a5d4495d1a2600f38d01586220f2417b[.]bin

Sharing

Copy URL

Twitter E-mail

General

Target

a5d4495d1a2600f38d01586220f2417b.bin
Size

18.8MB
MD5

a5d4495d1a2600f38d01586220f2417b
SHA1

46d73a663ece832deaedbd23fa8348080917a868
SHA256

640f6fa7a32a694b0912bd9042ac043f7e1252cb28db7385a3c2060d327d32b7
SHA512

182a0a90104a29e5b2e4bdbcecac7e38abb572cdc68f0efafdf6f33bf92bb904755b9464d24ed6998a3d30894eb7775bdea57f95b462d7cf8208fb95298b001b
SSDEEP

393216:wP6OLTODSf/raJ19Wjyj+8l86+qPmUlPuO7TODSf/raJ19Wjyj+8l86+qjXYg:z+TODzx+8l86XQmTODzx+8l86R

Score

10^/10

upx pyinstaller

Malware Config

Signatures

Nirsoft 24 IoCs

resource	yara_rule
static1/unpack001/.exe/AppReadWriteCounter.exe	Nirsoft
static1/unpack001/.exe/BrowsingHistoryView.exe	Nirsoft
static1/unpack002/out.upx	Nirsoft
static1/unpack001/.exe/ExecutedProgramsList.exe	Nirsoft
static1/unpack001/.exe/LastActivityView.exe	Nirsoft
static1/unpack003/out.upx	Nirsoft
static1/unpack001/.exe/PreviousFilesRecovery.exe	Nirsoft
static1/unpack004/out.upx	Nirsoft
static1/unpack001/.exe/RegScanner.exe	Nirsoft
static1/unpack005/out.upx	Nirsoft
static1/unpack001/.exe/TurnedOnTimesView.exe	Nirsoft
static1/unpack001/.exe/USBDeview.exe	Nirsoft
static1/unpack007/out.upx	Nirsoft
static1/unpack001/.exe/WinPrefetchView.exe	Nirsoft
static1/unpack001/.txt/AppReadWriteCounter.exe	Nirsoft
static1/unpack001/.txt/BrowsingHistoryView.exe	Nirsoft
static1/unpack009/out.upx	Nirsoft
static1/unpack001/.txt/ExecutedProgramsList.exe	Nirsoft
static1/unpack001/.txt/LastActivityView.exe	Nirsoft
static1/unpack001/.txt/PreviousFilesRecovery.exe	Nirsoft
static1/unpack001/.txt/RegScanner.exe	Nirsoft
static1/unpack001/.txt/TurnedOnTimesView.exe	Nirsoft
static1/unpack001/.txt/USBDeview.exe	Nirsoft
static1/unpack001/.txt/WinPrefetchView.exe	Nirsoft

UPX packed file 12 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/.exe/CProcess.exe	upx
static1/unpack001/.exe/MUICacheView.exe	upx
static1/unpack001/.exe/RecentFilesView.exe	upx
static1/unpack001/.exe/ShellBagsView.exe	upx
static1/unpack001/.exe/UserAssistView.exe	upx
static1/unpack001/.exe/zipinst.exe	upx
static1/unpack001/.txt/CProcess.exe	upx
static1/unpack001/.txt/MUICacheView.exe	upx
static1/unpack001/.txt/RecentFilesView.exe	upx
static1/unpack001/.txt/ShellBagsView.exe	upx
static1/unpack001/.txt/UserAssistView.exe	upx
static1/unpack001/.txt/zipinst.exe	upx

Detects Pyinstaller 2 IoCs

pyinstaller

resource	yara_rule
static1/unpack001/.exe/TrappedV2.exe	pyinstaller
static1/unpack001/.txt/TrappedV2.exe	pyinstaller

Unsigned PE 23 IoCs

Checks for missing Authenticode signature.

resource
unpack001/.exe/CProcess.exe
unpack002/out.upx
unpack001/.exe/JournalTrace.exe
unpack001/.exe/MUICacheView.exe
unpack003/out.upx
unpack004/out.upx
unpack005/out.upx
unpack001/.exe/TrappedV2.exe
unpack001/.exe/UserAssistView.exe
unpack007/out.upx
unpack001/.exe/WinDefThreatsView.exe
unpack001/.exe/zipinst.exe
unpack008/out.upx
unpack001/.exe/💀Death💀Run Scan.exe
unpack001/.txt/CProcess.exe
unpack009/out.upx
unpack001/.txt/JournalTrace.exe
unpack001/.txt/MUICacheView.exe
unpack001/.txt/TrappedV2.exe
unpack001/.txt/UserAssistView.exe
unpack001/.txt/WinDefThreatsView.exe
unpack001/.txt/zipinst.exe
unpack001/.txt/💀Death💀Run Scan.exe

Files

a5d4495d1a2600f38d01586220f2417b.bin
.rar
.exe/AppReadWriteCounter.cfg
.exe/AppReadWriteCounter.exe
.exe windows:4 windows x64 arch:x64

d5309dcabae4629d63f2b007b4cd884b

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:12:0b:0c:86:d6:98:a5:84:46:4e:b2:67:cc:c3:0e:ae:77:65:ee:21:8f:e3:48:b8:5c:fe:0b:af:c0:dd:6a
Signer

Actual PE Digest

59:12:0b:0c:86:d6:98:a5:84:46:4e:b2:67:cc:c3:0e:ae:77:65:ee:21:8f:e3:48:b8:5c:fe:0b:af:c0:dd:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\AppReadWriteCounter\x64\Release\AppReadWriteCounter.pdb

Imports

msvcrt

__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_initterm
__dllonexit
_wcslwr
strlen
qsort
_itow
_wcsnicmp
memmove
malloc
free
modf
__setusermatherr
_commode
_fmode
__set_app_type
_onexit
wcschr
wcsrchr
wcstoul
wcscmp
_memicmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
wcslen
_wtoi
memcmp
_purecall
_wcsicmp
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Add
ImageList_Create
ord17
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

Process32FirstW
GetCurrentProcessId
ExitProcess
ReadProcessMemory
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
EnumResourceTypesW
GetStartupInfoW
SizeofResource
DeleteFileW
SetErrorMode
Sleep
ExpandEnvironmentStringsW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetSystemTimeAsFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
FormatMessageW
GetLastError
GetTickCount
GetVersionExW
GetTimeFormatW
FindResourceW
GetFileAttributesW
WriteFile
LoadResource
SystemTimeToTzSpecificLocalTime
ReadFile
LoadLibraryExW
GetModuleFileNameW
CreateFileW
GlobalAlloc
GetSystemDirectoryW
CloseHandle
GetDateFormatW
GetWindowsDirectoryW
GetTempFileNameW
WideCharToMultiByte
FileTimeToLocalFileTime
GetCurrentProcess
lstrlenW
GetNumberFormatW
GetFileSize
LockResource
LocalFree
GlobalUnlock
GetLocaleInfoW
lstrcpyW
GlobalLock
GetTempPathW
GetPrivateProfileStringW
WritePrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
GetStdHandle

user32

SetForegroundWindow
GetMonitorInfoW
GetDC
ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SendDlgItemMessageW
MonitorFromWindow
EndDialog
GetDlgItem
DrawFrameControl
SetWindowTextW
UpdateWindow
InvalidateRect
SendMessageW
GetWindowRect
SetDlgItemTextW
GetDlgItemInt
SetWindowLongPtrW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
SetWindowPlacement
EndPaint
DeferWindowPos
BeginPaint
CreateWindowExW
GetClientRect
SetMenu
TranslateAcceleratorW
SetWindowPos
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
MessageBoxW
LoadIconW
LoadImageW
GetWindowLongW
DestroyIcon
GetSysColor
SetWindowLongW
SetFocus
GetMenuItemCount
SetClipboardData
EnableWindow
MapWindowPoints
GetCursorPos
CheckMenuRadioItem
GetMenuStringW
MoveWindow
CloseClipboard
GetMenu
GetParent
EmptyClipboard
EnableMenuItem
OpenClipboard
GetClassNameW
CheckMenuItem
GetSubMenu
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
GetKeyState
KillTimer
DispatchMessageW
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
IsDialogMessageW
GetMessageW
EndDeferWindowPos
TranslateMessage
SetTimer
BeginDeferWindowPos
DrawTextExW
GetWindow

gdi32

DeleteObject
GetTextExtentPoint32W
GetStockObject
SetBkColor
CreateCompatibleBitmap
StretchBlt
SetStretchBltMode
GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

GetTokenInformation
OpenProcessToken

shell32

ShellExecuteExW
Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteW

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/BrowserDownloadsView.cfg
.exe/BrowserDownloadsView.exe
.exe windows:4 windows x64 arch:x64

5ac915ae42a52a330ec9dcb68992769b

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:02:f6:25:3e:92:47:c0:cf:a4:c2:ec:1e:b9:f0:01:61:11:1d:66:b9:61:10:a8:79:fa:93:b3:22:78:d6:24
Signer

Actual PE Digest

32:02:f6:25:3e:92:47:c0:cf:a4:c2:ec:1e:b9:f0:01:61:11:1d:66:b9:61:10:a8:79:fa:93:b3:22:78:d6:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\BrowserDownloadsView\x64\Release\BrowserDownloadsView.pdb

Imports

msvcrt

_wcmdln
__wgetmainargs
_initterm
_wcsupr
_beginthreadex
_msize
_endthreadex
strftime
_gmtime64
realloc
strcmp
exit
_wcslwr
strlen
qsort
_wcsnicmp
memmove
modf
wcschr
memcmp
wcstoul
wcsrchr
_onexit
__C_specific_handler
_cexit
_exit
_c_exit
_XcptFilter
malloc
swscanf
_memicmp
free
_wcsicmp
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
_itow
_wtoi
_purecall
wcslen
wcscpy
memset
wcscat
_snwprintf
wcsncat
__setusermatherr
_commode
_fmode
__set_app_type
__dllonexit
sprintf
wcscmp
_stricmp

comctl32

ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

AreFileApisANSI
GetDiskFreeSpaceA
WaitForSingleObjectEx
GetSystemTime
GetFullPathNameA
LockFile
FlushViewOfFile
GetFullPathNameW
HeapValidate
UnlockFile
DeleteFileA
OutputDebugStringW
HeapReAlloc
CreateFileA
UnlockFileEx
CopyFileW
GetStartupInfoW
GetTempPathA
HeapCreate
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
FileTimeToSystemTime
SystemTimeToFileTime
GetDriveTypeW
CompareFileTime
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetTickCount
GlobalLock
GlobalAlloc
GlobalUnlock
WideCharToMultiByte
MultiByteToWideChar
GetNumberFormatW
GetDateFormatW
lstrlenW
LockResource
GetTempFileNameW
LocalFree
GetCurrentProcess
lstrcpyW
GetLocaleInfoW
GetFileSize
GetTempPathW
LocalFileTimeToFileTime
SizeofResource
GetLastError
FindFirstFileW
FormatMessageW
SetFilePointer
GetVersionExW
FindNextFileW
GetTimeFormatW
FindClose
GetFileAttributesW
WriteFile
FindResourceW
TzSpecificLocalTimeToSystemTime
ReadFile
LoadResource
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
CreateFileW
CloseHandle
LoadLibraryExW
GetWindowsDirectoryW
GetSystemDirectoryW
FileTimeToLocalFileTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetPrivateProfileStringW
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetStdHandle
GetCurrentDirectoryW
GlobalFree
DeleteFileW
ResumeThread
SetErrorMode
Sleep
CreateThread
CreateProcessW
ExpandEnvironmentStringsW
ExitProcess
GetCurrentProcessId
ReadProcessMemory
OpenProcess
EnumResourceTypesW
GetSystemInfo
GetProcessHeap
CreateMutexW
FlushFileBuffers
HeapCompact
FormatMessageA
InitializeCriticalSection
GetFileAttributesExW
SetEndOfFile
HeapSize
DeleteCriticalSection
HeapAlloc
GetCurrentThreadId
LockFileEx
OutputDebugStringA
EnterCriticalSection
QueryPerformanceCounter
GetDiskFreeSpaceW
HeapFree
HeapDestroy
GetVersionExA
LeaveCriticalSection

user32

SetForegroundWindow
MonitorFromWindow
GetMonitorInfoW
PostQuitMessage
RemoveMenu
TrackPopupMenu
RegisterWindowMessageW
GetDC
ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetWindowPos
GetWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
DrawFrameControl
SetWindowTextW
UpdateWindow
SendMessageW
InvalidateRect
SetDlgItemTextW
GetWindowRect
GetDlgItemTextW
SetWindowLongPtrW
GetDlgItemInt
GetWindowPlacement
GetSystemMetrics
SetDlgItemInt
EndPaint
DeferWindowPos
BeginPaint
CreateWindowExW
GetClientRect
SetMenu
TranslateAcceleratorW
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
MessageBoxW
LoadImageW
DestroyIcon
GetSysColor
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
EmptyClipboard
EnableMenuItem
GetClassNameW
OpenClipboard
GetSubMenu
InsertMenuItemW
CheckMenuItem
GetMenuItemCount
SetClipboardData
GetCursorPos
CheckMenuRadioItem
EnableWindow
GetMenuStringW
MapWindowPoints
CloseClipboard
GetMenu
MoveWindow
TranslateMessage
DispatchMessageW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
LoadIconW
SetMenuItemInfoW
GetKeyState
CreatePopupMenu
GetMessageW
DrawTextExW
GetFocus
RegisterClipboardFormatW
IsDialogMessageW
InsertMenuW

gdi32

SetStretchBltMode
CreateCompatibleBitmap
StretchBlt
GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode
DeleteObject
SetBkColor
GetTextExtentPoint32W
GetStockObject

comdlg32

GetSaveFileNameW
ChooseFontW
FindTextW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptCreateHash

shell32

Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW

ole32

DoDragDrop
OleInitialize
OleUninitialize

Sections

.text
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/BrowsingHistoryView.exe
.exe windows:4 windows x86 arch:x86

daf276dae3c58a9d5ac9457ad075a152

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:62:0b:3f:58:e5:d3:15:11:6f:a4:41:3d:0e:3d:24:33:d4:e0:ed:48:2d:53:3a:4e:34:73:23:5b:07:0f:12
Signer

Actual PE Digest

2b:62:0b:3f:58:e5:d3:15:11:6f:a4:41:3d:0e:3d:24:33:d4:e0:ed:48:2d:53:3a:4e:34:73:23:5b:07:0f:12

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_AddMasked
ImageList_Add
ord17
ImageList_Create
ImageList_ReplaceIcon

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msvcrt

realloc
_beginthreadex
_msize
_wcslwr
qsort
_itow
strchr
_gmtime64
memmove
modf
wcstoul
_memicmp
wcsrchr
strftime
_endthreadex
_wcsnicmp
__dllonexit
malloc
free
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
_ultow
sprintf
_wcsupr
_wtoi
_wcsicmp
wcschr
wcsncat
_snwprintf
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
memcpy
_except_handler3
_controlfp
__set_app_type
memset

wininet

FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW

kernel32

GetStartupInfoW
GetModuleHandleA
GetDiskFreeSpaceW
HeapAlloc
EnterCriticalSection
LockFileEx
SetEndOfFile
InitializeCriticalSection
GetVersionExA
TryEnterCriticalSection
HeapSize
OutputDebugStringA
FormatMessageA
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
CloseHandle
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CompareFileTime
CopyFileW
CreateFileW
DeleteFileW
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetTickCount
SetFilePointerEx
GetLastError
MultiByteToWideChar
FormatMessageW
GetWindowsDirectoryW
FileTimeToLocalFileTime
GlobalLock
GetVersionExW
LocalFree
GetTimeFormatW
lstrcpyW
GetDateFormatW
GetFileAttributesW
GetTempFileNameW
LocalFileTimeToFileTime
LockResource
ReadFile
GetModuleFileNameW
FindFirstFileW
SetFilePointer
lstrlenW
WriteFile
GlobalUnlock
GetTempPathW
GlobalAlloc
FindResourceW
GetSystemDirectoryW
LoadResource
WideCharToMultiByte
FindNextFileW
LoadLibraryExW
SizeofResource
FindClose
DosDateTimeToFileTime
GetCurrentProcess
CreateFileMappingW
OpenProcess
DuplicateHandle
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle
SetErrorMode
GetCurrentDirectoryW
ReadProcessMemory
ExitProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
EnumResourceTypesW
Sleep
GetTempPathA
GetSystemTime
QueryPerformanceCounter
CreateFileMappingA
AreFileApisANSI
HeapDestroy
HeapFree
DeleteFileA
LeaveCriticalSection
GetFileAttributesA
WaitForSingleObject
HeapCreate
GetDiskFreeSpaceA
InterlockedCompareExchange
HeapValidate
GetFullPathNameW
UnlockFile
GetSystemInfo
GetFullPathNameA
FlushViewOfFile
LockFile
WaitForSingleObjectEx
HeapReAlloc
CreateFileA
OutputDebugStringW
FlushFileBuffers
GetFileAttributesExW
UnlockFileEx
CreateMutexW
GetProcessHeap
HeapCompact
DeleteCriticalSection
GetCurrentThreadId

user32

ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetDC
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
GetWindowRect
GetWindowPlacement
GetDlgItemInt
DeferWindowPos
SetDlgItemInt
SetWindowPlacement
CreateWindowExW
BeginPaint
EndPaint
GetWindow
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
InvalidateRect
SetMenu
SetWindowPos
LoadAcceleratorsW
DefWindowProcW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
LoadImageW
LoadIconW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
SetClipboardData
OpenClipboard
CloseClipboard
EmptyClipboard
GetMenuItemCount
CheckMenuRadioItem
MoveWindow
CheckMenuItem
GetCursorPos
GetSubMenu
GetMenu
EnableWindow
MapWindowPoints
InsertMenuItemW
EnableMenuItem
GetClassNameW
ScreenToClient
GetMenuStringW
FillRect
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
CreatePopupMenu
GetKeyState
SetMenuItemInfoW
DispatchMessageW
InsertMenuW
IsDialogMessageW
RemoveMenu
TranslateMessage
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DrawTextExW
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
SetCapture
ReleaseCapture

gdi32

GetTextExtentPoint32W
SetBkColor
GetStockObject
PatBlt
SetStretchBltMode
CreateSolidBrush
StretchBlt
GetObjectW
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetDIBits
DeleteDC
DeleteObject
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode

comdlg32

GetSaveFileNameW
GetOpenFileNameW
FindTextW

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW

shell32

SHGetFileInfoW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 457KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/CProcess.cfg
.exe/CProcess.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/ExecutedProgramsList.cfg
.exe/ExecutedProgramsList.exe
.exe windows:4 windows x86 arch:x86

f9f666a7dc93e67d08bf8ce4f69a541d

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-09-2014 00:00

Not After

12-09-2019 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

eb:92:d0:76:1a:1f:ce:64:36:38:d9:f0:c3:5a:e9:55:0a:6f:37:92
Signer

Actual PE Digest

eb:92:d0:76:1a:1f:ce:64:36:38:d9:f0:c3:5a:e9:55:0a:6f:37:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\ExecutedProgramsList\Release\ExecutedProgramsList.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
__p__commode
__dllonexit
_wcslwr
strlen
qsort
_purecall
_itow
_wcsnicmp
malloc
wcscmp
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_onexit
wcschr
free
modf
_wtoi
_memicmp
memcmp
wcstoul
wcsrchr
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
_wcsicmp
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ord17
ImageList_Add
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GetStdHandle
GetModuleHandleA
EnumResourceTypesW
GetTickCount
SetErrorMode
DeleteFileW
GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
ExitProcess
GetLogicalDrives
GetStartupInfoW
OpenProcess
GetVolumeInformationW
QueryDosDeviceW
FileTimeToSystemTime
SystemTimeToFileTime
GetDriveTypeW
CompareFileTime
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
FindClose
GetFileSize
GetVersionExW
FindFirstFileW
GetTimeFormatW
CloseHandle
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
ReadFile
WriteFile
GetModuleFileNameW
GetNumberFormatW
CreateFileW
LockResource
LocalFree
FindResourceW
LoadResource
lstrlenW
lstrcpyW
SystemTimeToTzSpecificLocalTime
GlobalAlloc
GlobalUnlock
LoadLibraryExW
WideCharToMultiByte
GetTempPathW
GetLastError
GetLocaleInfoW
FindNextFileW
SizeofResource
GlobalLock
GetDateFormatW
GetTempFileNameW
FormatMessageW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
GetLongPathNameW

user32

GetMenuItemInfoW
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
BeginDeferWindowPos
GetKeyState
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetClientRect
CreateWindowExW
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetDlgItem
GetWindowRect
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetWindowPlacement
SetDlgItemTextW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
DeferWindowPos
SetMenu
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadImageW
GetSysColor
GetWindowLongW
SetFocus
CheckMenuItem
GetMenuItemCount
CloseClipboard
GetCursorPos
GetParent
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
ModifyMenuW
SetCursor
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
SetWindowPos
GetDesktopWindow
GetWindowTextW
LoadMenuW
LoadIconW
DestroyIcon
IsDialogMessageW
TranslateMessage
DispatchMessageW
DrawTextExW
EndDeferWindowPos

gdi32

GetTextExtentPoint32W
SetBkColor
GetStockObject
GetDeviceCaps
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject

comdlg32

GetSaveFileNameW
FindTextW

advapi32

RegEnumValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
SHGetFileInfoW
ShellExecuteExW

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/Fortect.lnk
.lnk
.exe/JournalTrace.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Computador\Downloads\JournalTrace\JournalTrace\obj\Debug\JournalTrace.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.exe/LastActivityView.exe
.exe windows:4 windows x86 arch:x86

28d54068583ea348b007c0eb72f71f9c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-09-2014 00:00

Not After

12-09-2019 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba
Signer

Actual PE Digest

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\LastActivityView\Release\LastActivityView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p__fmode
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
calloc
__set_app_type
_controlfp
_except_handler3
_wcmdln
realloc
_msize
_wcslwr
strlen
_purecall
_itow
_wcsnicmp
qsort
free
modf
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
swscanf
malloc
_ultow
wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
wcscpy
memset
_wcsicmp
wcschr
_snwprintf
wcscat
wcsncat

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetCurrentProcessId
ExitProcess
GetLogicalDrives
GetLongPathNameW
QueryDosDeviceW
GetVolumeInformationW
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
FreeLibrary
ReadProcessMemory
DeleteFileW
SetErrorMode
CloseHandle
GetFileSize
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetDriveTypeW
CompareFileTime
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetTickCount
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetLastError
GetCurrentProcess
GetDateFormatW
FindNextFileW
SizeofResource
GetTempFileNameW
GlobalLock
FormatMessageW
FindFirstFileW
GetVersionExW
FindClose
GetTimeFormatW
GetFileAttributesW
FileTimeToLocalFileTime
ReadFile
FindResourceW
WriteFile
GetModuleFileNameW
LocalFree
LoadResource
CreateFileW
TzSpecificLocalTimeToSystemTime
LockResource
SystemTimeToTzSpecificLocalTime
lstrcpyW
MultiByteToWideChar
lstrlenW
LocalFileTimeToFileTime
LoadLibraryExW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle

user32

ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
GetDlgItemInt
SetDlgItemInt
DeferWindowPos
CreateWindowExW
BeginPaint
EndPaint
GetWindow
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
GetWindowRect
GetSystemMetrics
RegisterClassW
PostMessageW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
KillTimer
SetTimer
GetParent
MoveWindow
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DestroyIcon
LoadIconW
DrawTextExW
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
IsDialogMessageW
TranslateMessage
CreatePopupMenu
CallWindowProcW

gdi32

CreateFontIndirectW
SetTextColor
DeleteObject
DeleteDC
GetObjectW
SetBkMode
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetPixel
SetPixel
SelectObject
CreateCompatibleDC

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegEnumValueW
RegConnectRegistryW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
OpenServiceW
OpenSCManagerW
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHBindToParent
SHGetDesktopFolder
SHGetMalloc

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantTimeToSystemTime
SysFreeString
SysAllocString

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/MUICacheView.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/Malwarebytes.lnk
.lnk
.exe/PreviousFilesRecovery.cfg
.exe/PreviousFilesRecovery.exe
.exe windows:4 windows x64 arch:x64

bfaa2c45f3b51a2466bfc8a0101e02ae

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:c4:70:0e:4a:23:50:f0:45:25:dc:87:d9:36:23:a3:a6:3d:36:18:48:22:cb:c5:1c:95:ea:28:1b:bf:91:8c
Signer

Actual PE Digest

1e:c4:70:0e:4a:23:50:f0:45:25:dc:87:d9:36:23:a3:a6:3d:36:18:48:22:cb:c5:1c:95:ea:28:1b:bf:91:8c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\PreviousFilesRecovery\x64\Release\PreviousFilesRecovery.pdb

Imports

msvcrt

__set_app_type
_fmode
_commode
__setusermatherr
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_initterm
_wcslwr
strlen
qsort
_purecall
_wcsnicmp
memmove
modf
_wtoi
wcschr
memcmp
wcstoul
wcsrchr
__wgetmainargs
_wcmdln
exit
_cexit
towupper
wcscmp
malloc
_memicmp
free
_itow
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
wcslen
memcpy
_wcsicmp
wcscpy
memset
wcsncat
_snwprintf
wcscat

comctl32

ImageList_Create
ord17
ImageList_Add
ImageList_SetImageCount
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

EnumResourceNamesW
GetStartupInfoW
GetVolumePathNamesForVolumeNameW
EnumResourceTypesW
OpenProcess
WritePrivateProfileStringW
GetPrivateProfileIntW
GetStdHandle
SetErrorMode
GetCurrentDirectoryW
DeleteFileW
ExpandEnvironmentStringsW
ReadProcessMemory
GetCurrentProcess
GetCurrentProcessId
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
GetTickCount
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
SetFileTime
WriteFile
GetFileAttributesW
GetFileTime
ReadFile
CreateFileW
CloseHandle
GetFileSizeEx
GetLastError
SetFileAttributesW
CreateThread
WideCharToMultiByte
LockResource
lstrcpyW
GetDateFormatW
GlobalUnlock
GetTempFileNameW
GetTempPathW
GetLocaleInfoW
CreateDirectoryW
GetFileSize
GlobalLock
SizeofResource
FormatMessageW
FindFirstFileW
GetVersionExW
FindNextFileW
FindClose
GetTimeFormatW
FindResourceW
GetModuleFileNameW
LoadResource
GetWindowsDirectoryW
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
GlobalAlloc
LoadLibraryExW
lstrlenW
GetNumberFormatW
LocalFree
GetPrivateProfileStringW
ExitProcess

user32

DrawTextExW
TranslateMessage
GetMessageW
IsDialogMessageW
PostQuitMessage
TrackPopupMenu
SetCursor
RegisterWindowMessageW
ShowWindow
LoadCursorW
ChildWindowFromPoint
BeginPaint
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndPaint
EndDialog
SetWindowTextW
GetDlgItem
UpdateWindow
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
InvalidateRect
SetWindowLongPtrW
GetSystemMetrics
GetWindowPlacement
DeferWindowPos
GetWindowRect
SetDlgItemInt
CreateWindowExW
GetDlgItemInt
GetWindow
PostMessageW
SetMenu
SetWindowPos
TranslateAcceleratorW
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
MessageBoxW
LoadImageW
GetSysColor
SetWindowLongW
GetWindowLongW
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
GetParent
MoveWindow
GetDC
EnableMenuItem
ReleaseDC
GetSubMenu
GetClassNameW
OpenClipboard
CheckMenuItem
GetMenuItemCount
GetMenuStringW
SetClipboardData
GetCursorPos
EnableWindow
MapWindowPoints
CloseClipboard
GetMenu
GetSysColorBrush
EmptyClipboard
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DestroyIcon
LoadIconW
GetKeyState
DispatchMessageW

gdi32

GetTextExtentPoint32W
GetStockObject
SetBkColor
GetDeviceCaps
GetObjectW
DeleteDC
SetPixel
GetPixel
SelectObject
CreateCompatibleDC
CreateFontIndirectW
SetBkMode
DeleteObject
SetTextColor

comdlg32

FindTextW
GetSaveFileNameW

shell32

ShellExecuteW
SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/RecentFilesView.exe
.exe windows:4 windows x86 arch:x86

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-09-2014 00:00

Not After

12-09-2019 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30-03-2016 00:00

Not After

30-06-2019 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

18:30:04:81:57:f7:64:ab:79:f0:db:42:ad:23:c7:4b:fb:ec:e8:e2:f1:d4:07:77:ad:ce:ab:fd:52:a5:53:73
Signer

Actual PE Digest

18:30:04:81:57:f7:64:ab:79:f0:db:42:ad:23:c7:4b:fb:ec:e8:e2:f1:d4:07:77:ad:ce:ab:fd:52:a5:53:73

Digest Algorithm

sha256

PE Digest Matches

true

8a:ba:65:93:92:48:ce:e9:49:47:12:09:31:f9:0c:8d:8b:1f:27:f9
Signer

Actual PE Digest

8a:ba:65:93:92:48:ce:e9:49:47:12:09:31:f9:0c:8d:8b:1f:27:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/RegScanner.exe
.exe windows:4 windows x64 arch:x64

91255ff4ffaa6e1db85c5f5840d2b863

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:0a:0c:61:1e:c6:9b:ab:64:5e:84:86:f9:1a:d3:d3:f4:29:44:b1:b3:54:21:a0:4e:73:3b:34:c8:1d:2a:99
Signer

Actual PE Digest

85:0a:0c:61:1e:c6:9b:ab:64:5e:84:86:f9:1a:d3:d3:f4:29:44:b1:b3:54:21:a0:4e:73:3b:34:c8:1d:2a:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\RegScanner\x64\Release\RegScanner.pdb

Imports

msvcrt

__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_initterm
__C_specific_handler
_onexit
__dllonexit
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
__setusermatherr
_commode
_fmode
__set_app_type
_XcptFilter
calloc
isdigit
strncmp
_strlwr
_purecall
_itoa
_strnicmp
_memicmp
_mbctoupper
strcmp
strrchr
malloc
strtol
free
_snprintf
atoi
strtoul
_strcmpi
strchr
_ultoa
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memmove
memcmp
_mbsicmp
_stricmp
memcpy
_mbschr
strlen
strcpy
memset
strncat
sprintf
strcat

comctl32

ImageList_SetImageCount
ImageList_AddMasked
ord6
CreateToolbarEx
ImageList_Create
ord17
ImageList_ReplaceIcon

kernel32

CreateToolhelp32Snapshot
Process32First
Process32Next
SetEnvironmentVariableA
GetCurrentThreadId
Sleep
GetStartupInfoA
SystemTimeToFileTime
FreeLibrary
GetProcAddress
CompareFileTime
GetLocalTime
GetTickCount
GetSystemTimeAsFileTime
MultiByteToWideChar
GetDriveTypeA
CloseHandle
GetLastError
FileTimeToSystemTime
LoadLibraryA
LocalFree
SetFilePointer
GetFileAttributesA
lstrlenA
GetModuleFileNameA
lstrcpyA
GetNumberFormatA
GetLocaleInfoA
GetModuleHandleA
FormatMessageA
LoadLibraryExA
GetWindowsDirectoryA
GetTempFileNameA
ReadFile
GetDateFormatA
GetSystemDirectoryA
WriteFile
SystemTimeToTzSpecificLocalTime
GlobalAlloc
GlobalLock
CreateFileA
GetVersionExA
WideCharToMultiByte
GetFileSize
GlobalUnlock
GetTimeFormatA
FileTimeToLocalFileTime
GetTempPathA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
EnumResourceNamesA
DeleteFileA
OpenProcess
CreateProcessA
GetModuleFileNameW
GetCurrentDirectoryA
ExpandEnvironmentStringsA
GetSystemTime
ExitProcess
GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
RaiseException

user32

ChildWindowFromPoint
ReleaseDC
GetDC
GetSysColorBrush
LoadCursorA
ShowWindow
SetCursor
GetWindow
GetClientRect
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
DeferWindowPos
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
EndPaint
InvalidateRect
SetDlgItemInt
BeginPaint
RegisterClassA
UpdateWindow
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
DispatchMessageA
LoadIconA
TranslateMessage
LoadImageA
PeekMessageA
GetWindowLongA
SetWindowLongA
SetFocus
GetMenuStringA
GetCursorPos
SetClipboardData
EnableWindow
MapWindowPoints
GetSysColor
InsertMenuItemA
GetMenu
OpenClipboard
GetParent
MoveWindow
EmptyClipboard
EnableMenuItem
GetClassNameA
CheckMenuItem
GetSubMenu
CloseClipboard
GetMenuItemCount
EnumChildWindows
DestroyWindow
GetMenuItemInfoA
GetWindowTextA
LoadMenuA
ModifyMenuA
LoadStringA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
CreateDialogParamA
IsDialogMessageA
EndDeferWindowPos
TrackPopupMenu
PostQuitMessage
GetMessageA
RegisterWindowMessageA
GetFocus
BeginDeferWindowPos
DeleteMenu
GetClipboardData
GetWindowThreadProcessId
EnumWindows
AttachThreadInput
SetForegroundWindow

gdi32

GetStockObject
GetTextExtentPoint32A
SetBkColor
CreateFontIndirectA
SetBkMode
DeleteObject
SetTextColor
GetDeviceCaps

comdlg32

FindTextA
GetOpenFileNameA
GetSaveFileNameA
ChooseFontA

advapi32

ChangeServiceConfigA
StartServiceA
ControlService
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegEnumValueA
RegCreateKeyA
RegQueryValueExW
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
QueryServiceStatus
RegCloseKey
RegGetKeySecurity
RegConnectRegistryA
RegQueryValueExA
RegDeleteValueA

shell32

ShellExecuteA
ShellExecuteExA

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/ShellBagsView.cfg
.exe/ShellBagsView.exe
.exe windows:4 windows x86 arch:x86

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fc:b0:11:8c:23:7a:7d:a5:fd:ac:a0:28:ad:6a:c9:b8:ba:56:98:4a:f2:d2:35:45:90:fe:da:4d:90:40:e5:af
Signer

Actual PE Digest

fc:b0:11:8c:23:7a:7d:a5:fd:ac:a0:28:ad:6a:c9:b8:ba:56:98:4a:f2:d2:35:45:90:fe:da:4d:90:40:e5:af

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/System Informer.lnk
.lnk
.exe/TrappedV2.exe
.exe windows:5 windows x64 arch:x64

ba5546933531fafa869b1f86a4e2a959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
GetProcAddress
GetModuleFileNameW
SetDllDirectoryW
FreeLibrary
GetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
HeapReAlloc
GetFileAttributesExW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
SetEndOfFile

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
TrappedV2.pyc
.exe/TurnedOnTimesView.exe
.exe windows:4 windows x86 arch:x86

17bc116ee0537df40a79053f4ac264f7

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:de:c0:13:f8:cf:1d:38:5d:7b:45:75:88:61:dd:2f:e5:27:6e:c5:cc:ce:6e:dc:85:b6:80:c0:63:cf:d8:fd
Signer

Actual PE Digest

59:de:c0:13:f8:cf:1d:38:5d:7b:45:75:88:61:dd:2f:e5:27:6e:c5:cc:ce:6e:dc:85:b6:80:c0:63:cf:d8:fd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\VS2005\TurnedOnTimesView\Release\TurnedOnTimesView.pdb

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
__p__commode
_onexit
__dllonexit
strlen
_wcslwr
_itow
_wcsnicmp
memmove
wcsrchr
wcstoul
__p__fmode
__set_app_type
_controlfp
_except_handler3
_c_exit
towupper
wcscmp
malloc
swscanf
_wcsicmp
free
_memicmp
modf
wcschr
memcmp
qsort
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
_purecall
_wtoi
wcscpy
memset
_snwprintf
wcsncat
wcscat

comctl32

ImageList_ReplaceIcon
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

ExitProcess
ReadProcessMemory
GetCurrentProcessId
GetComputerNameW
DeleteFileW
SetErrorMode
OpenProcess
EnumResourceTypesW
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoW
GetLastError
GetStdHandle
GetPrivateProfileIntW
WritePrivateProfileStringW
EnumResourceNamesW
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
GetModuleHandleW
GetProcAddress
FreeLibrary
ReadFile
SystemTimeToTzSpecificLocalTime
GetModuleFileNameW
CreateFileW
LoadLibraryExW
GlobalAlloc
LockResource
GetSystemDirectoryW
MultiByteToWideChar
LocalFree
lstrlenW
WideCharToMultiByte
lstrcpyW
GlobalUnlock
LocalFileTimeToFileTime
GetTempPathW
GetCurrentProcess
GetDateFormatW
LoadLibraryW
GetTempFileNameW
GetFileSize
GlobalLock
SizeofResource
FindFirstFileW
FindNextFileW
FormatMessageW
GetVersionExW
FindClose
GetTimeFormatW
GetFileAttributesW
FindResourceW
CloseHandle
WriteFile
GetWindowsDirectoryW
LoadResource
FileTimeToLocalFileTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetPrivateProfileStringW

user32

GetMessageW
PostQuitMessage
TrackPopupMenu
DispatchMessageW
RegisterWindowMessageW
DrawTextExW
LoadCursorW
SetCursor
GetSysColorBrush
TranslateMessage
ChildWindowFromPoint
SetDlgItemTextW
GetDlgItemTextW
InvalidateRect
GetSystemMetrics
GetWindowRect
GetWindowPlacement
DeferWindowPos
GetDlgItemInt
SetDlgItemInt
CreateWindowExW
GetWindow
BeginPaint
SetWindowPlacement
GetClientRect
EndPaint
DrawFrameControl
SendDlgItemMessageW
EndDialog
SetWindowLongW
SetWindowTextW
GetDlgItem
UpdateWindow
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
LoadAcceleratorsW
DefWindowProcW
LoadIconW
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetParent
GetMenu
EmptyClipboard
GetSubMenu
GetDC
EnableMenuItem
MoveWindow
ReleaseDC
GetClassNameW
OpenClipboard
CheckMenuItem
GetMenuItemCount
GetMenuStringW
SetClipboardData
EnableWindow
MapWindowPoints
GetCursorPos
CloseClipboard
EnumChildWindows
LoadStringW
SetWindowPos
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetDlgCtrlID
GetMenuItemInfoW
DestroyMenu
DialogBoxParamW
CreateDialogParamW
IsDialogMessageW
ShowWindow

gdi32

GetTextExtentPoint32W
GetStockObject
SetBkColor
GetDeviceCaps
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

ConvertStringSidToSidW
LookupAccountSidW

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/USBDeview.exe
.exe windows:4 windows x86 arch:x86

873299b7b29e6fadb2fb6a515be27b27

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:32:07:2d:75:02:c6:1c:a7:8b:80:a6:65:08:5a:44:26:47:80:19:38:ca:43:0c:81:b6:17:8d:b1:b0:41:4f
Signer

Actual PE Digest

5b:32:07:2d:75:02:c6:1c:a7:8b:80:a6:65:08:5a:44:26:47:80:19:38:ca:43:0c:81:b6:17:8d:b1:b0:41:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\VS2005\USBDeview\Release\USBDeview.pdb

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
_onexit
__dllonexit
atol
_mbsrchr
_mbsicmp
qsort
_strlwr
_mbschr
memmove
_strnicmp
modf
strchr
memcmp
_memicmp
strrchr
strcmp
malloc
_strcmpi
free
strtoul
srand
rand
abs
_strupr
_itoa
??3@YAXPAX@Z
??2@YAPAXI@Z
strlen
memcpy
_purecall
_stricmp
_snprintf
atoi
strcpy
memset
strncat
sprintf
strcat

comctl32

CreateToolbarEx
ord6
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
ImageList_Add

ws2_32

send
WSAAsyncSelect
WSAAsyncGetHostByName
connect
inet_addr
htonl
WSAGetLastError
htons
bind
socket
WSASetLastError
closesocket
WSAStartup
WSACleanup

kernel32

Process32Next
OpenProcess
SetEnvironmentVariableA
GetCurrentThreadId
DeviceIoControl
GetStartupInfoA
FreeLibrary
Process32First
CreateToolhelp32Snapshot
ReadProcessMemory
ExitProcess
GetCurrentProcessId
Sleep
SetErrorMode
ExpandEnvironmentStringsA
CreateProcessA
GetStdHandle
GetProcAddress
GetPrivateProfileStringA
WinExec
GetModuleFileNameA
GetComputerNameA
GetLastError
CompareFileTime
FileTimeToSystemTime
LoadLibraryA
GetModuleHandleA
SystemTimeToFileTime
GetLogicalDrives
GetWindowsDirectoryA
GetDriveTypeA
GetDiskFreeSpaceExA
DeleteFileA
CreateThread
CreateFileA
GetTickCount
WriteFile
ReadFile
FlushFileBuffers
CloseHandle
GetCurrentProcess
GetFileSize
GetTempFileNameA
GetSystemDirectoryA
GlobalAlloc
GlobalLock
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetTimeFormatA
GlobalUnlock
FileTimeToLocalFileTime
GetTempPathA
LocalFree
GetFileAttributesA
SystemTimeToTzSpecificLocalTime
FormatMessageA
LoadLibraryExA
GetDateFormatA
EnumResourceNamesA
GetPrivateProfileIntA
WritePrivateProfileStringA

user32

GetWindowThreadProcessId
SetForegroundWindow
AttachThreadInput
EnumWindows
RemoveMenu
SetTimer
GetSysColorBrush
ShowWindow
LoadCursorA
DispatchMessageA
GetDC
ReleaseDC
SetCursor
GetWindow
GetClientRect
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
DeferWindowPos
EndPaint
EndDialog
GetDlgItem
CreateWindowExA
InvalidateRect
SetDlgItemInt
BeginPaint
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
RegisterClassA
UpdateWindow
LoadImageA
GetSysColor
GetWindowLongA
SetWindowLongA
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetWindowTextA
MoveWindow
InsertMenuItemA
CheckMenuItem
OpenClipboard
GetMenu
EmptyClipboard
EnableMenuItem
GetParent
GetClassNameA
CloseClipboard
GetMenuItemCount
SetClipboardData
EnableWindow
MapWindowPoints
GetSubMenu
GetMenuStringA
GetCursorPos
CheckMenuRadioItem
ModifyMenuA
CreateDialogParamA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
DestroyWindow
EnumChildWindows
GetMenuItemInfoA
LoadMenuA
LoadStringA
CreatePopupMenu
LoadIconA
SetMenuItemInfoA
GetKeyState
GetMessageA
TranslateMessage
KillTimer
IsDialogMessageA
DrawTextExA
InsertMenuA
TrackPopupMenu
RegisterWindowMessageA
PostQuitMessage
ChildWindowFromPoint

gdi32

GetTextExtentPoint32A
SetBkMode
SetStretchBltMode
StretchBlt
SetBkColor
GetStockObject
GetPixel
GetObjectA
DeleteDC
CreateFontIndirectA
GetDeviceCaps
DeleteObject
SetTextColor
CreateCompatibleDC
SelectObject
SetPixel
CreateCompatibleBitmap

comdlg32

ChooseFontA
FindTextA
GetSaveFileNameA

advapi32

CloseServiceHandle
StartServiceA
OpenServiceA
ChangeServiceConfigA
OpenSCManagerA
ControlService
RegCloseKey
QueryServiceStatus
RegCreateKeyA
RegLoadKeyA
RegUnLoadKeyA
RegConnectRegistryA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam

shell32

SHGetFileInfoA
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA

ole32

CoCreateInstance

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/UninstallView.cfg
.exe/UninstallView.exe
.exe windows:4 windows x64 arch:x64

921a4bc38e6179c3fa72481db7c176f4

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:09:f8:2b:32:1c:0e:2c:25:7e:5b:41:14:1e:99:9d:d4:ba:1d:f4:ce:b6:16:8c:21:58:df:d9:5a:98:dd:fc
Signer

Actual PE Digest

a3:09:f8:2b:32:1c:0e:2c:25:7e:5b:41:14:1e:99:9d:d4:ba:1d:f4:ce:b6:16:8c:21:58:df:d9:5a:98:dd:fc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\UninstallView\x64\Release\UninstallView.pdb

Imports

msvcrt

__wgetmainargs
_wcmdln
exit
_initterm
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
__setusermatherr
_commode
_fmode
__set_app_type
_cexit
strlen
qsort
_wcslwr
_itow
memmove
_memicmp
malloc
free
modf
wcschr
memcmp
wcsrchr
wcstoul
towupper
wcscmp
_ultow
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
_wcsicmp
wcsncmp
wcslen
_wcsnicmp
_wtoi
_purecall
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_SetImageCount
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW
ord17
ImageList_Create
ImageList_ReplaceIcon
ImageList_Add

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

mpr

WNetGetUniversalNameW

kernel32

GetCurrentThreadId
SetEnvironmentVariableW
Sleep
EnumResourceTypesW
CreateThread
GetStartupInfoW
OpenProcess
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetDriveTypeW
GetLogicalDrives
GetTickCount
FindFirstFileW
FormatMessageW
GetLastError
GetVersionExW
FindNextFileW
GetTimeFormatW
WriteFile
FindClose
GetFileAttributesW
FindResourceW
LoadResource
SystemTimeToTzSpecificLocalTime
ReadFile
GetModuleFileNameW
LoadLibraryExW
GlobalAlloc
CreateFileW
GetSystemDirectoryW
CloseHandle
GetWindowsDirectoryW
GetDateFormatW
WideCharToMultiByte
FileTimeToLocalFileTime
GetTempFileNameW
MultiByteToWideChar
GetCurrentProcess
lstrlenW
GetNumberFormatW
LockResource
GetFileSize
LocalFree
GlobalUnlock
GetLocaleInfoW
lstrcpyW
GlobalLock
GetTempPathW
SizeofResource
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetStdHandle
SetErrorMode
CreateProcessW
GetCurrentDirectoryW
DeleteFileW
ExpandEnvironmentStringsW
GetCurrentProcessId
ReadProcessMemory
ExitProcess

user32

ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
SetWindowPos
GetWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
GetDC
SetWindowTextW
UpdateWindow
SendMessageW
InvalidateRect
SetDlgItemTextW
GetWindowRect
GetDlgItemTextW
SetWindowLongPtrW
GetDlgItemInt
GetWindowPlacement
GetSystemMetrics
SetDlgItemInt
EndPaint
DeferWindowPos
BeginPaint
CreateWindowExW
GetClientRect
SetMenu
TranslateAcceleratorW
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
MessageBoxW
DestroyIcon
GetParent
LoadImageW
LoadIconW
GetSysColor
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
ChildWindowFromPoint
SetTimer
GetMenuItemCount
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
CheckMenuRadioItem
GetMenuStringW
CloseClipboard
MoveWindow
GetMenu
EmptyClipboard
EnableMenuItem
OpenClipboard
GetClassNameW
GetSubMenu
CheckMenuItem
InsertMenuItemW
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
SetMenuItemInfoW
GetKeyState
CreatePopupMenu
IsDialogMessageW
RegisterWindowMessageW
TrackPopupMenu
TranslateMessage
PostQuitMessage
GetMessageW
InsertMenuW
DrawTextExW
RemoveMenu
DispatchMessageW
GetMonitorInfoW
MonitorFromWindow
AttachThreadInput
SetForegroundWindow
GetWindowThreadProcessId
EnumWindows
KillTimer
DrawFrameControl

gdi32

SetBkMode
SetBkColor
DeleteObject
GetStockObject
CreateCompatibleBitmap
StretchBlt
SetStretchBltMode
CreateCompatibleDC
GetObjectW
DeleteDC
GetPixel
SetPixel
CreateFontIndirectW
SetTextColor
SelectObject
GetTextExtentPoint32W
GetDeviceCaps

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

OpenProcessToken
GetTokenInformation
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
GetFileSecurityW
RegDeleteKeyW
OpenServiceW
ControlService
GetUserNameW
OpenSCManagerW
CloseServiceHandle
ChangeServiceConfigW
RegConnectRegistryW
QueryServiceStatus
StartServiceW
RegQueryInfoKeyW

shell32

ExtractIconExW
ShellExecuteExW
ShellExecuteW
SHGetFileInfoW
Shell_NotifyIconW

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/UserAssistView.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/WinDefThreatsView.cfg
.exe/WinDefThreatsView.exe
.exe windows:4 windows x64 arch:x64

2cc230829837d561baa83269873acd4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\WinDefThreatsView\x64\Release\WinDefThreatsView.pdb

Imports

msvcrt

__wgetmainargs
_wcmdln
exit
_cexit
_exit
_initterm
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_wtoi64
_wcslwr
strlen
__setusermatherr
_commode
_fmode
__set_app_type
_c_exit
qsort
_wcsnicmp
free
_wcsicmp
modf
wcschr
memcmp
wcsrchr
wcstoul
wcscmp
malloc
_memicmp
swscanf
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
wcslen
_ultow
_itow
_purecall
_snwprintf
wcscat
memset
wcscpy
_wtoi
wcsncat

comctl32

ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetExitCodeProcess
SetErrorMode
WaitForSingleObject
ExitProcess
GetCurrentProcessId
ReadProcessMemory
OpenProcess
EnumResourceTypesW
GetStartupInfoW
LocalFree
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetTickCount
lstrcpyW
GlobalUnlock
GetTempPathW
GlobalLock
SizeofResource
FormatMessageW
GetLastError
GetVersionExW
GetTimeFormatW
GetFileAttributesW
WriteFile
FindResourceW
LoadResource
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
CreateFileW
CloseHandle
GlobalAlloc
GetWindowsDirectoryW
GetSystemDirectoryW
FileTimeToLocalFileTime
GetDateFormatW
WideCharToMultiByte
lstrlenW
GetCurrentProcess
LockResource
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetStdHandle
GetDriveTypeW
DeleteFileW

user32

ChildWindowFromPoint
GetDC
ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
SetWindowPos
GetWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
DrawFrameControl
SetWindowTextW
UpdateWindow
SendMessageW
InvalidateRect
SetDlgItemTextW
GetWindowRect
GetDlgItemTextW
SetWindowLongPtrW
GetDlgItemInt
GetWindowPlacement
GetSystemMetrics
SetDlgItemInt
EndPaint
DeferWindowPos
BeginPaint
CreateWindowExW
GetClientRect
SetMenu
TranslateAcceleratorW
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
MessageBoxW
LoadImageW
DestroyIcon
GetSysColor
SetWindowLongW
GetWindowLongW
BeginDeferWindowPos
EndDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
OpenClipboard
GetClassNameW
GetSubMenu
CheckMenuItem
GetMenuItemCount
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenuStringW
CloseClipboard
MoveWindow
GetMenu
EmptyClipboard
EnableMenuItem
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
LoadIconW
GetKeyState
DispatchMessageW
RegisterWindowMessageW
IsDialogMessageW
TrackPopupMenu
PostQuitMessage
TranslateMessage
GetMessageW
DrawTextExW
MonitorFromWindow
GetMonitorInfoW
SetForegroundWindow

gdi32

DeleteDC
SetPixel
GetObjectW
CreateFontIndirectW
GetDeviceCaps
SetBkMode
DeleteObject
GetPixel
SetTextColor
GetTextExtentPoint32W
GetStockObject
SetBkColor
SetStretchBltMode
CreateCompatibleBitmap
StretchBlt
SelectObject
CreateCompatibleDC

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

OpenProcessToken
GetTokenInformation

shell32

SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW

ole32

CoSetProxyBlanket
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SafeArrayDestroy
SafeArrayPutElement
SysAllocString
SafeArrayCreate
SysFreeString

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/WinPrefetchView.exe
.exe windows:4 windows x64 arch:x64

89421e1903928ddf253a9167e7b060ae

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:cd:71:53:7c:7a:f0:f6:c0:04:a5:23:78:6c:fe:79:4f:87:5a:63:96:46:51:60:0c:56:02:a3:0d:4a:25:99
Signer

Actual PE Digest

3e:cd:71:53:7c:7a:f0:f6:c0:04:a5:23:78:6c:fe:79:4f:87:5a:63:96:46:51:60:0c:56:02:a3:0d:4a:25:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\Projects\VS2005\WinPrefetchView\x64\Release\WinPrefetchView.pdb

Imports

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__setusermatherr
_onexit
__dllonexit
strlen
qsort
_wcslwr
wcstoul
wcsrchr
wcscmp
_ultow
_memicmp
_commode
_fmode
__set_app_type
__C_specific_handler
malloc
_wcsicmp
free
modf
wcschr
memcmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
wcslen
_itow
_wcsnicmp
_purecall
_wtoi
wcscpy
memset
_snwprintf
wcsncat
wcscat

comctl32

ord17
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
CreateStatusWindowW
CreateToolbarEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetDriveTypeW
GetVolumeInformationW
QueryDosDeviceW
GetLongPathNameW
GetLogicalDrives
GetCurrentProcessId
ExitProcess
OpenProcess
EnumResourceTypesW
GetStartupInfoW
GlobalAlloc
ReadProcessMemory
GetCurrentProcess
SetErrorMode
GlobalFree
CompareFileTime
SystemTimeToFileTime
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
FreeLibrary
SystemTimeToTzSpecificLocalTime
CreateFileW
LoadLibraryExW
CloseHandle
GetSystemDirectoryW
GetWindowsDirectoryW
FileTimeToLocalFileTime
WideCharToMultiByte
lstrlenW
LocalFree
GetNumberFormatW
LockResource
lstrcpyW
GetDateFormatW
GlobalUnlock
GetTempFileNameW
GetLocaleInfoW
GetTempPathW
GlobalLock
GetFileSize
SizeofResource
FormatMessageW
FindFirstFileW
GetLastError
GetVersionExW
GetModuleHandleW
GetTimeFormatW
FindNextFileW
GetFileAttributesW
FindClose
WriteFile
FindResourceW
ReadFile
LoadResource
GetModuleFileNameW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
DeleteFileW

user32

FillRect
SetCapture
ReleaseCapture
RegisterClipboardFormatW
DrawTextExW
ChildWindowFromPoint
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
SetWindowTextW
DispatchMessageW
UpdateWindow
SetDlgItemTextW
BeginPaint
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
EndPaint
GetWindow
DrawFrameControl
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
PostMessageW
SendMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetWindowPlacement
SetMenu
LoadImageW
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
CloseClipboard
GetMenu
GetParent
EmptyClipboard
MoveWindow
EnableMenuItem
GetDC
OpenClipboard
ReleaseDC
GetClassNameW
GetSubMenu
CheckMenuItem
GetMenuItemCount
SetClipboardData
GetCursorPos
EnableWindow
MapWindowPoints
GetSysColor
GetMenuStringW
ScreenToClient
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
SetWindowPos
LoadIconW
DestroyIcon
GetFocus
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
IsDialogMessageW
TranslateMessage
SetDlgItemInt

gdi32

DeleteObject
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
PatBlt
SelectObject
CreateSolidBrush
SetTextColor
CreateFontIndirectW
SetBkMode

comdlg32

FindTextW
GetSaveFileNameW

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/tcpview64.exe
.exe windows:6 windows x64 arch:x64

5e3837ab1131c4430d2981643ad233ba

Code Sign

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:31

Not After

02-12-2021 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ce:14:ca:3a:e1:6d:97:f2:14:51:b5:87:37:6d:5e:94:cd:21:9e:a0:4c:20:f6:53:7c:fb:e9:98:62:f3:ec:82
Signer

Actual PE Digest

ce:14:ca:3a:e1:6d:97:f2:14:51:b5:87:37:6d:5e:94:cd:21:9e:a0:4c:20:f6:53:7c:fb:e9:98:62:f3:ec:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\exe\x64\Release\TcpView64.pdb

Imports

kernel32

CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
FreeLibrary
LoadLibraryExA
LoadLibraryExW
TrySubmitThreadpoolCallback
MultiByteToWideChar
WideCharToMultiByte
LocalFree
FormatMessageW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetNumberFormatEx
GetCommandLineW
CreateDirectoryW
SetThreadPriority
SetPriorityClass
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryW
lstrcmpW
DecodePointer
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
lstrcmpiW
CreateThread
TerminateThread
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetTickCount64
FileTimeToSystemTime
WriteConsoleW
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetFileSize
GetThreadContext
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetFileType
SetConsoleCtrlHandler
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
TryAcquireSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetStringTypeW
FormatMessageA
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
SetFilePointer
DebugBreak
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
GetACP
SuspendThread
IsWow64Process
WriteProcessMemory
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
VirtualAllocEx
OpenProcess
CreateProcessW
CreateProcessA
ResumeThread
GetExitCodeProcess
TerminateProcess
ExitProcess
WaitForSingleObject
GetEnvironmentVariableW
GetEnvironmentVariableA
VerifyVersionInfoW
lstrlenW
GetCurrentThread
CloseHandle
GetTempPathW
WriteFile
CreateFileW
VerSetConditionMask
GetModuleFileNameW
GetCurrentThreadId
RtlUnwind
DeleteCriticalSection
InitializeCriticalSectionEx
SetThreadContext
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
WritePrivateProfileStructW
GetPrivateProfileStructW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
GlobalLock
GlobalUnlock
IsValidCodePage
GlobalAlloc

user32

RemoveMenu
AppendMenuW
GetMenuItemID
GetSubMenu
CreatePopupMenu
LoadMenuW
LoadAcceleratorsW
GetKeyState
CharNextW
CharLowerW
PostQuitMessage
GetMessagePos
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DrawFrameControl
SetMenuDefaultItem
LoadStringA
LoadIconW
SetRectEmpty
DestroyIcon
MonitorFromPoint
UnhookWindowsHookEx
MessageBoxW
LockWindowUpdate
GetMenuItemInfoW
ModifyMenuW
GetMenuItemCount
GetMenuStringW
SetMenu
GetMenu
TranslateAcceleratorW
GetActiveWindow
GetDlgCtrlID
DialogBoxParamW
GetWindowDC
MessageBeep
GetCursorPos
ScreenToClient
DrawEdge
WindowFromPoint
GetWindowThreadProcessId
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
SendMessageW
DestroyMenu
CheckMenuRadioItem
EnableWindow
GetScrollInfo
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsMenu
IsWindow
LoadStringW
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetSysColor
LoadImageW
DrawIconEx
GetIconInfo
DefWindowProcW
CallWindowProcW
UnregisterClassW
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
EndDialog
GetAncestor
SystemParametersInfoW
RegisterWindowMessageW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetFocus
GetFocus
SetTimer
KillTimer
DrawTextW
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetClassNameW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
InflateRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ShowScrollBar
SetScrollPos
ValidateRect
ReleaseDC
GetDC
UpdateWindow
TrackPopupMenuEx
GetSystemMetrics
IsWindowEnabled
ReleaseCapture
SetCapture
GetDlgItem
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
GetSysColorBrush
LoadCursorW

gdi32

PatBlt
ExcludeClipRect
Polyline
SetBrushOrgEx
CreatePatternBrush
CreateBitmap
CreateDIBSection
GetCurrentObject
Polygon
TextOutW
MoveToEx
GetTextMetricsW
SetTextAlign
LineTo
GetStockObject
CreatePen
CreateSolidBrush
GetObjectW
SetTextColor
SetBkMode
CreateFontIndirectW
SetViewportOrgEx
ExtTextOutW
SetBkColor
SelectObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

ChooseFontW
GetSaveFileNameW
GetOpenFileNameW

advapi32

OpenTraceW
GetTokenInformation
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
CloseTrace
ProcessTrace
OpenProcessToken
ControlTraceW
StartTraceW

shell32

ExtractIconExW
SHGetFolderPathW
ShellExecuteW
SHGetStockIconInfo
ExtractIconW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysFreeString
VarUI4FromStr

comctl32

ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_DrawIndirect
CreateStatusWindowW
InitCommonControlsEx
ImageList_Draw

uxtheme

IsThemeActive
IsAppThemed
SetWindowTheme

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

iphlpapi

GetOwnerModuleFromTcpEntry
GetExtendedUdpTable
GetOwnerModuleFromUdpEntry
GetOwnerModuleFromTcp6Entry
GetOwnerModuleFromUdp6Entry
SetTcpEntry
GetExtendedTcpTable

ws2_32

getservbyport
gethostname
WSAStartup
send
getaddrinfo
htons
connect
closesocket
ntohs
WSAGetLastError
freeaddrinfo
recv
GetNameInfoW
socket

tdh

TdhGetEventInformation
TdhGetPropertySize

Sections

.text
Size: 906KB - Virtual size: 906KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.exe/zipinst.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.exe/💀Death💀Run Scan.exe
.exe windows:6 windows x64 arch:x64

0836b5cec702c746a60ff8b9ec2bcb91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Zack\source\repos\ion\x64\Release\ion.pdb

Imports

kernel32

VirtualQueryEx
ReadProcessMemory
CloseHandle
OpenProcess
GetStdHandle
GetCurrentProcess
SetConsoleTextAttribute
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlCaptureContext

advapi32

AdjustTokenPrivileges
CloseServiceHandle
LookupPrivilegeValueA
OpenSCManagerA
OpenProcessToken
QueryServiceStatusEx
OpenServiceA

msvcp140

?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
memset
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
__std_terminate
__std_exception_copy
__std_exception_destroy
memcpy
memchr
memcmp

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
__p___argv
_initialize_onexit_table
_crt_atexit
_cexit
_c_exit
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
terminate
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
__p___argc

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.txt/1.txt
.txt/2.txt
.txt/3.txt
.txt/4.txt
.txt/4_1.txt
.txt/5.txt
.txt/6.txt
.txt/7.txt
.txt/8.txt
.txt/AppReadWriteCounter.exe
.exe windows:4 windows x64 arch:x64

d5309dcabae4629d63f2b007b4cd884b

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:12:0b:0c:86:d6:98:a5:84:46:4e:b2:67:cc:c3:0e:ae:77:65:ee:21:8f:e3:48:b8:5c:fe:0b:af:c0:dd:6a
Signer

Actual PE Digest

59:12:0b:0c:86:d6:98:a5:84:46:4e:b2:67:cc:c3:0e:ae:77:65:ee:21:8f:e3:48:b8:5c:fe:0b:af:c0:dd:6a

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\AppReadWriteCounter\x64\Release\AppReadWriteCounter.pdb

Imports

msvcrt

__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__C_specific_handler
_initterm
__dllonexit
_wcslwr
strlen
qsort
_itow
_wcsnicmp
memmove
malloc
free
modf
__setusermatherr
_commode
_fmode
__set_app_type
_onexit
wcschr
wcsrchr
wcstoul
wcscmp
_memicmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
wcslen
_wtoi
memcmp
_purecall
_wcsicmp
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_AddMasked
ImageList_ReplaceIcon
ImageList_Add
ImageList_Create
ord17
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

Process32FirstW
GetCurrentProcessId
ExitProcess
ReadProcessMemory
Process32NextW
CreateToolhelp32Snapshot
OpenProcess
EnumResourceTypesW
GetStartupInfoW
SizeofResource
DeleteFileW
SetErrorMode
Sleep
ExpandEnvironmentStringsW
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetSystemTimeAsFileTime
LoadLibraryW
GetProcAddress
FreeLibrary
GetModuleHandleW
FormatMessageW
GetLastError
GetTickCount
GetVersionExW
GetTimeFormatW
FindResourceW
GetFileAttributesW
WriteFile
LoadResource
SystemTimeToTzSpecificLocalTime
ReadFile
LoadLibraryExW
GetModuleFileNameW
CreateFileW
GlobalAlloc
GetSystemDirectoryW
CloseHandle
GetDateFormatW
GetWindowsDirectoryW
GetTempFileNameW
WideCharToMultiByte
FileTimeToLocalFileTime
GetCurrentProcess
lstrlenW
GetNumberFormatW
GetFileSize
LockResource
LocalFree
GlobalUnlock
GetLocaleInfoW
lstrcpyW
GlobalLock
GetTempPathW
GetPrivateProfileStringW
WritePrivateProfileStringW
EnumResourceNamesW
GetPrivateProfileIntW
GetStdHandle

user32

SetForegroundWindow
GetMonitorInfoW
GetDC
ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SendDlgItemMessageW
MonitorFromWindow
EndDialog
GetDlgItem
DrawFrameControl
SetWindowTextW
UpdateWindow
InvalidateRect
SendMessageW
GetWindowRect
SetDlgItemTextW
GetDlgItemInt
SetWindowLongPtrW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
SetWindowPlacement
EndPaint
DeferWindowPos
BeginPaint
CreateWindowExW
GetClientRect
SetMenu
TranslateAcceleratorW
SetWindowPos
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
MessageBoxW
LoadIconW
LoadImageW
GetWindowLongW
DestroyIcon
GetSysColor
SetWindowLongW
SetFocus
GetMenuItemCount
SetClipboardData
EnableWindow
MapWindowPoints
GetCursorPos
CheckMenuRadioItem
GetMenuStringW
MoveWindow
CloseClipboard
GetMenu
GetParent
EmptyClipboard
EnableMenuItem
OpenClipboard
GetClassNameW
CheckMenuItem
GetSubMenu
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
GetKeyState
KillTimer
DispatchMessageW
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
IsDialogMessageW
GetMessageW
EndDeferWindowPos
TranslateMessage
SetTimer
BeginDeferWindowPos
DrawTextExW
GetWindow

gdi32

DeleteObject
GetTextExtentPoint32W
GetStockObject
SetBkColor
CreateCompatibleBitmap
StretchBlt
SetStretchBltMode
GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

GetTokenInformation
OpenProcessToken

shell32

ShellExecuteExW
Shell_NotifyIconW
SHGetFileInfoW
ShellExecuteW

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.txt/BrowserDownloadsView.exe
.exe windows:4 windows x64 arch:x64

5ac915ae42a52a330ec9dcb68992769b

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:02:f6:25:3e:92:47:c0:cf:a4:c2:ec:1e:b9:f0:01:61:11:1d:66:b9:61:10:a8:79:fa:93:b3:22:78:d6:24
Signer

Actual PE Digest

32:02:f6:25:3e:92:47:c0:cf:a4:c2:ec:1e:b9:f0:01:61:11:1d:66:b9:61:10:a8:79:fa:93:b3:22:78:d6:24

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\BrowserDownloadsView\x64\Release\BrowserDownloadsView.pdb

Imports

msvcrt

_wcmdln
__wgetmainargs
_initterm
_wcsupr
_beginthreadex
_msize
_endthreadex
strftime
_gmtime64
realloc
strcmp
exit
_wcslwr
strlen
qsort
_wcsnicmp
memmove
modf
wcschr
memcmp
wcstoul
wcsrchr
_onexit
__C_specific_handler
_cexit
_exit
_c_exit
_XcptFilter
malloc
swscanf
_memicmp
free
_wcsicmp
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
_itow
_wtoi
_purecall
wcslen
wcscpy
memset
wcscat
_snwprintf
wcsncat
__setusermatherr
_commode
_fmode
__set_app_type
__dllonexit
sprintf
wcscmp
_stricmp

comctl32

ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateStatusWindowW
CreateToolbarEx

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

kernel32

AreFileApisANSI
GetDiskFreeSpaceA
WaitForSingleObjectEx
GetSystemTime
GetFullPathNameA
LockFile
FlushViewOfFile
GetFullPathNameW
HeapValidate
UnlockFile
DeleteFileA
OutputDebugStringW
HeapReAlloc
CreateFileA
UnlockFileEx
CopyFileW
GetStartupInfoW
GetTempPathA
HeapCreate
CreateFileMappingA
GetFileAttributesA
WaitForSingleObject
FileTimeToSystemTime
SystemTimeToFileTime
GetDriveTypeW
CompareFileTime
GetSystemTimeAsFileTime
GetProcAddress
GetModuleHandleW
LoadLibraryW
GetTickCount
GlobalLock
GlobalAlloc
GlobalUnlock
WideCharToMultiByte
MultiByteToWideChar
GetNumberFormatW
GetDateFormatW
lstrlenW
LockResource
GetTempFileNameW
LocalFree
GetCurrentProcess
lstrcpyW
GetLocaleInfoW
GetFileSize
GetTempPathW
LocalFileTimeToFileTime
SizeofResource
GetLastError
FindFirstFileW
FormatMessageW
SetFilePointer
GetVersionExW
FindNextFileW
GetTimeFormatW
FindClose
GetFileAttributesW
WriteFile
FindResourceW
TzSpecificLocalTimeToSystemTime
ReadFile
LoadResource
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
CreateFileW
CloseHandle
LoadLibraryExW
GetWindowsDirectoryW
GetSystemDirectoryW
FileTimeToLocalFileTime
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
FreeLibrary
GetPrivateProfileStringW
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetStdHandle
GetCurrentDirectoryW
GlobalFree
DeleteFileW
ResumeThread
SetErrorMode
Sleep
CreateThread
CreateProcessW
ExpandEnvironmentStringsW
ExitProcess
GetCurrentProcessId
ReadProcessMemory
OpenProcess
EnumResourceTypesW
GetSystemInfo
GetProcessHeap
CreateMutexW
FlushFileBuffers
HeapCompact
FormatMessageA
InitializeCriticalSection
GetFileAttributesExW
SetEndOfFile
HeapSize
DeleteCriticalSection
HeapAlloc
GetCurrentThreadId
LockFileEx
OutputDebugStringA
EnterCriticalSection
QueryPerformanceCounter
GetDiskFreeSpaceW
HeapFree
HeapDestroy
GetVersionExA
LeaveCriticalSection

user32

SetForegroundWindow
MonitorFromWindow
GetMonitorInfoW
PostQuitMessage
RemoveMenu
TrackPopupMenu
RegisterWindowMessageW
GetDC
ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
SetWindowPos
GetWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
DrawFrameControl
SetWindowTextW
UpdateWindow
SendMessageW
InvalidateRect
SetDlgItemTextW
GetWindowRect
GetDlgItemTextW
SetWindowLongPtrW
GetDlgItemInt
GetWindowPlacement
GetSystemMetrics
SetDlgItemInt
EndPaint
DeferWindowPos
BeginPaint
CreateWindowExW
GetClientRect
SetMenu
TranslateAcceleratorW
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
MessageBoxW
LoadImageW
DestroyIcon
GetSysColor
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
EmptyClipboard
EnableMenuItem
GetClassNameW
OpenClipboard
GetSubMenu
InsertMenuItemW
CheckMenuItem
GetMenuItemCount
SetClipboardData
GetCursorPos
CheckMenuRadioItem
EnableWindow
GetMenuStringW
MapWindowPoints
CloseClipboard
GetMenu
MoveWindow
TranslateMessage
DispatchMessageW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
LoadIconW
SetMenuItemInfoW
GetKeyState
CreatePopupMenu
GetMessageW
DrawTextExW
GetFocus
RegisterClipboardFormatW
IsDialogMessageW
InsertMenuW

gdi32

SetStretchBltMode
CreateCompatibleBitmap
StretchBlt
GetObjectW
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode
DeleteObject
SetBkColor
GetTextExtentPoint32W
GetStockObject

comdlg32

GetSaveFileNameW
ChooseFontW
FindTextW

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey
CryptReleaseContext
CryptAcquireContextW
CryptGetHashParam
CryptHashData
CryptDestroyHash
CryptCreateHash

shell32

Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW

ole32

DoDragDrop
OleInitialize
OleUninitialize

Sections

.text
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 9KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 27KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.txt/BrowsingHistoryView.exe
.exe windows:4 windows x86 arch:x86

daf276dae3c58a9d5ac9457ad075a152

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2b:62:0b:3f:58:e5:d3:15:11:6f:a4:41:3d:0e:3d:24:33:d4:e0:ed:48:2d:53:3a:4e:34:73:23:5b:07:0f:12
Signer

Actual PE Digest

2b:62:0b:3f:58:e5:d3:15:11:6f:a4:41:3d:0e:3d:24:33:d4:e0:ed:48:2d:53:3a:4e:34:73:23:5b:07:0f:12

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_AddMasked
ImageList_Add
ord17
ImageList_Create
ImageList_ReplaceIcon

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msvcrt

realloc
_beginthreadex
_msize
_wcslwr
qsort
_itow
strchr
_gmtime64
memmove
modf
wcstoul
_memicmp
wcsrchr
strftime
_endthreadex
_wcsnicmp
__dllonexit
malloc
free
??3@YAXPAX@Z
??2@YAPAXI@Z
_purecall
_ultow
sprintf
_wcsupr
_wtoi
_wcsicmp
wcschr
wcsncat
_snwprintf
_onexit
_c_exit
_exit
_XcptFilter
_cexit
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
memcpy
_except_handler3
_controlfp
__set_app_type
memset

wininet

FindCloseUrlCache
FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW

kernel32

GetStartupInfoW
GetModuleHandleA
GetDiskFreeSpaceW
HeapAlloc
EnterCriticalSection
LockFileEx
SetEndOfFile
InitializeCriticalSection
GetVersionExA
TryEnterCriticalSection
HeapSize
OutputDebugStringA
FormatMessageA
SystemTimeToFileTime
FileTimeToSystemTime
GetFileSize
CloseHandle
GetSystemTimeAsFileTime
ExpandEnvironmentStringsW
CompareFileTime
CopyFileW
CreateFileW
DeleteFileW
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetTickCount
SetFilePointerEx
GetLastError
MultiByteToWideChar
FormatMessageW
GetWindowsDirectoryW
FileTimeToLocalFileTime
GlobalLock
GetVersionExW
LocalFree
GetTimeFormatW
lstrcpyW
GetDateFormatW
GetFileAttributesW
GetTempFileNameW
LocalFileTimeToFileTime
LockResource
ReadFile
GetModuleFileNameW
FindFirstFileW
SetFilePointer
lstrlenW
WriteFile
GlobalUnlock
GetTempPathW
GlobalAlloc
FindResourceW
GetSystemDirectoryW
LoadResource
WideCharToMultiByte
FindNextFileW
LoadLibraryExW
SizeofResource
FindClose
DosDateTimeToFileTime
GetCurrentProcess
CreateFileMappingW
OpenProcess
DuplicateHandle
GetCurrentProcessId
MapViewOfFile
UnmapViewOfFile
GetDriveTypeW
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle
SetErrorMode
GetCurrentDirectoryW
ReadProcessMemory
ExitProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
EnumResourceTypesW
Sleep
GetTempPathA
GetSystemTime
QueryPerformanceCounter
CreateFileMappingA
AreFileApisANSI
HeapDestroy
HeapFree
DeleteFileA
LeaveCriticalSection
GetFileAttributesA
WaitForSingleObject
HeapCreate
GetDiskFreeSpaceA
InterlockedCompareExchange
HeapValidate
GetFullPathNameW
UnlockFile
GetSystemInfo
GetFullPathNameA
FlushViewOfFile
LockFile
WaitForSingleObjectEx
HeapReAlloc
CreateFileA
OutputDebugStringW
FlushFileBuffers
GetFileAttributesExW
UnlockFileEx
CreateMutexW
GetProcessHeap
HeapCompact
DeleteCriticalSection
GetCurrentThreadId

user32

ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetDC
SetDlgItemTextW
GetDlgItemTextW
GetSystemMetrics
GetWindowRect
GetWindowPlacement
GetDlgItemInt
DeferWindowPos
SetDlgItemInt
SetWindowPlacement
CreateWindowExW
BeginPaint
EndPaint
GetWindow
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
InvalidateRect
SetMenu
SetWindowPos
LoadAcceleratorsW
DefWindowProcW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
LoadImageW
LoadIconW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
SetClipboardData
OpenClipboard
CloseClipboard
EmptyClipboard
GetMenuItemCount
CheckMenuRadioItem
MoveWindow
CheckMenuItem
GetCursorPos
GetSubMenu
GetMenu
EnableWindow
MapWindowPoints
InsertMenuItemW
EnableMenuItem
GetClassNameW
ScreenToClient
GetMenuStringW
FillRect
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
CreatePopupMenu
GetKeyState
SetMenuItemInfoW
DispatchMessageW
InsertMenuW
IsDialogMessageW
RemoveMenu
TranslateMessage
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DrawTextExW
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
SetCapture
ReleaseCapture

gdi32

GetTextExtentPoint32W
SetBkColor
GetStockObject
PatBlt
SetStretchBltMode
CreateSolidBrush
StretchBlt
GetObjectW
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
SetDIBits
DeleteDC
DeleteObject
SetTextColor
CreateFontIndirectW
GetDeviceCaps
SetBkMode

comdlg32

GetSaveFileNameW
GetOpenFileNameW
FindTextW

advapi32

RegCloseKey
RegSetValueExW
RegQueryValueExW
RegDeleteValueW
RegOpenKeyExW

shell32

SHGetFileInfoW
ShellExecuteW
SHBrowseForFolderW
SHGetPathFromIDListW
SHGetMalloc

ole32

CoUninitialize
CoCreateInstance
CoInitialize

oleaut32

SysAllocString
SysFreeString

Sections

.text
Size: 457KB - Virtual size: 457KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.txt/CProcess.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 28KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 45KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.txt/ExecutedProgramsList.exe
.exe windows:4 windows x86 arch:x86

f9f666a7dc93e67d08bf8ce4f69a541d

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-09-2014 00:00

Not After

12-09-2019 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

eb:92:d0:76:1a:1f:ce:64:36:38:d9:f0:c3:5a:e9:55:0a:6f:37:92
Signer

Actual PE Digest

eb:92:d0:76:1a:1f:ce:64:36:38:d9:f0:c3:5a:e9:55:0a:6f:37:92

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\ExecutedProgramsList\Release\ExecutedProgramsList.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
_wcmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
__p__commode
__dllonexit
_wcslwr
strlen
qsort
_purecall
_itow
_wcsnicmp
malloc
wcscmp
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_onexit
wcschr
free
modf
_wtoi
_memicmp
memcmp
wcstoul
wcsrchr
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
_wcsicmp
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ord17
ImageList_Add
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

GetStdHandle
GetModuleHandleA
EnumResourceTypesW
GetTickCount
SetErrorMode
DeleteFileW
GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
ExitProcess
GetLogicalDrives
GetStartupInfoW
OpenProcess
GetVolumeInformationW
QueryDosDeviceW
FileTimeToSystemTime
SystemTimeToFileTime
GetDriveTypeW
CompareFileTime
GetModuleHandleW
LoadLibraryW
GetProcAddress
FreeLibrary
FindClose
GetFileSize
GetVersionExW
FindFirstFileW
GetTimeFormatW
CloseHandle
GetFileAttributesW
GetWindowsDirectoryW
FileTimeToLocalFileTime
ReadFile
WriteFile
GetModuleFileNameW
GetNumberFormatW
CreateFileW
LockResource
LocalFree
FindResourceW
LoadResource
lstrlenW
lstrcpyW
SystemTimeToTzSpecificLocalTime
GlobalAlloc
GlobalUnlock
LoadLibraryExW
WideCharToMultiByte
GetTempPathW
GetLastError
GetLocaleInfoW
FindNextFileW
SizeofResource
GlobalLock
GetDateFormatW
GetTempFileNameW
FormatMessageW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
GetLongPathNameW

user32

GetMenuItemInfoW
GetMessageW
PostQuitMessage
TrackPopupMenu
RegisterWindowMessageW
BeginDeferWindowPos
GetKeyState
LoadCursorW
GetSysColorBrush
ShowWindow
ChildWindowFromPoint
GetClientRect
CreateWindowExW
SendDlgItemMessageW
EndDialog
SetWindowLongW
GetDlgItem
GetWindowRect
GetDlgItemInt
SetWindowTextW
InvalidateRect
UpdateWindow
SendMessageW
SetWindowPlacement
SetDlgItemTextW
GetWindowPlacement
SetDlgItemInt
GetSystemMetrics
DeferWindowPos
SetMenu
LoadAcceleratorsW
PostMessageW
DefWindowProcW
TranslateAcceleratorW
RegisterClassW
MessageBoxW
LoadImageW
GetSysColor
GetWindowLongW
SetFocus
CheckMenuItem
GetMenuItemCount
CloseClipboard
GetCursorPos
GetParent
SetClipboardData
EnableWindow
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
OpenClipboard
MoveWindow
GetMenuStringW
ModifyMenuW
SetCursor
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
DestroyWindow
SetWindowPos
GetDesktopWindow
GetWindowTextW
LoadMenuW
LoadIconW
DestroyIcon
IsDialogMessageW
TranslateMessage
DispatchMessageW
DrawTextExW
EndDeferWindowPos

gdi32

GetTextExtentPoint32W
SetBkColor
GetStockObject
GetDeviceCaps
GetPixel
DeleteDC
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
SetTextColor
CreateFontIndirectW
SetBkMode
DeleteObject

comdlg32

GetSaveFileNameW
FindTextW

advapi32

RegEnumValueW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey

shell32

ShellExecuteW
SHGetFileInfoW
ShellExecuteExW

Sections

.text
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.txt/JournalTrace.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Computador\Downloads\JournalTrace\JournalTrace\obj\Debug\JournalTrace.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 100KB - Virtual size: 100KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.txt/LastActivityView.exe
.exe windows:4 windows x86 arch:x86

28d54068583ea348b007c0eb72f71f9c

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

62:5c:4d:90:8c:d5:42:fb:ab:2e:a5:73:3f:f1:54:19
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

27-04-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

2b:73:db:74:63:11:4c:5a:5b:32:4a:f2:30:57:72:49
Certificate

Issuer

CN=COMODO Time Stamping CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

30-05-2020 10:48

Subject

CN=Sectigo SHA-1 Time Stamping Signer,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-09-2014 00:00

Not After

12-09-2019 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba
Signer

Actual PE Digest

04:ed:51:36:7d:e2:1c:df:1f:c6:58:22:a8:7d:53:17:ef:07:89:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\Projects\VS2005\LastActivityView\Release\LastActivityView.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
__p__fmode
exit
_cexit
_XcptFilter
_exit
_c_exit
_onexit
__dllonexit
calloc
__set_app_type
_controlfp
_except_handler3
_wcmdln
realloc
_msize
_wcslwr
strlen
_purecall
_itow
_wcsnicmp
qsort
free
modf
_memicmp
_wtoi
memcmp
wcstoul
wcsrchr
swscanf
malloc
_ultow
wcscmp
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
wcscpy
memset
_wcsicmp
wcschr
_snwprintf
wcscat
wcsncat

comctl32

CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetCurrentProcessId
ExitProcess
GetLogicalDrives
GetLongPathNameW
QueryDosDeviceW
GetVolumeInformationW
OpenProcess
EnumResourceTypesW
GetModuleHandleA
GetStartupInfoW
FreeLibrary
ReadProcessMemory
DeleteFileW
SetErrorMode
CloseHandle
GetFileSize
SystemTimeToFileTime
FileTimeToSystemTime
GetSystemTimeAsFileTime
GetDriveTypeW
CompareFileTime
GetModuleHandleW
LoadLibraryW
GetProcAddress
GetTickCount
GetWindowsDirectoryW
ExpandEnvironmentStringsW
GetLastError
GetCurrentProcess
GetDateFormatW
FindNextFileW
SizeofResource
GetTempFileNameW
GlobalLock
FormatMessageW
FindFirstFileW
GetVersionExW
FindClose
GetTimeFormatW
GetFileAttributesW
FileTimeToLocalFileTime
ReadFile
FindResourceW
WriteFile
GetModuleFileNameW
LocalFree
LoadResource
CreateFileW
TzSpecificLocalTimeToSystemTime
LockResource
SystemTimeToTzSpecificLocalTime
lstrcpyW
MultiByteToWideChar
lstrlenW
LocalFileTimeToFileTime
LoadLibraryExW
GlobalAlloc
GetSystemDirectoryW
GlobalUnlock
WideCharToMultiByte
GetTempPathW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
GetPrivateProfileStringW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetStdHandle

user32

ChildWindowFromPoint
LoadCursorW
SetCursor
GetSysColorBrush
ShowWindow
GetDlgItemInt
SetDlgItemInt
DeferWindowPos
CreateWindowExW
BeginPaint
EndPaint
GetWindow
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndDialog
SetWindowLongW
GetDlgItem
SetWindowTextW
UpdateWindow
SendMessageW
SetDlgItemTextW
InvalidateRect
GetDlgItemTextW
GetWindowRect
GetSystemMetrics
RegisterClassW
PostMessageW
MessageBoxW
TranslateAcceleratorW
SetMenu
SetWindowPos
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
KillTimer
SetTimer
GetParent
MoveWindow
OpenClipboard
CheckMenuItem
GetMenuStringW
GetMenuItemCount
CloseClipboard
CheckMenuRadioItem
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenu
GetSubMenu
GetDC
EmptyClipboard
EnableMenuItem
ReleaseDC
GetClassNameW
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
DestroyWindow
LoadStringW
GetDesktopWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DestroyIcon
LoadIconW
DrawTextExW
GetKeyState
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
DispatchMessageW
IsDialogMessageW
TranslateMessage
CreatePopupMenu
CallWindowProcW

gdi32

CreateFontIndirectW
SetTextColor
DeleteObject
DeleteDC
GetObjectW
SetBkMode
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
GetPixel
SetPixel
SelectObject
CreateCompatibleDC

comdlg32

FindTextW
GetSaveFileNameW

advapi32

RegEnumValueW
RegConnectRegistryW
RegOpenKeyExW
RegEnumKeyExW
RegQueryValueExW
RegQueryInfoKeyW
OpenServiceW
OpenSCManagerW
ControlService
StartServiceW
QueryServiceStatus
CloseServiceHandle
RegCloseKey

shell32

SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW
SHBindToParent
SHGetDesktopFolder
SHGetMalloc

ole32

CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantTimeToSystemTime
SysFreeString
SysAllocString

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 62KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.txt/MUICacheView.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 24KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.txt/PcCheckerGuide_1.txt
.txt/PreviousFilesRecovery.exe
.exe windows:4 windows x64 arch:x64

bfaa2c45f3b51a2466bfc8a0101e02ae

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1e:c4:70:0e:4a:23:50:f0:45:25:dc:87:d9:36:23:a3:a6:3d:36:18:48:22:cb:c5:1c:95:ea:28:1b:bf:91:8c
Signer

Actual PE Digest

1e:c4:70:0e:4a:23:50:f0:45:25:dc:87:d9:36:23:a3:a6:3d:36:18:48:22:cb:c5:1c:95:ea:28:1b:bf:91:8c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\PreviousFilesRecovery\x64\Release\PreviousFilesRecovery.pdb

Imports

msvcrt

__set_app_type
_fmode
_commode
__setusermatherr
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_initterm
_wcslwr
strlen
qsort
_purecall
_wcsnicmp
memmove
modf
_wtoi
wcschr
memcmp
wcstoul
wcsrchr
__wgetmainargs
_wcmdln
exit
_cexit
towupper
wcscmp
malloc
_memicmp
free
_itow
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
wcslen
memcpy
_wcsicmp
wcscpy
memset
wcsncat
_snwprintf
wcscat

comctl32

ImageList_Create
ord17
ImageList_Add
ImageList_SetImageCount
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

kernel32

EnumResourceNamesW
GetStartupInfoW
GetVolumePathNamesForVolumeNameW
EnumResourceTypesW
OpenProcess
WritePrivateProfileStringW
GetPrivateProfileIntW
GetStdHandle
SetErrorMode
GetCurrentDirectoryW
DeleteFileW
ExpandEnvironmentStringsW
ReadProcessMemory
GetCurrentProcess
GetCurrentProcessId
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
GetTickCount
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
SetFileTime
WriteFile
GetFileAttributesW
GetFileTime
ReadFile
CreateFileW
CloseHandle
GetFileSizeEx
GetLastError
SetFileAttributesW
CreateThread
WideCharToMultiByte
LockResource
lstrcpyW
GetDateFormatW
GlobalUnlock
GetTempFileNameW
GetTempPathW
GetLocaleInfoW
CreateDirectoryW
GetFileSize
GlobalLock
SizeofResource
FormatMessageW
FindFirstFileW
GetVersionExW
FindNextFileW
FindClose
GetTimeFormatW
FindResourceW
GetModuleFileNameW
LoadResource
GetWindowsDirectoryW
SystemTimeToTzSpecificLocalTime
FileTimeToLocalFileTime
GlobalAlloc
LoadLibraryExW
lstrlenW
GetNumberFormatW
LocalFree
GetPrivateProfileStringW
ExitProcess

user32

DrawTextExW
TranslateMessage
GetMessageW
IsDialogMessageW
PostQuitMessage
TrackPopupMenu
SetCursor
RegisterWindowMessageW
ShowWindow
LoadCursorW
ChildWindowFromPoint
BeginPaint
GetClientRect
SendDlgItemMessageW
DrawFrameControl
EndPaint
EndDialog
SetWindowTextW
GetDlgItem
UpdateWindow
SendMessageW
SetDlgItemTextW
GetDlgItemTextW
InvalidateRect
SetWindowLongPtrW
GetSystemMetrics
GetWindowPlacement
DeferWindowPos
GetWindowRect
SetDlgItemInt
CreateWindowExW
GetDlgItemInt
GetWindow
PostMessageW
SetMenu
SetWindowPos
TranslateAcceleratorW
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
MessageBoxW
LoadImageW
GetSysColor
SetWindowLongW
GetWindowLongW
SetFocus
EndDeferWindowPos
BeginDeferWindowPos
GetParent
MoveWindow
GetDC
EnableMenuItem
ReleaseDC
GetSubMenu
GetClassNameW
OpenClipboard
CheckMenuItem
GetMenuItemCount
GetMenuStringW
SetClipboardData
GetCursorPos
EnableWindow
MapWindowPoints
CloseClipboard
GetMenu
GetSysColorBrush
EmptyClipboard
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DestroyIcon
LoadIconW
GetKeyState
DispatchMessageW

gdi32

GetTextExtentPoint32W
GetStockObject
SetBkColor
GetDeviceCaps
GetObjectW
DeleteDC
SetPixel
GetPixel
SelectObject
CreateCompatibleDC
CreateFontIndirectW
SetBkMode
DeleteObject
SetTextColor

comdlg32

FindTextW
GetSaveFileNameW

shell32

ShellExecuteW
SHGetFileInfoW
SHGetPathFromIDListW
SHBrowseForFolderW
SHGetMalloc

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 75KB - Virtual size: 74KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.txt/RecentFilesView.exe
.exe windows:4 windows x86 arch:x86

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

12-09-2014 00:00

Not After

12-09-2019 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:1b:1e:45:0b:bd:d5:df:88:67:8e:7d:da:22:3d:17
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

30-03-2016 00:00

Not After

30-06-2019 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=52583,STREET=5 Hashoshanim st.,L=Ramat Gan,ST=Gush Dan,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31-12-2015 00:00

Not After

09-07-2019 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

18:30:04:81:57:f7:64:ab:79:f0:db:42:ad:23:c7:4b:fb:ec:e8:e2:f1:d4:07:77:ad:ce:ab:fd:52:a5:53:73
Signer

Actual PE Digest

18:30:04:81:57:f7:64:ab:79:f0:db:42:ad:23:c7:4b:fb:ec:e8:e2:f1:d4:07:77:ad:ce:ab:fd:52:a5:53:73

Digest Algorithm

sha256

PE Digest Matches

true

8a:ba:65:93:92:48:ce:e9:49:47:12:09:31:f9:0c:8d:8b:1f:27:f9
Signer

Actual PE Digest

8a:ba:65:93:92:48:ce:e9:49:47:12:09:31:f9:0c:8d:8b:1f:27:f9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 29KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.txt/RegScanner.exe
.exe windows:4 windows x64 arch:x64

91255ff4ffaa6e1db85c5f5840d2b863

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

85:0a:0c:61:1e:c6:9b:ab:64:5e:84:86:f9:1a:d3:d3:f4:29:44:b1:b3:54:21:a0:4e:73:3b:34:c8:1d:2a:99
Signer

Actual PE Digest

85:0a:0c:61:1e:c6:9b:ab:64:5e:84:86:f9:1a:d3:d3:f4:29:44:b1:b3:54:21:a0:4e:73:3b:34:c8:1d:2a:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\RegScanner\x64\Release\RegScanner.pdb

Imports

msvcrt

__getmainargs
_acmdln
exit
_cexit
_exit
_c_exit
_initterm
__C_specific_handler
_onexit
__dllonexit
??_U@YAPEAX_K@Z
??_V@YAXPEAX@Z
__setusermatherr
_commode
_fmode
__set_app_type
_XcptFilter
calloc
isdigit
strncmp
_strlwr
_purecall
_itoa
_strnicmp
_memicmp
_mbctoupper
strcmp
strrchr
malloc
strtol
free
_snprintf
atoi
strtoul
_strcmpi
strchr
_ultoa
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memmove
memcmp
_mbsicmp
_stricmp
memcpy
_mbschr
strlen
strcpy
memset
strncat
sprintf
strcat

comctl32

ImageList_SetImageCount
ImageList_AddMasked
ord6
CreateToolbarEx
ImageList_Create
ord17
ImageList_ReplaceIcon

kernel32

CreateToolhelp32Snapshot
Process32First
Process32Next
SetEnvironmentVariableA
GetCurrentThreadId
Sleep
GetStartupInfoA
SystemTimeToFileTime
FreeLibrary
GetProcAddress
CompareFileTime
GetLocalTime
GetTickCount
GetSystemTimeAsFileTime
MultiByteToWideChar
GetDriveTypeA
CloseHandle
GetLastError
FileTimeToSystemTime
LoadLibraryA
LocalFree
SetFilePointer
GetFileAttributesA
lstrlenA
GetModuleFileNameA
lstrcpyA
GetNumberFormatA
GetLocaleInfoA
GetModuleHandleA
FormatMessageA
LoadLibraryExA
GetWindowsDirectoryA
GetTempFileNameA
ReadFile
GetDateFormatA
GetSystemDirectoryA
WriteFile
SystemTimeToTzSpecificLocalTime
GlobalAlloc
GlobalLock
CreateFileA
GetVersionExA
WideCharToMultiByte
GetFileSize
GlobalUnlock
GetTimeFormatA
FileTimeToLocalFileTime
GetTempPathA
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
EnumResourceNamesA
DeleteFileA
OpenProcess
CreateProcessA
GetModuleFileNameW
GetCurrentDirectoryA
ExpandEnvironmentStringsA
GetSystemTime
ExitProcess
GetCurrentProcess
ReadProcessMemory
GetCurrentProcessId
RaiseException

user32

ChildWindowFromPoint
ReleaseDC
GetDC
GetSysColorBrush
LoadCursorA
ShowWindow
SetCursor
GetWindow
GetClientRect
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
DeferWindowPos
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
EndDialog
GetDlgItem
CreateWindowExA
EndPaint
InvalidateRect
SetDlgItemInt
BeginPaint
RegisterClassA
UpdateWindow
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
DispatchMessageA
LoadIconA
TranslateMessage
LoadImageA
PeekMessageA
GetWindowLongA
SetWindowLongA
SetFocus
GetMenuStringA
GetCursorPos
SetClipboardData
EnableWindow
MapWindowPoints
GetSysColor
InsertMenuItemA
GetMenu
OpenClipboard
GetParent
MoveWindow
EmptyClipboard
EnableMenuItem
GetClassNameA
CheckMenuItem
GetSubMenu
CloseClipboard
GetMenuItemCount
EnumChildWindows
DestroyWindow
GetMenuItemInfoA
GetWindowTextA
LoadMenuA
ModifyMenuA
LoadStringA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
CreateDialogParamA
IsDialogMessageA
EndDeferWindowPos
TrackPopupMenu
PostQuitMessage
GetMessageA
RegisterWindowMessageA
GetFocus
BeginDeferWindowPos
DeleteMenu
GetClipboardData
GetWindowThreadProcessId
EnumWindows
AttachThreadInput
SetForegroundWindow

gdi32

GetStockObject
GetTextExtentPoint32A
SetBkColor
CreateFontIndirectA
SetBkMode
DeleteObject
SetTextColor
GetDeviceCaps

comdlg32

FindTextA
GetOpenFileNameA
GetSaveFileNameA
ChooseFontA

advapi32

ChangeServiceConfigA
StartServiceA
ControlService
OpenServiceA
OpenSCManagerA
CloseServiceHandle
RegEnumValueA
RegCreateKeyA
RegQueryValueExW
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegEnumKeyExA
RegQueryInfoKeyA
RegDeleteKeyA
QueryServiceStatus
RegCloseKey
RegGetKeySecurity
RegConnectRegistryA
RegQueryValueExA
RegDeleteValueA

shell32

ShellExecuteA
ShellExecuteExA

Sections

.text
Size: 107KB - Virtual size: 107KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.txt/SLAX SS AND DETECTIONS.txt
.ps1
.txt/ShellBagsView.cfg
.txt/ShellBagsView.exe
.exe windows:4 windows x86 arch:x86

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fc:b0:11:8c:23:7a:7d:a5:fd:ac:a0:28:ad:6a:c9:b8:ba:56:98:4a:f2:d2:35:45:90:fe:da:4d:90:40:e5:af
Signer

Actual PE Digest

fc:b0:11:8c:23:7a:7d:a5:fd:ac:a0:28:ad:6a:c9:b8:ba:56:98:4a:f2:d2:35:45:90:fe:da:4d:90:40:e5:af

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 56KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 32KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.txt/TrappedV2.exe
.exe windows:5 windows x64 arch:x64

ba5546933531fafa869b1f86a4e2a959

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

GetCommandLineW
GetEnvironmentVariableW
SetEnvironmentVariableW
ExpandEnvironmentStringsW
CreateDirectoryW
GetTempPathW
WaitForSingleObject
Sleep
GetExitCodeProcess
CreateProcessW
GetStartupInfoW
LoadLibraryExW
SetConsoleCtrlHandler
FindClose
FindFirstFileExW
CloseHandle
GetCurrentProcess
LocalFree
FormatMessageW
MultiByteToWideChar
WideCharToMultiByte
WriteConsoleW
GetProcAddress
GetModuleFileNameW
SetDllDirectoryW
FreeLibrary
GetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlUnwindEx
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
EncodePointer
RaiseException
RtlPcToFileHeader
GetCommandLineA
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFullPathNameW
RemoveDirectoryW
FindNextFileW
SetStdHandle
DeleteFileW
ReadFile
GetStdHandle
WriteFile
ExitProcess
GetModuleHandleExW
HeapFree
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetConsoleOutputCP
GetFileSizeEx
HeapAlloc
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetCurrentDirectoryW
FlushFileBuffers
HeapReAlloc
GetFileAttributesExW
GetStringTypeW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetTimeZoneInformation
HeapSize
SetEndOfFile

advapi32

ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW

Sections

.text
Size: 162KB - Virtual size: 162KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.txt/TurnedOnTimesView.exe
.exe windows:4 windows x86 arch:x86

17bc116ee0537df40a79053f4ac264f7

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:de:c0:13:f8:cf:1d:38:5d:7b:45:75:88:61:dd:2f:e5:27:6e:c5:cc:ce:6e:dc:85:b6:80:c0:63:cf:d8:fd
Signer

Actual PE Digest

59:de:c0:13:f8:cf:1d:38:5d:7b:45:75:88:61:dd:2f:e5:27:6e:c5:cc:ce:6e:dc:85:b6:80:c0:63:cf:d8:fd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\VS2005\TurnedOnTimesView\Release\TurnedOnTimesView.pdb

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_XcptFilter
_exit
__p__commode
_onexit
__dllonexit
strlen
_wcslwr
_itow
_wcsnicmp
memmove
wcsrchr
wcstoul
__p__fmode
__set_app_type
_controlfp
_except_handler3
_c_exit
towupper
wcscmp
malloc
swscanf
_wcsicmp
free
_memicmp
modf
wcschr
memcmp
qsort
??3@YAXPAX@Z
??2@YAPAXI@Z
memcpy
wcslen
_purecall
_wtoi
wcscpy
memset
_snwprintf
wcsncat
wcscat

comctl32

ImageList_ReplaceIcon
ImageList_Create
ord17
ImageList_Add
ImageList_AddMasked
ImageList_SetImageCount
CreateToolbarEx
CreateStatusWindowW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

ExitProcess
ReadProcessMemory
GetCurrentProcessId
GetComputerNameW
DeleteFileW
SetErrorMode
OpenProcess
EnumResourceTypesW
GetSystemTimeAsFileTime
GetModuleHandleA
GetStartupInfoW
GetLastError
GetStdHandle
GetPrivateProfileIntW
WritePrivateProfileStringW
EnumResourceNamesW
SystemTimeToFileTime
FileTimeToSystemTime
CompareFileTime
GetModuleHandleW
GetProcAddress
FreeLibrary
ReadFile
SystemTimeToTzSpecificLocalTime
GetModuleFileNameW
CreateFileW
LoadLibraryExW
GlobalAlloc
LockResource
GetSystemDirectoryW
MultiByteToWideChar
LocalFree
lstrlenW
WideCharToMultiByte
lstrcpyW
GlobalUnlock
LocalFileTimeToFileTime
GetTempPathW
GetCurrentProcess
GetDateFormatW
LoadLibraryW
GetTempFileNameW
GetFileSize
GlobalLock
SizeofResource
FindFirstFileW
FindNextFileW
FormatMessageW
GetVersionExW
FindClose
GetTimeFormatW
GetFileAttributesW
FindResourceW
CloseHandle
WriteFile
GetWindowsDirectoryW
LoadResource
FileTimeToLocalFileTime
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
GetPrivateProfileStringW

user32

GetMessageW
PostQuitMessage
TrackPopupMenu
DispatchMessageW
RegisterWindowMessageW
DrawTextExW
LoadCursorW
SetCursor
GetSysColorBrush
TranslateMessage
ChildWindowFromPoint
SetDlgItemTextW
GetDlgItemTextW
InvalidateRect
GetSystemMetrics
GetWindowRect
GetWindowPlacement
DeferWindowPos
GetDlgItemInt
SetDlgItemInt
CreateWindowExW
GetWindow
BeginPaint
SetWindowPlacement
GetClientRect
EndPaint
DrawFrameControl
SendDlgItemMessageW
EndDialog
SetWindowLongW
SetWindowTextW
GetDlgItem
UpdateWindow
SendMessageW
PostMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetMenu
LoadAcceleratorsW
DefWindowProcW
LoadIconW
LoadImageW
GetSysColor
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetParent
GetMenu
EmptyClipboard
GetSubMenu
GetDC
EnableMenuItem
MoveWindow
ReleaseDC
GetClassNameW
OpenClipboard
CheckMenuItem
GetMenuItemCount
GetMenuStringW
SetClipboardData
EnableWindow
MapWindowPoints
GetCursorPos
CloseClipboard
EnumChildWindows
LoadStringW
SetWindowPos
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetDlgCtrlID
GetMenuItemInfoW
DestroyMenu
DialogBoxParamW
CreateDialogParamW
IsDialogMessageW
ShowWindow

gdi32

GetTextExtentPoint32W
GetStockObject
SetBkColor
GetDeviceCaps
DeleteDC
GetPixel
SetPixel
SelectObject
CreateCompatibleDC
GetObjectW
SetBkMode
DeleteObject
SetTextColor
CreateFontIndirectW

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

ConvertStringSidToSidW
LookupAccountSidW

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.txt/USBDeview.exe
.exe windows:4 windows x86 arch:x86

873299b7b29e6fadb2fb6a515be27b27

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:32:07:2d:75:02:c6:1c:a7:8b:80:a6:65:08:5a:44:26:47:80:19:38:ca:43:0c:81:b6:17:8d:b1:b0:41:4f
Signer

Actual PE Digest

5b:32:07:2d:75:02:c6:1c:a7:8b:80:a6:65:08:5a:44:26:47:80:19:38:ca:43:0c:81:b6:17:8d:b1:b0:41:4f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

f:\Projects\VS2005\USBDeview\Release\USBDeview.pdb

Imports

msvcrt

_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
__p__commode
__p__fmode
__set_app_type
_controlfp
_except_handler3
_onexit
__dllonexit
atol
_mbsrchr
_mbsicmp
qsort
_strlwr
_mbschr
memmove
_strnicmp
modf
strchr
memcmp
_memicmp
strrchr
strcmp
malloc
_strcmpi
free
strtoul
srand
rand
abs
_strupr
_itoa
??3@YAXPAX@Z
??2@YAPAXI@Z
strlen
memcpy
_purecall
_stricmp
_snprintf
atoi
strcpy
memset
strncat
sprintf
strcat

comctl32

CreateToolbarEx
ord6
ImageList_Create
ImageList_SetImageCount
ImageList_AddMasked
ImageList_Add

ws2_32

send
WSAAsyncSelect
WSAAsyncGetHostByName
connect
inet_addr
htonl
WSAGetLastError
htons
bind
socket
WSASetLastError
closesocket
WSAStartup
WSACleanup

kernel32

Process32Next
OpenProcess
SetEnvironmentVariableA
GetCurrentThreadId
DeviceIoControl
GetStartupInfoA
FreeLibrary
Process32First
CreateToolhelp32Snapshot
ReadProcessMemory
ExitProcess
GetCurrentProcessId
Sleep
SetErrorMode
ExpandEnvironmentStringsA
CreateProcessA
GetStdHandle
GetProcAddress
GetPrivateProfileStringA
WinExec
GetModuleFileNameA
GetComputerNameA
GetLastError
CompareFileTime
FileTimeToSystemTime
LoadLibraryA
GetModuleHandleA
SystemTimeToFileTime
GetLogicalDrives
GetWindowsDirectoryA
GetDriveTypeA
GetDiskFreeSpaceExA
DeleteFileA
CreateThread
CreateFileA
GetTickCount
WriteFile
ReadFile
FlushFileBuffers
CloseHandle
GetCurrentProcess
GetFileSize
GetTempFileNameA
GetSystemDirectoryA
GlobalAlloc
GlobalLock
WideCharToMultiByte
MultiByteToWideChar
GetVersionExA
GetTimeFormatA
GlobalUnlock
FileTimeToLocalFileTime
GetTempPathA
LocalFree
GetFileAttributesA
SystemTimeToTzSpecificLocalTime
FormatMessageA
LoadLibraryExA
GetDateFormatA
EnumResourceNamesA
GetPrivateProfileIntA
WritePrivateProfileStringA

user32

GetWindowThreadProcessId
SetForegroundWindow
AttachThreadInput
EnumWindows
RemoveMenu
SetTimer
GetSysColorBrush
ShowWindow
LoadCursorA
DispatchMessageA
GetDC
ReleaseDC
SetCursor
GetWindow
GetClientRect
SetDlgItemTextA
DrawFrameControl
GetDlgItemTextA
SetWindowTextA
GetSystemMetrics
SendDlgItemMessageA
GetWindowRect
GetDlgItemInt
DeferWindowPos
EndPaint
EndDialog
GetDlgItem
CreateWindowExA
InvalidateRect
SetDlgItemInt
BeginPaint
PostMessageA
SetMenu
LoadAcceleratorsA
SetWindowPos
DefWindowProcA
TranslateAcceleratorA
MessageBoxA
GetWindowPlacement
SendMessageA
RegisterClassA
UpdateWindow
LoadImageA
GetSysColor
GetWindowLongA
SetWindowLongA
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
GetWindowTextA
MoveWindow
InsertMenuItemA
CheckMenuItem
OpenClipboard
GetMenu
EmptyClipboard
EnableMenuItem
GetParent
GetClassNameA
CloseClipboard
GetMenuItemCount
SetClipboardData
EnableWindow
MapWindowPoints
GetSubMenu
GetMenuStringA
GetCursorPos
CheckMenuRadioItem
ModifyMenuA
CreateDialogParamA
DialogBoxParamA
GetDlgCtrlID
DestroyMenu
DestroyWindow
EnumChildWindows
GetMenuItemInfoA
LoadMenuA
LoadStringA
CreatePopupMenu
LoadIconA
SetMenuItemInfoA
GetKeyState
GetMessageA
TranslateMessage
KillTimer
IsDialogMessageA
DrawTextExA
InsertMenuA
TrackPopupMenu
RegisterWindowMessageA
PostQuitMessage
ChildWindowFromPoint

gdi32

GetTextExtentPoint32A
SetBkMode
SetStretchBltMode
StretchBlt
SetBkColor
GetStockObject
GetPixel
GetObjectA
DeleteDC
CreateFontIndirectA
GetDeviceCaps
DeleteObject
SetTextColor
CreateCompatibleDC
SelectObject
SetPixel
CreateCompatibleBitmap

comdlg32

ChooseFontA
FindTextA
GetSaveFileNameA

advapi32

CloseServiceHandle
StartServiceA
OpenServiceA
ChangeServiceConfigA
OpenSCManagerA
ControlService
RegCloseKey
QueryServiceStatus
RegCreateKeyA
RegLoadKeyA
RegUnLoadKeyA
RegConnectRegistryA
RegDeleteValueA
RegQueryInfoKeyA
RegOpenKeyExA
RegEnumKeyExA
RegQueryValueExA
RegSetValueExA
RegDeleteKeyA
CryptCreateHash
CryptAcquireContextA
CryptReleaseContext
CryptHashData
CryptDestroyHash
CryptGetHashParam

shell32

SHGetFileInfoA
ShellExecuteExA
ShellExecuteA
Shell_NotifyIconA

ole32

CoCreateInstance

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.txt/UninstallView.exe
.exe windows:4 windows x64 arch:x64

921a4bc38e6179c3fa72481db7c176f4

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:09:f8:2b:32:1c:0e:2c:25:7e:5b:41:14:1e:99:9d:d4:ba:1d:f4:ce:b6:16:8c:21:58:df:d9:5a:98:dd:fc
Signer

Actual PE Digest

a3:09:f8:2b:32:1c:0e:2c:25:7e:5b:41:14:1e:99:9d:d4:ba:1d:f4:ce:b6:16:8c:21:58:df:d9:5a:98:dd:fc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\UninstallView\x64\Release\UninstallView.pdb

Imports

msvcrt

__wgetmainargs
_wcmdln
exit
_initterm
_exit
_c_exit
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
__setusermatherr
_commode
_fmode
__set_app_type
_cexit
strlen
qsort
_wcslwr
_itow
memmove
_memicmp
malloc
free
modf
wcschr
memcmp
wcsrchr
wcstoul
towupper
wcscmp
_ultow
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
_wcsicmp
wcsncmp
wcslen
_wcsnicmp
_wtoi
_purecall
wcscpy
memset
wcscat
_snwprintf
wcsncat

comctl32

ImageList_SetImageCount
ImageList_AddMasked
CreateToolbarEx
CreateStatusWindowW
ord17
ImageList_Create
ImageList_ReplaceIcon
ImageList_Add

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

mpr

WNetGetUniversalNameW

kernel32

GetCurrentThreadId
SetEnvironmentVariableW
Sleep
EnumResourceTypesW
CreateThread
GetStartupInfoW
OpenProcess
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetDriveTypeW
GetLogicalDrives
GetTickCount
FindFirstFileW
FormatMessageW
GetLastError
GetVersionExW
FindNextFileW
GetTimeFormatW
WriteFile
FindClose
GetFileAttributesW
FindResourceW
LoadResource
SystemTimeToTzSpecificLocalTime
ReadFile
GetModuleFileNameW
LoadLibraryExW
GlobalAlloc
CreateFileW
GetSystemDirectoryW
CloseHandle
GetWindowsDirectoryW
GetDateFormatW
WideCharToMultiByte
FileTimeToLocalFileTime
GetTempFileNameW
MultiByteToWideChar
GetCurrentProcess
lstrlenW
GetNumberFormatW
LockResource
GetFileSize
LocalFree
GlobalUnlock
GetLocaleInfoW
lstrcpyW
GlobalLock
GetTempPathW
SizeofResource
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetStdHandle
SetErrorMode
CreateProcessW
GetCurrentDirectoryW
DeleteFileW
ExpandEnvironmentStringsW
GetCurrentProcessId
ReadProcessMemory
ExitProcess

user32

ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
SetWindowPos
GetWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
GetDC
SetWindowTextW
UpdateWindow
SendMessageW
InvalidateRect
SetDlgItemTextW
GetWindowRect
GetDlgItemTextW
SetWindowLongPtrW
GetDlgItemInt
GetWindowPlacement
GetSystemMetrics
SetDlgItemInt
EndPaint
DeferWindowPos
BeginPaint
CreateWindowExW
GetClientRect
SetMenu
TranslateAcceleratorW
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
MessageBoxW
DestroyIcon
GetParent
LoadImageW
LoadIconW
GetSysColor
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
ChildWindowFromPoint
SetTimer
GetMenuItemCount
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
CheckMenuRadioItem
GetMenuStringW
CloseClipboard
MoveWindow
GetMenu
EmptyClipboard
EnableMenuItem
OpenClipboard
GetClassNameW
GetSubMenu
CheckMenuItem
InsertMenuItemW
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
GetDesktopWindow
DestroyWindow
SetMenuItemInfoW
GetKeyState
CreatePopupMenu
IsDialogMessageW
RegisterWindowMessageW
TrackPopupMenu
TranslateMessage
PostQuitMessage
GetMessageW
InsertMenuW
DrawTextExW
RemoveMenu
DispatchMessageW
GetMonitorInfoW
MonitorFromWindow
AttachThreadInput
SetForegroundWindow
GetWindowThreadProcessId
EnumWindows
KillTimer
DrawFrameControl

gdi32

SetBkMode
SetBkColor
DeleteObject
GetStockObject
CreateCompatibleBitmap
StretchBlt
SetStretchBltMode
CreateCompatibleDC
GetObjectW
DeleteDC
GetPixel
SetPixel
CreateFontIndirectW
SetTextColor
SelectObject
GetTextExtentPoint32W
GetDeviceCaps

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

OpenProcessToken
GetTokenInformation
RegEnumValueW
RegOpenKeyExW
RegEnumKeyExW
RegCloseKey
RegQueryValueExW
GetFileSecurityW
RegDeleteKeyW
OpenServiceW
ControlService
GetUserNameW
OpenSCManagerW
CloseServiceHandle
ChangeServiceConfigW
RegConnectRegistryW
QueryServiceStatus
StartServiceW
RegQueryInfoKeyW

shell32

ExtractIconExW
ShellExecuteExW
ShellExecuteW
SHGetFileInfoW
Shell_NotifyIconW

Sections

.text
Size: 118KB - Virtual size: 118KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.txt/UserAssistView.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 48KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 25KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.txt/WinDefThreatsView.exe
.exe windows:4 windows x64 arch:x64

2cc230829837d561baa83269873acd4c

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\Projects\VS2005\WinDefThreatsView\x64\Release\WinDefThreatsView.pdb

Imports

msvcrt

__wgetmainargs
_wcmdln
exit
_cexit
_exit
_initterm
_XcptFilter
__C_specific_handler
_onexit
__dllonexit
_wtoi64
_wcslwr
strlen
__setusermatherr
_commode
_fmode
__set_app_type
_c_exit
qsort
_wcsnicmp
free
_wcsicmp
modf
wcschr
memcmp
wcsrchr
wcstoul
wcscmp
malloc
_memicmp
swscanf
??2@YAPEAX_K@Z
??3@YAXPEAX@Z
memcpy
wcslen
_ultow
_itow
_purecall
_snwprintf
wcscat
memset
wcscpy
_wtoi
wcsncat

comctl32

ImageList_AddMasked
CreateStatusWindowW
CreateToolbarEx
ImageList_SetImageCount
ImageList_Create
ord17
ImageList_Add

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetExitCodeProcess
SetErrorMode
WaitForSingleObject
ExitProcess
GetCurrentProcessId
ReadProcessMemory
OpenProcess
EnumResourceTypesW
GetStartupInfoW
LocalFree
FileTimeToSystemTime
SystemTimeToFileTime
CompareFileTime
GetProcAddress
FreeLibrary
GetModuleHandleW
LoadLibraryW
GetTickCount
lstrcpyW
GlobalUnlock
GetTempPathW
GlobalLock
SizeofResource
FormatMessageW
GetLastError
GetVersionExW
GetTimeFormatW
GetFileAttributesW
WriteFile
FindResourceW
LoadResource
GetModuleFileNameW
SystemTimeToTzSpecificLocalTime
LoadLibraryExW
CreateFileW
CloseHandle
GlobalAlloc
GetWindowsDirectoryW
GetSystemDirectoryW
FileTimeToLocalFileTime
GetDateFormatW
WideCharToMultiByte
lstrlenW
GetCurrentProcess
LockResource
EnumResourceNamesW
WritePrivateProfileStringW
GetPrivateProfileIntW
GetPrivateProfileStringW
GetStdHandle
GetDriveTypeW
DeleteFileW

user32

ChildWindowFromPoint
GetDC
ReleaseDC
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
SetWindowPos
GetWindow
SendDlgItemMessageW
EndDialog
GetDlgItem
DrawFrameControl
SetWindowTextW
UpdateWindow
SendMessageW
InvalidateRect
SetDlgItemTextW
GetWindowRect
GetDlgItemTextW
SetWindowLongPtrW
GetDlgItemInt
GetWindowPlacement
GetSystemMetrics
SetDlgItemInt
EndPaint
DeferWindowPos
BeginPaint
CreateWindowExW
GetClientRect
SetMenu
TranslateAcceleratorW
GetForegroundWindow
LoadAcceleratorsW
DefWindowProcW
RegisterClassW
PostMessageW
MessageBoxW
LoadImageW
DestroyIcon
GetSysColor
SetWindowLongW
GetWindowLongW
BeginDeferWindowPos
EndDeferWindowPos
SetFocus
GetParent
KillTimer
SetTimer
OpenClipboard
GetClassNameW
GetSubMenu
CheckMenuItem
GetMenuItemCount
SetClipboardData
EnableWindow
GetCursorPos
MapWindowPoints
GetMenuStringW
CloseClipboard
MoveWindow
GetMenu
EmptyClipboard
EnableMenuItem
GetDesktopWindow
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
CreateDialogParamW
DialogBoxParamW
EnumChildWindows
LoadStringW
LoadIconW
GetKeyState
DispatchMessageW
RegisterWindowMessageW
IsDialogMessageW
TrackPopupMenu
PostQuitMessage
TranslateMessage
GetMessageW
DrawTextExW
MonitorFromWindow
GetMonitorInfoW
SetForegroundWindow

gdi32

DeleteDC
SetPixel
GetObjectW
CreateFontIndirectW
GetDeviceCaps
SetBkMode
DeleteObject
GetPixel
SetTextColor
GetTextExtentPoint32W
GetStockObject
SetBkColor
SetStretchBltMode
CreateCompatibleBitmap
StretchBlt
SelectObject
CreateCompatibleDC

comdlg32

ChooseFontW
FindTextW
GetSaveFileNameW

advapi32

OpenProcessToken
GetTokenInformation

shell32

SHGetFileInfoW
ShellExecuteW
ShellExecuteExW
Shell_NotifyIconW

ole32

CoSetProxyBlanket
CoInitialize
CoUninitialize
CoCreateInstance

oleaut32

VariantClear
SafeArrayDestroy
SafeArrayPutElement
SysAllocString
SafeArrayCreate
SysFreeString

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.txt/WinPrefetchView.exe
.exe windows:4 windows x64 arch:x64

89421e1903928ddf253a9167e7b060ae

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

Issuer

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-09-2019 00:00

Not After

09-09-2023 23:59

Subject

CN=Nir Sofer,O=Nir Sofer,POSTALCODE=7135117,STREET=Dakar 21\, Unit 82,L=Lod,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-11-2018 00:00

Not After

31-12-2030 23:59

Subject

CN=Sectigo RSA Code Signing CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:cd:71:53:7c:7a:f0:f6:c0:04:a5:23:78:6c:fe:79:4f:87:5a:63:96:46:51:60:0c:56:02:a3:0d:4a:25:99
Signer

Actual PE Digest

3e:cd:71:53:7c:7a:f0:f6:c0:04:a5:23:78:6c:fe:79:4f:87:5a:63:96:46:51:60:0c:56:02:a3:0d:4a:25:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

f:\Projects\VS2005\WinPrefetchView\x64\Release\WinPrefetchView.pdb

Imports

msvcrt

_initterm
__wgetmainargs
_wcmdln
exit
_cexit
_exit
_c_exit
_XcptFilter
__setusermatherr
_onexit
__dllonexit
strlen
qsort
_wcslwr
wcstoul
wcsrchr
wcscmp
_ultow
_memicmp
_commode
_fmode
__set_app_type
__C_specific_handler
malloc
_wcsicmp
free
modf
wcschr
memcmp
??3@YAXPEAX@Z
??2@YAPEAX_K@Z
memcpy
wcslen
_itow
_wcsnicmp
_purecall
_wtoi
wcscpy
memset
_snwprintf
wcsncat
wcscat

comctl32

ord17
ImageList_AddMasked
ImageList_SetImageCount
ImageList_Create
CreateStatusWindowW
CreateToolbarEx

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

kernel32

GetDriveTypeW
GetVolumeInformationW
QueryDosDeviceW
GetLongPathNameW
GetLogicalDrives
GetCurrentProcessId
ExitProcess
OpenProcess
EnumResourceTypesW
GetStartupInfoW
GlobalAlloc
ReadProcessMemory
GetCurrentProcess
SetErrorMode
GlobalFree
CompareFileTime
SystemTimeToFileTime
LoadLibraryW
FileTimeToSystemTime
GetProcAddress
FreeLibrary
SystemTimeToTzSpecificLocalTime
CreateFileW
LoadLibraryExW
CloseHandle
GetSystemDirectoryW
GetWindowsDirectoryW
FileTimeToLocalFileTime
WideCharToMultiByte
lstrlenW
LocalFree
GetNumberFormatW
LockResource
lstrcpyW
GetDateFormatW
GlobalUnlock
GetTempFileNameW
GetLocaleInfoW
GetTempPathW
GlobalLock
GetFileSize
SizeofResource
FormatMessageW
FindFirstFileW
GetLastError
GetVersionExW
GetModuleHandleW
GetTimeFormatW
FindNextFileW
GetFileAttributesW
FindClose
WriteFile
FindResourceW
ReadFile
LoadResource
GetModuleFileNameW
MapViewOfFile
UnmapViewOfFile
CreateFileMappingW
WritePrivateProfileStringW
GetPrivateProfileIntW
EnumResourceNamesW
GetPrivateProfileStringW
DeleteFileW

user32

FillRect
SetCapture
ReleaseCapture
RegisterClipboardFormatW
DrawTextExW
ChildWindowFromPoint
SetCursor
LoadCursorW
GetSysColorBrush
ShowWindow
SetWindowTextW
DispatchMessageW
UpdateWindow
SetDlgItemTextW
BeginPaint
GetDlgItemTextW
GetClientRect
GetSystemMetrics
DeferWindowPos
CreateWindowExW
SendDlgItemMessageW
EndDialog
GetWindowRect
GetDlgItem
GetDlgItemInt
InvalidateRect
EndPaint
GetWindow
DrawFrameControl
GetWindowPlacement
LoadAcceleratorsW
DefWindowProcW
PostMessageW
SendMessageW
RegisterClassW
MessageBoxW
TranslateAcceleratorW
SetWindowPlacement
SetMenu
LoadImageW
SetWindowLongW
GetWindowLongW
EndDeferWindowPos
BeginDeferWindowPos
SetFocus
CloseClipboard
GetMenu
GetParent
EmptyClipboard
MoveWindow
EnableMenuItem
GetDC
OpenClipboard
ReleaseDC
GetClassNameW
GetSubMenu
CheckMenuItem
GetMenuItemCount
SetClipboardData
GetCursorPos
EnableWindow
MapWindowPoints
GetSysColor
GetMenuStringW
ScreenToClient
DestroyWindow
GetWindowTextW
LoadMenuW
ModifyMenuW
GetMenuItemInfoW
GetDlgCtrlID
DestroyMenu
DialogBoxParamW
CreateDialogParamW
EnumChildWindows
LoadStringW
SetWindowPos
LoadIconW
DestroyIcon
GetFocus
RegisterWindowMessageW
TrackPopupMenu
PostQuitMessage
GetMessageW
IsDialogMessageW
TranslateMessage
SetDlgItemInt

gdi32

DeleteObject
GetStockObject
GetTextExtentPoint32W
SetBkColor
GetDeviceCaps
PatBlt
SelectObject
CreateSolidBrush
SetTextColor
CreateFontIndirectW
SetBkMode

comdlg32

FindTextW
GetSaveFileNameW

shell32

SHGetMalloc
SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteW
SHGetPathFromIDListW

ole32

CoUninitialize
CoInitialize

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.txt/tcpview64.exe
.exe windows:6 windows x64 arch:x64

5e3837ab1131c4430d2981643ad233ba

Code Sign

33:00:00:01:df:6b:f0:2e:92:a7:4a:b4:d0:00:00:00:00:01:df
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15-12-2020 21:31

Not After

02-12-2021 21:31

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08-07-2011 20:59

Not After

08-07-2026 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ce:14:ca:3a:e1:6d:97:f2:14:51:b5:87:37:6d:5e:94:cd:21:9e:a0:4c:20:f6:53:7c:fb:e9:98:62:f3:ec:82
Signer

Actual PE Digest

ce:14:ca:3a:e1:6d:97:f2:14:51:b5:87:37:6d:5e:94:cd:21:9e:a0:4c:20:f6:53:7c:fb:e9:98:62:f3:ec:82

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\1\s\exe\x64\Release\TcpView64.pdb

Imports

kernel32

CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
FreeLibrary
LoadLibraryExA
LoadLibraryExW
TrySubmitThreadpoolCallback
MultiByteToWideChar
WideCharToMultiByte
LocalFree
FormatMessageW
GetDateFormatW
GetTimeFormatW
GetLocaleInfoW
GetNumberFormatEx
GetCommandLineW
CreateDirectoryW
SetThreadPriority
SetPriorityClass
GetModuleFileNameA
GetModuleHandleExW
LoadLibraryW
lstrcmpW
DecodePointer
QueryFullProcessImageNameW
CreateToolhelp32Snapshot
Process32FirstW
Process32NextW
GetCurrentProcessId
lstrcmpiW
CreateThread
TerminateThread
GetSystemTimeAsFileTime
FileTimeToLocalFileTime
GetTickCount64
FileTimeToSystemTime
WriteConsoleW
ReadConsoleW
ReadFile
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetFilePointerEx
GetFileSizeEx
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetOEMCP
GetFileSize
GetThreadContext
FindNextFileW
FindFirstFileExW
FindClose
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
LCMapStringW
CompareStringW
GetFileType
SetConsoleCtrlHandler
GetStdHandle
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InterlockedFlushSList
RtlPcToFileHeader
RtlUnwindEx
QueryPerformanceCounter
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
CreateEventW
WaitForSingleObjectEx
ResetEvent
SetEvent
InitializeCriticalSectionAndSpinCount
GetCPInfo
CompareStringEx
GetLocaleInfoEx
LCMapStringEx
TryAcquireSRWLockShared
TryAcquireSRWLockExclusive
AcquireSRWLockShared
AcquireSRWLockExclusive
ReleaseSRWLockShared
ReleaseSRWLockExclusive
GetStringTypeW
FormatMessageA
InterlockedPushEntrySList
InterlockedPopEntrySList
InitializeSListHead
EncodePointer
OutputDebugStringW
IsDebuggerPresent
SetFilePointer
DebugBreak
VirtualQuery
VirtualFree
VirtualProtect
VirtualAlloc
FlushInstructionCache
GetACP
SuspendThread
IsWow64Process
WriteProcessMemory
ReadProcessMemory
VirtualQueryEx
VirtualProtectEx
VirtualAllocEx
OpenProcess
CreateProcessW
CreateProcessA
ResumeThread
GetExitCodeProcess
TerminateProcess
ExitProcess
WaitForSingleObject
GetEnvironmentVariableW
GetEnvironmentVariableA
VerifyVersionInfoW
lstrlenW
GetCurrentThread
CloseHandle
GetTempPathW
WriteFile
CreateFileW
VerSetConditionMask
GetModuleFileNameW
GetCurrentThreadId
RtlUnwind
DeleteCriticalSection
InitializeCriticalSectionEx
SetThreadContext
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
WritePrivateProfileStructW
GetPrivateProfileStructW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetFileAttributesW
GetProcAddress
GetModuleHandleW
GetCurrentProcess
FindResourceW
SizeofResource
LockResource
LoadResource
FindResourceExW
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
RaiseException
GlobalLock
GlobalUnlock
IsValidCodePage
GlobalAlloc

user32

RemoveMenu
AppendMenuW
GetMenuItemID
GetSubMenu
CreatePopupMenu
LoadMenuW
LoadAcceleratorsW
GetKeyState
CharNextW
CharLowerW
PostQuitMessage
GetMessagePos
PeekMessageW
DispatchMessageW
TranslateMessage
GetMessageW
DrawFrameControl
SetMenuDefaultItem
LoadStringA
LoadIconW
SetRectEmpty
DestroyIcon
MonitorFromPoint
UnhookWindowsHookEx
MessageBoxW
LockWindowUpdate
GetMenuItemInfoW
ModifyMenuW
GetMenuItemCount
GetMenuStringW
SetMenu
GetMenu
TranslateAcceleratorW
GetActiveWindow
GetDlgCtrlID
DialogBoxParamW
GetWindowDC
MessageBeep
GetCursorPos
ScreenToClient
DrawEdge
WindowFromPoint
GetWindowThreadProcessId
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
SendMessageW
DestroyMenu
CheckMenuRadioItem
EnableWindow
GetScrollInfo
CreateDialogParamW
SetWindowPlacement
GetWindowPlacement
DestroyWindow
IsMenu
IsWindow
LoadStringW
GetMonitorInfoW
MonitorFromWindow
SetMenuItemInfoW
GetSysColor
LoadImageW
DrawIconEx
GetIconInfo
DefWindowProcW
CallWindowProcW
UnregisterClassW
GetWindow
MapWindowPoints
GetWindowRect
SetDlgItemTextW
EndDialog
GetAncestor
SystemParametersInfoW
RegisterWindowMessageW
RegisterClassExW
GetClassInfoExW
CreateWindowExW
SetFocus
GetFocus
SetTimer
KillTimer
DrawTextW
BeginPaint
EndPaint
InvalidateRect
SetWindowTextW
GetWindowTextW
GetWindowTextLengthW
GetClientRect
GetWindowLongPtrW
SetWindowLongPtrW
GetParent
SetScrollInfo
CallNextHookEx
SetWindowsHookExW
GetClassNameW
SetWindowLongW
GetWindowLongW
PtInRect
OffsetRect
InflateRect
CopyRect
FrameRect
FillRect
DrawFocusRect
ShowScrollBar
SetScrollPos
ValidateRect
ReleaseDC
GetDC
UpdateWindow
TrackPopupMenuEx
GetSystemMetrics
IsWindowEnabled
ReleaseCapture
SetCapture
GetDlgItem
IsWindowVisible
SetWindowPos
MoveWindow
ShowWindow
IsChild
PostMessageW
GetSysColorBrush
LoadCursorW

gdi32

PatBlt
ExcludeClipRect
Polyline
SetBrushOrgEx
CreatePatternBrush
CreateBitmap
CreateDIBSection
GetCurrentObject
Polygon
TextOutW
MoveToEx
GetTextMetricsW
SetTextAlign
LineTo
GetStockObject
CreatePen
CreateSolidBrush
GetObjectW
SetTextColor
SetBkMode
CreateFontIndirectW
SetViewportOrgEx
ExtTextOutW
SetBkColor
SelectObject
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
DeleteObject
DeleteDC

comdlg32

ChooseFontW
GetSaveFileNameW
GetOpenFileNameW

advapi32

OpenTraceW
GetTokenInformation
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
CloseTrace
ProcessTrace
OpenProcessToken
ControlTraceW
StartTraceW

shell32

ExtractIconExW
SHGetFolderPathW
ShellExecuteW
SHGetStockIconInfo
ExtractIconW

ole32

CoUninitialize
CoCreateInstance
CoTaskMemAlloc
CoInitialize
CoTaskMemFree
CoTaskMemRealloc

oleaut32

SysFreeString
VarUI4FromStr

comctl32

ImageList_Create
ImageList_Destroy
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_DrawIndirect
CreateStatusWindowW
InitCommonControlsEx
ImageList_Draw

uxtheme

IsThemeActive
IsAppThemed
SetWindowTheme

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

iphlpapi

GetOwnerModuleFromTcpEntry
GetExtendedUdpTable
GetOwnerModuleFromUdpEntry
GetOwnerModuleFromTcp6Entry
GetOwnerModuleFromUdp6Entry
SetTcpEntry
GetExtendedTcpTable

ws2_32

getservbyport
gethostname
WSAStartup
send
getaddrinfo
htons
connect
closesocket
ntohs
WSAGetLastError
freeaddrinfo
recv
GetNameInfoW
socket

tdh

TdhGetEventInformation
TdhGetPropertySize

Sections

.text
Size: 906KB - Virtual size: 906KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 204KB - Virtual size: 203KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 72B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 83KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.txt/zipinst.exe
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 60KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 33KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.txt/💀Death💀Run Scan.exe
.exe windows:6 windows x64 arch:x64

0836b5cec702c746a60ff8b9ec2bcb91

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Users\Zack\source\repos\ion\x64\Release\ion.pdb

Imports

kernel32

VirtualQueryEx
ReadProcessMemory
CloseHandle
OpenProcess
GetStdHandle
GetCurrentProcess
SetConsoleTextAttribute
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetModuleHandleW
RtlCaptureContext

advapi32

AdjustTokenPrivileges
CloseServiceHandle
LookupPrivilegeValueA
OpenSCManagerA
OpenProcessToken
QueryServiceStatusEx
OpenServiceA

msvcp140

?ignore@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@_JH@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?_Xlength_error@std@@YAXPEBD@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

vcruntime140_1

__CxxFrameHandler4

vcruntime140

memmove
memset
_CxxThrowException
__C_specific_handler
__current_exception_context
__current_exception
__std_terminate
__std_exception_copy
__std_exception_destroy
memcpy
memchr
memcmp

api-ms-win-crt-filesystem-l1-1-0

_stat64i32

api-ms-win-crt-runtime-l1-1-0

_register_onexit_function
__p___argv
_initialize_onexit_table
_crt_atexit
_cexit
_c_exit
_exit
exit
_initterm_e
_initterm
_get_initial_narrow_environment
_initialize_narrow_environment
_configure_narrow_argv
_set_app_type
_seh_filter_exe
terminate
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
__p___argc

api-ms-win-crt-heap-l1-1-0

free
_set_new_mode
_callnewh
malloc

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-stdio-l1-1-0

_set_fmode
__p__commode

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 488B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 80B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ACCESS[PAID]/Void Screenshare - Access [PAID] - leaked-txt [1153772131692331040].html
.html .js polyglot
ACCESS[PAID]/Void Screenshare - Access [PAID] - leaks [1153774314559119411].html
.html .js polyglot
ACCESS[PAID]/Void Screenshare - Access [PAID] - looking-for-account-reviewers [1166444668314193990].html
.html .js polyglot
ACCESS[PAID]/Void Screenshare - Access [PAID] - suggestions [1153771123880771735].html
.html .js polyglot
ADVANCED ACCESS/Void Screenshare - Advanced access - autoparse [1184205407766454363].html
.html .js polyglot
ADVANCED ACCESS/Void Screenshare - Advanced access - bug-finder [1163329987177349250].html
.html .js polyglot
ADVANCED ACCESS/Void Screenshare - Advanced access - disk-investigator [1145219808602890300].html
.html .js polyglot
ADVANCED ACCESS/Void Screenshare - Advanced access - dps-dumper [1163332006042677379].html
.html .js polyglot
ADVANCED ACCESS/Void Screenshare - Advanced access - encrypted-files [1155323617018650717].html
.html .js polyglot
ADVANCED ACCESS/Void Screenshare - Advanced access - event-log [1156740644266573854].html
.html .js polyglot
ADVANCED ACCESS/Void Screenshare - Advanced access - fat32 [1156063428608266291].html
.html .js polyglot
ADVANCED ACCESS/Void Screenshare - Advanced access - notepad-artifact [1220486772098732134].html
.html .js polyglot
ADVANCED ACCESS/Void Screenshare - Advanced access - registry-analysis [1156073525422075926].html
.html .js polyglot
ADVANCED ACCESS/Void Screenshare - Advanced access - size-scanner-tool [1165816660096192513].html
.html .js polyglot
ADVANCED ACCESS/Void Screenshare - Advanced access - usb-tool [1157426374953402509].html
.html .js polyglot
ADVANCED ACCESS/Void Screenshare - Advanced access - voidss-multitool [1155367069047586956].html
.html .js polyglot
ADVANCED MEMORY FORENSICS/Void Screenshare - Advanced Memory Forensics - transacted-hollowing [1155316924784324668].html
.html .js polyglot
BASIC/Void Screenshare - basic - bamhistory [1139397414491533373].html
.html .js polyglot
BASIC/Void Screenshare - basic - cmd [1140205448830656522].html
.html .js polyglot
BASIC/Void Screenshare - basic - control-panel [1139402735800828034].html
.html .js polyglot
BASIC/Void Screenshare - basic - crashdumps [1164292535309582447].html
.html .js polyglot
BASIC/Void Screenshare - basic - data-usage [1139403370193502279].html
.html .js polyglot
BASIC/Void Screenshare - basic - encrypted-disks [1140585164284628992].html
.html .js polyglot
BASIC/Void Screenshare - basic - hidden-folders [1140206309376012318].html
.html .js polyglot
BASIC/Void Screenshare - basic - process-hacker [1139401328804757585].html
.html .js polyglot
BASIC/Void Screenshare - basic - regex [1139399487408848906].html
.html .js polyglot
BASIC/Void Screenshare - basic - removed-partition [1139447299341287556].html
.html .js polyglot
BASIC/Void Screenshare - basic - restore-point [1139401383687241788].html
.html .js polyglot
BASIC/Void Screenshare - basic - usb-findings [1139397007396577311].html
.html .js polyglot
DLL DETECTIONS/Void Screenshare - DLL detections - hidden-services [1189320337385599036].html
.html .js polyglot
DLL DETECTIONS/Void Screenshare - DLL detections - skript-driver [1191254799790919751].html
.html .js polyglot
DLL DETECTIONS/Void Screenshare - DLL detections - susano [1188309905698988072].html
.html .js polyglot
DLL DETECTIONS/Void Screenshare - DLL detections - unloaded-dlls [1189320991902539897].html
.html .js polyglot
GUIDES/Void Screenshare - Guides - kernel-dumping [1149391723848540291].html
.html .js polyglot
GUIDES/Void Screenshare - Guides - memory-forensics [1149391163904766154].html
.html .js polyglot
MEMORY FORENSICS GUIDE/Void Screenshare - Memory Forensic Guides - edr [1155951541254111242].html
.html .js polyglot
MEMORY FORENSICS GUIDE/Void Screenshare - Memory Forensic Guides - injection-types [1155314065221095535].html
.html .js polyglot
MEMORY FORENSICS GUIDE/Void Screenshare - Memory Forensic Guides - introduction [1155312127368777749].html
.html .js polyglot
MEMORY FORENSICS GUIDE/Void Screenshare - Memory Forensic Guides - memproc-auto [1156116254243958814].html
.html .js polyglot
MEMORY FORENSICS GUIDE/Void Screenshare - Memory Forensic Guides - sans [1156332785938739200].html
.html .js polyglot
MEMORY FORENSICS GUIDE/Void Screenshare - Memory Forensic Guides - volatility [1156117419954294836].html
.html .js polyglot
STANDARD ACCESS/Void Screenshare - Standard Access - browser [1142237497154359366].html
.html .js polyglot
STANDARD ACCESS/Void Screenshare - Standard Access - cmd [1142239206610051143].html
.html .js polyglot
STANDARD ACCESS/Void Screenshare - Standard Access - event-viewer [1142331894508290138].html
.html .js polyglot
STANDARD ACCESS/Void Screenshare - Standard Access - journal-deletion [1142247411817926806].html
.html .js polyglot
STANDARD ACCESS/Void Screenshare - Standard Access - nirsoft-programs [1142331247914397797].html
.html .js polyglot
STANDARD ACCESS/Void Screenshare - Standard Access - powershell [1142239058383360020].html
.html .js polyglot
STANDARD ACCESS/Void Screenshare - Standard Access - processhacker [1142237975577624717].html
.html .js polyglot
STANDARD ACCESS/Void Screenshare - Standard Access - regedit [1142236873939484692].html
.html .js polyglot
STANDARD ACCESS/Void Screenshare - Standard Access - run [1142237196703764650].html
.html .js polyglot
STANDARD ACCESS/Void Screenshare - Standard Access - standard-access [1142235815511076954].html
.html .js polyglot
STANDARD ACCESS/Void Screenshare - Standard Access - systeminformer [1195041817952010240].html
.html .js polyglot
STANDARD ACCESS/Void Screenshare - Standard Access - usb [1142239674191073381].html
.html .js polyglot
STANDARD ACCESS/Void Screenshare - Standard Access - virus [1142239436218835075].html
.html .js polyglot
TOOLS/Void Screenshare - tools - anydesk-fix [1139540199152566322].html
.html .js polyglot
TOOLS/Void Screenshare - tools - cache [1155267092254314517].html
.html .js polyglot
TOOLS/Void Screenshare - tools - cache-programs [1146633828362879126].html
.html .js polyglot
TOOLS/Void Screenshare - tools - event-logs [1146693689352147096].html
.html .js polyglot
TOOLS/Void Screenshare - tools - everything [1140590052108415067].html
.html .js polyglot
TOOLS/Void Screenshare - tools - guardian-string-scanner [1139599094038413382].html
.html .js polyglot
TOOLS/Void Screenshare - tools - journal-trace [1139530215199084595].html
.html .js polyglot
TOOLS/Void Screenshare - tools - last-activity-view [1139524241545494528].html
.html .js polyglot
TOOLS/Void Screenshare - tools - lsass [1139453719218491443].html
.html .js polyglot
TOOLS/Void Screenshare - tools - lsass-filter [1165397743720730654].html
.html .js polyglot
TOOLS/Void Screenshare - tools - maceta [1139530535279022190].html
.html .js polyglot
TOOLS/Void Screenshare - tools - pcasvc [1139405218732318740].html
.html .js polyglot
TOOLS/Void Screenshare - tools - regedit [1139524857869127780].html
.html .js polyglot
TOOLS/Void Screenshare - tools - service-execution [1139540724581408950].html
.html .js polyglot
TOOLS/Void Screenshare - tools - themida-detector [1184019855469445163].html
.html .js polyglot
TOOLS/Void Screenshare - tools - win-def-threats [1139532790292041728].html
.html .js polyglot
TOOLS/Void Screenshare - tools - win-prefetch-view [1139525140795904001].html
.html .js polyglot
TOOLS/Void Screenshare - tools - windows-defender [1151583670767984700].html
.html .js polyglot
TOOLS/Void Screenshare - tools - xy-strings [1206987042236665967].html
.html .js polyglot

Sharing

General

Malware Config

Signatures

Files

d5309dcabae4629d63f2b007b4cd884b

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

59:12:0b:0c:86:d6:98:a5:84:46:4e:b2:67:cc:c3:0e:ae:77:65:ee:21:8f:e3:48:b8:5c:fe:0b:af:c0:dd:6aSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

Sections

.text Size: 74KB - Virtual size: 73KB

.rdata Size: 18KB - Virtual size: 17KB

.data Size: 1KB - Virtual size: 7KB

.pdata Size: 3KB - Virtual size: 3KB

.rsrc Size: 21KB - Virtual size: 20KB

5ac915ae42a52a330ec9dcb68992769b

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

Key Usages

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6aCertificate

Extended Key Usages

Key Usages

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6bCertificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

32:02:f6:25:3e:92:47:c0:cf:a4:c2:ec:1e:b9:f0:01:61:11:1d:66:b9:61:10:a8:79:fa:93:b3:22:78:d6:24Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

msvcrt

comctl32

version

kernel32

user32

gdi32

comdlg32

advapi32

shell32

ole32

Sections

.text Size: 362KB - Virtual size: 361KB

.rdata Size: 55KB - Virtual size: 54KB

.data Size: 9KB - Virtual size: 16KB

.pdata Size: 13KB - Virtual size: 12KB

.rsrc Size: 27KB - Virtual size: 26KB

daf276dae3c58a9d5ac9457ad075a152

Code Sign

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7Certificate

Extended Key Usages

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

59:12:0b:0c:86:d6:98:a5:84:46:4e:b2:67:cc:c3:0e:ae:77:65:ee:21:8f:e3:48:b8:5c:fe:0b:af:c0:dd:6a
Signer

.text
Size: 74KB - Virtual size: 73KB

.rdata
Size: 18KB - Virtual size: 17KB

.data
Size: 1KB - Virtual size: 7KB

.pdata
Size: 3KB - Virtual size: 3KB

.rsrc
Size: 21KB - Virtual size: 20KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

32:02:f6:25:3e:92:47:c0:cf:a4:c2:ec:1e:b9:f0:01:61:11:1d:66:b9:61:10:a8:79:fa:93:b3:22:78:d6:24
Signer

.text
Size: 362KB - Virtual size: 361KB

.rdata
Size: 55KB - Virtual size: 54KB

.data
Size: 9KB - Virtual size: 16KB

.pdata
Size: 13KB - Virtual size: 12KB

.rsrc
Size: 27KB - Virtual size: 26KB

f7:a0:a7:30:c8:7d:94:cd:83:02:e3:ea:7f:66:1b:b7
Certificate

1d:a2:48:30:6f:9b:26:18:d0:82:e0:96:7d:33:d3:6a
Certificate

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

2b:62:0b:3f:58:e5:d3:15:11:6f:a4:41:3d:0e:3d:24:33:d4:e0:ed:48:2d:53:3a:4e:34:73:23:5b:07:0f:12
Signer

.text
Size: 457KB - Virtual size: 457KB

.rdata
Size: 42KB - Virtual size: 42KB

.data
Size: 5KB - Virtual size: 11KB

.rsrc
Size: 44KB - Virtual size: 44KB

UPX0
Size: - Virtual size: 64KB

UPX1
Size: 28KB - Virtual size: 32KB

.rsrc
Size: 6KB - Virtual size: 8KB

.text
Size: 45KB - Virtual size: 45KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 5KB - Virtual size: 9KB

.rsrc
Size: 12KB - Virtual size: 12KB

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

1a:f0:66:0e:83:7a:35:a2:cd:92:ec:61:3f:c1:5d:b8
Certificate

eb:92:d0:76:1a:1f:ce:64:36:38:d9:f0:c3:5a:e9:55:0a:6f:37:92
Signer