@@Z
??9EndPoint@api@vulcan@adobe@@QBE_NABV0123@@Z
??_7EndPoint@api@vulcan@adobe@@6B@
??_7ErrorMessage@api@vulcan@adobe@@6B@
??_7GetAppPathMessage@api@vulcan@adobe@@6B@
??_7GetTargetSpecifiersMessage@api@vulcan@adobe@@6B@
??_7HostMessage@api@vulcan@adobe@@6B@
??_7IVulcanMessageDispatcher@api@vulcan@adobe@@6B@
??_7IVulcanMessageListener@api@vulcan@adobe@@6B@
??_7IsAppInstalledMessage@api@vulcan@adobe@@6B@
??_7IsAppRunningMessage@api@vulcan@adobe@@6B@
??_7LaunchAppMessage@api@vulcan@adobe@@6B@
??_7SuiteMessage@api@vulcan@adobe@@6B@
??_7VulcanMessage@api@vulcan@adobe@@6B@
?APP_NOT_INSTALLED_ERROR@ErrorMessage@api@vulcan@adobe@@2QBDB
?Clone@ErrorMessage@api@vulcan@adobe@@UBEPAV1234@XZ
?Clone@GetAppPathMessage@api@vulcan@adobe@@UBEPAV1234@XZ
?Clone@GetTargetSpecifiersMessage@api@vulcan@adobe@@UBEPAV1234@XZ
?Clone@HostMessage@api@vulcan@adobe@@UBEPAV1234@XZ
?Clone@IsAppInstalledMessage@api@vulcan@adobe@@UBEPAV1234@XZ
?Clone@IsAppRunningMessage@api@vulcan@adobe@@UBEPAV1234@XZ
?Clone@LaunchAppMessage@api@vulcan@adobe@@UBEPAV1234@XZ
?Clone@SuiteMessage@api@vulcan@adobe@@UBEPAV1234@XZ
?Create@EndPoint@api@vulcan@adobe@@SA?AV1234@PBD@Z
?Create@IVulcanMessageDispatcher@api@vulcan@adobe@@SAPAV1234@PBDPAVIVulcanMessageListener@234@1@Z
?CreateMessage@MessageUtil@api@vulcan@adobe@@SAPAVVulcanMessage@234@PBD@Z
?CreateMessageByType@MessageUtil@api@vulcan@adobe@@SAPAVVulcanMessage@234@PBD@Z
?DESTINATION_UNREACHABLE_ERROR@ErrorMessage@api@vulcan@adobe@@2QBDB
?GetAppId@EndPoint@api@vulcan@adobe@@QBEXPAD@Z
?GetAppId@VulcanMessage@api@vulcan@adobe@@UBEXPAD@Z
?GetAppIdSize@EndPoint@api@vulcan@adobe@@QBEIXZ
?GetAppIdSize@VulcanMessage@api@vulcan@adobe@@QBEIXZ
?GetCmdLine@LaunchAppMessage@api@vulcan@adobe@@QBEXPAD@Z
?GetCmdLineSize@LaunchAppMessage@api@vulcan@adobe@@QBEIXZ
?GetData@ErrorMessage@api@vulcan@adobe@@UBEXPAD@Z
?GetData@GetAppPathMessage@api@vulcan@adobe@@UBEXPAD@Z
?GetData@GetTargetSpecifiersMessage@api@vulcan@adobe@@UBEXPAD@Z
?GetData@HostMessage@api@vulcan@adobe@@UBEXPAD@Z
?GetData@IsAppInstalledMessage@api@vulcan@adobe@@UBEXPAD@Z
?GetData@IsAppRunningMessage@api@vulcan@adobe@@UBEXPAD@Z
?GetData@LaunchAppMessage@api@vulcan@adobe@@UBEXPAD@Z
?GetData@SuiteMessage@api@vulcan@adobe@@UBEXPAD@Z
?GetDataSize@ErrorMessage@api@vulcan@adobe@@UBEIXZ
?GetDataSize@GetAppPathMessage@api@vulcan@adobe@@UBEIXZ
?GetDataSize@GetTargetSpecifiersMessage@api@vulcan@adobe@@UBEIXZ
?GetDataSize@HostMessage@api@vulcan@adobe@@UBEIXZ
?GetDataSize@IsAppInstalledMessage@api@vulcan@adobe@@UBEIXZ
?GetDataSize@IsAppRunningMessage@api@vulcan@adobe@@UBEIXZ
?GetDataSize@LaunchAppMessage@api@vulcan@adobe@@UBEIXZ
?GetDataSize@SuiteMessage@api@vulcan@adobe@@UBEIXZ
?GetDestinationCount@SuiteMessage@api@vulcan@adobe@@QBEIXZ
?GetDestinations@SuiteMessage@api@vulcan@adobe@@QBEXPAVEndPoint@234@@Z
?GetError@ErrorMessage@api@vulcan@adobe@@QBEXPAD@Z
?GetErrorSize@ErrorMessage@api@vulcan@adobe@@QBEIXZ
?GetFault@ErrorMessage@api@vulcan@adobe@@QBEXPAD@Z
?GetFaultSize@ErrorMessage@api@vulcan@adobe@@QBEIXZ
?GetFocus@LaunchAppMessage@api@vulcan@adobe@@QBE_NXZ
?GetId@EndPoint@api@vulcan@adobe@@QBEXPAD@Z
?GetIdSize@EndPoint@api@vulcan@adobe@@QBEIXZ
?GetPayload@HostMessage@api@vulcan@adobe@@QBEXPAD@Z
?GetPayload@SuiteMessage@api@vulcan@adobe@@QBEXPAD@Z
?GetPayloadSize@HostMessage@api@vulcan@adobe@@QBEIXZ
?GetPayloadSize@SuiteMessage@api@vulcan@adobe@@QBEIXZ
?GetResult@GetAppPathMessage@api@vulcan@adobe@@QBEXPAD@Z
?GetResult@GetTargetSpecifiersMessage@api@vulcan@adobe@@QBEXIPAD@Z
?GetResult@IsAppInstalledMessage@api@vulcan@adobe@@QBE_NXZ
?GetResult@IsAppRunningMessage@api@vulcan@adobe@@QBE_NXZ
?GetResult@LaunchAppMessage@api@vulcan@adobe@@QBE_NXZ
?GetResultCount@GetTargetSpecifiersMessage@api@vulcan@adobe@@QBEIXZ
?GetResultSize@GetAppPathMessage@api@vulcan@adobe@@QBEIXZ
?GetResultSize@GetTargetSpecifiersMessage@api@vulcan@adobe@@QBEII@Z
?GetScope@VulcanMessage@api@vulcan@adobe@@QBE?AW4MessageScope@234@XZ
?GetSource@SuiteMessage@api@vulcan@adobe@@QBE?AVEndPoint@234@XZ
?GetTargetSpecifier@GetAppPathMessage@api@vulcan@adobe@@QBEXPAD@Z
?GetTargetSpecifier@IsAppInstalledMessage@api@vulcan@adobe@@QBEXPAD@Z
?GetTargetSpecifier@IsAppRunningMessage@api@vulcan@adobe@@QBEXPAD@Z
?GetTargetSpecifier@LaunchAppMessage@api@vulcan@adobe@@QBEXPAD@Z
?GetTargetSpecifierSize@GetAppPathMessage@api@vulcan@adobe@@QBEIXZ
?GetTargetSpecifierSize@IsAppInstalledMessage@api@vulcan@adobe@@QBEIXZ
?GetTargetSpecifierSize@IsAppRunningMessage@api@vulcan@adobe@@QBEIXZ
?GetTargetSpecifierSize@LaunchAppMessage@api@vulcan@adobe@@QBEIXZ
?GetType@VulcanMessage@api@vulcan@adobe@@QBEXPAD@Z
?GetTypeSize@VulcanMessage@api@vulcan@adobe@@QBEIXZ
?GetXmlSize@EndPoint@api@vulcan@adobe@@QBEIXZ
?GetXmlSize@VulcanMessage@api@vulcan@adobe@@UBEIXZ
?INVALID_ENDPOINT@EndPoint@api@vulcan@adobe@@2V1234@B
?IsHostMessage@HostMessage@api@vulcan@adobe@@SA_NABVVulcanMessage@234@@Z
?IsSuiteMessage@SuiteMessage@api@vulcan@adobe@@SA_NABVVulcanMessage@234@@Z
?SetAppId@EndPoint@api@vulcan@adobe@@QAEXPBD@Z
?SetAppId@MessageUtil@api@vulcan@adobe@@SAXAAVVulcanMessage@234@PBD@Z
?SetCmdLine@LaunchAppMessage@api@vulcan@adobe@@QAEXPBD@Z
?SetData@ErrorMessage@api@vulcan@adobe@@UAEXPBD@Z
?SetData@GetAppPathMessage@api@vulcan@adobe@@UAEXPBD@Z
?SetData@GetTargetSpecifiersMessage@api@vulcan@adobe@@UAEXPBD@Z
?SetData@HostMessage@api@vulcan@adobe@@UAEXPBD@Z
?SetData@IsAppInstalledMessage@api@vulcan@adobe@@UAEXPBD@Z
?SetData@IsAppRunningMessage@api@vulcan@adobe@@UAEXPBD@Z
?SetData@LaunchAppMessage@api@vulcan@adobe@@UAEXPBD@Z
?SetData@SuiteMessage@api@vulcan@adobe@@UAEXPBD@Z
?SetDestination@SuiteMessage@api@vulcan@adobe@@QAEXABVEndPoint@234@@Z
?SetDestinations@SuiteMessage@api@vulcan@adobe@@QAEXPBVEndPoint@234@I@Z
?SetFocus@LaunchAppMessage@api@vulcan@adobe@@QAEX_N@Z
?SetId@EndPoint@api@vulcan@adobe@@QAEXPBD@Z
?SetPayload@HostMessage@api@vulcan@adobe@@QAEXPBD@Z
?SetPayload@HostMessage@api@vulcan@adobe@@QAEXPBDI@Z
?SetPayload@SuiteMessage@api@vulcan@adobe@@QAEXPBD@Z
?SetPayload@SuiteMessage@api@vulcan@adobe@@QAEXPBDI@Z
?SetSource@SuiteMessage@api@vulcan@adobe@@QAEXABVEndPoint@234@@Z
?SetTargetSpecifier@GetAppPathMessage@api@vulcan@adobe@@QAEXPBD@Z
?SetTargetSpecifier@IsAppInstalledMessage@api@vulcan@adobe@@QAEXPBD@Z
?SetTargetSpecifier@IsAppRunningMessage@api@vulcan@adobe@@QAEXPBD@Z
?SetTargetSpecifier@LaunchAppMessage@api@vulcan@adobe@@QAEXPBD@Z
?TYPE@ErrorMessage@api@vulcan@adobe@@2QBDB
?TYPE@GetAppPathMessage@api@vulcan@adobe@@2QBDB
?TYPE@GetTargetSpecifiersMessage@api@vulcan@adobe@@2QBDB
?TYPE@IsAppInstalledMessage@api@vulcan@adobe@@2QBDB
?TYPE@IsAppRunningMessage@api@vulcan@adobe@@2QBDB
?TYPE@LaunchAppMessage@api@vulcan@adobe@@2QBDB
?TYPE_PREFIX@HostMessage@api@vulcan@adobe@@2QBDB
?TYPE_PREFIX@SuiteMessage@api@vulcan@adobe@@2QBDB
?TYPE_PREFIX@VulcanMessage@api@vulcan@adobe@@2QBDB
?ToXml@EndPoint@api@vulcan@adobe@@QBEXPAD@Z
?ToXml@VulcanMessage@api@vulcan@adobe@@UBEXPAD@Z

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VulcanMessage5.dll
.dll windows:6 windows x86 arch:x86

9612e1d064f9d31b91613782c931ed6c

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

75:87:a0:d8:1a:51:0a:04:65:7c:d9:40:c7:65:83:9c:25:01:68:1a:1c:44:a6:e8:f4:da:af:f5:c2:e6:8e:28
Signer

Actual PE Digest

75:87:a0:d8:1a:51:0a:04:65:7c:d9:40:c7:65:83:9c:25:01:68:1a:1c:44:a6:e8:f4:da:af:f5:c2:e6:8e:28

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

VulcanMessage5.pdb

Imports

ws2_32

freeaddrinfo
getaddrinfo
WSAGetLastError
WSACleanup
WSAStartup
socket
shutdown
setsockopt
send
select
recv
listen
htons
getsockopt
getsockname
getpeername
ioctlsocket
connect
closesocket
bind
accept
ntohs
ntohl
htonl

kernel32

FreeEnvironmentStringsW
GetCommandLineW
GetEnvironmentVariableW
GetCurrentProcessId
RtlCaptureStackBackTrace
GetLocalTime
VerSetConditionMask
GetEnvironmentStringsW
GetStdHandle
SetStdHandle
SetEnvironmentVariableW
SetCurrentDirectoryW
GetCurrentDirectoryW
CreateDirectoryW
CreateFileW
DeleteFileW
FindClose
FindFirstFileW
FindNextFileW
FlushFileBuffers
GetDiskFreeSpaceExW
GetFileAttributesW
GetFileAttributesExW
GetFileSizeEx
GetFullPathNameW
LockFileEx
ReadFile
RemoveDirectoryW
SetEndOfFile
SetFilePointerEx
UnlockFile
WriteFile
GetTempPathW
DuplicateHandle
GetHandleInformation
SetHandleInformation
CreatePipe
ConnectNamedPipe
DisconnectNamedPipe
SetNamedPipeHandleState
PeekNamedPipe
CreateNamedPipeW
WaitNamedPipeW
GetOverlappedResult
DeviceIoControl
SetEvent
ResetEvent
ReleaseMutex
OpenMutexW
CreateEventW
SwitchToThread
GetCurrentProcess
GetExitCodeProcess
SetThreadPriority
GetThreadPriority
TlsAlloc
TlsGetValue
TlsSetValue
CreateProcessW
GlobalMemoryStatusEx
VirtualAlloc
VirtualFree
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetModuleFileNameW
GetModuleHandleExW
GetProcAddress
LoadLibraryExW
PulseEvent
WaitForMultipleObjects
GetNamedPipeInfo
CreateMailslotW
SetDllDirectoryW
CopyFileW
MoveFileExW
CreateHardLinkW
GetComputerNameW
VerifyVersionInfoW
RaiseException
Sleep
GetCurrentThread
GetCurrentThreadId
LocalAlloc
LocalReAlloc
LocalFree
FormatMessageW
LCMapStringW
SetFilePointer
GetSystemTimeAsFileTime
TerminateProcess
OpenProcess
GlobalAlloc
GlobalFree
GetConsoleWindow
HeapFree
HeapReAlloc
HeapAlloc
GetModuleFileNameA
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
CloseHandle
OpenSemaphoreW
GetLastError
WaitForSingleObject
CreateMutexW
ReleaseSemaphore
GetFullPathNameA
GetDateFormatW
GetTimeFormatW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetACP
FindFirstFileExA
FindFirstFileExW
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
SetEnvironmentVariableA
GetProcessHeap
SetConsoleCtrlHandler
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
HeapSize
OutputDebugStringA
OutputDebugStringW
WriteConsoleW
ReadConsoleW
OpenEventW
ExitProcess
FreeLibraryAndExitThread
ResumeThread
ExitThread
CreateThread
WaitForSingleObjectEx
GetModuleHandleW
InitializeSListHead
IsProcessorFeaturePresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
WideCharToMultiByte
EncodePointer
DecodePointer
MultiByteToWideChar
SetLastError
InitializeCriticalSectionAndSpinCount
TlsFree
GetTickCount
CompareStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
GetDriveTypeW
GetFileType
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime

user32

GetWindowThreadProcessId
EnumWindows
GetShellWindow

advapi32

SystemFunction036
CreateProcessWithTokenW
LookupPrivilegeValueW
GetTokenInformation
FreeSid
EqualSid
DuplicateTokenEx
AllocateAndInitializeSid
AdjustTokenPrivileges
OpenProcessToken
SetSecurityInfo
GetSecurityInfo
SetEntriesInAclW
CreateWellKnownSid
ConvertStringSecurityDescriptorToSecurityDescriptorW
StartServiceW
StartServiceCtrlDispatcherW
QueryServiceConfigW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegNotifyChangeKeyValue
RegEnumValueW
RegDeleteValueW
RegDeleteKeyW
RegCreateKeyExW
GetUserNameW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHFileOperationW
CommandLineToArgvW

Exports

Exports

??0EndPoint@api5@vulcan@adobe@@QAE@ABV0123@@Z
??0EndPoint@api5@vulcan@adobe@@QAE@XZ
??0ErrorMessage@api5@vulcan@adobe@@QAE@ABV0123@@Z
??0ErrorMessage@api5@vulcan@adobe@@QAE@XZ
??0GetEndPointsMessage@impl@vulcan@adobe@@QAE@ABV0123@@Z
??0GetEndPointsMessage@impl@vulcan@adobe@@QAE@XZ
??0IVulcanMessageDispatcher@api5@vulcan@adobe@@QAE@ABV0123@@Z
??0IVulcanMessageDispatcher@api5@vulcan@adobe@@QAE@XZ
??0IVulcanMessageListener@api5@vulcan@adobe@@QAE@$$QAV0123@@Z
??0IVulcanMessageListener@api5@vulcan@adobe@@QAE@ABV0123@@Z
??0IVulcanMessageListener@api5@vulcan@adobe@@QAE@XZ
??0SuiteMessage@api5@vulcan@adobe@@QAE@ABV0123@@Z
??0SuiteMessage@api5@vulcan@adobe@@QAE@PBD@Z
??0VulcanMessage@api5@vulcan@adobe@@QAE@ABV0123@@Z
??0VulcanMessage@api5@vulcan@adobe@@QAE@XZ
??1EndPoint@api5@vulcan@adobe@@UAE@XZ
??1ErrorMessage@api5@vulcan@adobe@@UAE@XZ
??1GetEndPointsMessage@impl@vulcan@adobe@@UAE@XZ
??1IVulcanMessageDispatcher@api5@vulcan@adobe@@UAE@XZ
??1SuiteMessage@api5@vulcan@adobe@@UAE@XZ
??1VulcanMessage@api5@vulcan@adobe@@UAE@XZ
??4EndPoint@api5@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4ErrorMessage@api5@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4GetEndPointsMessage@impl@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4IVulcanMessageDispatcher@api5@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4IVulcanMessageListener@api5@vulcan@adobe@@QAEAAV0123@$$QAV0123@@Z
??4IVulcanMessageListener@api5@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4MessageUtil@api5@vulcan@adobe@@QAEAAV0123@$$QAV0123@@Z
??4MessageUtil@api5@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4SuiteMessage@api5@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??4VulcanMessage@api5@vulcan@adobe@@QAEAAV0123@ABV0123@@Z
??8EndPoint@api5@vulcan@adobe@@QBE_NABV0123@@Z
??9EndPoint@api5@vulcan@adobe@@QBE_NABV0123@@Z
??_7EndPoint@api5@vulcan@adobe@@6B@
??_7ErrorMessage@api5@vulcan@adobe@@6B@
??_7GetEndPointsMessage@impl@vulcan@adobe@@6B@
??_7IVulcanMessageDispatcher@api5@vulcan@adobe@@6B@
??_7IVulcanMessageListener@api5@vulcan@adobe@@6B@
??_7SuiteMessage@api5@vulcan@adobe@@6B@
??_7VulcanMessage@api5@vulcan@adobe@@6B@
?Clone@ErrorMessage@api5@vulcan@adobe@@UBEPAV1234@XZ
?Clone@GetEndPointsMessage@impl@vulcan@adobe@@UBEPAV1234@XZ
?Clone@SuiteMessage@api5@vulcan@adobe@@UBEPAV1234@XZ
?Create@EndPoint@api5@vulcan@adobe@@SA?AV1234@PBD@Z
?CreateMessage@MessageUtil@api5@vulcan@adobe@@SAPAVVulcanMessage@234@PBD@Z
?CreateMessageByType@MessageUtil@api5@vulcan@adobe@@SAPAVVulcanMessage@234@PBD@Z
?DESTINATION_UNREACHABLE_ERROR@ErrorMessage@api5@vulcan@adobe@@2QBDB
?GetAppId@EndPoint@api5@vulcan@adobe@@QBEXPAD@Z
?GetAppId@VulcanMessage@api5@vulcan@adobe@@QBEXPAD@Z
?GetAppIdSize@EndPoint@api5@vulcan@adobe@@QBEIXZ
?GetAppIdSize@VulcanMessage@api5@vulcan@adobe@@QBEIXZ
?GetAppVersion@EndPoint@api5@vulcan@adobe@@QBEXPAD@Z
?GetAppVersion@VulcanMessage@api5@vulcan@adobe@@QBEXPAD@Z
?GetAppVersionSize@EndPoint@api5@vulcan@adobe@@QBEIXZ
?GetAppVersionSize@VulcanMessage@api5@vulcan@adobe@@QBEIXZ
?GetConfig@IVulcanMessageDispatcher@api5@vulcan@adobe@@SA?AW4VulcanMessageErrorCode@@PAPAD0@Z
?GetData@ErrorMessage@api5@vulcan@adobe@@UBEXPAD@Z
?GetData@GetEndPointsMessage@impl@vulcan@adobe@@UBEXPAD@Z
?GetData@SuiteMessage@api5@vulcan@adobe@@UBEXPAD@Z
?GetDataSize@ErrorMessage@api5@vulcan@adobe@@UBEIXZ
?GetDataSize@GetEndPointsMessage@impl@vulcan@adobe@@UBEIXZ
?GetDataSize@SuiteMessage@api5@vulcan@adobe@@UBEIXZ
?GetDestinationCount@SuiteMessage@api5@vulcan@adobe@@QBEIXZ
?GetDestinations@SuiteMessage@api5@vulcan@adobe@@QBEXPAVEndPoint@234@@Z
?GetError@ErrorMessage@api5@vulcan@adobe@@QBEXPAD@Z
?GetErrorSize@ErrorMessage@api5@vulcan@adobe@@QBEIXZ
?GetFault@ErrorMessage@api5@vulcan@adobe@@QBEXPAD@Z
?GetFaultSize@ErrorMessage@api5@vulcan@adobe@@QBEIXZ
?GetId@EndPoint@api5@vulcan@adobe@@QBEXPAD@Z
?GetIdSize@EndPoint@api5@vulcan@adobe@@QBEIXZ
?GetInstance@IVulcanMessageDispatcher@api5@vulcan@adobe@@SA?AW4VulcanMessageErrorCode@@PAPAV1234@@Z
?GetPayload@SuiteMessage@api5@vulcan@adobe@@QBEXPAD@Z
?GetPayloadSize@SuiteMessage@api5@vulcan@adobe@@QBEIXZ
?GetResult@GetEndPointsMessage@impl@vulcan@adobe@@QBEXPAVEndPoint@api5@34@@Z
?GetResultCount@GetEndPointsMessage@impl@vulcan@adobe@@QBEIXZ
?GetScope@VulcanMessage@api5@vulcan@adobe@@QBE?AW4MessageScope@234@XZ
?GetSource@SuiteMessage@api5@vulcan@adobe@@QBE?AVEndPoint@234@XZ
?GetSourceEndPoint@GetEndPointsMessage@impl@vulcan@adobe@@QBE?AVEndPoint@api5@34@XZ
?GetType@VulcanMessage@api5@vulcan@adobe@@QBEXPAD@Z
?GetTypeSize@VulcanMessage@api5@vulcan@adobe@@QBEIXZ
?GetXmlSize@EndPoint@api5@vulcan@adobe@@QBEIXZ
?GetXmlSize@VulcanMessage@api5@vulcan@adobe@@UBEIXZ
?INVALID_ENDPOINT@EndPoint@api5@vulcan@adobe@@2V1234@B
?IsRefreshEndPoints@GetEndPointsMessage@impl@vulcan@adobe@@QAE_NXZ
?IsSuiteMessage@SuiteMessage@api5@vulcan@adobe@@SA_NABVVulcanMessage@234@@Z
?ReleaseInstance@IVulcanMessageDispatcher@api5@vulcan@adobe@@SAXXZ
?SetAppId@EndPoint@api5@vulcan@adobe@@QAEXPBD@Z
?SetAppId@MessageUtil@api5@vulcan@adobe@@SAXAAVVulcanMessage@234@PBD@Z
?SetAppVersion@EndPoint@api5@vulcan@adobe@@QAEXPBD@Z
?SetAppVersion@MessageUtil@api5@vulcan@adobe@@SAXAAVVulcanMessage@234@PBD@Z
?SetConfig@IVulcanMessageDispatcher@api5@vulcan@adobe@@SA?AW4VulcanMessageErrorCode@@PBD0@Z
?SetData@ErrorMessage@api5@vulcan@adobe@@UAEXPBD@Z
?SetData@GetEndPointsMessage@impl@vulcan@adobe@@UAEXPBD@Z
?SetData@SuiteMessage@api5@vulcan@adobe@@UAEXPBD@Z
?SetDestination@SuiteMessage@api5@vulcan@adobe@@QAEXABVEndPoint@234@@Z
?SetDestinations@SuiteMessage@api5@vulcan@adobe@@QAEXPBVEndPoint@234@I@Z
?SetId@EndPoint@api5@vulcan@adobe@@QAEXPBD@Z
?SetPayload@SuiteMessage@api5@vulcan@adobe@@QAEXPBD@Z
?SetPayload@SuiteMessage@api5@vulcan@adobe@@QAEXPBDI@Z
?SetRefreshEndPoints@GetEndPointsMessage@impl@vulcan@adobe@@QAEXXZ
?SetSource@SuiteMessage@api5@vulcan@adobe@@QAEXABVEndPoint@234@@Z
?TYPE@ErrorMessage@api5@vulcan@adobe@@2QBDB
?TYPE@GetEndPointsMessage@impl@vulcan@adobe@@2QBDB
?TYPE_PREFIX@SuiteMessage@api5@vulcan@adobe@@2QBDB
?TYPE_PREFIX@VulcanMessage@api5@vulcan@adobe@@2QBDB
?ToXml@EndPoint@api5@vulcan@adobe@@QBEXPAD@Z
?ToXml@VulcanMessage@api5@vulcan@adobe@@UBEXPAD@Z

Sections

.text
Size: 726KB - Virtual size: 726KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 154KB - Virtual size: 154KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adobe_licensing_helper.exe
.exe windows:6 windows x86 arch:x86

31ca12071143ca125a712153a5e9e000

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

27:26:d7:36:0a:20:fe:7f:cb:4a:c8:3b:9c:be:25:78:5a:f7:d1:0c:37:98:ab:65:04:ff:ae:9b:07:1e:83:6a
Signer

Actual PE Digest

27:26:d7:36:0a:20:fe:7f:cb:4a:c8:3b:9c:be:25:78:5a:f7:d1:0c:37:98:ab:65:04:ff:ae:9b:07:1e:83:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

E:\builds\NGLU\1.0\source\nglu\public\nglu-bin\Win32\Release_x86\adobe_licensing_helper.pdb

Imports

winhttp

WinHttpCrackUrl
WinHttpConnect
WinHttpSetTimeouts
WinHttpSetCredentials
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpQueryAuthSchemes
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryDataAvailable

kernel32

GetCurrentThreadId
FindFirstFileW
FindNextFileW
GetFileSizeEx
FindClose
CreateFileW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
GetFullPathNameW
MultiByteToWideChar
WideCharToMultiByte
VerSetConditionMask
VerifyVersionInfoW
LoadLibraryW
GetProcAddress
FreeLibrary
FormatMessageW
LocalFree
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentProcess
DeviceIoControl
GetTempPathW
GetVersionExW
GetComputerNameExW
FileTimeToSystemTime
GetNativeSystemInfo
RaiseException
GetModuleHandleW
GetLocalTime
GetTimeFormatW
OpenMutexW
CloseHandle
GetLastError
ReleaseMutex
WaitForSingleObject
CreateMutexW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
SetStdHandle
ReadConsoleW
SetFilePointerEx
FlushFileBuffers
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
GetACP
GetCommandLineW
GetCommandLineA
WriteFile
GetStdHandle
ExitProcess
GetModuleHandleExW
HeapReAlloc
GetTimeZoneInformation
ReadFile
GetFileType
RtlUnwind
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
SetEndOfFile
SetEnvironmentVariableW
WriteConsoleW
HeapSize
GetDateFormatW
InterlockedPopEntrySList
ReleaseSemaphore
GetStringTypeW
TryEnterCriticalSection
EncodePointer
DecodePointer
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentThread
QueryPerformanceCounter
IsProcessorFeaturePresent
QueueUserWorkItem
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
VirtualAlloc
VirtualFree
VirtualProtect

advapi32

CredFree
CredEnumerateW
CredReadW
CredWriteW
GetUserNameW
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegCloseKey
CredDeleteW

shell32

SHGetKnownFolderPath
SHCreateDirectoryExW

ole32

CoInitialize
CoTaskMemFree
CoCreateGuid

shlwapi

UrlEscapeW
PathFindFileNameW
PathRenameExtensionW
PathRemoveFileSpecW
PathRemoveExtensionW
PathFileExistsW
PathAddExtensionW
PathIsFileSpecW
PathAppendW
PathIsDirectoryW

bcrypt

BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptVerifySignature
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptHashData
BCryptDecrypt
BCryptDestroyKey
BCryptEncrypt
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptGetProperty

crypt32

CertCreateCertificateContext
CertFreeCertificateContext
CryptHashCertificate2
CryptImportPublicKeyInfoEx2
CertVerifySubjectCertificateContext
CertAddCertificateContextToStore
CertCloseStore
CertOpenStore
CryptStringToBinaryW
CryptUnprotectData
CryptProtectData
CertFindCertificateInStore

secur32

GetUserNameExW

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 533KB - Virtual size: 532KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 100KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 178KB - Virtual size: 178KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adobe_oobelib.dll
.dll windows:5 windows x86 arch:x86

26768dd142f6638c6ddfe8b87168ade0

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:46:82:d2:34:54:5a:40:4f:fd:c8:e9:88:3a:b8:cb:d6:8f:d5:17:80:15:88:b7:40:de:60:b9:62:ce:ed:cb
Signer

Actual PE Digest

83:46:82:d2:34:54:5a:40:4f:fd:c8:e9:88:3a:b8:cb:d6:8f:d5:17:80:15:88:b7:40:de:60:b9:62:ce:ed:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

adobe_oobelib.pdb

Imports

winhttp

WinHttpOpen
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSetStatusCallback
WinHttpConnect
WinHttpGetIEProxyConfigForCurrentUser
WinHttpGetProxyForUrl
WinHttpQueryAuthSchemes
WinHttpCloseHandle
WinHttpOpenRequest
WinHttpCrackUrl
WinHttpQueryHeaders
WinHttpReceiveResponse
WinHttpSetCredentials
WinHttpSendRequest
WinHttpAddRequestHeaders

iphlpapi

GetIfTable

setupapi

SetupDiDestroyDeviceInfoList
SetupDiEnumDeviceInfo
CM_Get_DevNode_Status
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
SetupDiGetDeviceRegistryPropertyW

shlwapi

PathIsDirectoryW
PathRemoveBackslashW
PathStripPathW
PathFileExistsW
PathFindFileNameW
PathAddExtensionW
PathIsFileSpecW
PathAppendW
PathRenameExtensionW
PathRemoveFileSpecW
PathRemoveExtensionW

kernel32

DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
Sleep
LockFileEx
UnlockFileEx
GetFileSize
WriteFile
FlushFileBuffers
SetEndOfFile
SetFilePointer
CloseHandle
CreateSemaphoreW
LoadLibraryW
GetModuleFileNameA
CreateProcessW
SetEnvironmentVariableA
CreateFileW
MultiByteToWideChar
EnterCriticalSection
LeaveCriticalSection
SwitchToThread
CreateThread
ResumeThread
GetModuleFileNameW
WideCharToMultiByte
ReadFile
GetSystemTime
SystemTimeToFileTime
SetFileAttributesW
GetFileAttributesW
DeleteFileW
GlobalFree
DecodePointer
HeapDestroy
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
RaiseException
InitializeCriticalSectionAndSpinCount
GetComputerNameExW
InterlockedIncrement
InterlockedDecrement
SetEvent
OpenEventW
GetVersionExW
WaitForMultipleObjects
CreateEventW
GetTimeZoneInformation
OutputDebugStringA
GetTempPathW
GetEnvironmentVariableA
QueryPerformanceFrequency
QueryPerformanceCounter
TryEnterCriticalSection
GetCurrentThreadId
GetCurrentProcessId
GetCurrentProcess
GetCurrentThread
FindClose
FindFirstFileW
FindNextFileW
GetLocalTime
GetTimeFormatW
GetDateFormatW
CreateDirectoryW
TzSpecificLocalTimeToSystemTime
CreateMutexW
ReleaseMutex
OpenMutexW
LocalAlloc
GetUserDefaultLangID
GetUserDefaultUILanguage
GetModuleHandleW
ResetEvent
InitializeCriticalSection
Process32NextW
Process32FirstW
AreFileApisANSI
HeapCreate
GetFullPathNameW
InterlockedCompareExchange
GetDiskFreeSpaceW
LockFile
GetFullPathNameA
UnmapViewOfFile
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
GetSystemInfo
HeapCompact
UnlockFile
CreateFileMappingA
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
GetTickCount
GetStdHandle
GetFileType
GetModuleHandleA
GlobalMemoryStatus
WriteConsoleW
lstrlenW
CopyFileW
GetACP
CreateSymbolicLinkW
SetLastError
TerminateProcess
MoveFileExW
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RtlUnwind
GetStartupInfoW
GetLastError
LocalFree
GetProcAddress
FreeLibrary
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
SetConsoleCtrlHandler
GetConsoleMode
ReadConsoleInputA
SetConsoleMode
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
ReadConsoleW
CreateToolhelp32Snapshot
SetFilePointerEx
GetCurrentDirectoryW
SetStdHandle
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
SetFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetFileSizeEx
FlushConsoleInputBuffer
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
EncodePointer
GetStringTypeW

user32

GetProcessWindowStation
MessageBoxA
GetUserObjectInformationW
wsprintfW

advapi32

ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegQueryValueExA
RegOpenKeyA
RegDeleteKeyA
RegCreateKeyA
RegDeleteKeyW
SetSecurityInfo
SetNamedSecurityInfoW
GetNamedSecurityInfoW
CreateWellKnownSid
EqualSid
GetTokenInformation
OpenThreadToken
OpenProcessToken
RegCloseKey
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
SetEntriesInAclW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
FreeSid
AllocateAndInitializeSid

shell32

SHCreateDirectoryExW
SHGetFolderPathW
SHGetPathFromIDListW
SHGetFolderLocation
SHGetKnownFolderPath

ole32

CoUninitialize
CoInitializeEx
CoInitializeSecurity
CoSetProxyBlanket
CoCreateInstance
CoInitialize
CoTaskMemFree

oleaut32

VariantClear
SysFreeString
SysAllocString
SysStringLen
SysAllocStringByteLen

Exports

Exports

Adobe_OOBELib_Activate
Adobe_OOBELib_ActivateForLEIDs
Adobe_OOBELib_BackDoorUpgradeCheck
Adobe_OOBELib_CalculateVC
Adobe_OOBELib_CheckForUpgradeOnline
Adobe_OOBELib_CheckSubscriptionMode
Adobe_OOBELib_CheckSubscriptionValidity
Adobe_OOBELib_CheckSubscriptionValidityOnline
Adobe_OOBELib_CheckWFType
Adobe_OOBELib_CheckforUpgrade
Adobe_OOBELib_CleanUpCachePCD
Adobe_OOBELib_CreateRef
Adobe_OOBELib_Deactivate
Adobe_OOBELib_DeactivateLicense
Adobe_OOBELib_DeactivateLicenseForSerial
Adobe_OOBELib_DeactivateLicensesForUser
Adobe_OOBELib_DisAssociateAll
Adobe_OOBELib_EncryptDecryptSerial
Adobe_OOBELib_EnumerateKeys
Adobe_OOBELib_Generate_OffLineExcpType1_ReqCode
Adobe_OOBELib_GetAdobeId
Adobe_OOBELib_GetChallengeString_UpgradeCheck
Adobe_OOBELib_GetCredentialsForProxy
Adobe_OOBELib_GetCurrentLicenseState
Adobe_OOBELib_GetDetailedActiveLicenseInfo
Adobe_OOBELib_GetDetailedLicenseStatus
Adobe_OOBELib_GetDetailedLicenseStatusEx
Adobe_OOBELib_GetDetailedLicenseStatusExForLEIDs
Adobe_OOBELib_GetEntitlement
Adobe_OOBELib_GetEntitlementsForLEIDS
Adobe_OOBELib_GetLicenseStatus
Adobe_OOBELib_GetLicenseStatusEx
Adobe_OOBELib_GetPackagePoolDetailsForPool
Adobe_OOBELib_GetPackagePoolsForAdminForOrg
Adobe_OOBELib_GetRefID
Adobe_OOBELib_GetSerialInfo
Adobe_OOBELib_GetServiceClaimData
Adobe_OOBELib_GetValueforKeyInSubDomain
Adobe_OOBELib_Get_LegacySeatID
Adobe_OOBELib_Get_OffLineExcpType1_ReqCode
Adobe_OOBELib_Get_ProductLine
Adobe_OOBELib_Get_SeatID
Adobe_OOBELib_Getversion
Adobe_OOBELib_ISOTaggingAtInstall
Adobe_OOBELib_IsLicenseAgreementAccepted
Adobe_OOBELib_LaunchPurchaseWorkFlow
Adobe_OOBELib_LoadActivationGraceLicense
Adobe_OOBELib_LoadDBCSLicenseAndActivate
Adobe_OOBELib_LoadOfflineGraceLicense
Adobe_OOBELib_LoadOnlineTrial
Adobe_OOBELib_LoadTrial
Adobe_OOBELib_ProcessExceptionFile
Adobe_OOBELib_Process_file
Adobe_OOBELib_ProtectedContentCheck
Adobe_OOBELib_QueryLicenses
Adobe_OOBELib_QueryLicensesForUser
Adobe_OOBELib_Record_EulaOnline
Adobe_OOBELib_ReducedTrialSLConfigDownload
Adobe_OOBELib_ReleaseRef
Adobe_OOBELib_RememberAdobeID
Adobe_OOBELib_RemoveKeyInSubDomainInCache
Adobe_OOBELib_RemoveLastLoggedInUser
Adobe_OOBELib_Remove_payload
Adobe_OOBELib_RetrieveLEIDForSerial
Adobe_OOBELib_Retrieve_SerialNumber
Adobe_OOBELib_Retrieve_SerialNumberEx
Adobe_OOBELib_Retryactivation
Adobe_OOBELib_SaveAdobeId
Adobe_OOBELib_SetAdobeId
Adobe_OOBELib_SetAdobeIdExtProfile
Adobe_OOBELib_SetAppXMLData
Adobe_OOBELib_SetCallerID
Adobe_OOBELib_SetClaimStatus
Adobe_OOBELib_SetClaimStatusEx
Adobe_OOBELib_SetCredentialsForProxy
Adobe_OOBELib_SetLEID
Adobe_OOBELib_SetLicenseAgreementInformation
Adobe_OOBELib_SetSerialTypeForSerial
Adobe_OOBELib_SetUniversalCookie
Adobe_OOBELib_SetValueforKeyInSubDomainInCache
Adobe_OOBELib_Set_Eula
Adobe_OOBELib_Set_EulaOnline
Adobe_OOBELib_Set_InstallLocale
Adobe_OOBELib_Set_serialnumber
Adobe_OOBELib_SuppressRegSerialNag
Adobe_OOBELib_SuppressRegistrationNag
Adobe_OOBELib_Suppress_Eula
Adobe_OOBELib_Suppress_Registration
Adobe_OOBELib_UnregisterSerials
Adobe_OOBELib_UpdateLastLoggedInUser
Adobe_OOBELib_UpdateUserSpecificIdentity
Adobe_OOBELib_UpdateUserSpecificLicensing
Adobe_OOBELib_UpgradeCheck
Adobe_OOBELib_UpgradeDoneAtInstallTime
Adobe_OOBELib_ValidateSerialOnline
Adobe_OOBELib_Validate_SerialNumber
Adobe_OOBELib_Verify_OffLineExcpType1_ServerResponseCode
GetAsnVersion
IAL_ActivateLicense
IAL_CheckSubscription
IAL_CloseSession
IAL_CreateSession
IAL_DeactivateLicense
IAL_GetAULData
IAL_GetEntitledSerialData
IAL_GetEntitlementsForLEIDS
IAL_GetLEIDForSerial
IAL_GetPackagePoolData
IAL_GetPackagePools
IAL_GetSLConfigData
IAL_GetType2aOfflineException
IAL_GetVersion
IAL_SendAppUsageData
IAL_SendEnrolTrialRequest
IAL_SetCaller
IAL_SetEULAStatus
IAL_SetLicensingLEID
IAL_SetLoggingMethod
IAL_SetProxyDetails
IAL_ValidateSerial
asnInst_InstallerProductInfo_constructor
asnInst_getAsnProductInfo
asnInst_getAsnProductInfoInMem
asn_exit
asn_info
asn_init
asn_makePrivate
asn_makePrivateEx

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 614KB - Virtual size: 614KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
adobe_upgrade.dll
.dll windows:6 windows x86 arch:x86

73cafe1c9aec216b9d6bcc04fd6c7570

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ec:ef:df:67:f7:3a:0e:75:f1:44:fc:9d:0f:3d:f2:0b:1e:31:e4:f7:bc:13:62:6d:a8:28:8c:80:73:24:08:73
Signer

Actual PE Digest

ec:ef:df:67:f7:3a:0e:75:f1:44:fc:9d:0f:3d:f2:0b:1e:31:e4:f7:bc:13:62:6d:a8:28:8c:80:73:24:08:73

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

adobe_upgrade.pdb

Imports

winhttp

WinHttpCrackUrl
WinHttpConnect
WinHttpSetStatusCallback
WinHttpSetCredentials
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpQueryAuthSchemes
WinHttpReceiveResponse
WinHttpOpen
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryDataAvailable

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

iphlpapi

GetIfTable

shlwapi

PathStripPathW
PathRemoveBackslashW
PathRemoveBackslashA
SHDeleteEmptyKeyA
SHDeleteKeyA
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
PathRemoveExtensionW
PathAddExtensionW
PathRenameExtensionW
PathIsDirectoryW
PathAppendW
PathIsFileSpecW

kernel32

GetCurrentProcess
GetLastError
CloseHandle
lstrcmpA
lstrcpyA
lstrcatA
lstrlenA
CreateProcessA
GetStdHandle
GetFileType
WriteFile
GetCurrentThreadId
GetModuleHandleA
MultiByteToWideChar
QueryPerformanceCounter
GetCurrentProcessId
GetTickCount
GlobalMemoryStatus
FlushConsoleInputBuffer
QueryPerformanceFrequency
GetThreadTimes
GetCurrentThread
WideCharToMultiByte
OutputDebugStringA
LoadLibraryW
GetModuleFileNameW
GetTempPathW
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ReleaseSemaphore
WaitForSingleObject
CreateDirectoryW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
CreateSemaphoreW
SetFilePointer
CreateFileW
ReadFile
SetEndOfFile
UnlockFileEx
LocalAlloc
SetFileAttributesW
LocalFree
LockFileEx
GetFileSize
FlushFileBuffers
GetFileSizeEx
GetLocalTime
GetTimeFormatW
GetDateFormatW
CreateMutexW
ReleaseMutex
OpenMutexW
Sleep
GetUserDefaultLangID
GetUserDefaultUILanguage
GetVersionExW
GetModuleHandleW
WaitForMultipleObjects
GetConsoleMode
SetEvent
GlobalFree
ResetEvent
HeapFree
LoadLibraryA
HeapSize
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
HeapReAlloc
RaiseException
HeapAlloc
DecodePointer
HeapDestroy
GetProcessHeap
AreFileApisANSI
HeapCreate
GetFullPathNameW
InterlockedCompareExchange
GetDiskFreeSpaceW
LockFile
GetFullPathNameA
UnmapViewOfFile
HeapValidate
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
DeleteFileW
GetSystemInfo
HeapCompact
UnlockFile
CreateFileMappingA
SystemTimeToFileTime
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
CreateFileMappingW
WriteConsoleW
GetComputerNameExW
OpenSemaphoreW
ResumeThread
CreateThread
SwitchToThread
lstrcmpW
lstrlenW
CopyFileW
CopyFileExW
GetVolumeInformationW
GetACP
GetCurrentDirectoryA
SetCurrentDirectoryW
SetCurrentDirectoryA
SetEnvironmentVariableW
SetEnvironmentVariableA
GetDriveTypeW
LoadLibraryExW
InterlockedFlushSList
GetProcAddress
FreeLibrary
GetEnvironmentVariableA
GetCurrentDirectoryW
ExitProcess
GetModuleHandleExW
GetNumberOfConsoleInputEvents
PeekConsoleInputA
ReadConsoleInputA
SetConsoleMode
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
InitializeCriticalSectionAndSpinCount
SetFileTime
TzSpecificLocalTimeToSystemTime
MoveFileExW
GetTimeZoneInformation
ExitThread
SetConsoleCtrlHandler
FreeLibraryAndExitThread
GetModuleFileNameA
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetConsoleCP
SetFilePointerEx
ReadConsoleW
SetStdHandle
HeapQueryInformation
FindFirstFileExA
FindFirstFileExW
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
CreateEventW
MapViewOfFile
InterlockedPushEntrySList
RtlUnwind
GetCPInfo
GetLocaleInfoW
LCMapStringW
CompareStringW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
SetLastError
EncodePointer
GetStringTypeW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead

user32

GetUserObjectInformationW
MessageBoxA
GetDC
ReleaseDC
wsprintfW
UnregisterClassW
GetProcessWindowStation

gdi32

GetObjectA
GetDIBits
GetDeviceCaps
DeleteObject
CreateCompatibleBitmap

advapi32

GetNamedSecurityInfoW
LookupPrivilegeValueW
GetUserNameW
SetSecurityDescriptorDacl
AllocateAndInitializeSid
SetEntriesInAclW
FreeSid
InitializeSecurityDescriptor
SetSecurityInfo
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
CryptGenRandom
CryptReleaseContext
CryptAcquireContextA
ReportEventA
RegisterEventSourceA
DeregisterEventSource
RegUnLoadKeyA
RegSetValueExA
RegQueryValueExA
RegOpenKeyExA
RegLoadKeyA
RegFlushKey
RegEnumValueA
RegEnumKeyA
RegDeleteValueA
RegCreateKeyExA
RegCreateKeyA
RegCloseKey
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
SetNamedSecurityInfoW

shell32

SHGetFolderPathW
SHCreateDirectoryExW
SHGetFolderLocation
SHGetPathFromIDListW

ole32

CoCreateInstance
CoSetProxyBlanket
CoInitializeSecurity
CoInitializeEx
CoUninitialize
CoTaskMemFree

oleaut32

SetErrorInfo
CreateErrorInfo
SysFreeString
SysAllocString
VariantChangeType
VariantInit
GetErrorInfo
VariantClear
SysAllocStringByteLen
SysStringLen

Exports

Exports

AULAcceptsChallengeResponse
AULCloseSession
AULGetChallengeString
AULGetQualifyingSerialNumbers
AULGetUpgradeStatus
AULIsQualifyingSerialNumberForAnyProduct
AULIsQualifyingSerialNumberForProduct
AULNeedsUpgradeCheck
AULNextProduct
AULOpenSession
AULSetQualifyingSerialNumbers
AULSetUpgradeScenario
GetAsnVersion
asnInst_InstallerProductInfo_constructor
asnInst_getAsnProductInfo
asnInst_getAsnProductInfoInMem
asn_exit
asn_info
asn_init
asn_makePrivate
asn_makePrivateEx

Sections

.text
Size: 3.0MB - Virtual size: 3.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 587KB - Virtual size: 586KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 64KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 140KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
dispatchtable.xml
.xml
imshelper.dll
.dll windows:6 windows x86 arch:x86

226da6f5589de39e5c9f54642e5e0d10

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

50:e5:2b:9a:16:22:20:2b:c3:62:d3:60:85:d1:50:94:de:e6:85:b3:a9:e0:af:27:b4:cb:ce:e1:60:33:85:6c
Signer

Actual PE Digest

50:e5:2b:9a:16:22:20:2b:c3:62:d3:60:85:d1:50:94:de:e6:85:b3:a9:e0:af:27:b4:cb:ce:e1:60:33:85:6c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

E:\builds\NGLU\1.0\source\nglu\public\nglu-lib\Win32\Release_x86\imshelper.pdb

Imports

winhttp

WinHttpCrackUrl
WinHttpConnect
WinHttpSetTimeouts
WinHttpSetCredentials
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpQueryAuthSchemes
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryDataAvailable

kernel32

GetCurrentThreadId
GetFileSizeEx
FindClose
CreateFileW
GetFileAttributesW
SetFileAttributesW
FormatMessageW
LocalFree
HeapFree
HeapAlloc
GetProcessHeap
GetCurrentProcess
DeviceIoControl
GetTempPathW
GetVersionExW
FileTimeToSystemTime
GetNativeSystemInfo
RaiseException
LoadLibraryW
GetProcAddress
CreateProcessW
GetModuleHandleW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
GetLocalTime
GetTimeFormatW
GetDateFormatW
OpenMutexW
CloseHandle
GetLastError
ReleaseMutex
WaitForSingleObject
CreateMutexW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
SetStdHandle
ReadConsoleW
FindFirstFileExA
GetACP
SetFilePointerEx
FlushFileBuffers
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
WriteFile
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
HeapReAlloc
GetTimeZoneInformation
ReadFile
GetFileType
RtlUnwind
UnregisterWaitEx
QueryDepthSList
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
SetEndOfFile
HeapSize
InterlockedFlushSList
InterlockedPushEntrySList
GetStringTypeW
TryEnterCriticalSection
EncodePointer
DecodePointer
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentThread
QueryPerformanceCounter
IsProcessorFeaturePresent
QueueUserWorkItem
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
SetEvent
ResetEvent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore
InterlockedPopEntrySList

advapi32

CredFree
CredReadW
CredWriteW
GetUserNameW
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegCloseKey
CredDeleteW

shell32

SHGetKnownFolderPath
SHCreateDirectoryExW

ole32

CoCreateGuid
CoTaskMemFree

shlwapi

UrlEscapeW
PathRemoveFileSpecW
PathFindFileNameW
PathRenameExtensionW
PathRemoveExtensionW
PathFileExistsW
PathAddExtensionW
PathIsFileSpecW
PathAppendW
PathIsDirectoryW

bcrypt

BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptDecrypt
BCryptDestroyKey
BCryptEncrypt
BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptCreateHash
BCryptHashData
BCryptGetProperty

crypt32

CertCloseStore
CryptUnprotectData
CryptProtectData

secur32

GetUserNameExW

Exports

Exports

GetNGLDeviceIdentifier
GetNGLDeviceIdentifierForOSUser

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 466KB - Virtual size: 465KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 143KB - Virtual size: 143KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/IMSLib.dll
.dll windows:5 windows x64 arch:x64

c2cfc0d770494af182b48ab55e9c13fd

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:41:96:5a:3e:58:ec:d1:c9:dc:39:d5:95:76:ae:49:a6:c8:08:78:42:9e:0c:8a:a2:47:65:b7:13:1a:94:f5
Signer

Actual PE Digest

1e:41:96:5a:3e:58:ec:d1:c9:dc:39:d5:95:76:ae:49:a6:c8:08:78:42:9e:0c:8a:a2:47:65:b7:13:1a:94:f5

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\builds\AAM\10.0\source\dev\aamcore\target\win64\Release\OOBECommon\IMSLib.pdb

Imports

winhttp

WinHttpOpen
WinHttpCrackUrl
WinHttpConnect
WinHttpSetStatusCallback
WinHttpSetCredentials
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpQueryAuthSchemes
WinHttpGetIEProxyConfigForCurrentUser
WinHttpReceiveResponse
WinHttpQueryDataAvailable
WinHttpAddRequestHeaders
WinHttpQueryHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle

setupapi

SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupDiGetDeviceRegistryPropertyW
SetupDiGetDeviceInstanceIdW
CM_Get_DevNode_Status

kernel32

CloseHandle
CreateThread
ResetEvent
TryEnterCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
ReadFile
SetLastError
GetCurrentProcess
WriteFile
TerminateProcess
GetModuleFileNameW
GetTempPathW
CreateMutexW
FindClose
LocalAlloc
CreateFileW
GetFileAttributesW
GetVersionExW
ReleaseMutex
SetFileAttributesW
Sleep
DeleteFileW
RaiseException
DecodePointer
GetProcAddress
LocalFree
MoveFileExW
GetFileSize
SystemTimeToFileTime
CreateProcessW
GetModuleHandleW
CopyFileW
WideCharToMultiByte
GetSystemTime
FlushFileBuffers
ReleaseSemaphore
GetCurrentProcessId
CreateDirectoryW
LoadLibraryW
FreeLibrary
SetEvent
GetTimeFormatW
GetDateFormatW
QueryPerformanceCounter
GetStdHandle
GetFileType
GetCurrentThreadId
GetTickCount
GlobalMemoryStatus
LoadLibraryA
FlushConsoleInputBuffer
SetFilePointer
GetFileSizeEx
OpenMutexW
GetFileAttributesExW
CreateSymbolicLinkW
AreFileApisANSI
HeapCreate
HeapFree
GetFullPathNameW
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
GetFullPathNameA
SetEndOfFile
UnlockFileEx
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
OutputDebugStringW
CreateFileA
GetVersionExA
DeleteFileA
HeapReAlloc
GetSystemInfo
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
CreateFileMappingA
LockFileEx
GetProcessHeap
GetSystemTimeAsFileTime
FormatMessageA
CreateFileMappingW
MapViewOfFile
GetTimeZoneInformation
SetConsoleMode
ReadConsoleInputA
GetConsoleMode
GetLastError
MultiByteToWideChar
CreateEventW
WaitForSingleObject
InitializeCriticalSectionAndSpinCount
GlobalFree
GetModuleFileNameA
GetACP
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
WaitForMultipleObjects
ReadConsoleW
SetFilePointerEx
GetCurrentDirectoryW
SetStdHandle
GetConsoleCP
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
GetLocalTime
SetConsoleCtrlHandler
GetModuleHandleExW
ExitProcess
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetDriveTypeW
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
InterlockedPushEntrySList
InterlockedPopEntrySList
VirtualProtect
VirtualFree
VirtualAlloc
LoadLibraryExW
GetModuleHandleA
FreeLibraryAndExitThread
GetThreadTimes
UnregisterWait
RegisterWaitForSingleObject
SetThreadAffinityMask
GetProcessAffinityMask
GetNumaHighestNodeNumber
DeleteTimerQueueTimer
ChangeTimerQueueTimer
CreateTimerQueueTimer
GetLogicalProcessorInformation
GetThreadPriority
SetThreadPriority
SwitchToThread
SignalObjectAndWait
CreateTimerQueue
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
IsProcessorFeaturePresent
RtlPcToFileHeader
EncodePointer
GetStringTypeW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
DuplicateHandle
WaitForSingleObjectEx
GetCurrentThread
CompareStringW
LCMapStringW
GetLocaleInfoW
GetCPInfo
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter

user32

MessageBoxW
wsprintfW
GetUserObjectInformationW
GetProcessWindowStation

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW
GetUserNameW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
SetEntriesInAclW
CreateWellKnownSid
SetNamedSecurityInfoW
GetNamedSecurityInfoW

shell32

SHGetFolderPathW
SHGetSpecialFolderPathW
SHGetKnownFolderPath
SHCreateDirectoryExW

ole32

CoSetProxyBlanket
CoUninitialize
CoInitialize
CLSIDFromString
OleRun
CLSIDFromProgID
CoCreateInstance
StringFromGUID2
CoInitializeSecurity
CoInitializeEx
CoCreateGuid

oleaut32

SysStringLen
GetErrorInfo
VariantClear
VariantChangeType
VariantCopy
SysAllocString
SysAllocStringByteLen
SysFreeString
VariantInit

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathIsFileSpecW
PathIsDirectoryW
PathRemoveExtensionW
PathAddExtensionW
PathAppendW
PathRenameExtensionW
PathFindFileNameW

Exports

Exports

IMS_EEPLogin
IMS_createRef
IMS_createRefEx
IMS_createRefExWithXMLParams
IMS_createRefForProductVersion
IMS_deregisterClientFromGroup
IMS_fetchAccessToken
IMS_fetchAccessToken2
IMS_fetchAccounts
IMS_fetchContinueToken
IMS_fetchDefaultUserInfoForClientId
IMS_fetchFeatureFlags
IMS_fetchIDPResponseForKey
IMS_fetchReleaseFlag
IMS_fetchUserProfileData
IMS_getDeviceID
IMS_getProxyCredentialsFromIMSLibSession
IMS_logOutUserForClient
IMS_registerClientToGroup
IMS_releaseData
IMS_releaseRef
IMS_revokeDeviceToken
IMS_setProxyCredentials
IMS_setProxyCredentialsInIMSLibSession
IMS_setRetryAfterResponseHandlingData
IMS_setUserAsDefaultForClientId
IMS_storeDeviceTokenAndUserProfile
IMS_storeDeviceTokenAndUserProfileEx

Sections

.text
Size: 1.8MB - Virtual size: 1.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 631KB - Virtual size: 631KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 164KB - Virtual size: 200KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
x64/imshelper.dll
.dll windows:6 windows x64 arch:x64

7facf3589331ee07ad5af189ff4c0a95

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c7:f6:43:02:5d:22:29:9d:b1:e8:44:46:1d:71:dc:27:7e:1a:4e:a7:3d:6e:e6:45:6b:d2:7c:68:f5:94:09:33
Signer

Actual PE Digest

c7:f6:43:02:5d:22:29:9d:b1:e8:44:46:1d:71:dc:27:7e:1a:4e:a7:3d:6e:e6:45:6b:d2:7c:68:f5:94:09:33

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

E:\builds\NGLU\1.0\source\nglu\public\nglu-lib\x64\Release_x64\imshelper.pdb

Imports

winhttp

WinHttpCrackUrl
WinHttpConnect
WinHttpSetTimeouts
WinHttpSetCredentials
WinHttpSendRequest
WinHttpGetProxyForUrl
WinHttpQueryAuthSchemes
WinHttpGetIEProxyConfigForCurrentUser
WinHttpCloseHandle
WinHttpSetOption
WinHttpOpenRequest
WinHttpReadData
WinHttpQueryHeaders
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpReceiveResponse
WinHttpQueryDataAvailable

kernel32

GetCurrentThreadId
GetFileSizeEx
FindClose
CreateFileW
GetFileAttributesW
SetFileAttributesW
FormatMessageW
LocalFree
HeapFree
HeapAlloc
GetProcessHeap
DeviceIoControl
GetTempPathW
GetVersionExW
FileTimeToSystemTime
GetNativeSystemInfo
RaiseException
LoadLibraryW
GetProcAddress
CreateProcessW
FreeLibrary
MultiByteToWideChar
WideCharToMultiByte
GetLocalTime
GetTimeFormatW
GetDateFormatW
OpenMutexW
CloseHandle
GetLastError
ReleaseMutex
WaitForSingleObject
CreateMutexW
DeleteCriticalSection
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
GetCurrentProcessId
SetStdHandle
ReadConsoleW
HeapReAlloc
GetTimeZoneInformation
ReadFile
GetFileType
RtlUnwindEx
UnregisterWaitEx
QueryDepthSList
InterlockedFlushSList
GetACP
SetFilePointerEx
FlushFileBuffers
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetConsoleMode
GetConsoleCP
WriteFile
GetModuleFileNameA
ExitProcess
GetModuleHandleExW
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableA
WriteConsoleW
HeapSize
SetEndOfFile
InterlockedPushEntrySList
InterlockedPopEntrySList
GetStringTypeW
TryEnterCriticalSection
RtlPcToFileHeader
EncodePointer
DecodePointer
DuplicateHandle
WaitForSingleObjectEx
Sleep
GetCurrentProcess
GetCurrentThread
QueryPerformanceCounter
IsProcessorFeaturePresent
QueueUserWorkItem
SetLastError
InitializeCriticalSectionAndSpinCount
CreateEventW
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetTickCount
GetModuleHandleW
GetCPInfo
CompareStringW
LCMapStringW
GetLocaleInfoW
SetEvent
ResetEvent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
CreateTimerQueue
SignalObjectAndWait
SwitchToThread
CreateThread
SetThreadPriority
GetThreadPriority
GetLogicalProcessorInformation
CreateTimerQueueTimer
ChangeTimerQueueTimer
DeleteTimerQueueTimer
GetNumaHighestNodeNumber
GetProcessAffinityMask
SetThreadAffinityMask
RegisterWaitForSingleObject
UnregisterWait
GetThreadTimes
FreeLibraryAndExitThread
GetModuleFileNameW
GetModuleHandleA
LoadLibraryExW
VirtualAlloc
VirtualFree
VirtualProtect
ReleaseSemaphore

advapi32

CredDeleteW
CredReadW
CredWriteW
GetUserNameW
RegQueryValueExW
RegEnumValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegCloseKey
CredFree

shell32

SHCreateDirectoryExW
SHGetKnownFolderPath

ole32

CoTaskMemFree
CoCreateGuid

shlwapi

PathRenameExtensionW
PathIsDirectoryW
PathAppendW
UrlEscapeW
PathAddExtensionW
PathFileExistsW
PathRemoveExtensionW
PathRemoveFileSpecW
PathFindFileNameW
PathIsFileSpecW

bcrypt

BCryptCreateHash
BCryptGenerateSymmetricKey
BCryptSetProperty
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptHashData
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptEncrypt
BCryptDestroyKey
BCryptDecrypt

crypt32

CertCloseStore
CryptUnprotectData
CryptProtectData

secur32

GetUserNameExW

Exports

Exports

GetNGLDeviceIdentifier
GetNGLDeviceIdentifierForOSUser

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 725KB - Virtual size: 724KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 157KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
New folder (2)/packages/ADC/LCC/LCC.pimx
New folder (2)/packages/ADC/LCC/LCC.sig
.xml
New folder (2)/packages/ADC/Runtime/Runtime.pima
.zip
customhook/RuntimeCustomHook.exe
.exe windows:5 windows x86 arch:x86

5380d71df787995c06c363401d45c0ae

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e8:3a:39:12:ed:50:cb:7b:f5:61:bf:a4:8e:b5:6f:50:87:ab:6e:c1:f3:73:39:f2:0f:0f:dd:d1:6d:6b:4b:64
Signer

Actual PE Digest

e8:3a:39:12:ed:50:cb:7b:f5:61:bf:a4:8e:b5:6f:50:87:ab:6e:c1:f3:73:39:f2:0f:0f:dd:d1:6d:6b:4b:64

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

RuntimeCustomHook.pdb

Imports

msi

ord113

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GetModuleFileNameW
GetTempPathW
FindClose
CreateFileW
GetFileAttributesW
SetFileAttributesW
GetLastError
DeleteFileW
CloseHandle
LocalFree
MoveFileExW
lstrcmpW
FlushFileBuffers
HeapFree
SetLastError
GetCurrentProcess
TerminateProcess
InitializeCriticalSectionEx
WaitForSingleObject
HeapSize
CreateEventW
SetEvent
HeapReAlloc
RaiseException
ResetEvent
HeapAlloc
DecodePointer
GetProcAddress
DeleteCriticalSection
GetProcessHeap
CreateProcessW
GetModuleHandleW
GetExitCodeProcess
SetFilePointer
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
MultiByteToWideChar
WideCharToMultiByte
GetUserDefaultLangID
FreeLibrary
GetFileSizeEx
FileTimeToSystemTime
GetLocalTime
GetTimeFormatW
SystemTimeToFileTime
GetDateFormatW
CreateMutexW
ReleaseMutex
OpenMutexW
GetUserDefaultLCID
LCMapStringW
GetUserDefaultUILanguage
TlsAlloc
GetCommandLineW
GetCommandLineA
GetModuleHandleExW
ExitProcess
GetStdHandle
GetTimeZoneInformation
LoadLibraryExW
WriteFile
TlsGetValue
FindNextFileW
FindFirstFileW
ReadFile
GetFileType
IsValidLocale
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
SetFilePointerEx
FindFirstFileExW
IsValidCodePage
GetACP
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetConsoleCP
SetEndOfFile
WriteConsoleW
SwitchToThread
InitializeCriticalSectionAndSpinCount
GetCurrentProcessId
RtlUnwind
OutputDebugStringW
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
WaitForSingleObjectEx
GetCPInfo
GetLocaleInfoW
CompareStringW
EncodePointer
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
GetStringTypeW

advapi32

RegCloseKey
RegOpenKeyExW
RegQueryValueExW

shell32

SHCreateDirectoryExW
SHGetSpecialFolderPathW

oleaut32

VariantClear

shlwapi

PathRemoveExtensionW
PathAddExtensionW
PathIsFileSpecW
PathRenameExtensionW
PathFindFileNameW
PathRemoveFileSpecW
PathIsDirectoryW
PathFileExistsW
PathAppendW

Sections

.text
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 85KB - Virtual size: 85KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
customhook/vc10/32bit/vcredist_x86.exe
.exe windows:5 windows x86 arch:x86

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:05:a2:30:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:01

Not After

25/07/2013, 19:11

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

58:5d:c5:26:99:03:d9:98:d7:bd:f4:32:05:e3:4e:3b:e4:dd:15:47
Signer

Actual PE Digest

58:5d:c5:26:99:03:d9:98:d7:bd:f4:32:05:e3:4e:3b:e4:dd:15:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

sfxcab.pdb

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf

advapi32

InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor

kernel32

CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8.5MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customhook/vc10/64bit/vcredist_x64.exe
.exe windows:5 windows x86 arch:x86

a1f6f100bff4507a3332f3f0cdfc24f5

Code Sign

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:01:b2:9b:00:00:00:00:00:15
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

21/02/2011, 20:53

Not After

21/05/2012, 20:53

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:06:94:2d:00:00:00:00:00:09
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:02

Not After

25/07/2013, 19:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

3e:29:68:50:9f:c0:15:85:b2:43:f6:40:df:72:7e:8c:87:c3:b3:4f
Signer

Actual PE Digest

3e:29:68:50:9f:c0:15:85:b2:43:f6:40:df:72:7e:8c:87:c3:b3:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

sfxcab.pdb

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
__initenv
exit
_cexit
_adjust_fdiv
_exit
_c_exit
strncpy
strstr
_strlwr
strrchr
_stricmp
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_XcptFilter
_snprintf
sprintf
strchr
_strnicmp
_vsnprintf

advapi32

InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
AllocateAndInitializeSid
OpenProcessToken
GetTokenInformation
GetLengthSid
InitiateSystemShutdownA
InitializeSecurityDescriptor

kernel32

CreateThread
GetFileSize
ExpandEnvironmentStringsA
CreateProcessA
GetExitCodeProcess
InitializeCriticalSectionAndSpinCount
LocalFileTimeToFileTime
SetFileTime
SetEndOfFile
CreateEventA
QueryDosDeviceA
GetDiskFreeSpaceA
GetSystemTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentDirectoryA
GetProcessHeap
CopyFileA
SetFileAttributesA
DosDateTimeToFileTime
SetEvent
GetVersionExA
ReadFile
SetFilePointer
MoveFileExA
RemoveDirectoryA
GetLastError
CreateDirectoryA
GetTickCount
SetErrorMode
FreeLibrary
GetProcAddress
LoadLibraryA
GetSystemDirectoryA
CloseHandle
DeviceIoControl
CreateFileA
GetDriveTypeA
HeapFree
FormatMessageA
LeaveCriticalSection
DeleteFileA
EnterCriticalSection
TerminateProcess
WaitForMultipleObjects
CreateEventW
FindFirstFileA
Sleep
SetEnvironmentVariableA
GetEnvironmentVariableA
WideCharToMultiByte
HeapAlloc
SetLastError
WriteFile
MoveFileA
ExitProcess
DeleteCriticalSection
FlushFileBuffers
WaitForSingleObject
OpenEventA
GetCurrentProcess
GetFileAttributesA
GetCommandLineA
GetModuleFileNameA
FindClose
FindNextFileA
SystemTimeToFileTime

user32

SendDlgItemMessageA
SendMessageA
DialogBoxParamA
MessageBoxA
SetParent
EndDialog
LoadStringA
ShowWindow

ntdll

NtOpenProcessToken
NtAdjustPrivilegesToken
NtClose
NtShutdownSystem

comctl32

ord17

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9.8MB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
customhook/vc12/32bit/vcredist_x86.exe
.exe windows:5 windows x86 arch:x86

33c6db41ca15b47cfcec52de6c2ab2b7

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:41

Not After

24/12/2014, 17:41

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

51:3c:0e:d0:e9:29:66:d4:05:e1:26:24:9d:da:d9:c0:63:79:c5:68:38:c7:69:c5:25:f3:62:ab:0e:b8:a4:f6
Signer

Actual PE Digest

51:3c:0e:d0:e9:29:66:d4:05:e1:26:24:9d:da:d9:c0:63:79:c5:68:38:c7:69:c5:25:f3:62:ab:0e:b8:a4:f6

Digest Algorithm

sha256

PE Digest Matches

true

8c:12:40:11:a9:d9:22:02:f1:9b:18:34:2a:70:2d:89:dc:3c:69:a5
Signer

Actual PE Digest

8c:12:40:11:a9:d9:22:02:f1:9b:18:34:2a:70:2d:89:dc:3c:69:a5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

E:\delivery\Dev\wix36_dev11\build\ship\x86\x86\burn.pdb

Imports

kernel32

CopyFileExW
MapViewOfFile
CreateFileMappingW
CreateMutexW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
ResetEvent
SetEndOfFile
DeleteFileW
GetThreadLocale
UnmapViewOfFile
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
GetLocalTime
SetFilePointer
GetComputerNameW
CreateFileA
GetProcessHeap
GetModuleHandleA
CopyFileW
MoveFileExW
GlobalFree
GlobalAlloc
GetFileSizeEx
GetCurrentDirectoryW
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
RaiseException
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FormatMessageW
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
CompareStringW
InitializeCriticalSection
CloseHandle
LocalFree
ReleaseMutex
GetVersionExW
GetProcessId
ReadFile
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
lstrlenW
WaitForSingleObject
OpenProcess
CreateFileW
SetFilePointerEx
lstrlenA
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
VerifyVersionInfoW
VerSetConditionMask
GetTempPathW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetVolumePathNameW
GetWindowsDirectoryW
GetSystemDefaultLangID
GetUserDefaultLangID
GetDateFormatW
GetSystemTime
LoadLibraryW
InterlockedCompareExchange
GetExitCodeThread
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
ProcessIdToSessionId
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
GetExitCodeProcess
SetThreadExecutionState
FlushFileBuffers

msi

ord171
ord45
ord137
ord125
ord17
ord8
ord141
ord238
ord190
ord88
ord90
ord173
ord111
ord70
ord169
ord118
ord115
ord116
ord205

shell32

SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW

rpcrt4

UuidCreate

wininet

HttpQueryInfoW
InternetCrackUrlW
InternetSetOptionW
InternetConnectW
InternetCloseHandle
InternetOpenW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetReadFile
HttpSendRequestW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

gdi32

DeleteDC
DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
StretchBlt

cabinet

ord23
ord22
ord20

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
SetNamedSecurityInfoW
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
InitializeSecurityDescriptor
SetEntriesInAclA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegOpenKeyExW
GetTokenInformation
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
ChangeServiceConfigW
DecryptFileW
SetEntriesInAclW
InitializeAcl
CreateWellKnownSid
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
QueryServiceConfigW

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

ole32

CLSIDFromProgID
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoInitialize
CoInitializeEx
CoUninitialize
StringFromGUID2

user32

LoadBitmapW
IsWindow
PostMessageW
PeekMessageW
GetMessageW
GetWindowLongW
SetWindowLongW
DefWindowProcW
UnregisterClassW
DispatchMessageW
TranslateMessage
IsDialogMessageW
CreateWindowExW
RegisterClassW
MsgWaitForMultipleObjects
LoadCursorW
PostQuitMessage
GetCursorPos
MonitorFromPoint
GetMonitorInfoW
PostThreadMessageW
MessageBoxW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
customhook/vc12/64bit/vcredist_x64.exe
.exe windows:5 windows x86 arch:x86

33c6db41ca15b47cfcec52de6c2ab2b7

Code Sign

33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/09/2012, 21:12

Not After

04/12/2013, 21:12

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/01/2013, 22:33

Not After

24/04/2014, 22:33

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/09/2013, 17:41

Not After

24/12/2014, 17:41

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f9:21:a8:7f:5a:3b:9a:0a:03:ac:c7:ff:64:14:0d:fb:d7:83:d6:35:6f:b3:45:b4:6a:5d:07:98:a0:f2:ce:30
Signer

Actual PE Digest

f9:21:a8:7f:5a:3b:9a:0a:03:ac:c7:ff:64:14:0d:fb:d7:83:d6:35:6f:b3:45:b4:6a:5d:07:98:a0:f2:ce:30

Digest Algorithm

sha256

PE Digest Matches

true

fa:4d:cd:f6:4c:96:60:0c:ed:96:a4:ab:84:4d:56:72:9b:e5:6f:2f
Signer

Actual PE Digest

fa:4d:cd:f6:4c:96:60:0c:ed:96:a4:ab:84:4d:56:72:9b:e5:6f:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

E:\delivery\Dev\wix36_dev11\build\ship\x86\x86\burn.pdb

Imports

kernel32

CopyFileExW
MapViewOfFile
CreateFileMappingW
CreateMutexW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
ResetEvent
SetEndOfFile
DeleteFileW
GetThreadLocale
UnmapViewOfFile
GetFullPathNameW
GetTempFileNameW
CreateDirectoryW
GetLocalTime
SetFilePointer
GetComputerNameW
CreateFileA
GetProcessHeap
GetModuleHandleA
CopyFileW
MoveFileExW
GlobalFree
GlobalAlloc
GetFileSizeEx
GetCurrentDirectoryW
SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime
RaiseException
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FormatMessageW
HeapSetInformation
GetStartupInfoW
SetUnhandledExceptionFilter
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
IsDebuggerPresent
FreeLibrary
InterlockedExchange
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW
GetTimeZoneInformation
CompareStringW
InitializeCriticalSection
CloseHandle
LocalFree
ReleaseMutex
GetVersionExW
GetProcessId
ReadFile
CreateNamedPipeW
ConnectNamedPipe
SetNamedPipeHandleState
lstrlenW
WaitForSingleObject
OpenProcess
CreateFileW
SetFilePointerEx
lstrlenA
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
VerifyVersionInfoW
VerSetConditionMask
GetTempPathW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetVolumePathNameW
GetWindowsDirectoryW
GetSystemDefaultLangID
GetUserDefaultLangID
GetDateFormatW
GetSystemTime
LoadLibraryW
InterlockedCompareExchange
GetExitCodeThread
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
ProcessIdToSessionId
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
GetExitCodeProcess
SetThreadExecutionState
FlushFileBuffers

msi

ord171
ord45
ord137
ord125
ord17
ord8
ord141
ord238
ord190
ord88
ord90
ord173
ord111
ord70
ord169
ord118
ord115
ord116
ord205

shell32

SHGetFolderPathW
ShellExecuteExW
CommandLineToArgvW

rpcrt4

UuidCreate

wininet

HttpQueryInfoW
InternetCrackUrlW
InternetSetOptionW
InternetConnectW
InternetCloseHandle
InternetOpenW
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetReadFile
HttpSendRequestW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

gdi32

DeleteDC
DeleteObject
GetObjectW
CreateCompatibleDC
SelectObject
StretchBlt

cabinet

ord23
ord22
ord20

advapi32

CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
SetNamedSecurityInfoW
AllocateAndInitializeSid
CheckTokenMembership
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
RegQueryInfoKeyW
RegSetValueExW
InitializeSecurityDescriptor
SetEntriesInAclA
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
SetSecurityDescriptorDacl
RegOpenKeyExW
GetTokenInformation
OpenSCManagerW
OpenServiceW
QueryServiceStatus
CloseServiceHandle
ChangeServiceConfigW
DecryptFileW
SetEntriesInAclW
InitializeAcl
CreateWellKnownSid
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
RegCloseKey
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
QueryServiceConfigW

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

ole32

CLSIDFromProgID
CoInitializeSecurity
CoTaskMemFree
CoCreateInstance
CoInitialize
CoInitializeEx
CoUninitialize
StringFromGUID2

user32

LoadBitmapW
IsWindow
PostMessageW
PeekMessageW
GetMessageW
GetWindowLongW
SetWindowLongW
DefWindowProcW
UnregisterClassW
DispatchMessageW
TranslateMessage
IsDialogMessageW
CreateWindowExW
RegisterClassW
MsgWaitForMultipleObjects
LoadCursorW
PostQuitMessage
GetCursorPos
MonitorFromPoint
GetMonitorInfoW
PostThreadMessageW
MessageBoxW

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Sections

.text
Size: 312KB - Virtual size: 312KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
customhook/vc13/32bit/vcredist_x86.exe
.exe windows:5 windows x86 arch:x86

8e2588a9cf43886de3449dfff03137b6

Code Sign

33:00:00:00:9c:ee:fe:14:55:a9:5d:35:50:00:00:00:00:00:9c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/03/2016, 19:21

Not After

30/06/2017, 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:b3:48:1e:88:d9:0e:2c:be:6a:8c:11:b0:ca:01:0d:03:6c:ae:3c:b7:4b:f3:3f:f2:38:70:bc:db:8e:3b:44
Signer

Actual PE Digest

f7:b3:48:1e:88:d9:0e:2c:be:6a:8c:11:b0:ca:01:0d:03:6c:ae:3c:b7:4b:f3:3f:f2:38:70:bc:db:8e:3b:44

Digest Algorithm

sha256

PE Digest Matches

true

53:e7:06:12:cd:06:8c:a2:85:86:35:60:30:63:3f:87:4f:05:82:af
Signer

Actual PE Digest

53:e7:06:12:cd:06:8c:a2:85:86:35:60:30:63:3f:87:4f:05:82:af

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

E:\delivery\Dev\wix37\build\ship\x86\burn.pdb

Imports

gdiplus

GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromResource
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipAlloc

advapi32

QueryServiceConfigW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
GetUserNameW
InitiateSystemShutdownExW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
DecryptFileW
ChangeServiceConfigW
ControlService
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegQueryInfoKeyW
RegSetValueExW
SetEntriesInAclA
SetSecurityDescriptorGroup
RegOpenKeyExW
GetTokenInformation
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
LookupAccountNameW
SetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

user32

GetMessageW
PeekMessageW
PostMessageW
IsWindow
PostQuitMessage
GetWindowLongW
SetWindowLongW
DefWindowProcW
UnregisterClassW
DispatchMessageW
TranslateMessage
IsDialogMessageW
MsgWaitForMultipleObjects
WaitForInputIdle
LoadCursorW
BeginPaint
EndPaint
GetCursorPos
MonitorFromPoint
GetMonitorInfoW
ReleaseDC
MessageBoxW
PostThreadMessageW
RegisterClassW
CreateWindowExW

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

gdi32

GetDeviceCaps
CreateDCW

shell32

ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx
StringFromGUID2
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCurrentProcess
InitializeCriticalSection
TlsFree
DeleteCriticalSection
CloseHandle
TlsGetValue
Sleep
GetLastError
ReleaseMutex
TlsSetValue
TlsAlloc
GetCurrentThreadId
GetVersionExW
GetModuleHandleW
ReadFile
SetFilePointerEx
CreateFileW
GetCurrentProcessId
GetProcessId
WriteFile
ConnectNamedPipe
SetNamedPipeHandleState
lstrlenW
CompareStringW
LocalFree
CreateNamedPipeW
WaitForSingleObject
OpenProcess
lstrlenA
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
VerifyVersionInfoW
VerSetConditionMask
GetComputerNameW
GetTempPathW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetVolumePathNameW
HeapAlloc
GetSystemDefaultLangID
GetUserDefaultLangID
GetDateFormatW
GetSystemTime
InterlockedExchange
LoadLibraryW
InterlockedCompareExchange
GetExitCodeThread
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
ProcessIdToSessionId
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
HeapSetInformation
MapViewOfFile
CreateFileMappingW
CreateMutexW
SetEndOfFile
ResetEvent
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
GetSystemTimeAsFileTime
VirtualFree
VirtualAlloc
DeleteFileW
GetThreadLocale
GetTimeZoneInformation
TerminateProcess
UnhandledExceptionFilter
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GlobalAlloc
IsProcessorFeaturePresent
GetTickCount
QueryPerformanceCounter
HeapCreate
SetLastError
EncodePointer
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
GlobalFree
MoveFileExW
CopyFileW
GetFileSizeEx
GetModuleHandleA
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
LCMapStringW
MultiByteToWideChar
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetLocalTime
UnmapViewOfFile
IsDebuggerPresent
DuplicateHandle
HeapFree
FormatMessageW
GetTempFileNameW
GetWindowsDirectoryW
CompareStringA
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
DecodePointer
ExitProcess
SetUnhandledExceptionFilter
GetStartupInfoW
GetCommandLineW
GetFullPathNameW
CreateDirectoryW
GetProcessHeap

cabinet

ord22
ord20
ord23

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

msi

ord88
ord17
ord125
ord116
ord115
ord118
ord8
ord171
ord205
ord45
ord137
ord141
ord238
ord190
ord169
ord90
ord173
ord111
ord70

rpcrt4

UuidCreate

wininet

InternetCloseHandle
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetReadFile
HttpSendRequestW
InternetSetOptionW
InternetOpenW
HttpQueryInfoW
InternetCrackUrlW
InternetConnectW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
customhook/vc13/64bit/vcredist_x64.exe
.exe windows:5 windows x86 arch:x86

8e2588a9cf43886de3449dfff03137b6

Code Sign

33:00:00:00:9c:ee:fe:14:55:a9:5d:35:50:00:00:00:00:00:9c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

30/03/2016, 19:21

Not After

30/06/2017, 19:21

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:0a:2c:79:ae:d7:79:7b:a6:ac:00:01:00:00:01:0a
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

04/06/2015, 17:42

Not After

04/09/2016, 17:42

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:64:47:84:94:86:db:41:19:38:00:00:00:00:00:64
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

28/10/2015, 20:31

Not After

28/01/2017, 20:31

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:27:97:21:2a:b7:e5:8c:21:be:ad:02:8f:47:7b:69:f2:50:43:38:08:e0:1e:fe:0e:16:24:16:37:c4:61:c3
Signer

Actual PE Digest

8e:27:97:21:2a:b7:e5:8c:21:be:ad:02:8f:47:7b:69:f2:50:43:38:08:e0:1e:fe:0e:16:24:16:37:c4:61:c3

Digest Algorithm

sha256

PE Digest Matches

true

8e:75:58:f3:0e:54:bd:7d:de:84:0e:27:cb:f3:ea:45:35:d6:b6:1d
Signer

Actual PE Digest

8e:75:58:f3:0e:54:bd:7d:de:84:0e:27:cb:f3:ea:45:35:d6:b6:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

E:\delivery\Dev\wix37\build\ship\x86\burn.pdb

Imports

gdiplus

GdiplusShutdown
GdiplusStartup
GdipDeleteGraphics
GdipFree
GdipCloneImage
GdipDisposeImage
GdipGetImageWidth
GdipGetImageHeight
GdipCreateBitmapFromResource
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipAlloc

advapi32

QueryServiceConfigW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
RegDeleteKeyW
RegCreateKeyExW
RegEnumKeyExW
RegEnumValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegCloseKey
RegDeleteValueW
RegQueryValueExW
GetUserNameW
InitiateSystemShutdownExW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
DecryptFileW
ChangeServiceConfigW
ControlService
CloseServiceHandle
QueryServiceStatus
OpenServiceW
OpenSCManagerW
RegQueryInfoKeyW
RegSetValueExW
SetEntriesInAclA
SetSecurityDescriptorGroup
RegOpenKeyExW
GetTokenInformation
CheckTokenMembership
AllocateAndInitializeSid
FreeSid
LookupAccountNameW
SetNamedSecurityInfoW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorOwner

user32

GetMessageW
PeekMessageW
PostMessageW
IsWindow
PostQuitMessage
GetWindowLongW
SetWindowLongW
DefWindowProcW
UnregisterClassW
DispatchMessageW
TranslateMessage
IsDialogMessageW
MsgWaitForMultipleObjects
WaitForInputIdle
LoadCursorW
BeginPaint
EndPaint
GetCursorPos
MonitorFromPoint
GetMonitorInfoW
ReleaseDC
MessageBoxW
PostThreadMessageW
RegisterClassW
CreateWindowExW

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

gdi32

GetDeviceCaps
CreateDCW

shell32

ShellExecuteExW
SHGetFolderPathW
CommandLineToArgvW

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CoUninitialize
CoInitializeEx
StringFromGUID2
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCurrentProcess
InitializeCriticalSection
TlsFree
DeleteCriticalSection
CloseHandle
TlsGetValue
Sleep
GetLastError
ReleaseMutex
TlsSetValue
TlsAlloc
GetCurrentThreadId
GetVersionExW
GetModuleHandleW
ReadFile
SetFilePointerEx
CreateFileW
GetCurrentProcessId
GetProcessId
WriteFile
ConnectNamedPipe
SetNamedPipeHandleState
lstrlenW
CompareStringW
LocalFree
CreateNamedPipeW
WaitForSingleObject
OpenProcess
lstrlenA
RemoveDirectoryW
GetFileAttributesW
ExpandEnvironmentStringsW
LeaveCriticalSection
EnterCriticalSection
FreeLibrary
GetProcAddress
VerifyVersionInfoW
VerSetConditionMask
GetComputerNameW
GetTempPathW
GetSystemDirectoryW
GetSystemWow64DirectoryW
GetVolumePathNameW
HeapAlloc
GetSystemDefaultLangID
GetUserDefaultLangID
GetDateFormatW
GetSystemTime
InterlockedExchange
LoadLibraryW
InterlockedCompareExchange
GetExitCodeThread
CreateThread
SetEvent
WaitForMultipleObjects
CreateEventW
ProcessIdToSessionId
InterlockedIncrement
InterlockedDecrement
GetStringTypeW
SetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
CreateProcessW
SetCurrentDirectoryW
GetCurrentDirectoryW
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
HeapSetInformation
MapViewOfFile
CreateFileMappingW
CreateMutexW
SetEndOfFile
ResetEvent
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CreateFileA
GetSystemTimeAsFileTime
VirtualFree
VirtualAlloc
DeleteFileW
GetThreadLocale
GetTimeZoneInformation
TerminateProcess
UnhandledExceptionFilter
SystemTimeToTzSpecificLocalTime
SystemTimeToFileTime
GlobalAlloc
IsProcessorFeaturePresent
GetTickCount
QueryPerformanceCounter
HeapCreate
SetLastError
EncodePointer
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
GlobalFree
MoveFileExW
CopyFileW
GetFileSizeEx
GetModuleHandleA
RaiseException
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
RtlUnwind
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
HeapSize
HeapReAlloc
LCMapStringW
MultiByteToWideChar
SetStdHandle
WriteConsoleW
FlushFileBuffers
GetLocalTime
UnmapViewOfFile
IsDebuggerPresent
DuplicateHandle
HeapFree
FormatMessageW
GetTempFileNameW
GetWindowsDirectoryW
CompareStringA
FreeEnvironmentStringsW
GetModuleFileNameW
GetStdHandle
DecodePointer
ExitProcess
SetUnhandledExceptionFilter
GetStartupInfoW
GetCommandLineW
GetFullPathNameW
CreateDirectoryW
GetProcessHeap

cabinet

ord22
ord20
ord23

crypt32

CertGetCertificateContextProperty
CryptHashPublicKeyInfo

msi

ord88
ord17
ord125
ord116
ord115
ord118
ord8
ord171
ord205
ord45
ord137
ord141
ord238
ord190
ord169
ord90
ord173
ord111
ord70

rpcrt4

UuidCreate

wininet

InternetCloseHandle
HttpAddRequestHeadersW
HttpOpenRequestW
InternetErrorDlg
InternetReadFile
HttpSendRequestW
InternetSetOptionW
InternetOpenW
HttpQueryInfoW
InternetCrackUrlW
InternetConnectW

wintrust

WinVerifyTrust
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
CryptCATAdminCalcHashFromFileHandle

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

Sections

.text
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 104KB - Virtual size: 104KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
customhook/vc14/32bit/vcredist_x86.exe
.exe windows:5 windows x86 arch:x86

1a5cdbf711fee14b077e599d13fddab2

Code Sign

33:00:00:01:21:4e:b2:03:4d:3f:24:69:36:00:00:00:00:01:21
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

24/10/2018, 21:07

Not After

10/01/2020, 21:07

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft America Operations+OU=Thales TSS ESN:8A82-E34F-9DDA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

21:d4:b9:bd:a7:f7:ee:4d:d0:f6:e5:35:f9:9e:d0:e3:d9:a1:26:8f:f7:e5:f2:de:4f:3d:a1:f8:5d:47:ca:87
Signer

Actual PE Digest

21:d4:b9:bd:a7:f7:ee:4d:d0:f6:e5:35:f9:9e:d0:e3:d9:a1:26:8f:f7:e5:f2:de:4f:3d:a1:f8:5d:47:ca:87

Digest Algorithm

sha256

PE Digest Matches

true

ea:48:6b:9c:58:dd:ae:7a:1e:6a:04:39:42:cd:df:73:38:5a:bf:1b
Signer

Actual PE Digest

ea:48:6b:9c:58:dd:ae:7a:1e:6a:04:39:42:cd:df:73:38:5a:bf:1b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\8\s\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

GetMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
DeleteDC

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
FreeEnvironmentStringsW
TlsAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
SetCurrentDirectoryW
FindFirstFileExW
GetFileType
GetACP
ExitProcess
GetStdHandle
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
SetLastError
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
customhook/vc14/64bit/vcredist_x64.exe
.exe windows:5 windows x86 arch:x86

1a5cdbf711fee14b077e599d13fddab2

Code Sign

33:00:00:00:fa:fe:5e:7b:76:00:e8:42:86:00:00:00:00:00:fa
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2018, 20:20

Not After

23/11/2019, 20:20

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c6:32:0e:29:cf:fc:33:a9:b6:f8:2b:5a:de:e5:56:c9:58:1c:d1:62:52:15:4b:2f:76:6c:36:ac:4f:90:23:2f
Signer

Actual PE Digest

c6:32:0e:29:cf:fc:33:a9:b6:f8:2b:5a:de:e5:56:c9:58:1c:d1:62:52:15:4b:2f:76:6c:36:ac:4f:90:23:2f

Digest Algorithm

sha256

PE Digest Matches

true

ad:6e:4d:98:7a:c2:37:bf:21:ff:d2:ca:49:55:c9:5b:70:eb:a7:89
Signer

Actual PE Digest

ad:6e:4d:98:7a:c2:37:bf:21:ff:d2:ca:49:55:c9:5b:70:eb:a7:89

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP
IMAGE_FILE_NET_RUN_FROM_SWAP

PDB Paths

C:\agent\_work\8\s\build\ship\x86\burn.pdb

Imports

advapi32

RegCloseKey
RegOpenKeyExW
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
InitiateSystemShutdownExW
GetUserNameW
RegQueryValueExW
RegDeleteValueW
ConvertStringSecurityDescriptorToSecurityDescriptorW
DecryptFileW
CreateWellKnownSid
InitializeAcl
SetEntriesInAclW
ChangeServiceConfigW
CloseServiceHandle
ControlService
OpenSCManagerW
OpenServiceW
QueryServiceStatus
SetNamedSecurityInfoW
CheckTokenMembership
AllocateAndInitializeSid
SetEntriesInAclA
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegSetValueExW
RegQueryInfoKeyW
RegEnumValueW
RegEnumKeyExW
RegDeleteKeyW
RegCreateKeyExW
GetTokenInformation
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
QueryServiceConfigW

user32

GetMessageW
PostMessageW
IsWindow
WaitForInputIdle
PostQuitMessage
PeekMessageW
MsgWaitForMultipleObjects
PostThreadMessageW
GetMonitorInfoW
MonitorFromPoint
IsDialogMessageW
LoadCursorW
LoadBitmapW
SetWindowLongW
GetWindowLongW
GetCursorPos
MessageBoxW
CreateWindowExW
UnregisterClassW
RegisterClassW
DefWindowProcW
DispatchMessageW
TranslateMessage

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

gdi32

CreateCompatibleDC
DeleteObject
SelectObject
StretchBlt
GetObjectW
DeleteDC

shell32

SHGetFolderPathW
CommandLineToArgvW
ShellExecuteExW

ole32

CoUninitialize
CoInitializeEx
CoInitialize
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoInitializeSecurity
CLSIDFromProgID

kernel32

GetCommandLineA
GetCPInfo
GetOEMCP
CloseHandle
CreateFileW
GetProcAddress
LocalFree
HeapSetInformation
GetLastError
GetModuleHandleW
FormatMessageW
lstrlenA
lstrlenW
MultiByteToWideChar
WideCharToMultiByte
LCMapStringW
Sleep
GetLocalTime
GetModuleFileNameW
ExpandEnvironmentStringsW
GetTempPathW
GetTempFileNameW
CreateDirectoryW
GetFullPathNameW
CompareStringW
GetCurrentProcessId
WriteFile
SetFilePointer
LoadLibraryW
GetSystemDirectoryW
CreateFileA
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
FindClose
GetCommandLineW
GetCurrentDirectoryW
RemoveDirectoryW
SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindFirstFileW
FindNextFileW
MoveFileExW
GetCurrentProcess
GetCurrentThreadId
InitializeCriticalSection
DeleteCriticalSection
ReleaseMutex
GetEnvironmentStringsW
TlsGetValue
TlsSetValue
TlsFree
CreateProcessW
GetVersionExW
VerSetConditionMask
FreeLibrary
EnterCriticalSection
LeaveCriticalSection
GetSystemTime
GetNativeSystemInfo
GetModuleHandleExW
GetWindowsDirectoryW
GetSystemWow64DirectoryW
GetComputerNameW
VerifyVersionInfoW
GetVolumePathNameW
GetDateFormatW
GetSystemDefaultLangID
GetUserDefaultLangID
GetStringTypeW
ReadFile
SetFilePointerEx
DuplicateHandle
InterlockedExchange
InterlockedCompareExchange
CreateEventW
ProcessIdToSessionId
OpenProcess
GetProcessId
WaitForSingleObject
ConnectNamedPipe
SetNamedPipeHandleState
CreateNamedPipeW
CreateThread
GetExitCodeThread
SetEvent
WaitForMultipleObjects
InterlockedIncrement
InterlockedDecrement
ResetEvent
SetEndOfFile
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
CompareStringA
GetExitCodeProcess
SetThreadExecutionState
CopyFileExW
MapViewOfFile
UnmapViewOfFile
CreateMutexW
CreateFileMappingW
GetThreadLocale
IsValidCodePage
FreeEnvironmentStringsW
TlsAlloc
SetStdHandle
GetConsoleCP
GetConsoleMode
FlushFileBuffers
DecodePointer
WriteConsoleW
GetModuleHandleA
GlobalAlloc
GlobalFree
GetFileSizeEx
CopyFileW
VirtualAlloc
VirtualFree
SystemTimeToTzSpecificLocalTime
GetTimeZoneInformation
SystemTimeToFileTime
GetSystemInfo
VirtualProtect
VirtualQuery
SetCurrentDirectoryW
FindFirstFileExW
GetFileType
GetACP
ExitProcess
GetStdHandle
LoadLibraryExW
InitializeCriticalSectionAndSpinCount
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
RaiseException
RtlUnwind
SetLastError
LoadLibraryExA

rpcrt4

UuidCreate

Sections

.text
Size: 294KB - Virtual size: 293KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.wixburn
Size: 512B - Virtual size: 56B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 224B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
New folder (2)/packages/ADC/Runtime/Runtime.pimx
New folder (2)/packages/ADC/Runtime/Runtime.sig
.xml
New folder (2)/packages/ApplicationInfo.xml
.xml
New folder (2)/resources/AdobePIM.dll
.dll windows:5 windows x86 arch:x86

dd6ba004004c70f4eb3bbd4c9ec97b28

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

31/01/2019, 00:00

Not After

03/02/2021, 12:00

Subject

SERIALNUMBER=2748129,CN=Adobe Inc.,OU=AAM 256,O=Adobe Inc.,L=San Jose,ST=ca,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130844656c6177617265,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/10/2019, 00:00

Not After

17/10/2030, 00:00

Subject

CN=TIMESTAMP-SHA256-2019-10-15,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:9e:86:75:de:ec:b8:47:4c:ba:a5:7d:83:53:a2:3b:25:dc:dd:a5:31:88:42:96:16:ee:64:6e:89:81:6a:d4
Signer

Actual PE Digest

54:9e:86:75:de:ec:b8:47:4c:ba:a5:7d:83:53:a2:3b:25:dc:dd:a5:31:88:42:96:16:ee:64:6e:89:81:6a:d4

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AdobePIM.pdb

Imports

msi

ord147
ord74
ord145

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

psapi

GetModuleFileNameExW
GetProcessImageFileNameW
EnumProcessModules

wtsapi32

WTSEnumerateSessionsW
WTSFreeMemory

shlwapi

PathIsFileSpecW
PathAddExtensionW
PathRemoveFileSpecA
PathIsDirectoryA
PathIsDirectoryEmptyW
PathIsSystemFolderW
PathIsRootW
PathRenameExtensionW
PathIsDirectoryW
PathAppendW
PathRemoveBackslashW
PathStripPathW
PathAppendA
PathFileExistsW
PathFindFileNameW
PathRemoveFileSpecW
PathFileExistsA
PathRemoveExtensionW

shell32

ShellExecuteExW
SHCreateDirectoryExW
SHGetFolderLocation
SHGetSpecialFolderPathW
SHGetKnownFolderPath
SHGetPathFromIDListW
SHGetFolderPathW
ord680
CommandLineToArgvW
ord51
SHCreateItemFromParsingName

winhttp

WinHttpOpen
WinHttpReceiveResponse
WinHttpSetTimeouts
WinHttpQueryHeaders
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetCredentials
WinHttpSendRequest
WinHttpOpenRequest
WinHttpCloseHandle
WinHttpConnect
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpSetOption

kernel32

TlsFree
TlsSetValue
TlsGetValue
CompareStringW
SwitchToThread
InitializeCriticalSectionAndSpinCount
GetStringTypeW
EncodePointer
TlsAlloc
GetLocaleInfoW
GetCPInfo
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
InitializeSListHead
GetStartupInfoW
RtlUnwind
InterlockedPushEntrySList
InterlockedFlushSList
LoadLibraryExW
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
GetTimeZoneInformation
ExitProcess
GetStdHandle
GetFileType
IsValidLocale
EnumSystemLocalesW
GetConsoleMode
ReadConsoleW
GetConsoleCP
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
InitializeCriticalSectionEx
GetLastError
RaiseException
DecodePointer
DeleteCriticalSection
ReleaseSemaphore
CreateMutexW
WaitForSingleObject
LocalAlloc
ReleaseMutex
Sleep
OpenSemaphoreW
CloseHandle
LocalFree
GetCurrentProcessId
CreateSemaphoreW
CreateDirectoryW
GetTempPathW
MultiByteToWideChar
SetEvent
ResetEvent
GetCommandLineW
CreateProcessW
GetLocalTime
GetTimeFormatW
GetDateFormatW
OpenProcess
CreateToolhelp32Snapshot
Process32NextW
Process32FirstW
FindFirstFileW
FindNextFileW
TerminateProcess
RemoveDirectoryW
FindClose
SetEnvironmentVariableW
SetFileAttributesW
CreateEventW
GetDiskFreeSpaceExW
CreateThread
CopyFileW
lstrcmpiW
lstrcmpW
GetExitCodeProcess
AreFileApisANSI
ReadFile
TryEnterCriticalSection
HeapCreate
HeapFree
EnterCriticalSection
GetFullPathNameW
WriteFile
GetDiskFreeSpaceW
OutputDebugStringA
LockFile
LeaveCriticalSection
InitializeCriticalSection
SetFilePointer
GetFullPathNameA
SetEndOfFile
UnlockFileEx
CreateFileW
GetFileAttributesW
GetCurrentThreadId
UnmapViewOfFile
HeapValidate
HeapSize
GetTempPathA
FormatMessageW
GetDiskFreeSpaceA
GetFileAttributesA
GetFileAttributesExW
OutputDebugStringW
FlushViewOfFile
CreateFileA
LoadLibraryA
WaitForSingleObjectEx
GetVersionExA
DeleteFileA
DeleteFileW
HeapReAlloc
GetSystemInfo
LoadLibraryW
HeapAlloc
HeapCompact
HeapDestroy
UnlockFile
GetProcAddress
CreateFileMappingA
LockFileEx
GetFileSize
GetProcessHeap
SystemTimeToFileTime
FreeLibrary
WideCharToMultiByte
GetSystemTimeAsFileTime
GetSystemTime
FormatMessageA
MapViewOfFile
QueryPerformanceCounter
GetTickCount
FlushFileBuffers
GetCurrentProcess
GetFileSizeEx
lstrlenW
GetACP
SizeofResource
GetModuleFileNameW
LockResource
LoadResource
FindResourceW
MoveFileExW
GlobalAlloc
GlobalFree
VerSetConditionMask
GetModuleHandleW
VerifyVersionInfoW
SetLastError
DuplicateHandle
ProcessIdToSessionId
TerminateThread
FindResourceExW
lstrcpyW
QueryFullProcessImageNameW
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
FileTimeToSystemTime
OpenMutexW
GetUserDefaultLCID
LCMapStringW
GetUserDefaultLangID
GetUserDefaultUILanguage
SetFilePointerEx
ResumeThread
SetStdHandle
WriteConsoleW
QueryPerformanceFrequency
GetVersionExW
CreateFileMappingW

user32

wsprintfW
EnumWindows
GetWindowThreadProcessId
GetShellWindow

advapi32

InitializeSecurityDescriptor
SetEntriesInAclW
AllocateAndInitializeSid
SetSecurityDescriptorDacl
RegQueryValueExW
FreeSid
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteKeyExW
RegCloseKey
OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
LookupAccountSidW
CreateWellKnownSid
EqualSid
GetTokenInformation
DuplicateTokenEx
GetUserNameW
ConvertSidToStringSidW
ImpersonateLoggedOnUser
ConvertStringSidToSidW
RevertToSelf
CryptReleaseContext
CryptGetHashParam
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptAcquireContextW

ole32

CoUninitialize
CoCreateInstance
CoInitializeEx
CoTaskMemFree
CoInitialize
CoCreateGuid
StringFromGUID2
CLSIDFromProgID
OleRun
CLSIDFromString

oleaut32

SysStringLen
VariantChangeType
VariantInit
SysFreeString
SysAllocString
VariantClear
VariantCopy
GetErrorInfo

crypt32

CertGetNameStringW

wintrust

WinVerifyTrust
WTHelperGetProvCertFromChain
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain

Exports

Exports

AAMIU_Uninstall
AAMIU_getDeploymentValidationStatus
AAMIU_preInstallPropertySet
pim_createLibraryRef
pim_freeLibraryRef
pim_freeLiraryRef
pim_freeString
pim_getAppletAndPackageInfo
pim_getAppletRegistrationInfo
pim_getAppletRelationshipInfo
pim_getCurrentCCVersion
pim_getCurrentPackagesVersion
pim_getInstallStatus
pim_getInstalledPackagesInfo
pim_launchACCCUninstallerExecutableAsAdmin
pim_selfUpdateCheck
pim_selfUpdateCheckWithData
pim_startWorkflow
pim_startWorkflowWithData
pim_syncFromPathToACF
pim_syncFromPathToPath
pim_syncUSFToACF
pim_uninstallAAMFromAAMCleanerTool
pim_uninstallAAMUsingAAMCleanerTool
pim_uninstallACCC64FromACCCCleanerTool
pim_uninstallACCCFromACCCCleanerTool
pim_uninstallADC64UsingADCCleanerTool
pim_uninstallADCUsingADCCleanerTool

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 356KB - Virtual size: 356KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
New folder (2)/resources/Config.xml
.xml

Sharing

General

Malware Config

Signatures

Files

d3c473ff390ce5b60657d157ae1c19fb

Code Sign

05:96:37:35:c0:e0:1c:f3:7d:3e:39:31:40:eb:af:4bCertificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9dCertificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

b5:ed:cb:0d:db:52:e7:82:01:1d:5e:3e:68:15:6e:56:dc:72:89:35:4b:a7:5e:11:79:0a:89:3f:61:a2:ae:7dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

ws2_32

prm

aslfoundation

mlfoundation

uiframework

csxsmanager

dvaappsupport

dvaui

dvaworkspace

dvacore

kernel32

user32

gdi32

advapi32

shell32

ole32

oleaut32

msvcp140

shlwapi

iphlpapi

secur32

bcrypt

vcruntime140

vcruntime140_1

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-convert-l1-1-0

api-ms-win-crt-filesystem-l1-1-0

api-ms-win-crt-time-l1-1-0

api-ms-win-crt-math-l1-1-0

api-ms-win-crt-locale-l1-1-0

api-ms-win-crt-environment-l1-1-0

winhttp

crypt32

wininet

Exports

Exports

Sections

.text Size: 2.9MB - Virtual size: 2.9MB

.rdata Size: 739KB - Virtual size: 739KB

.data Size: 180KB - Virtual size: 189KB

.pdata Size: 142KB - Virtual size: 141KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 16KB - Virtual size: 15KB

a4b5be933fe74c23bd7bffb044fc8cd1

Code Sign

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29Certificate

Extended Key Usages

Key Usages

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5cCertificate

Extended Key Usages

Key Usages

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6dCertificate

05:96:37:35:c0:e0:1c:f3:7d:3e:39:31:40:eb:af:4b
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

b5:ed:cb:0d:db:52:e7:82:01:1d:5e:3e:68:15:6e:56:dc:72:89:35:4b:a7:5e:11:79:0a:89:3f:61:a2:ae:7d
Signer

.text
Size: 2.9MB - Virtual size: 2.9MB

.rdata
Size: 739KB - Virtual size: 739KB

.data
Size: 180KB - Virtual size: 189KB

.pdata
Size: 142KB - Virtual size: 141KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 16KB - Virtual size: 15KB

06:f2:4d:9f:4d:b0:7b:d7:ec:ad:06:7f:5e:e2:6c:29
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

04:cd:3f:85:68:ae:76:c6:1b:b0:fe:71:60:cc:a7:6d
Certificate

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

5d:fd:ec:cf:58:99:53:6e:1b:7e:23:e6:9f:df:47:7c:ca:42:4c:d0:48:74:eb:c0:2d:ff:7a:4e:85:56:34:34
Signer

.text
Size: 3.4MB - Virtual size: 3.4MB

.rdata
Size: 904KB - Virtual size: 904KB

.data
Size: 135KB - Virtual size: 160KB

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 197KB - Virtual size: 196KB

0a:28:51:e5:f0:ff:db:46:e2:c9:cb:66:10:e6:51:2f
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:58:f2:aa:d7:41:d6:44:bc:84:a9:7b:a0:96:52:e6
Certificate

ac:7d:c4:d6:78:b5:cd:0d:da:54:a6:bd:90:ba:4d:9e:d0:98:05:62:5d:95:08:08:69:0a:ff:f1:ac:cd:d5:43
Signer

.text
Size: 748KB - Virtual size: 747KB

.rdata
Size: 197KB - Virtual size: 196KB

.data
Size: 17KB - Virtual size: 33KB

.gfids
Size: 1024B - Virtual size: 596B

.tls
Size: 512B - Virtual size: 9B

.rsrc
Size: 46KB - Virtual size: 46KB

.reloc
Size: 44KB - Virtual size: 44KB

0a:28:51:e5:f0:ff:db:46:e2:c9:cb:66:10:e6:51:2f
Certificate