a8cd6d301e38e573945e8ff76707ebc9_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

a8cd6d301e38e573945e8ff76707ebc9_JaffaCakes118
Size

10.8MB
MD5

a8cd6d301e38e573945e8ff76707ebc9
SHA1

3d3d43aa170ef6435206de76443aa4b746fd0a44
SHA256

89b74fa66ee69fec1419c6bdc346e38aa7be50ad752df76a53d185ac2e53cbb0
SHA512

5d37346ac4137e689cdf61850e240d9e6bad82571991414a783d7ceda108c52036afd87eacdd437c70d55af7a42a262651316b9c14015457ff5fe9ec7bb7f411
SSDEEP

196608:KHd7Xrv6ajXjOpcQ2JySIyfdDWpxUkd+aOCEd1+WybuVUxlZ7ppv++uA:47XtjXjOBiyJ6YphdQLuWXC7Rh

Score

3^/10

Malware Config

Signatures

Unsigned PE 38 IoCs

Checks for missing Authenticode signature.

resource
unpack001/BIN/EncryptCredentials.exe
unpack001/BIN/TwitterAuthorizeTool.exe
unpack001/BouncyCastle.Crypto.dll
unpack001/CsXmpToolkit.dll
unpack001/DDay.Collections.dll
unpack001/DDay.iCal.dll
unpack001/DevDefined.OAuth.dll
unpack001/ExifUtils.dll
unpack001/FreeImage.dll
unpack001/FreeImageNET.dll
unpack001/HarePoint.Activities.dll
unpack001/HarePointWorkflowExtensions.dll
unpack001/HtmlAgilityPack.dll
unpack001/HtmlToOpenXml.dll
unpack001/Interop.ActiveDs.dll
unpack001/MAPILab.MsgFileFormat.dll
unpack001/MAPILab.PDFProcessing.dll
unpack001/MailChimp.dll
unpack001/Microsoft.Deployment.Compression.Cab.dll
unpack001/Microsoft.Deployment.Compression.dll
unpack001/NCalc.dll
unpack001/Newtonsoft.Json.dll
unpack001/OpenMcdf.dll
unpack001/OpenXmlPowerTools.dll
unpack001/Rebex.Common.dll
unpack001/Rebex.Imap.dll
unpack001/Rebex.Mail.dll
unpack001/Rebex.Networking.dll
unpack001/Rebex.Pop3.dll
unpack001/ServiceStack.Text.dll
unpack001/Twitterizer2.dll
unpack001/XmpToolkit.dll
unpack001/antlr.runtime.dll
unpack001/css2xpath.dll
unpack001/itextsharp.dll
unpack001/jabber-net.dll
unpack001/netlib.Dns.dll
unpack001/zlib.net.dll

Files

a8cd6d301e38e573945e8ff76707ebc9_JaffaCakes118
.cab
1025/Workflow/HarePointActivities.Actions
.xml
1026/Workflow/HarePointActivities.Actions
.xml
1027/Workflow/HarePointActivities.Actions
.xml
1028/Workflow/HarePointActivities.Actions
.xml
1029/Workflow/HarePointActivities.Actions
.xml
1030/Workflow/HarePointActivities.Actions
.xml
1031/Workflow/HarePointActivities.Actions
.xml
1032/Workflow/HarePointActivities.Actions
.xml
1033/Workflow/HarePointActivities.Actions
.xml
1035/Workflow/HarePointActivities.Actions
.xml
1036/Workflow/HarePointActivities.Actions
.xml
1037/Workflow/HarePointActivities.Actions
.xml
1038/Workflow/HarePointActivities.Actions
.xml
1040/Workflow/HarePointActivities.Actions
.xml
1041/Workflow/HarePointActivities.Actions
.xml
1042/Workflow/HarePointActivities.Actions
.xml
1043/Workflow/HarePointActivities.Actions
.xml
1044/Workflow/HarePointActivities.Actions
.xml
1045/Workflow/HarePointActivities.Actions
.xml
1046/Workflow/HarePointActivities.Actions
.xml
1048/Workflow/HarePointActivities.Actions
.xml
1049/Workflow/HarePointActivities.Actions
.xml
1050/Workflow/HarePointActivities.Actions
.xml
1051/Workflow/HarePointActivities.Actions
.xml
1053/Workflow/HarePointActivities.Actions
.xml
1054/Workflow/HarePointActivities.Actions
.xml
1055/Workflow/HarePointActivities.Actions
.xml
1058/Workflow/HarePointActivities.Actions
.xml
1060/Workflow/HarePointActivities.Actions
.xml
1061/Workflow/HarePointActivities.Actions
.xml
1062/Workflow/HarePointActivities.Actions
.xml
1063/Workflow/HarePointActivities.Actions
.xml
1081/Workflow/HarePointActivities.Actions
.xml
1087/Workflow/HarePointActivities.Actions
.xml
2052/Workflow/HarePointActivities.Actions
.xml
2070/Workflow/HarePointActivities.Actions
.xml
2074/Workflow/HarePointActivities.Actions
.xml
3082/Workflow/HarePointActivities.Actions
.xml
BIN/EncryptCredentials.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\B\4\Sources\HarePoint Activities\EncodeCredentials\obj\x86\Release\EncryptCredentials.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 56KB - Virtual size: 56KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BIN/TwitterAuthorizeTool.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\B\4\Sources\HarePoint Activities\TwitterAuthorizeTool\obj\x86\Release\TwitterAuthorizeTool.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
BouncyCastle.Crypto.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CsXmpToolkit.dll
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\my\CsXmpToolkit\CsXmpToolkit\obj\x64\Release\CsXmpToolkit.pdb

Sections

.text
Size: 101KB - Virtual size: 101KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
DDay.Collections.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\oleshov\Desktop\DDay.iCal-master\DDay.Collections\DDay.Collections\obj\Release\DDay.Collections.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DDay.iCal.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\oleshov\Desktop\DDay.iCal-master\DDay.iCal\obj\Release\DDay.iCal.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 168KB - Virtual size: 168KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DevDefined.OAuth.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Garbage\DevDefined.OAuth-master\src\DevDefined.OAuth\obj\Release\DevDefined.OAuth.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DocumentFormat.OpenXml.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

61:05:f7:1e:00:00:00:00:00:32
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

13/07/2009, 23:00

Not After

13/10/2010, 23:10

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:04:b3:f5:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:13

Not After

25/07/2011, 19:23

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:9E78-864B-039D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

38:7e:46:8b:ba:bf:3e:97:e2:05:92:81:50:52:ba:50:4e:38:fb:1e
Signer

Actual PE Digest

38:7e:46:8b:ba:bf:3e:97:e2:05:92:81:50:52:ba:50:4e:38:fb:1e

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\oxapi\oxapiV0\src\ofapi\obj\Release\DocumentFormat.OpenXml.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ExifUtils.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FreeImage.dll
.dll windows:6 windows x64 arch:x64

ab53cf646a62452fcbbb6ff72dd39df2

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

vcomp120

_vcomp_enter_critsect
_vcomp_barrier
_vcomp_for_dynamic_init
_vcomp_for_dynamic_next
_vcomp_for_static_end
_vcomp_leave_critsect
omp_get_thread_num
_vcomp_fork
_vcomp_for_static_simple_init

ws2_32

htons
ntohl
ntohs
htonl

kernel32

RtlVirtualUnwind
SetEndOfFile
SetEnvironmentVariableA
WriteConsoleW
SetStdHandle
OutputDebugStringW
GetTimeZoneInformation
CreateFileW
GetFullPathNameW
PeekNamedPipe
GetFileInformationByHandle
FileTimeToLocalFileTime
FlushFileBuffers
LoadLibraryExW
FreeLibrary
GetModuleFileNameW
GetCurrentDirectoryW
GetProcAddress
LoadLibraryA
SetCurrentDirectoryW
IsBadReadPtr
OutputDebugStringA
GetTempFileNameA
GetTempPathA
DeleteFileA
ExitProcess
CreateFileA
GetFileSizeEx
CloseHandle
MapViewOfFile
UnmapViewOfFile
CreateFileMappingA
DebugBreak
WideCharToMultiByte
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetStringTypeW
GetLastError
HeapFree
HeapAlloc
ReadFile
HeapReAlloc
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FindClose
RtlUnwindEx
AreFileApisANSI
GetCommandLineA
GetCurrentThreadId
GetModuleHandleExW
IsProcessorFeaturePresent
FindFirstFileExW
GetDriveTypeW
RtlPcToFileHeader
RaiseException
RtlLookupFunctionEntry
GetCPInfo
RtlCaptureContext
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetProcessHeap
GetStdHandle
WriteFile
HeapSize
IsDebuggerPresent
IsValidCodePage
GetACP
GetOEMCP
GetConsoleMode
ReadConsoleW
GetConsoleCP
SetFilePointerEx
GetFileType
FindNextFileW
DeleteFileW
MoveFileExW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW

Exports

Exports

FreeImage_AcquireMemory
FreeImage_AdjustBrightness
FreeImage_AdjustColors
FreeImage_AdjustContrast
FreeImage_AdjustCurve
FreeImage_AdjustGamma
FreeImage_Allocate
FreeImage_AllocateEx
FreeImage_AllocateExT
FreeImage_AllocateHeader
FreeImage_AllocateHeaderForBits
FreeImage_AllocateHeaderT
FreeImage_AllocateT
FreeImage_AppendPage
FreeImage_ApplyColorMapping
FreeImage_ApplyPaletteIndexMapping
FreeImage_Clone
FreeImage_CloneMetadata
FreeImage_CloneTag
FreeImage_CloseMemory
FreeImage_CloseMultiBitmap
FreeImage_ColorQuantize
FreeImage_ColorQuantizeEx
FreeImage_Composite
FreeImage_ConvertFromRawBits
FreeImage_ConvertFromRawBitsEx
FreeImage_ConvertLine16To24_555
FreeImage_ConvertLine16To24_565
FreeImage_ConvertLine16To32_555
FreeImage_ConvertLine16To32_565
FreeImage_ConvertLine16To4_555
FreeImage_ConvertLine16To4_565
FreeImage_ConvertLine16To8_555
FreeImage_ConvertLine16To8_565
FreeImage_ConvertLine16_555_To16_565
FreeImage_ConvertLine16_565_To16_555
FreeImage_ConvertLine1To16_555
FreeImage_ConvertLine1To16_565
FreeImage_ConvertLine1To24
FreeImage_ConvertLine1To32
FreeImage_ConvertLine1To4
FreeImage_ConvertLine1To8
FreeImage_ConvertLine24To16_555
FreeImage_ConvertLine24To16_565
FreeImage_ConvertLine24To32
FreeImage_ConvertLine24To4
FreeImage_ConvertLine24To8
FreeImage_ConvertLine32To16_555
FreeImage_ConvertLine32To16_565
FreeImage_ConvertLine32To24
FreeImage_ConvertLine32To4
FreeImage_ConvertLine32To8
FreeImage_ConvertLine4To16_555
FreeImage_ConvertLine4To16_565
FreeImage_ConvertLine4To24
FreeImage_ConvertLine4To32
FreeImage_ConvertLine4To8
FreeImage_ConvertLine8To16_555
FreeImage_ConvertLine8To16_565
FreeImage_ConvertLine8To24
FreeImage_ConvertLine8To32
FreeImage_ConvertLine8To4
FreeImage_ConvertTo16Bits555
FreeImage_ConvertTo16Bits565
FreeImage_ConvertTo24Bits
FreeImage_ConvertTo32Bits
FreeImage_ConvertTo4Bits
FreeImage_ConvertTo8Bits
FreeImage_ConvertToFloat
FreeImage_ConvertToGreyscale
FreeImage_ConvertToRGB16
FreeImage_ConvertToRGBA16
FreeImage_ConvertToRGBAF
FreeImage_ConvertToRGBF
FreeImage_ConvertToRawBits
FreeImage_ConvertToStandardType
FreeImage_ConvertToType
FreeImage_ConvertToUINT16
FreeImage_Copy
FreeImage_CreateICCProfile
FreeImage_CreateTag
FreeImage_CreateView
FreeImage_DeInitialise
FreeImage_DeletePage
FreeImage_DeleteTag
FreeImage_DestroyICCProfile
FreeImage_Dither
FreeImage_EnlargeCanvas
FreeImage_FIFSupportsExportBPP
FreeImage_FIFSupportsExportType
FreeImage_FIFSupportsICCProfiles
FreeImage_FIFSupportsNoPixels
FreeImage_FIFSupportsReading
FreeImage_FIFSupportsWriting
FreeImage_FillBackground
FreeImage_FindCloseMetadata
FreeImage_FindFirstMetadata
FreeImage_FindNextMetadata
FreeImage_FlipHorizontal
FreeImage_FlipVertical
FreeImage_GetAdjustColorsLookupTable
FreeImage_GetBPP
FreeImage_GetBackgroundColor
FreeImage_GetBits
FreeImage_GetBlueMask
FreeImage_GetChannel
FreeImage_GetColorType
FreeImage_GetColorsUsed
FreeImage_GetComplexChannel
FreeImage_GetCopyrightMessage
FreeImage_GetDIBSize
FreeImage_GetDotsPerMeterX
FreeImage_GetDotsPerMeterY
FreeImage_GetFIFCount
FreeImage_GetFIFDescription
FreeImage_GetFIFExtensionList
FreeImage_GetFIFFromFilename
FreeImage_GetFIFFromFilenameU
FreeImage_GetFIFFromFormat
FreeImage_GetFIFFromMime
FreeImage_GetFIFMimeType
FreeImage_GetFIFRegExpr
FreeImage_GetFileType
FreeImage_GetFileTypeFromHandle
FreeImage_GetFileTypeFromMemory
FreeImage_GetFileTypeU
FreeImage_GetFormatFromFIF
FreeImage_GetGreenMask
FreeImage_GetHeight
FreeImage_GetHistogram
FreeImage_GetICCProfile
FreeImage_GetImageType
FreeImage_GetInfo
FreeImage_GetInfoHeader
FreeImage_GetLine
FreeImage_GetLockedPageNumbers
FreeImage_GetMemorySize
FreeImage_GetMetadata
FreeImage_GetMetadataCount
FreeImage_GetPageCount
FreeImage_GetPalette
FreeImage_GetPitch
FreeImage_GetPixelColor
FreeImage_GetPixelIndex
FreeImage_GetRedMask
FreeImage_GetScanLine
FreeImage_GetTagCount
FreeImage_GetTagDescription
FreeImage_GetTagID
FreeImage_GetTagKey
FreeImage_GetTagLength
FreeImage_GetTagType
FreeImage_GetTagValue
FreeImage_GetThumbnail
FreeImage_GetTransparencyCount
FreeImage_GetTransparencyTable
FreeImage_GetTransparentIndex
FreeImage_GetVersion
FreeImage_GetWidth
FreeImage_HasBackgroundColor
FreeImage_HasPixels
FreeImage_HasRGBMasks
FreeImage_Initialise
FreeImage_InsertPage
FreeImage_Invert
FreeImage_IsLittleEndian
FreeImage_IsPluginEnabled
FreeImage_IsTransparent
FreeImage_JPEGCrop
FreeImage_JPEGCropU
FreeImage_JPEGTransform
FreeImage_JPEGTransformCombined
FreeImage_JPEGTransformCombinedFromMemory
FreeImage_JPEGTransformCombinedU
FreeImage_JPEGTransformFromHandle
FreeImage_JPEGTransformU
FreeImage_Load
FreeImage_LoadFromHandle
FreeImage_LoadFromMemory
FreeImage_LoadMultiBitmapFromMemory
FreeImage_LoadU
FreeImage_LockPage
FreeImage_LookupSVGColor
FreeImage_LookupX11Color
FreeImage_MakeThumbnail
FreeImage_MovePage
FreeImage_MultigridPoissonSolver
FreeImage_OpenMemory
FreeImage_OpenMultiBitmap
FreeImage_OpenMultiBitmapFromHandle
FreeImage_OutputMessageProc
FreeImage_Paste
FreeImage_PreMultiplyWithAlpha
FreeImage_ReadMemory
FreeImage_RegisterExternalPlugin
FreeImage_RegisterLocalPlugin
FreeImage_Rescale
FreeImage_RescaleRect
FreeImage_Rotate
FreeImage_RotateClassic
FreeImage_RotateEx
FreeImage_Save
FreeImage_SaveMultiBitmapToHandle
FreeImage_SaveMultiBitmapToMemory
FreeImage_SaveToHandle
FreeImage_SaveToMemory
FreeImage_SaveU
FreeImage_SeekMemory
FreeImage_SetBackgroundColor
FreeImage_SetChannel
FreeImage_SetComplexChannel
FreeImage_SetDotsPerMeterX
FreeImage_SetDotsPerMeterY
FreeImage_SetMetadata
FreeImage_SetMetadataKeyValue
FreeImage_SetOutputMessage
FreeImage_SetOutputMessageStdCall
FreeImage_SetPixelColor
FreeImage_SetPixelIndex
FreeImage_SetPluginEnabled
FreeImage_SetTagCount
FreeImage_SetTagDescription
FreeImage_SetTagID
FreeImage_SetTagKey
FreeImage_SetTagLength
FreeImage_SetTagType
FreeImage_SetTagValue
FreeImage_SetThumbnail
FreeImage_SetTransparencyTable
FreeImage_SetTransparent
FreeImage_SetTransparentIndex
FreeImage_SwapColors
FreeImage_SwapPaletteIndices
FreeImage_TagToString
FreeImage_TellMemory
FreeImage_Threshold
FreeImage_TmoDrago03
FreeImage_TmoFattal02
FreeImage_TmoReinhard05
FreeImage_TmoReinhard05Ex
FreeImage_ToneMapping
FreeImage_Unload
FreeImage_UnlockPage
FreeImage_WriteMemory
FreeImage_ZLibCRC32
FreeImage_ZLibCompress
FreeImage_ZLibGUnzip
FreeImage_ZLibGZip
FreeImage_ZLibUncompress

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 136KB - Virtual size: 135KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
FreeImageNET.dll
.dll windows:4 windows x64 arch:x64

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Sections

.text
Size: 209KB - Virtual size: 208KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HarePoint.Activities.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HarePointWorkflowActivities_Activities/Feature.xml
HarePointWorkflowExtensions.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\B\4\Sources\HarePoint Activities\HarePointWorkflowActivities\obj\Release\HarePointWorkflowExtensions.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HtmlAgilityPack.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\SVN_CHECKOUT\htmlagilitypack\Trunk\HtmlAgilityPack\obj\Release\HtmlAgilityPack.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 129KB - Virtual size: 128KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HtmlToOpenXml.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Users\oleshov\Desktop\Html2OpenXml\obj\Release\HtmlToOpenXml.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Interop.ActiveDs.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 96KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MAPILab.MsgFileFormat.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\TFS\Shared Libraries\MsgFileFormat\MsgFileFormat\obj\Release\MAPILab.MsgFileFormat.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MAPILab.PDFProcessing.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\SharedLibrariesGit\MAPILab.PDFProcessing\MAPILab.PDFProcessing\obj\Release3.5\MAPILab.PDFProcessing.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 59KB - Virtual size: 58KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MailChimp.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Garbage\MailChimp.NET-1.1.0.1\MailChimp\obj\Release\MailChimp.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 153KB - Virtual size: 153KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Microsoft.Deployment.Compression.Cab.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\delivery\Dev\wix35_public\build\obj\ship\x86\compression.cab\Microsoft.Deployment.Compression.Cab.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 36KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Microsoft.Deployment.Compression.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\delivery\Dev\wix35_public\build\obj\ship\x86\compression\Microsoft.Deployment.Compression.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Microsoft.Exchange.Data.Common.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

61:04:4c:4b:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 22:41

Not After

22/01/2010, 22:51

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

34:95:8b:92:09:00:1f:2a:76:13:47:d5:1d:25:a5:80:79:ab:be:62
Signer

Actual PE Digest

34:95:8b:92:09:00:1f:2a:76:13:47:d5:1d:25:a5:80:79:ab:be:62

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\E12SP1HOT\target\dev\cts\common\retail\amd64\Microsoft.Exchange.Data.Common.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Microsoft.Exchange.Data.Transport.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

61:04:4c:4b:00:00:00:00:00:24
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/10/2008, 22:41

Not After

22/01/2010, 22:51

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:04:b3:f5:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:13

Not After

25/07/2011, 19:23

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:9E78-864B-039D,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:15:08:27:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

25/01/2006, 23:22

Not After

25/01/2017, 23:32

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

cf:7f:ab:6d:78:0a:4a:90:c9:64:bb:31:1e:41:38:fb:0e:cd:75:37
Signer

Actual PE Digest

cf:7f:ab:6d:78:0a:4a:90:c9:64:bb:31:1e:41:38:fb:0e:cd:75:37

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\08.01.0393\target\dev\edgeextensibility\core\retail\amd64\Microsoft.Exchange.Data.Transport.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 232KB - Virtual size: 229KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Microsoft.Exchange.WebServices.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

33:00:00:00:88:59:0e:3c:51:1f:e2:6a:67:00:01:00:00:00:88
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

26/07/2012, 20:50

Not After

26/10/2013, 20:50

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:02:8e:42:00:00:00:00:00:1f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

09/01/2012, 22:25

Not After

09/04/2013, 22:25

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

61:33:26:1a:00:00:00:00:00:31
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

31/08/2010, 22:19

Not After

31/08/2020, 22:29

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:08:e2:79:fa:0d:25:58:45:ea:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/07/2012, 00:14

Not After

07/10/2013, 00:14

Subject

CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:de:c5:30:c3:02:c9:c1:e2:59:c4:af:32:98:3a:ae:21:fd:1c:cb:78:75:0c:a2:77:1b:8c:b9:e3:5e:f2:4f
Signer

Actual PE Digest

9e:de:c5:30:c3:02:c9:c1:e2:59:c4:af:32:98:3a:ae:21:fd:1c:cb:78:75:0c:a2:77:1b:8c:b9:e3:5e:f2:4f

Digest Algorithm

sha256

PE Digest Matches

true

ee:95:7e:eb:fc:4d:ab:4e:b9:2c:c4:f9:11:1c:e0:81:64:ca:a6:94
Signer

Actual PE Digest

ee:95:7e:eb:fc:4d:ab:4e:b9:2c:c4:f9:11:1c:e0:81:64:ca:a6:94

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

f:\15.00.0516\target\dev\ewsmanagedapi\ewsmanagedapi\retail\amd64\Microsoft.Exchange.WebServices.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.0MB - Virtual size: 1.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
NCalc.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 188KB - Virtual size: 187KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Development\Releases\Json\Working\Src\Newtonsoft.Json\obj\Release\Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 300KB - Virtual size: 297KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenMcdf.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\TFS\Shared Libraries\OpenMcdf\obj\Release\OpenMcdf.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
OpenXmlPowerTools.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\oleshov\Desktop\OpenXml\Open-Xml-PowerTools-vNext\OpenXmlPowerTools.Net35\obj\Release\OpenXmlPowerTools.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 1.1MB - Virtual size: 1.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebex.Common.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\NPC\Rebex\2012R3-Source\source\vs2008-net-2.0-resigned-mpc\Common\obj\Release\Rebex.Common.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 324KB - Virtual size: 320KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebex.Imap.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\NPC\Rebex\2012R3-Source\source\vs2008-net-2.0-resigned-mpc\Imap\obj\Release\Rebex.Imap.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 220KB - Virtual size: 216KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebex.Mail.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\NPC\Rebex\2012R3-Source\source\vs2008-net-2.0-resigned-mpc\Mail\obj\Release\Rebex.Mail.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 392KB - Virtual size: 389KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebex.Networking.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\NPC\Rebex\2012R3-Source\source\vs2008-net-2.0-resigned-mpc\Networking\obj\Release\Rebex.Networking.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 320KB - Virtual size: 318KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Rebex.Pop3.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Projects\NPC\Rebex\2012R3-Source\source\vs2008-net-2.0-resigned-mpc\Pop3\obj\Release\Rebex.Pop3.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 96KB - Virtual size: 95KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ServiceStack.Text.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Garbage\ServiceStack.Text-3-snapshot\src\ServiceStack.Text\obj\Release\ServiceStack.Text.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Twitterizer2.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
XmpToolkit.dll
.dll windows:6 windows x64 arch:x64

fc71b55518d22f37dc27463ed9ba0691

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

kernel32

GetLastError
HeapAlloc
EncodePointer
DecodePointer
GetCommandLineA
GetCurrentThreadId
IsDebuggerPresent
IsProcessorFeaturePresent
ExitProcess
GetModuleHandleExW
GetProcAddress
MultiByteToWideChar
WideCharToMultiByte
GetStdHandle
WriteFile
GetModuleFileNameW
GetProcessHeap
HeapSize
RtlUnwindEx
HeapFree
RtlPcToFileHeader
RaiseException
SetLastError
GetFileType
DeleteCriticalSection
GetStartupInfoW
GetModuleFileNameA
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentStringsW
FreeEnvironmentStringsW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
CreateEventW
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
EnterCriticalSection
LeaveCriticalSection
LoadLibraryExW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
OutputDebugStringW
HeapReAlloc
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetStringTypeW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetStdHandle
SetFilePointerEx
WriteConsoleW
CloseHandle
CreateFileW
WaitForSingleObject
SetEvent
InitializeCriticalSection
GetTimeZoneInformation
ReadFile
ReadConsoleW
SetEnvironmentVariableA
SetEndOfFile
GetFileSizeEx
MoveFileW
DeleteFileW
FindFirstFileW
GetFileAttributesW
FindClose
FindNextFileW

Exports

Exports

Common_FreeString
Common_GetLastError
SetGlobalOptions
XMPFiles_CanPutXMP
XMPFiles_CloseFile
XMPFiles_Construct1
XMPFiles_Construct2
XMPFiles_Destruct
XMPFiles_GetFileInfo
XMPFiles_GetFormatInfo
XMPFiles_GetThumbnail
XMPFiles_GetVersionInfo
XMPFiles_GetXMP
XMPFiles_Initialize1
XMPFiles_Initialize2
XMPFiles_OpenFile
XMPFiles_PutXMP
XMPFiles_SetAbortProc
XMPFiles_Terminate
XMPIterator_Construct
XMPIterator_Destruct
XMPIterator_Next
XMPIterator_Skip
XMPMeta_AppendArrayItem
XMPMeta_Construct1
XMPMeta_Construct2
XMPMeta_DeleteAlias
XMPMeta_DeleteArrayItem
XMPMeta_DeleteNamespace
XMPMeta_DeleteProperty
XMPMeta_DeleteQualifier
XMPMeta_DeleteStructField
XMPMeta_Destruct
XMPMeta_DoesArrayItemExist
XMPMeta_DoesPropertyExist
XMPMeta_DoesQualifierExist
XMPMeta_DoesStructFieldExist
XMPMeta_DumpAliases
XMPMeta_DumpNamespaces
XMPMeta_DumpObject
XMPMeta_GetArrayItem
XMPMeta_GetGlobalOptions
XMPMeta_GetLocalizedText
XMPMeta_GetNamespacePrefix
XMPMeta_GetNamespaceURI
XMPMeta_GetProperty
XMPMeta_GetProperty_Bool
XMPMeta_GetProperty_Date
XMPMeta_GetProperty_Float
XMPMeta_GetProperty_Int
XMPMeta_GetProperty_Int64
XMPMeta_GetQualifier
XMPMeta_GetStructField
XMPMeta_GetVersionInfo
XMPMeta_Initialize
XMPMeta_ParseFromBuffer
XMPMeta_RegisterAlias
XMPMeta_RegisterNamespace
XMPMeta_RegisterStandardAliases
XMPMeta_ResolveAlias
XMPMeta_SerializeToBuffer1
XMPMeta_SerializeToBuffer2
XMPMeta_SetArrayItem
XMPMeta_SetLocalizedText
XMPMeta_SetProperty
XMPMeta_SetProperty_Bool
XMPMeta_SetProperty_Date
XMPMeta_SetProperty_Float
XMPMeta_SetProperty_Int
XMPMeta_SetProperty_Int64
XMPMeta_SetQualifier
XMPMeta_SetStructField
XMPMeta_Terminate
XMPUtils_AppendProperties
XMPUtils_CatenateArrayItems
XMPUtils_CompareDateTime
XMPUtils_ComposeArrayItemPath
XMPUtils_ComposeFieldSelector
XMPUtils_ComposeLangSelector
XMPUtils_ComposeQualifierPath
XMPUtils_ComposeStructFieldPath
XMPUtils_ConvertFromBool
XMPUtils_ConvertFromDate
XMPUtils_ConvertFromFloat
XMPUtils_ConvertFromInt
XMPUtils_ConvertToBool
XMPUtils_ConvertToDate
XMPUtils_ConvertToFloat
XMPUtils_ConvertToInt
XMPUtils_ConvertToInt64
XMPUtils_ConvertToLocalTime
XMPUtils_ConvertToUTCTime
XMPUtils_CurrentDateTime
XMPUtils_DecodeFromBase64
XMPUtils_DuplicateSubtree
XMPUtils_EncodeToBase64
XMPUtils_MergeFromJPEG
XMPUtils_PackageForJPEG
XMPUtils_RemoveProperties
XMPUtils_SeparateArrayItems
XMPUtils_SetTimeZone

Sections

.text
Size: 701KB - Virtual size: 700KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 648B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
antlr.runtime.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 848B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
css2xpath.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\Garbage\CssToXPath\css2xpath\obj\Release\css2xpath.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 776B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
itextsharp.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 3.7MB - Virtual size: 3.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jabber-net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\jinc\dotnet\jabber-net\obj5\Debug\jabber-net.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 636KB - Virtual size: 632KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
manifest.xml
netlib.Dns.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\jinc\dotnet\jabber-net\netlib.Dns\obj\Debug\netlib.Dns.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
zlib.net.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\tmp\zlib.NET_104\source\obj\Debug\zlib.net.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 60KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 872B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 56KB - Virtual size: 56KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

f34d5f2d4577ed6d9ceec516c1f5a744

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 21KB - Virtual size: 20KB

.rsrc Size: 5KB - Virtual size: 4KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

Imports

mscoree

Sections

.text Size: 1.4MB - Virtual size: 1.4MB

.rsrc Size: 4KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 12B

Headers

DLL Characteristics

File Characteristics

PDB Paths

Sections

.text Size: 101KB - Virtual size: 101KB

.rsrc Size: 1024B - Virtual size: 976B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 21KB - Virtual size: 21KB

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 168KB - Virtual size: 168KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mscoree

Sections

.text Size: 120KB - Virtual size: 120KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 512B - Virtual size: 12B

dae02f32a21e03ce65412f6e56942daa

Code Sign

61:05:f7:1e:00:00:00:00:00:32Certificate

.text
Size: 56KB - Virtual size: 56KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 21KB - Virtual size: 20KB

.rsrc
Size: 5KB - Virtual size: 4KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 1.4MB - Virtual size: 1.4MB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 101KB - Virtual size: 101KB

.rsrc
Size: 1024B - Virtual size: 976B

.text
Size: 21KB - Virtual size: 21KB

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 168KB - Virtual size: 168KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 120KB - Virtual size: 120KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

61:05:f7:1e:00:00:00:00:00:32
Certificate

61:04:b3:f5:00:00:00:00:00:0d
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:15:08:27:00:00:00:00:00:0c
Certificate

38:7e:46:8b:ba:bf:3e:97:e2:05:92:81:50:52:ba:50:4e:38:fb:1e
Signer

.text
Size: 5.0MB - Virtual size: 5.0MB

.rsrc
Size: 4KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 12B

.text
Size: 68KB - Virtual size: 67KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 2.6MB - Virtual size: 2.6MB

.rdata
Size: 1.7MB - Virtual size: 1.7MB

.data
Size: 1.6MB - Virtual size: 1.6MB

.pdata
Size: 136KB - Virtual size: 135KB

_RDATA
Size: 34KB - Virtual size: 34KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 15KB - Virtual size: 15KB

.text
Size: 209KB - Virtual size: 208KB

.rsrc
Size: 1024B - Virtual size: 1000B

.text
Size: 1.6MB - Virtual size: 1.6MB

.rsrc
Size: 1024B - Virtual size: 976B

.reloc
Size: 512B - Virtual size: 12B