c4a24f3b55dcd37cd33d7f6789c2034eb53bd348651e77eea618b6dcfae2cfc5[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

c4a24f3b55dcd37cd33d7f6789c2034eb53bd348651e77eea618b6dcfae2cfc5.exe
Size

6.9MB
MD5

7c6c5e1aa3ac512d940c9a98d8e5f538
SHA1

8e091829a94cbe48bb6bfee17139b01303c90f2a
SHA256

c4a24f3b55dcd37cd33d7f6789c2034eb53bd348651e77eea618b6dcfae2cfc5
SHA512

e40bc7398ec5e822f7f83528568a204437d1d612ec7b9a66ff3061cd761343651df032a6710139818da8777d235dbc77f85bf2b967f29921aabddda746930c8f
SSDEEP

196608:uV7mVFcsBOhJYXi3KbYUIi8EZqFo6Igdf6TTXiFZ:iMFNBOhJYyabYvsZAXWXiFZ

Score

3^/10

Malware Config

Signatures

Unsigned PE 5 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/kdui.exe
unpack001/kontur.updater.exe
unpack003/$PLUGINSDIR/System.dll

Files

c4a24f3b55dcd37cd33d7f6789c2034eb53bd348651e77eea618b6dcfae2cfc5.exe
.exe windows:4 windows x86 arch:x86

20181beb3151868c29d9526246a01b9a

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

34:12:31:99:23:4f:8e:9d:4a:3d:c6:be:4c:1f:a2:76:78:a5:a7:5d:0b:0e:8c:28:62:3d:ca:93:e8:d4:72:94
Signer

Actual PE Digest

34:12:31:99:23:4f:8e:9d:4a:3d:c6:be:4c:1f:a2:76:78:a5:a7:5d:0b:0e:8c:28:62:3d:ca:93:e8:d4:72:94

Digest Algorithm

sha256

PE Digest Matches

true

a3:89:68:9e:b7:99:ce:dc:76:3e:88:bf:ee:e4:e2:b8:9b:5c:ea:09
Signer

Actual PE Digest

a3:89:68:9e:b7:99:ce:dc:76:3e:88:bf:ee:e4:e2:b8:9b:5c:ea:09

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
IsDlgButtonChecked
GetAsyncKeyState
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
CharNextA
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
PeekMessageW
DispatchMessageW
wvsprintfW
SystemParametersInfoW
wsprintfA
CreatePopupMenu

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
WriteFile
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
GetLastError
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
CopyFileW

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

85f08eb0cbec010ecbc287fa68321173

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryW
GetCurrentDirectoryW
GlobalUnlock
GlobalLock
GetModuleHandleW
CloseHandle
SetEndOfFile
GetPrivateProfileIntW
SetFilePointer
MultiByteToWideChar
ReadFile
GetFileSize
CreateFileW
lstrcmpiW
GetPrivateProfileStringW
lstrcatW
lstrcpynW
WritePrivateProfileStringW
lstrlenW
lstrcpyW
GlobalFree
WriteFile
GlobalAlloc

user32

PtInRect
LoadCursorW
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
GetClientRect
SetWindowRgn
LoadIconW
LoadImageW
SetWindowLongW
CreateWindowExW
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamW
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
SetCursor
DrawTextW
GetWindowLongW
DrawFocusRect
CallWindowProcW
PostMessageW
MessageBoxW
GetSysColor
CharNextW
wsprintfW
GetWindowTextW
SetWindowTextW
SendMessageW
MapWindowPoints

gdi32

SetTextColor
CreateCompatibleDC
GetObjectW
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderW
SHGetDesktopFolder
SHGetPathFromIDListW
ShellExecuteW

comdlg32

GetOpenFileNameW
GetSaveFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
make_unicode
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
CertFix_Host.exe
.exe windows:5 windows x86 arch:x86

be5b8cc93111ff4474a01018dba30d8b

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

83:07:b6:31:d0:9a:bc:2c:5e:d3:23:f1:0f:9b:30:3b:0a:e6:1d:41:30:9b:a2:f6:fb:33:fc:ba:16:72:5b:f8
Signer

Actual PE Digest

83:07:b6:31:d0:9a:bc:2c:5e:d3:23:f1:0f:9b:30:3b:0a:e6:1d:41:30:9b:a2:f6:fb:33:fc:ba:16:72:5b:f8

Digest Algorithm

sha256

PE Digest Matches

true

fe:ce:85:6d:74:d7:3c:c0:87:a0:1d:a4:73:7b:8a:68:ea:13:5c:aa
Signer

Actual PE Digest

fe:ce:85:6d:74:d7:3c:c0:87:a0:1d:a4:73:7b:8a:68:ea:13:5c:aa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\BuildAgent\work\dd008b421b37e7df\bin\CertFix_Host.pdb

Imports

winhttp

WinHttpSetTimeouts
WinHttpReceiveResponse
WinHttpCrackUrl
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpReadData
WinHttpAddRequestHeaders
WinHttpOpenRequest
WinHttpOpen
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest

secur32

GetUserNameExW

kernel32

GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
HeapCreate
VirtualFree
HeapFree
QueryPerformanceCounter
GetTickCount
TerminateProcess
UnhandledExceptionFilter
IsDebuggerPresent
FreeLibrary
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetStdHandle
LCMapStringA
MultiByteToWideChar
LCMapStringW
GetStringTypeA
GetStringTypeW
lstrcmpA
InterlockedCompareExchange
FormatMessageW
FileTimeToSystemTime
FlushFileBuffers
RegisterWaitForSingleObject
CreateEventW
LocalFree
GetSystemTime
lstrcpyA
LoadLibraryW
GetProcessHeap
GlobalUnlock
GlobalLock
GlobalAlloc
RaiseException
GetModuleHandleA
SetFilePointer
GetFileSizeEx
lstrcmpW
GetQueuedCompletionStatus
PostQueuedCompletionStatus
LocalAlloc
SetFilePointerEx
SetThreadPriority
CreateThread
CreateIoCompletionPort
Sleep
GetModuleHandleW
GetCommandLineA
lstrcpyW
OpenEventW
ReadFile
CreateNamedPipeW
SetEvent
WaitForSingleObject
SetErrorMode
GetCurrentProcessId
CloseHandle
GetCurrentThreadId
LoadLibraryA
GetProcAddress
SetLastError
ExitThread
GetVersionExW
WideCharToMultiByte
GetProcessTimes
GetSystemTimeAsFileTime
GetCurrentProcess
SetUnhandledExceptionFilter
lstrlenA
GetEnvironmentVariableW
GetCommandLineW
ExitProcess
lstrcmpiW
EnterCriticalSection
GetLastError
lstrlenW
CreateFileW
LeaveCriticalSection
InitializeCriticalSection
WriteFile
GetConsoleCP
GetConsoleMode
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
GetLocaleInfoA
ResetEvent

user32

CloseClipboard
wsprintfA
wsprintfW
SetClipboardData
EmptyClipboard
OpenClipboard

advapi32

CryptGetHashParam
SetSecurityDescriptorDacl
CryptAcquireContextW
CryptGetKeyParam
CryptReleaseContext
CryptGetProvParam
RegQueryInfoKeyW
CryptDestroyKey
CryptGetUserKey
RegEnumKeyExW
OpenProcessToken
GetTokenInformation
IsValidSid
ConvertSidToStringSidW
CryptCreateHash
CryptHashData
CryptDestroyHash
InitializeSecurityDescriptor
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
AllocateAndInitializeSid
CheckTokenMembership
FreeSid

shell32

SHGetPathFromIDListW
SHFileOperationW
SHBrowseForFolderW
SHParseDisplayName

ole32

CoTaskMemFree

crypt32

CertFreeCRLContext
CertCreateCRLContext
CertCloseStore
CertFreeCertificateContext
CertGetPublicKeyLength
CryptDecodeObjectEx
CertOpenStore
CertCreateCertificateContext
CertGetCertificateChain
CertGetCertificateContextProperty
CryptHashCertificate
CertEnumCertificatesInStore
CertDuplicateCertificateContext
CertRDNValueToStrW
CertFindRDNAttr
CryptDecodeObject

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

shlwapi

SHDeleteKeyW
StrStrIW

Exports

Exports

CrlAcquireRevocation
CrlCache

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
isbc_esmart_token_mod.dll
.dll windows:5 windows x86 arch:x86

9f1e13c992de4ef5938e8a89a8ca8eb8

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:8e:be:b7:b3:0d:ea:18:0e:79:20:fd:07:0b:db:a7
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/04/2021, 00:00

Not After

05/04/2024, 23:59

Subject

CN=INTELLIGENT SYSTEMS OF BUSINESS CONTROL LTD,OU=IT Department,O=INTELLIGENT SYSTEMS OF BUSINESS CONTROL LTD,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7d:21:c5:f8:03:84:2c:af:07:3b:76:14:a1:ad:67:3b:2c:7a:51:bb:31:94:f9:1b:50:ea:fe:94:8c:dc:24:f2
Signer

Actual PE Digest

7d:21:c5:f8:03:84:2c:af:07:3b:76:14:a1:ad:67:3b:2c:7a:51:bb:31:94:f9:1b:50:ea:fe:94:8c:dc:24:f2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

j:\jenkins\workspace\ET_PKI\pkcs\acos5mod\!bin\Win32\Release\isbc_esmart_token_mod.pdb

Imports

kernel32

GetProcAddress
GetModuleHandleA
GetVersion
WriteFile
GetFileType
GetStdHandle
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
GetLastError
FreeLibrary
LoadLibraryA
FlushConsoleInputBuffer
SetEndOfFile
CreateFileW
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
GetCurrentThreadId
ResumeThread
CreateThread
WaitForSingleObject
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
Sleep
CloseHandle
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemTimeAsFileTime
HeapAlloc
HeapFree
GetCommandLineA
HeapReAlloc
ExitProcess
SetConsoleCtrlHandler
EnterCriticalSection
LeaveCriticalSection
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
RaiseException
RtlUnwind
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
DeleteCriticalSection
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetModuleFileNameA
SetHandleCount
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
LCMapStringA
LCMapStringW
InitializeCriticalSectionAndSpinCount
GetConsoleCP
ReadFile
FlushFileBuffers
SetStdHandle
SetFilePointer
CreateFileA
HeapSize
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetProcessHeap

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

ReportEventA
DeregisterEventSource
RegisterEventSourceA

Exports

Exports

GetFunctionList

Sections

.text
Size: 783KB - Virtual size: 782KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 229KB - Virtual size: 228KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
isbc_pkcs11_main.dll
.dll windows:5 windows x86 arch:x86

0e0123557adb099aa25827fa33131c55

Code Sign

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2013, 12:00

Not After

22/10/2028, 12:00

Subject

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:8e:be:b7:b3:0d:ea:18:0e:79:20:fd:07:0b:db:a7
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Code Signing CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/04/2021, 00:00

Not After

05/04/2024, 23:59

Subject

CN=INTELLIGENT SYSTEMS OF BUSINESS CONTROL LTD,OU=IT Department,O=INTELLIGENT SYSTEMS OF BUSINESS CONTROL LTD,L=Moscow,C=RU

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

29/03/2022, 00:00

Not After

14/03/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:8e:fc:34:67:16:45:77:c8:3b:d9:d5:3d:48:7b:d7:ab:a6:cc:7a:70:09:34:ac:c6:06:bb:11:0f:d8:ec:17
Signer

Actual PE Digest

34:8e:fc:34:67:16:45:77:c8:3b:d9:d5:3d:48:7b:d7:ab:a6:cc:7a:70:09:34:ac:c6:06:bb:11:0f:d8:ec:17

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

j:\jenkins\workspace\ET_PKI\pkcs\pkcs\!bin\Win32\Release\isbc_pkcs11_main.pdb

Imports

winscard

SCardListReadersW
SCardTransmit
g_rgSCardT1Pci
g_rgSCardT0Pci
SCardEndTransaction
SCardReleaseContext
SCardEstablishContext
SCardGetStatusChangeW
SCardDisconnect
SCardStatusW
SCardReconnect
SCardBeginTransaction
SCardConnectW

wtsapi32

WTSFreeMemory
WTSQuerySessionInformationW

kernel32

GetStringTypeW
GetModuleFileNameW
GetModuleHandleW
FormatMessageW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
Sleep
WideCharToMultiByte
FreeLibrary
GetModuleHandleExW
LoadLibraryW
GetProcAddress
GetTickCount
GetCurrentProcessId
ProcessIdToSessionId
GetLastError
GetModuleHandleA
GetVersion
WriteFile
GetFileType
GetStdHandle
MultiByteToWideChar
QueryPerformanceCounter
GlobalMemoryStatus
CloseHandle
LoadLibraryA
FlushConsoleInputBuffer
GetStringTypeA
CreateFileA
SetFilePointer
SetStdHandle
ReadFile
LCMapStringW
GetLocaleInfoA
WriteConsoleA
WriteConsoleW
GetConsoleOutputCP
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileW
SetEndOfFile
GetCurrentThreadId
UnhandledExceptionFilter
TerminateProcess
GetCurrentProcess
GetProcessHeap
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
HeapFree
GetCommandLineA
ExitProcess
SetConsoleCtrlHandler
HeapReAlloc
GetSystemTimeAsFileTime
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
RaiseException
RtlUnwind
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
FlushFileBuffers
SetHandleCount
GetStartupInfoA
VirtualFree
VirtualAlloc
HeapCreate
HeapDestroy
GetModuleFileNameA
HeapSize
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
InitializeCriticalSectionAndSpinCount
LCMapStringA

user32

MessageBoxA
GetProcessWindowStation
GetUserObjectInformationW

advapi32

ReportEventA
DeregisterEventSource
RegCloseKey
RegEnumValueW
RegEnumKeyExW
RegOpenKeyExW
RegisterEventSourceA

Exports

Exports

C_ACS_LoadCert
C_CancelFunction
C_CloseAllSessions
C_CloseSession
C_CopyObject
C_CreateObject
C_Decrypt
C_DecryptDigestUpdate
C_DecryptFinal
C_DecryptInit
C_DecryptUpdate
C_DecryptVerifyUpdate
C_DeriveKey
C_DestroyObject
C_Digest
C_DigestEncryptUpdate
C_DigestFinal
C_DigestInit
C_DigestKey
C_DigestUpdate
C_EX_CreateCSR
C_EX_FreeBuffer
C_EX_GetCertificateInfoText
C_EX_GetFunctionListExtended
C_EX_PKCS7Sign
C_Encrypt
C_EncryptFinal
C_EncryptInit
C_EncryptUpdate
C_Finalize
C_FindObjects
C_FindObjectsFinal
C_FindObjectsInit
C_GenerateKey
C_GenerateKeyPair
C_GenerateRandom
C_GetAttributeValue
C_GetFunctionList
C_GetFunctionStatus
C_GetInfo
C_GetMechanismInfo
C_GetMechanismList
C_GetObjectSize
C_GetOperationState
C_GetSessionInfo
C_GetSlotInfo
C_GetSlotList
C_GetTokenInfo
C_ISBC_ApplyPolicy
C_ISBC_CSPFormat
C_ISBC_CertVerify
C_ISBC_CheckSM
C_ISBC_CreateCSR
C_ISBC_CurlCleanup
C_ISBC_CurlInit
C_ISBC_Enroll
C_ISBC_GetCryptoProCertificate
C_ISBC_GetCryptoProInfo
C_ISBC_GetLicense
C_ISBC_GetPinCounter
C_ISBC_GetProfile
C_ISBC_GetProfileEx
C_ISBC_ImportX509Certificate
C_ISBC_InitToken
C_ISBC_InitTokenProfile
C_ISBC_ScribbleRead
C_ISBC_SetLicense
C_ISBC_pkcs7Sign
C_ISBC_pkcs7SignEx
C_ISBC_pkcs7Verify
C_ISBC_pkcs7VerifyEx
C_ISBC_pkcs7VerifyOCSP
C_InitPIN
C_InitToken
C_Initialize
C_Login
C_Logout
C_OpenSession
C_SeedRandom
C_SetAttributeValue
C_SetOperationState
C_SetPIN
C_Sign
C_SignEncryptUpdate
C_SignFinal
C_SignInit
C_SignRecover
C_SignRecoverInit
C_SignUpdate
C_UnwrapKey
C_Verify
C_VerifyFinal
C_VerifyInit
C_VerifyRecover
C_VerifyRecoverInit
C_VerifyUpdate
C_WaitForSlotEvent
C_WrapKey

Sections

.text
Size: 789KB - Virtual size: 789KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 261KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 46KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
jcPKCS11-2.cf.dll
.dll windows:6 windows x86 arch:x86

d1c3aa7fd31b908fa9586ee1dfd38c76

Code Sign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

67:08:79:91:75:51:4b:af:d4:93:6d:e2
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

08/11/2023, 13:34

Not After

21/12/2026, 13:22

Subject

SERIALNUMBER=1027739490415,CN=ALADDIN R.D. AO,O=ALADDIN R.D. AO,STREET=ul Dokukina\, 16 / str 1 et/pom/kom 7/1/22,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

01:c2:9c:7a:f4:7a:a6:02:58:0e:af:32:b1:23:b1:1d
Certificate

Issuer

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Not Before

06/04/2022, 07:44

Not After

08/05/2033, 07:44

Subject

CN=Globalsign TSA for Advanced - G4,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:ec:1c:92:40:de:fd:2e:40:5d:7c:47:74
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Not Before

20/06/2018, 00:00

Not After

10/12/2034, 00:00

Subject

CN=GlobalSign Timestamping CA - SHA384 - G4,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

01:f2:40:42:40:ce:fd:22:db:e9:6c:71:fc
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

20/02/2019, 00:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R6,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:21:58:53:08:a2
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

18/03/2009, 10:00

Not After

18/03/2029, 10:00

Subject

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0c:92:17:57:ac:2b:af:e4:26:d4:2f:f8:be:9f:3b:e6:e6:3b:b6:9e:a1:23:59:37:62:42:bd:b8:f6:7d:fb:87
Signer

Actual PE Digest

0c:92:17:57:ac:2b:af:e4:26:d4:2f:f8:be:9f:3b:e6:e6:3b:b6:9e:a1:23:59:37:62:42:bd:b8:f6:7d:fb:87

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\home\jenkins\agent\workspace\common_common_jcPKCS11_2.9.0\_bin\x86\RelWithDebInfo\jcPKCS11-2.pdb

Imports

crypt32

CertDuplicateCertificateContext
CertFindCertificateInStore
CertEnumCertificatesInStore
CertCloseStore
CertFreeCertificateContext
CertGetCertificateContextProperty
CertOpenStore

ws2_32

htonl
htons
ntohs
recv
send
WSASetLastError
WSAGetLastError
inet_addr
inet_ntoa
gethostbyaddr
gethostbyname
getservbyport
getservbyname
ioctlsocket
getsockopt
select
ntohl
WSAStartup
WSACleanup
shutdown
socket
setsockopt
connect
closesocket

winscard

SCardControl
SCardReconnect
SCardBeginTransaction
SCardStatusA
SCardTransmit
SCardGetAttrib
g_rgSCardT0Pci
g_rgSCardT1Pci
SCardEstablishContext
SCardReleaseContext
SCardIsValidContext
SCardGetStatusChangeA
SCardCancel
SCardConnectA
SCardDisconnect
SCardListReadersA
SCardAccessStartedEvent
SCardReleaseStartedEvent
SCardEndTransaction

kernel32

GetFullPathNameW
GetCurrentDirectoryW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
HeapSize
HeapReAlloc
HeapAlloc
HeapFree
GetModuleFileNameW
GetCommandLineW
GetCommandLineA
QueryPerformanceFrequency
FreeLibraryAndExitThread
ExitThread
CreateThread
FileTimeToSystemTime
SystemTimeToTzSpecificLocalTime
PeekNamedPipe
GetFileInformationByHandle
GetDriveTypeW
CreateFileW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
InterlockedFlushSList
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
Sleep
GetLastError
GetCurrentProcessId
FreeLibrary
GetProcAddress
LoadLibraryA
FreeResource
GetModuleFileNameA
GetModuleHandleExA
LoadResource
LockResource
SizeofResource
FindResourceA
CreateFileA
DeleteFileA
FlushFileBuffers
LockFileEx
ReadFile
GetConsoleCP
UnlockFile
WriteFile
CloseHandle
ReleaseMutex
WaitForSingleObject
CreateMutexA
OpenMutexA
SetEvent
ResetEvent
CreateEventA
WaitForMultipleObjects
GetCurrentThreadId
TerminateThread
FormatMessageA
GetWindowsDirectoryA
GetFullPathNameA
GetTempPathA
OutputDebugStringA
GetLocalTime
SetLastError
GetSystemTime
SystemTimeToFileTime
GetStdHandle
GetFileType
GetModuleHandleW
MultiByteToWideChar
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
SwitchToFiber
DeleteFiber
CreateFiberEx
FindClose
FindFirstFileW
FindNextFileW
WideCharToMultiByte
GetSystemDirectoryA
QueryPerformanceCounter
GetSystemTimeAsFileTime
GetEnvironmentVariableW
GetACP
ConvertFiberToThread
ConvertThreadToFiberEx
LoadLibraryW
InterlockedPushEntrySList
RtlUnwind
RaiseException
GetStartupInfoW
IsDebuggerPresent
InitializeSListHead
WaitForSingleObjectEx
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetConsoleMode
ReadConsoleW
SetFilePointerEx
GetFileAttributesExW
GetTimeZoneInformation
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
SetEndOfFile
SetStdHandle
SetFilePointer
UnhandledExceptionFilter
GetCPInfo
GetStringTypeW
GetLocaleInfoW
EncodePointer
DecodePointer
InitializeCriticalSectionAndSpinCount
CreateEventW
CompareStringW
LCMapStringW
WriteConsoleW

user32

IsWindowVisible
GetUserObjectInformationW
GetParent
EnumWindows
MessageBoxW
GetProcessWindowStation
GetWindowThreadProcessId

shell32

SHGetFolderPathA

advapi32

CryptDecrypt
RegisterEventSourceW
ReportEventW
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
CryptSetHashParam
CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
DeregisterEventSource
CryptExportKey
CryptGetUserKey
CryptGetProvParam

version

VerQueryValueA

bcrypt

BCryptGenRandom

Exports

Exports

C_CancelFunction
C_CloseAllSessions
C_CloseSession
C_CopyObject
C_CreateObject
C_Decrypt
C_DecryptDigestUpdate
C_DecryptFinal
C_DecryptInit
C_DecryptUpdate
C_DecryptVerifyUpdate
C_DeriveKey
C_DestroyObject
C_Digest
C_DigestEncryptUpdate
C_DigestFinal
C_DigestInit
C_DigestKey
C_DigestUpdate
C_Encrypt
C_EncryptFinal
C_EncryptInit
C_EncryptUpdate
C_Finalize
C_FindObjects
C_FindObjectsFinal
C_FindObjectsInit
C_GenerateKey
C_GenerateKeyPair
C_GenerateRandom
C_GetAttributeValue
C_GetFunctionList
C_GetFunctionStatus
C_GetInfo
C_GetMechanismInfo
C_GetMechanismList
C_GetObjectSize
C_GetOperationState
C_GetSessionInfo
C_GetSlotInfo
C_GetSlotList
C_GetTokenInfo
C_InitPIN
C_InitToken
C_Initialize
C_Login
C_Logout
C_OpenSession
C_SeedRandom
C_SetAttributeValue
C_SetOperationState
C_SetPIN
C_Sign
C_SignEncryptUpdate
C_SignFinal
C_SignInit
C_SignRecover
C_SignRecoverInit
C_SignUpdate
C_UnwrapKey
C_Verify
C_VerifyFinal
C_VerifyInit
C_VerifyRecover
C_VerifyRecoverInit
C_VerifyUpdate
C_WaitForSlotEvent
C_WrapKey
C_jcCtrl
JC_AFT_EnterAndReadPin
JC_AFT_EnterLocalPin
JC_AFT_GetProperties
JC_AFT_GetPublicKey
JC_AFT_GetReaderVersion
JC_AFT_GetSerialNumber
JC_AFT_InitCard
JC_AFT_InitUserPin
JC_AFT_IsCardlessSupported
JC_AFT_ModifyPin
JC_AFT_Personalize
JC_AFT_VerifyPin
JC_AFT_WriteLocalPin
JC_ALO_GetFunctionList
JC_Antifraud
JC_BIO_MANAGER_ChangeResetPIN
JC_BIO_MANAGER_EnrollCancel
JC_BIO_MANAGER_EnrollFinger
JC_BIO_MANAGER_FingersConfigure
JC_BIO_MANAGER_GetAuthCounter
JC_BIO_MANAGER_GetConfig
JC_BIO_MANAGER_ResetBIO
JC_BIO_MANAGER_ResetToFactorySettings
JC_BIO_MANAGER_SetConfig
JC_BIO_MANAGER_SetLimitAuthCounter
JC_BIO_MANAGER_Unlock
JC_CSPContainerExists
JC_CT1_DoTests
JC_CT1_InitPrng
JC_CT1_ReadPinCounters
JC_CT1_SetAttributeValue
JC_CT1_UpgradeVascoFW
JC_CT2_CalcCheckSum
JC_CT2_ChangeSignaturePIN
JC_CT2_GetServiceInformation
JC_CT2_IsPersonalized
JC_CT2_ReadExtInfo
JC_CT2_SetPINPolicy
JC_CT2_SetPUK
JC_CT2_SetSignaturePIN
JC_CheckContainer
JC_Compose_CMS
JC_CreateCertificateRenewal
JC_CreateCertificateRenewal2
JC_CreateCertificateRequest
JC_DSS_Sign
JC_DS_ChangeUserPINByPUK
JC_DS_ReadPinCounters
JC_Decompose_CMS
JC_F2_ChangeSoKey
JC_F2_ClearLog
JC_F2_CreateInitResponse
JC_F2_CreateInitResponse_V2
JC_F2_CreateMountResponse
JC_F2_CreateMountResponseSW
JC_F2_CreateMountResponse_V2
JC_F2_CreateOfflineMountResponse
JC_F2_Deinit
JC_F2_EnableISORewrite
JC_F2_Format
JC_F2_GetDescription
JC_F2_GetExtendedInfo
JC_F2_GetInitChallenge
JC_F2_GetInitChallenge_V2
JC_F2_GetLogSizes
JC_F2_GetLoggingInfo
JC_F2_GetMountChallenge
JC_F2_GetMountChallenge_V2
JC_F2_GetOfflineMountChallenge
JC_F2_GetOwnerInfo
JC_F2_GetSerialNumber
JC_F2_InitAdminToken
JC_F2_InitPartitionKey
JC_F2_InitUserToken
JC_F2_InitUserToken_V2
JC_F2_MountPrivateDisks
JC_F2_ParseBinarySecureLog
JC_F2_ParseSecureLog
JC_F2_ReadCCIDLog
JC_F2_ReadNSDLog
JC_F2_ReadSecureLog
JC_F2_RestoreState
JC_F2_SetAuthorizationKey
JC_F2_SetDescription
JC_F2_SetISOSizes
JC_F2_SetLifeCycle
JC_F2_SetOwnerInfo
JC_F2_SetPINPolicy
JC_F2_SetPUK
JC_F2_StartLogging
JC_F2_StopLogging
JC_F2_UmountPrivateDisks
JC_F2_UnlockHiddenPartition
JC_F2_UpdateFirmwareFinal
JC_F2_UpdateFirmwareInit
JC_F2_UpdateFirmwareWrite
JC_F2_WriteISOAdmin
JC_F2_WriteISOUser
JC_F2_WriteISOUser_V2
JC_F2_WriteLogMessage
JC_F2_WriteSecureLog
JC_Finalize
JC_GetFunctionList
JC_GetISD
JC_GetReaderProperties
JC_GetReaderPropertiesEx
JC_GetTokenInfo
JC_GetVersionInfo
JC_JC3_AppManagerGetSystemInfo
JC_JC3_GetConfigAppletData
JC_JC3_GetConfigAppletParam
JC_JC3_GetConfigAppletSettings
JC_JC3_SetConfigAppletSettings
JC_JCR_GetReaderProperties
JC_JCR_GetReaderPropertiesEx
JC_JCR_WaitForFingerPut
JC_KT2_CalcCheckSum
JC_KT2_ChangeSignaturePIN
JC_KT2_CreateUnlockChallenge
JC_KT2_CreateUnlockResponse
JC_KT2_GetTimeoutUnlockInfo
JC_KT2_InitToken
JC_KT2_IsPersonalized
JC_KT2_ReadExtInfo
JC_KT2_SetSignaturePIN
JC_KT2_SetTimeoutUnlockInfo
JC_KT2_UnlockWithResponse
JC_KT2_UnlockWithTimeout
JC_KeyParametersFromCert
JC_PJ_ChangeAppletKey
JC_PJ_GetCapabilities
JC_PJ_GetInitParams
JC_PJ_GetPinCounters
JC_PJ_GetUserPinPolicy
JC_PJ_InitPIN
JC_PJ_InitToken
JC_PJ_IsPinObsolete
JC_PJ_SetUserPinPolicy
JC_PJ_SetUserPinToBeChanged
JC_PJ_Unlock
JC_PJ_UnlockInit
JC_PKI_BIO_DeleteFinger
JC_PKI_BIO_EnrollPinWithResponse
JC_PKI_BIO_GetBioTicket
JC_PKI_BIO_GetFingerIndexes
JC_PKI_BIO_GetFingerPublicData
JC_PKI_BIO_GetSupported
JC_PKI_BIO_GetSupportedEx
JC_PKI_BIO_SetFingerData
JC_PKI_BIO_SetLibrary
JC_PKI_GetChallenge
JC_PKI_GetComplexity
JC_PKI_GetPINInfo
JC_PKI_GetPinPolicy
JC_PKI_ReadPinCounters
JC_PKI_SetComplexity
JC_PKI_SetPinPolicy
JC_PKI_SetUserPinToBeChanged
JC_PKI_SetUserPinWithResponse
JC_PKI_UnlockUserPIN
JC_PKI_UnlockUserPinWithResponse
JC_PKI_WipeCard
JC_SD_GetMountPoint
JC_SD_SetMountPoint
JC_SE_GetFunctionList
JC_SL_ReadPassword
JC_SL_WritePassword
JC_SWYX_Display
JC_SWYX_Start
JC_SWYX_StartEx
JC_SWYX_Stop
JC_SW_Digest
JC_SW_DigestFinal
JC_SW_DigestInit
JC_SW_DigestUpdate
JC_SW_EncryptDecrypt
JC_SW_EncryptDecryptFinal
JC_SW_EncryptDecryptInit
JC_SW_EncryptDecryptUpdate
JC_SetLabel
JC_SetLog
JC_SetNotificationCallback
JC_VT_IsVirtual
JC_VT_LoadContainer
JC_VT_UnloadContainer
JC_WP_ReadExtInfo
JC_WP_ReadProductionInfo
JC_WP_ReadValue
JC_WaitForSlotEvent
JC_deprecated_0
JC_deprecated_1
JC_deprecated_6
JC_iOS_GetDevFirmwareHardware
JC_iOS_GetLibVersion
TLSCloseConnection
TLSDecodeData
TLSEncodeData
TLSEstablishConnectionBegin
TLSEstablishConnectionContinue
TLSGetPeerCertificate
TLSGetPeerPublicKeyValue
cadesBesCoSign
cadesBesParse
cadesBesSign
cadesBesSignEx
certVerify
checkCertSignature
createCSR
createCSREx
freeBuffer
genCert
genCertEx
getCertificateAttribute
getCertificateInfo
getCertificateInfoEx
lmChangeKey
lmCheckLicensingAppletPresence
lmCreateLicense
lmDeleteLicense
lmFreeBuffer
lmGetProductList
lmGetVendorList
lmLock
lmReadLicense
lmWriteKey
pkcs7Parse
pkcs7ParseEx
pkcs7Sign
pkcs7SignEx
pkcs7TrustedVerifyHW
pkcs7Verify
pkcs7VerifyHW
useHardwareHash
verifyReq
verifyReqEx

Sections

.text
Size: 4.0MB - Virtual size: 4.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.4MB - Virtual size: 1.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 81KB - Virtual size: 92KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 221KB - Virtual size: 220KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kdaxapi-3.0.27.737.dll
.dll regsvr32 windows:5 windows x86 arch:x86

20061490d2b483f873d5ac800031483d

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

12:60:af:4a:5f:be:0a:f1:41:50:74:c8:6a:39:04:68:95:72:05:15:6e:c3:ef:18:5a:af:3e:d7:ae:a8:7a:67
Signer

Actual PE Digest

12:60:af:4a:5f:be:0a:f1:41:50:74:c8:6a:39:04:68:95:72:05:15:6e:c3:ef:18:5a:af:3e:d7:ae:a8:7a:67

Digest Algorithm

sha256

PE Digest Matches

true

36:85:92:1a:ef:43:14:16:a7:3b:2a:c2:9f:4e:b3:07:48:3d:1c:0d
Signer

Actual PE Digest

36:85:92:1a:ef:43:14:16:a7:3b:2a:c2:9f:4e:b3:07:48:3d:1c:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\projects\kdnc_release\bin\kdaxapi.pdb

Imports

ntdll

_fltused
_aulldiv
memcpy
memset
atoi

secur32

EnumerateSecurityPackagesW
FreeContextBuffer
QueryCredentialsAttributesW
InitSecurityInterfaceW

winhttp

WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpOpen
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpCloseHandle

crypt32

CertCloseStore
CryptQueryObject
CertEnumCertificatesInStore
CertCreateCertificateContext
CertNameToStrW
CryptDecodeObject
CryptHashCertificate
CertFreeCTLContext
CertFreeCRLContext
CertFreeCertificateContext

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

rpcrt4

UuidCreate
UuidToStringW
RpcStringFreeW

shlwapi

StrRStrIW
StrStrW
StrStrNIW
SHDeleteKeyW
PathStripPathW
StrStrIW

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

activeds

ord3

wintrust

WinVerifyTrust

winscard

SCardEstablishContext
SCardReleaseContext

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

userenv

ExpandEnvironmentStringsForUserW
CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

EnterCriticalSection
LeaveCriticalSection
SetLastError
GlobalAlloc
VirtualFree
VirtualAlloc
CloseHandle
GetCurrentProcess
RaiseException
WaitForSingleObject
WideCharToMultiByte
TlsSetValue
TlsGetValue
ExitThread
GetVersionExW
lstrcpyA
Sleep
SuspendThread
GetCurrentThread
CreateThread
RegisterWaitForSingleObject
UnregisterWait
OpenProcess
GetCurrentProcessId
SystemTimeToFileTime
GetCurrentThreadId
InitializeCriticalSection
QueryInformationJobObject
IsProcessInJob
CreateEventW
GetProcAddress
LoadLibraryW
TlsAlloc
TerminateThread
HeapCreate
lstrcmpA
LocalFree
HeapDestroy
DeleteCriticalSection
ExpandEnvironmentStringsW
GetSystemTimeAsFileTime
GetProcessTimes
CreateFileW
LoadLibraryA
MoveFileW
CopyFileW
ReadFile
GetFileSizeEx
SetFilePointerEx
WriteFile
SetFilePointer
GetFileAttributesExW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualQueryEx
IsWow64Process
TerminateProcess
Process32NextW
IsDebuggerPresent
CreateToolhelp32Snapshot
PeekNamedPipe
CreateProcessW
GetConsoleWindow
GetStdHandle
SetHandleInformation
GetExitCodeProcess
GetProcessId
CreatePipe
ProcessIdToSessionId
GetEnvironmentVariableW
SetEnvironmentVariableW
GetLocaleInfoA
GetSystemDefaultLCID
GlobalMemoryStatusEx
GetTickCount
GetSystemDefaultUILanguage
GetNativeSystemInfo
IsProcessorFeaturePresent
FreeLibrary
ResetEvent
SetEvent
GetSystemTime
lstrcmpiW
DisableThreadLibraryCalls
GetLastError
InterlockedCompareExchange
GetModuleHandleW
lstrlenW
lstrcpyW
GetModuleFileNameW
InterlockedDecrement
HeapFree
InterlockedIncrement
GetProcessHeap
HeapAlloc
lstrcmpW
lstrlenA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
MultiByteToWideChar
Process32FirstW

user32

GetWindowThreadProcessId
EnumWindows
PostMessageW
GetClassNameW
GetWindowTextW
GetDC
EnumDisplayMonitors
ReleaseDC
GetMonitorInfoW
CharLowerA
wsprintfW
MessageBoxW
wsprintfA
CreateWindowExW
DestroyWindow
SendMessageW
FindWindowExW
GetSystemMetrics
CharLowerW
SwitchToThisWindow
FindWindowW
WaitForInputIdle
EnumDisplayDevicesW

gdi32

SelectObject
BitBlt
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
GetDIBits
GetDeviceCaps
GetObjectW

advapi32

GetTokenInformation
IsValidSid
ConvertSidToStringSidW
OpenSCManagerW
CryptAcquireContextW
CryptGetProvParam
CryptReleaseContext
EnumDependentServicesW
QueryServiceStatus
SetTokenInformation
ChangeServiceConfigW
ControlService
StartServiceW
EnumServicesStatusW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
LookupAccountSidW
DuplicateToken
DuplicateTokenEx
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegOpenKeyW
RegOpenCurrentUser
RegCloseKey
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
ImpersonateLoggedOnUser
CreateProcessWithLogonW
CreateProcessAsUserW
GetLengthSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
RegQueryValueExW
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
ImpersonateSelf
GetFileSecurityW
OpenThreadToken
RevertToSelf
MapGenericMask
AccessCheck
IsValidAcl
RegOverridePredefKey
SetKernelObjectSecurity
GetAce
GetSecurityInfo
ConvertStringSidToSidW
SetEntriesInAclW
SetSecurityInfo
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW

shell32

SHChangeNotify
ShellExecuteExW

ole32

CoSetProxyBlanket
CoInitializeSecurity
CLSIDFromProgID
CoTaskMemFree
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoMarshalInterface
CoInitializeEx
StringFromCLSID
StringFromIID
CoMarshalInterThreadInterfaceInStream
CoGetInterfaceAndReleaseStream
CoCreateInstance

oleaut32

VarBstrFromI4
VariantClear
SystemTimeToVariantTime
SysFreeString
SysAllocString

cryptui

CryptUIDlgViewContext

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 53KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kdaxapi64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

4ee274b74100b43c032658677397ee2e

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b9:4a:5b:6f:59:f3:ce:93:6b:8b:4f:5c:ce:df:d2:06:ad:e9:99:58:c8:16:e0:8c:90:62:08:18:f5:fd:da:47
Signer

Actual PE Digest

b9:4a:5b:6f:59:f3:ce:93:6b:8b:4f:5c:ce:df:d2:06:ad:e9:99:58:c8:16:e0:8c:90:62:08:18:f5:fd:da:47

Digest Algorithm

sha256

PE Digest Matches

true

77:07:86:24:f4:a5:33:2a:11:a4:ed:26:7f:2a:3f:e1:4d:c8:4a:cc
Signer

Actual PE Digest

77:07:86:24:f4:a5:33:2a:11:a4:ed:26:7f:2a:3f:e1:4d:c8:4a:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

d:\projects\kdnc_release\bin\kdaxapi64.pdb

Imports

shlwapi

PathStripPathW

winhttp

WinHttpReceiveResponse
WinHttpAddRequestHeaders
WinHttpReadData
WinHttpOpenRequest
WinHttpOpen
WinHttpQueryDataAvailable
WinHttpCloseHandle
WinHttpConnect
WinHttpSendRequest
WinHttpSetOption
WinHttpSetTimeouts

ntdll

RtlUnwindEx
atoi

kernel32

CreatePipe
LoadLibraryW
CreateEventW
CreateThread
GetCurrentProcessId
CloseHandle
TlsAlloc
lstrlenA
lstrcmpW
HeapAlloc
GetProcessHeap
HeapFree
GetModuleFileNameW
lstrcpyW
lstrlenW
SetLastError
lstrcpyA
DisableThreadLibraryCalls
lstrcmpiW
GetModuleHandleW
GetLastError
GetSystemTime
GetEnvironmentVariableW
TlsGetValue
CreateProcessW
GetCurrentProcess
SetFilePointerEx
SetHandleInformation
WaitForSingleObject
SetEvent
GetSystemTimeAsFileTime
WriteFile
InitializeCriticalSection
GetProcessTimes
TlsSetValue
WideCharToMultiByte
LoadLibraryA
TerminateThread
Sleep
GetVersionExW
LeaveCriticalSection
TerminateProcess
ReadFile
CreateFileW
MultiByteToWideChar
GetFileSizeEx
GetStdHandle
GetProcAddress
VirtualAlloc
EnterCriticalSection
ResetEvent
GetCurrentThreadId

user32

wsprintfA
MessageBoxA
wsprintfW
CharLowerA

advapi32

RegCreateKeyExW
RegDeleteValueW
RegOpenKeyExW
RegSetValueExW
RegDeleteKeyW
RegCloseKey
RegOpenKeyW
RegOverridePredefKey

ole32

CoInitializeEx
StringFromCLSID
StringFromIID
CoGetInterfaceAndReleaseStream
CoMarshalInterThreadInterfaceInStream

oleaut32

SysAllocString
SysFreeString

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 704B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 198B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kddi.exe
.exe windows:5 windows x86 arch:x86

d10349c466f41289e4daeab7796ce2be

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4a:a7:8a:eb:ee:6d:24:69:d0:3a:66:16:e3:76:75:5d:30:82:b9:2f:14:a7:69:a9:27:e5:ea:0b:f7:2e:9d:39
Signer

Actual PE Digest

4a:a7:8a:eb:ee:6d:24:69:d0:3a:66:16:e3:76:75:5d:30:82:b9:2f:14:a7:69:a9:27:e5:ea:0b:f7:2e:9d:39

Digest Algorithm

sha256

PE Digest Matches

true

fe:a6:26:70:c9:2b:1b:ff:7a:6a:5e:f5:ed:e0:9a:79:5b:71:da:cc
Signer

Actual PE Digest

fe:a6:26:70:c9:2b:1b:ff:7a:6a:5e:f5:ed:e0:9a:79:5b:71:da:cc

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\projects\kdnc_release\bin\kddi.pdb

Imports

newdev

UpdateDriverForPlugAndPlayDevicesW

setupapi

SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiOpenDeviceInfoW
SetupUninstallOEMInfW
SetupDiDestroyDeviceInfoList
SetupDiRemoveDevice
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Connect_MachineW
CM_Locate_DevNode_ExW
CM_Reenumerate_DevNode_Ex
CM_Disconnect_Machine
SetupDiGetINFClassW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoListExW

kernel32

ExitProcess
ReadFile
WriteFile
GetProcessHeap
HeapAlloc
lstrcmpW
HeapFree
lstrcpyW
GetLastError
GetStdHandle

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kddi64.exe
.exe windows:5 windows x64 arch:x64

d10349c466f41289e4daeab7796ce2be

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

75:56:fe:eb:2f:93:2d:32:e3:42:ad:58:41:a1:10:34:66:af:b6:49:3e:85:12:e4:59:c7:a6:a8:86:9f:08:ec
Signer

Actual PE Digest

75:56:fe:eb:2f:93:2d:32:e3:42:ad:58:41:a1:10:34:66:af:b6:49:3e:85:12:e4:59:c7:a6:a8:86:9f:08:ec

Digest Algorithm

sha256

PE Digest Matches

true

21:7d:56:12:68:1b:d6:55:5b:60:a2:39:82:82:34:01:bf:1f:9e:43
Signer

Actual PE Digest

21:7d:56:12:68:1b:d6:55:5b:60:a2:39:82:82:34:01:bf:1f:9e:43

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

newdev

UpdateDriverForPlugAndPlayDevicesW

setupapi

SetupDiCallClassInstaller
SetupDiSetClassInstallParamsW
SetupDiOpenDeviceInfoW
SetupUninstallOEMInfW
SetupDiDestroyDeviceInfoList
SetupDiRemoveDevice
SetupDiGetDeviceRegistryPropertyW
SetupDiEnumDeviceInfo
SetupDiGetClassDevsW
CM_Connect_MachineW
CM_Locate_DevNode_ExW
CM_Reenumerate_DevNode_Ex
CM_Disconnect_Machine
SetupDiGetINFClassW
SetupDiCreateDeviceInfoList
SetupDiCreateDeviceInfoW
SetupDiSetDeviceRegistryPropertyW
SetupDiCreateDeviceInfoListExW

kernel32

ExitProcess
ReadFile
WriteFile
GetProcessHeap
HeapAlloc
lstrcmpW
HeapFree
lstrcpyW
GetLastError
GetStdHandle

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 84B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
kddisp.bin
.dll windows:5 windows x86 arch:x86

fb8caac65d937bd7c596808be5b6b1c9

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

88:e2:89:d5:ce:12:a5:4e:7a:6e:a1:d1:7c:ae:67:5b:21:73:aa:64:98:9d:b9:ef:47:4c:ff:80:47:02:a6:96
Signer

Actual PE Digest

88:e2:89:d5:ce:12:a5:4e:7a:6e:a1:d1:7c:ae:67:5b:21:73:aa:64:98:9d:b9:ef:47:4c:ff:80:47:02:a6:96

Digest Algorithm

sha256

PE Digest Matches

true

cf:a1:7b:97:96:bd:85:b5:ad:ac:b8:9c:63:c8:3a:cf:46:a2:25:de
Signer

Actual PE Digest

cf:a1:7b:97:96:bd:85:b5:ad:ac:b8:9c:63:c8:3a:cf:46:a2:25:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\projects\kdnc_release\bin\kddisp.pdb

Imports

ntdll

memset
memmove
_chkstk
_wtoi
strncpy
_vsnwprintf
_fltused
_alldiv
atoi
_aulldiv
NtQueryDirectoryFile
NtClose
NtQueryObject
NtSetInformationFile
NtOpenFile
RtlDosPathNameToNtPathName_U
memcpy

ws2_32

WSASend
inet_addr
WSACleanup
gethostbyname
WSAGetLastError
inet_ntoa
socket
setsockopt
send
recv
WSASocketW
htons
bind
ioctlsocket
connect
select
closesocket
__WSAFDIsSet
WSAStartup
WSARecv

iphlpapi

GetIfTable
GetAdaptersAddresses
GetAdaptersInfo
GetPerAdapterInfo
GetIpForwardTable
IcmpCloseHandle
IcmpSendEcho
IcmpCreateFile

secur32

EnumerateSecurityPackagesW
InitSecurityInterfaceW
QueryCredentialsAttributesW
FreeContextBuffer

winhttp

WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect

crypt32

CertNameToStrW
CryptDecodeObject
CryptHashCertificate
CertFreeCTLContext
CertFreeCRLContext
CertFreeCertificateContext
CertRDNValueToStrW
CryptQueryObject
CertCloseStore
CertCreateCertificateContext
CryptUnprotectData
CertEnumCertificatesInStore

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

shlwapi

StrStrIA
StrStrIW
StrToIntA
StrRStrIW
StrStrNIW
StrStrW
SHDeleteKeyW
StrStrA

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW

activeds

ord3

wintrust

WinVerifyTrust

winscard

SCardEstablishContext
SCardReleaseContext

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

cryptui

CryptUIDlgViewContext

wininet

InternetOpenUrlW
InternetOpenW
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable

userenv

CreateEnvironmentBlock
ExpandEnvironmentStringsForUserW
DestroyEnvironmentBlock

kernel32

GetSystemDefaultLCID
GlobalMemoryStatusEx
GetTickCount
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemDefaultUILanguage
GetLocaleInfoA
SetEnvironmentVariableW
GetEnvironmentVariableW
GetNativeSystemInfo
IsProcessorFeaturePresent
MoveFileW
CopyFileW
GetFileSizeEx
SetFilePointerEx
SetFilePointer
GetFileAttributesExW
SetFileAttributesW
DeleteFileW
LocalAlloc
GlobalFree
UnhandledExceptionFilter
GetComputerNameExW
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
VirtualAlloc
InterlockedIncrement
ReadFile
WriteFile
SetEvent
lstrlenA
lstrcmpiA
lstrcmpiW
ExitThread
CloseHandle
CreateThread
FormatMessageW
GetLastError
lstrcpyW
RaiseException
lstrlenW
LocalFree
InterlockedCompareExchange
GetModuleHandleW
HeapFree
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryW
GetLocalTime
InitializeCriticalSection
CreateFileW
ResetEvent
InterlockedExchangeAdd
WaitForSingleObject
ProcessIdToSessionId
GetCurrentProcessId
CreateEventW
Sleep
GetSystemTime
GetSystemTimeAsFileTime
lstrcpyA
lstrcmpA
ExitProcess
GetStdHandle
GetCurrentThreadId
HeapAlloc
PostQueuedCompletionStatus
InterlockedDecrement
GetQueuedCompletionStatus
SetThreadAffinityMask
GetCurrentThread
CreateIoCompletionPort
SetThreadPriority
SetProcessAffinityMask
GetProcessAffinityMask
GetCurrentProcess
SetLastError
GlobalAlloc
VirtualFree
MultiByteToWideChar
WideCharToMultiByte
TlsSetValue
TlsGetValue
GetVersionExW
GetModuleFileNameW
SuspendThread
RegisterWaitForSingleObject
UnregisterWait
OpenProcess
SystemTimeToFileTime
QueryInformationJobObject
IsProcessInJob
GetDiskFreeSpaceExW
TerminateThread
HeapCreate
HeapDestroy
DeleteCriticalSection
GetProcessTimes
LoadLibraryA
ExpandEnvironmentStringsW
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualQueryEx
IsWow64Process
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
PeekNamedPipe
CreateProcessW
GetConsoleWindow
SetHandleInformation
GetExitCodeProcess
GetProcessId
CreatePipe
lstrcmpW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
TlsAlloc

user32

ReleaseDC
EnumDisplayMonitors
GetDC
GetWindowTextW
GetClassNameW
PostMessageW
EnumWindows
GetWindowThreadProcessId
FindWindowExW
GetSystemMetrics
SetWindowTextW
SetWindowPos
GetMonitorInfoW
EnableWindow
SetWindowLongW
EndDialog
CallWindowProcW
FindWindowW
SwitchToThisWindow
CharLowerW
DestroyWindow
MessageBoxW
CreateWindowExW
WaitForInputIdle
wsprintfW
wsprintfA
EnumDisplayDevicesW
GetParent
GetDlgItem
GetWindowRect
SendMessageW

gdi32

GetDeviceCaps
GetObjectW
GetDIBits
CreateDCW
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

OpenSCManagerW
ConvertSidToStringSidW
IsValidSid
GetTokenInformation
RegOpenCurrentUser
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
RegEnumKeyExW
RegQueryInfoKeyW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
CryptGetProvParam
CryptReleaseContext
ImpersonateSelf
GetFileSecurityW
OpenThreadToken
MapGenericMask
AccessCheck
EnumDependentServicesW
QueryServiceStatus
SetTokenInformation
ChangeServiceConfigW
ControlService
SetSecurityInfo
RegEnumValueW
CheckTokenMembership
SetEntriesInAclW
ConvertStringSidToSidW
GetSecurityInfo
GetAce
IsValidAcl
FreeSid
StartServiceW
EnumServicesStatusW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
LookupAccountSidW
RevertToSelf
DuplicateToken
DuplicateTokenEx
ImpersonateLoggedOnUser
CreateProcessWithLogonW
CreateProcessAsUserW
GetLengthSid
SetSecurityDescriptorOwner
InitializeAcl
AddAccessAllowedAce
SetKernelObjectSecurity
AllocateAndInitializeSid
LookupPrivilegeValueW

shell32

SHGetFolderPathW
ord232
SHChangeNotify
SHFileOperationW
ShellExecuteExW
SHCreateDirectoryExW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CLSIDFromProgID
CoReleaseMarshalData
CoUninitialize
CLSIDFromString
CoUnmarshalInterface
StringFromIID
CoTaskMemFree
CreateStreamOnHGlobal
CoMarshalInterface
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
VarUI4FromStr
VarBoolFromStr
VarBstrFromI4
VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
VarI4FromStr
SafeArrayAccessData

Exports

Exports

_DpDispatchQuery@20
_DpInitialize@20
_DpRelease@0

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kddisp.dll
.dll windows:5 windows x86 arch:x86

fb8caac65d937bd7c596808be5b6b1c9

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

88:e2:89:d5:ce:12:a5:4e:7a:6e:a1:d1:7c:ae:67:5b:21:73:aa:64:98:9d:b9:ef:47:4c:ff:80:47:02:a6:96
Signer

Actual PE Digest

88:e2:89:d5:ce:12:a5:4e:7a:6e:a1:d1:7c:ae:67:5b:21:73:aa:64:98:9d:b9:ef:47:4c:ff:80:47:02:a6:96

Digest Algorithm

sha256

PE Digest Matches

true

cf:a1:7b:97:96:bd:85:b5:ad:ac:b8:9c:63:c8:3a:cf:46:a2:25:de
Signer

Actual PE Digest

cf:a1:7b:97:96:bd:85:b5:ad:ac:b8:9c:63:c8:3a:cf:46:a2:25:de

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\projects\kdnc_release\bin\kddisp.pdb

Imports

ntdll

memset
memmove
_chkstk
_wtoi
strncpy
_vsnwprintf
_fltused
_alldiv
atoi
_aulldiv
NtQueryDirectoryFile
NtClose
NtQueryObject
NtSetInformationFile
NtOpenFile
RtlDosPathNameToNtPathName_U
memcpy

ws2_32

WSASend
inet_addr
WSACleanup
gethostbyname
WSAGetLastError
inet_ntoa
socket
setsockopt
send
recv
WSASocketW
htons
bind
ioctlsocket
connect
select
closesocket
__WSAFDIsSet
WSAStartup
WSARecv

iphlpapi

GetIfTable
GetAdaptersAddresses
GetAdaptersInfo
GetPerAdapterInfo
GetIpForwardTable
IcmpCloseHandle
IcmpSendEcho
IcmpCreateFile

secur32

EnumerateSecurityPackagesW
InitSecurityInterfaceW
QueryCredentialsAttributesW
FreeContextBuffer

winhttp

WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpOpenRequest
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpGetProxyForUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpQueryHeaders
WinHttpQueryOption
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect

crypt32

CertNameToStrW
CryptDecodeObject
CryptHashCertificate
CertFreeCTLContext
CertFreeCRLContext
CertFreeCertificateContext
CertRDNValueToStrW
CryptQueryObject
CertCloseStore
CertCreateCertificateContext
CryptUnprotectData
CertEnumCertificatesInStore

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

rpcrt4

RpcStringFreeW
UuidToStringW
UuidCreate

shlwapi

StrStrIA
StrStrIW
StrToIntA
StrRStrIW
StrStrNIW
StrStrW
SHDeleteKeyW
StrStrA

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInstanceIdW

activeds

ord3

wintrust

WinVerifyTrust

winscard

SCardEstablishContext
SCardReleaseContext

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

cryptui

CryptUIDlgViewContext

wininet

InternetOpenUrlW
InternetOpenW
InternetCloseHandle
InternetReadFile
InternetQueryDataAvailable

userenv

CreateEnvironmentBlock
ExpandEnvironmentStringsForUserW
DestroyEnvironmentBlock

kernel32

GetSystemDefaultLCID
GlobalMemoryStatusEx
GetTickCount
SetUnhandledExceptionFilter
IsDebuggerPresent
GetSystemDefaultUILanguage
GetLocaleInfoA
SetEnvironmentVariableW
GetEnvironmentVariableW
GetNativeSystemInfo
IsProcessorFeaturePresent
MoveFileW
CopyFileW
GetFileSizeEx
SetFilePointerEx
SetFilePointer
GetFileAttributesExW
SetFileAttributesW
DeleteFileW
LocalAlloc
GlobalFree
UnhandledExceptionFilter
GetComputerNameExW
EnterCriticalSection
LeaveCriticalSection
InterlockedExchange
VirtualAlloc
InterlockedIncrement
ReadFile
WriteFile
SetEvent
lstrlenA
lstrcmpiA
lstrcmpiW
ExitThread
CloseHandle
CreateThread
FormatMessageW
GetLastError
lstrcpyW
RaiseException
lstrlenW
LocalFree
InterlockedCompareExchange
GetModuleHandleW
HeapFree
GetProcessHeap
FreeLibrary
GetProcAddress
LoadLibraryW
GetLocalTime
InitializeCriticalSection
CreateFileW
ResetEvent
InterlockedExchangeAdd
WaitForSingleObject
ProcessIdToSessionId
GetCurrentProcessId
CreateEventW
Sleep
GetSystemTime
GetSystemTimeAsFileTime
lstrcpyA
lstrcmpA
ExitProcess
GetStdHandle
GetCurrentThreadId
HeapAlloc
PostQueuedCompletionStatus
InterlockedDecrement
GetQueuedCompletionStatus
SetThreadAffinityMask
GetCurrentThread
CreateIoCompletionPort
SetThreadPriority
SetProcessAffinityMask
GetProcessAffinityMask
GetCurrentProcess
SetLastError
GlobalAlloc
VirtualFree
MultiByteToWideChar
WideCharToMultiByte
TlsSetValue
TlsGetValue
GetVersionExW
GetModuleFileNameW
SuspendThread
RegisterWaitForSingleObject
UnregisterWait
OpenProcess
SystemTimeToFileTime
QueryInformationJobObject
IsProcessInJob
GetDiskFreeSpaceExW
TerminateThread
HeapCreate
HeapDestroy
DeleteCriticalSection
GetProcessTimes
LoadLibraryA
ExpandEnvironmentStringsW
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualQueryEx
IsWow64Process
TerminateProcess
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
PeekNamedPipe
CreateProcessW
GetConsoleWindow
SetHandleInformation
GetExitCodeProcess
GetProcessId
CreatePipe
lstrcmpW
GetFileAttributesW
FindClose
FindNextFileW
FindFirstFileW
TlsAlloc

user32

ReleaseDC
EnumDisplayMonitors
GetDC
GetWindowTextW
GetClassNameW
PostMessageW
EnumWindows
GetWindowThreadProcessId
FindWindowExW
GetSystemMetrics
SetWindowTextW
SetWindowPos
GetMonitorInfoW
EnableWindow
SetWindowLongW
EndDialog
CallWindowProcW
FindWindowW
SwitchToThisWindow
CharLowerW
DestroyWindow
MessageBoxW
CreateWindowExW
WaitForInputIdle
wsprintfW
wsprintfA
EnumDisplayDevicesW
GetParent
GetDlgItem
GetWindowRect
SendMessageW

gdi32

GetDeviceCaps
GetObjectW
GetDIBits
CreateDCW
DeleteDC
BitBlt
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC

comdlg32

GetSaveFileNameW
GetOpenFileNameW

advapi32

OpenSCManagerW
ConvertSidToStringSidW
IsValidSid
GetTokenInformation
RegOpenCurrentUser
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AdjustTokenPrivileges
RegEnumKeyExW
RegQueryInfoKeyW
OpenProcessToken
ConvertStringSecurityDescriptorToSecurityDescriptorW
CryptAcquireContextW
CryptGetProvParam
CryptReleaseContext
ImpersonateSelf
GetFileSecurityW
OpenThreadToken
MapGenericMask
AccessCheck
EnumDependentServicesW
QueryServiceStatus
SetTokenInformation
ChangeServiceConfigW
ControlService
SetSecurityInfo
RegEnumValueW
CheckTokenMembership
SetEntriesInAclW
ConvertStringSidToSidW
GetSecurityInfo
GetAce
IsValidAcl
FreeSid
StartServiceW
EnumServicesStatusW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
LookupAccountSidW
RevertToSelf
DuplicateToken
DuplicateTokenEx
ImpersonateLoggedOnUser
CreateProcessWithLogonW
CreateProcessAsUserW
GetLengthSid
SetSecurityDescriptorOwner
InitializeAcl
AddAccessAllowedAce
SetKernelObjectSecurity
AllocateAndInitializeSid
LookupPrivilegeValueW

shell32

SHGetFolderPathW
ord232
SHChangeNotify
SHFileOperationW
ShellExecuteExW
SHCreateDirectoryExW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CoInitialize
CLSIDFromProgID
CoReleaseMarshalData
CoUninitialize
CLSIDFromString
CoUnmarshalInterface
StringFromIID
CoTaskMemFree
CreateStreamOnHGlobal
CoMarshalInterface
CoCreateInstance
CoInitializeEx

oleaut32

SysFreeString
VarUI4FromStr
VarBoolFromStr
VarBstrFromI4
VariantClear
SystemTimeToVariantTime
VariantTimeToSystemTime
SysAllocString
VarI4FromStr
SafeArrayAccessData

Exports

Exports

_DpDispatchQuery@20
_DpInitialize@20
_DpRelease@0

Sections

.text
Size: 185KB - Virtual size: 185KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kddisphost.exe
.exe windows:5 windows x86 arch:x86

14a48346d56eb2223aedb0300aaff484

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ef:7b:2d:a4:eb:19:ec:ea:ac:a4:6a:53:36:d2:83:7c:7b:5e:20:6c:40:c4:37:82:b2:fb:63:68:38:97:61:31
Signer

Actual PE Digest

ef:7b:2d:a4:eb:19:ec:ea:ac:a4:6a:53:36:d2:83:7c:7b:5e:20:6c:40:c4:37:82:b2:fb:63:68:38:97:61:31

Digest Algorithm

sha256

PE Digest Matches

true

3d:72:8e:f0:9d:e3:e8:d2:66:f8:bd:66:b4:49:8e:77:eb:8b:24:e4
Signer

Actual PE Digest

3d:72:8e:f0:9d:e3:e8:d2:66:f8:bd:66:b4:49:8e:77:eb:8b:24:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\projects\kdnc_release\bin\kddisphost.pdb

Imports

ntdll

NtSetInformationFile
memcpy
_aulldiv
NtQueryDirectoryFile
NtClose
NtQueryObject
memset
atoi
RtlDosPathNameToNtPathName_U
NtOpenFile
_fltused

secur32

EnumerateSecurityPackagesW
FreeContextBuffer
InitSecurityInterfaceW
QueryCredentialsAttributesW

winhttp

WinHttpConnect
WinHttpSetTimeouts
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpReadData
WinHttpQueryDataAvailable
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpOpen

crypt32

CertEnumCertificatesInStore
CertFreeCertificateContext
CertFreeCRLContext
CryptQueryObject
CryptHashCertificate
CryptDecodeObject
CertNameToStrW
CertCloseStore
CertFreeCTLContext
CertCreateCertificateContext

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

rpcrt4

UuidToStringW
RpcStringFreeW
UuidCreate

shlwapi

SHDeleteKeyW
StrStrW
StrStrIW
StrStrNIW
wvnsprintfA
StrRStrIW

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo

activeds

ord3

wintrust

WinVerifyTrust

winscard

SCardEstablishContext
SCardReleaseContext

psapi

GetModuleFileNameExW
GetProcessMemoryInfo

userenv

ExpandEnvironmentStringsForUserW
CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

UnregisterWait
RegisterWaitForSingleObject
CreateEventW
lstrcpyW
lstrcmpW
lstrlenW
GetCommandLineW
ExitProcess
lstrlenA
WriteFile
LeaveCriticalSection
EnterCriticalSection
TerminateProcess
HeapAlloc
GetProcessHeap
CreateFileW
ExpandEnvironmentStringsW
GetCurrentProcessId
GetCurrentThreadId
GetLocalTime
DeleteCriticalSection
ResetEvent
SetLastError
GlobalAlloc
VirtualFree
VirtualAlloc
HeapFree
MultiByteToWideChar
WideCharToMultiByte
TlsSetValue
TlsGetValue
ExitThread
GetVersionExW
GetModuleFileNameW
GetModuleHandleW
lstrcpyA
Sleep
SuspendThread
GetCurrentThread
CreateThread
OpenProcess
SystemTimeToFileTime
QueryInformationJobObject
IsProcessInJob
GetProcAddress
LoadLibraryW
TlsAlloc
TerminateThread
HeapCreate
lstrcmpA
LocalFree
HeapDestroy
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualQueryEx
IsWow64Process
GetProcessTimes
Process32NextW
Process32FirstW
CreateToolhelp32Snapshot
PeekNamedPipe
CreateProcessW
GetConsoleWindow
SetHandleInformation
GetProcessId
CreatePipe
lstrcmpiW
ProcessIdToSessionId
GetFileAttributesW
FindClose
FindNextFileW
IsDebuggerPresent
GetDiskFreeSpaceExW
GetSystemTimeAsFileTime
LoadLibraryA
MoveFileW
CopyFileW
GetFileSizeEx
SetFilePointerEx
SetFilePointer
GetFileAttributesExW
SetFileAttributesW
DeleteFileW
GetLocaleInfoA
GetSystemDefaultLCID
GlobalMemoryStatusEx
GetSystemTime
GetTickCount
GetSystemDefaultUILanguage
GetNativeSystemInfo
IsProcessorFeaturePresent
GetEnvironmentVariableW
SetEnvironmentVariableW
FreeLibrary
ConnectNamedPipe
SetEvent
GetExitCodeProcess
CloseHandle
GetNamedPipeClientProcessId
CreateNamedPipeW
OpenEventW
WaitForSingleObject
ReadFile
GetStdHandle
GetCurrentProcess
DuplicateHandle
SetStdHandle
GetLastError
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSection
FindFirstFileW

user32

PostMessageW
GetClassNameW
GetWindowTextW
GetDC
EnumWindows
GetWindowThreadProcessId
FindWindowExW
GetSystemMetrics
wsprintfW
wsprintfA
CreateWindowExW
MessageBoxW
DestroyWindow
CharLowerW
SwitchToThisWindow
FindWindowW
WaitForInputIdle
CallWindowProcW
EnumDisplayMonitors
ReleaseDC
EnumDisplayDevicesW
GetMonitorInfoW
EndDialog
SetWindowLongW
EnableWindow
GetWindowRect
SetWindowPos
SetWindowTextW
SendMessageW
GetDlgItem
GetParent

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
DeleteDC
BitBlt
CreateDCW
GetDIBits
GetDeviceCaps
GetObjectW

comdlg32

GetOpenFileNameW
GetSaveFileNameW

advapi32

SetSecurityDescriptorDacl
RegCreateKeyA
RegOverridePredefKey
RegCloseKey
CryptAcquireContextW
CryptGetProvParam
CryptReleaseContext
EnumDependentServicesW
QueryServiceStatus
SetTokenInformation
LookupAccountSidW
ChangeServiceConfigW
ControlService
StartServiceW
EnumServicesStatusW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
IsValidAcl
GetAce
GetSecurityInfo
ConvertStringSidToSidW
SetEntriesInAclW
SetSecurityInfo
RegEnumValueW
RegQueryInfoKeyW
LookupPrivilegeValueW
InitializeSecurityDescriptor
OpenSCManagerW
ConvertSidToStringSidW
IsValidSid
GetTokenInformation
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
SetKernelObjectSecurity
RegEnumKeyExW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegOpenKeyExW
AdjustTokenPrivileges
RegOpenCurrentUser
ImpersonateSelf
GetFileSecurityW
OpenThreadToken
MapGenericMask
AccessCheck
RevertToSelf
DuplicateToken
DuplicateTokenEx
ImpersonateLoggedOnUser
CreateProcessWithLogonW
CreateProcessAsUserW
GetLengthSid
SetSecurityDescriptorOwner
OpenProcessToken
RegQueryValueExW
InitializeAcl
AddAccessAllowedAce

shell32

SHCreateDirectoryExW
SHFileOperationW
SHGetFolderPathW
ShellExecuteExW
ord232
SHChangeNotify

ole32

CLSIDFromProgID
CoInitializeSecurity
CoSetProxyBlanket
CoUninitialize
CoInitialize
CoTaskMemFree
CreateStreamOnHGlobal
CoMarshalInterface
CoInitializeEx
CoCreateInstance

oleaut32

VarBstrFromI4
SysAllocString
SysFreeString
SystemTimeToVariantTime
VariantClear

cryptui

CryptUIDlgViewContext

Sections

.text
Size: 77KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kddx.exe
.exe windows:5 windows x86 arch:x86

5d40fb8814613c22ff8d22869379fe9d

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

3a:50:a1:42:b3:d0:59:c2:10:05:0d:f5:cc:51:0a:a5:81:b4:4f:70:da:86:3b:84:58:f7:ab:14:af:45:3f:91
Signer

Actual PE Digest

3a:50:a1:42:b3:d0:59:c2:10:05:0d:f5:cc:51:0a:a5:81:b4:4f:70:da:86:3b:84:58:f7:ab:14:af:45:3f:91

Digest Algorithm

sha256

PE Digest Matches

true

85:a9:99:7d:92:d0:69:8e:c5:da:43:b6:0f:5b:2a:6f:31:9c:de:b8
Signer

Actual PE Digest

85:a9:99:7d:92:d0:69:8e:c5:da:43:b6:0f:5b:2a:6f:31:9c:de:b8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\projects\kdnc_release\bin\kddx.pdb

Imports

setupapi

SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiGetClassDevsExW

kernel32

lstrcpyW
LoadLibraryA
GetProcAddress
ExitProcess
lstrlenA
HeapAlloc
HeapFree
GetProcessHeap
WriteFile
ReadFile
lstrcmpW
MultiByteToWideChar
GetStdHandle

Sections

.text
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 738B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 32B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kddx64.exe
.exe windows:5 windows x64 arch:x64

5d40fb8814613c22ff8d22869379fe9d

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

b5:06:8a:82:81:38:88:15:93:9c:8f:69:5f:4c:b2:84:54:76:db:b9:10:79:59:49:66:cb:a5:1e:57:fb:6e:35
Signer

Actual PE Digest

b5:06:8a:82:81:38:88:15:93:9c:8f:69:5f:4c:b2:84:54:76:db:b9:10:79:59:49:66:cb:a5:1e:57:fb:6e:35

Digest Algorithm

sha256

PE Digest Matches

true

32:cd:c5:5b:92:08:72:40:77:4f:15:f8:6f:cf:88:43:80:b6:78:18
Signer

Actual PE Digest

32:cd:c5:5b:92:08:72:40:77:4f:15:f8:6f:cf:88:43:80:b6:78:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

setupapi

SetupDiBuildDriverInfoList
SetupDiEnumDriverInfoW
SetupDiGetClassDevsExW

kernel32

lstrcpyW
LoadLibraryA
GetProcAddress
ExitProcess
lstrlenA
HeapAlloc
HeapFree
GetProcessHeap
WriteFile
ReadFile
lstrcmpW
MultiByteToWideChar
GetStdHandle

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 754B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
kdncapi.dll
.dll windows:5 windows x86 arch:x86

d87bbea235e83d1d57ae89296c2fc30f

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

12:74:fb:48:1b:ac:9e:0c:60:b2:8e:52:e8:78:fd:70:b6:a1:38:80:04:fa:ac:a8:f1:e2:a7:18:cb:3a:ca:42
Signer

Actual PE Digest

12:74:fb:48:1b:ac:9e:0c:60:b2:8e:52:e8:78:fd:70:b6:a1:38:80:04:fa:ac:a8:f1:e2:a7:18:cb:3a:ca:42

Digest Algorithm

sha256

PE Digest Matches

true

29:1d:09:ee:b3:bc:4e:24:a6:54:a4:63:f0:49:2b:25:64:7e:26:86
Signer

Actual PE Digest

29:1d:09:ee:b3:bc:4e:24:a6:54:a4:63:f0:49:2b:25:64:7e:26:86

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\projects\kdnc_release\bin\kdncapi.pdb

Imports

ntdll

_aulldiv
_fltused
memcpy
memset
atoi

secur32

EnumerateSecurityPackagesW
FreeContextBuffer
QueryCredentialsAttributesW
InitSecurityInterfaceW

winhttp

WinHttpQueryDataAvailable
WinHttpReadData
WinHttpReceiveResponse
WinHttpSendRequest
WinHttpAddRequestHeaders
WinHttpSetOption
WinHttpOpen
WinHttpOpenRequest
WinHttpConnect
WinHttpSetTimeouts
WinHttpCloseHandle

crypt32

CertCloseStore
CryptQueryObject
CertEnumCertificatesInStore
CertFreeCertificateContext
CertCreateCertificateContext
CertNameToStrW
CryptDecodeObject
CryptHashCertificate
CertFreeCTLContext
CertFreeCRLContext

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

rpcrt4

UuidCreate
RpcStringFreeW
UuidToStringW

shlwapi

StrStrW
SHDeleteKeyW
StrRStrIW
StrStrNIW
StrStrIW

setupapi

SetupDiGetDeviceRegistryPropertyW
SetupDiGetClassDevsW
SetupDiEnumDeviceInfo
SetupDiDestroyDeviceInfoList

activeds

ord3

wintrust

WinVerifyTrust

winscard

SCardEstablishContext
SCardReleaseContext

psapi

GetProcessMemoryInfo
GetModuleFileNameExW

userenv

ExpandEnvironmentStringsForUserW
CreateEnvironmentBlock
DestroyEnvironmentBlock

kernel32

ResetEvent
WaitForSingleObject
SetLastError
GlobalAlloc
VirtualFree
VirtualAlloc
lstrlenW
CloseHandle
HeapAlloc
SetEvent
HeapFree
MultiByteToWideChar
WideCharToMultiByte
TlsSetValue
TlsGetValue
ExitThread
GetVersionExW
GetModuleFileNameW
lstrcpyW
Sleep
SuspendThread
GetCurrentThread
CreateThread
RegisterWaitForSingleObject
UnregisterWait
OpenProcess
GetCurrentProcessId
SystemTimeToFileTime
QueryInformationJobObject
IsProcessInJob
CreateEventW
GetProcAddress
LoadLibraryW
TlsAlloc
TerminateThread
HeapCreate
lstrcmpA
LocalFree
HeapDestroy
DeleteCriticalSection
GetSystemTimeAsFileTime
GetProcessTimes
CreateFileW
LoadLibraryA
MoveFileW
CopyFileW
GetFileSizeEx
SetFilePointerEx
SetFilePointer
GetFileAttributesExW
GetFileAttributesW
SetFileAttributesW
DeleteFileW
FileTimeToSystemTime
FileTimeToLocalFileTime
VirtualQueryEx
IsWow64Process
Process32NextW
IsDebuggerPresent
CreateToolhelp32Snapshot
PeekNamedPipe
CreateProcessW
GetConsoleWindow
SetHandleInformation
GetExitCodeProcess
GetProcessId
CreatePipe
lstrcmpiW
ProcessIdToSessionId
ExpandEnvironmentStringsW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetLocaleInfoA
GetSystemDefaultLCID
GlobalMemoryStatusEx
GetSystemTime
GetTickCount
GetSystemDefaultUILanguage
GetNativeSystemInfo
lstrcmpW
IsProcessorFeaturePresent
FreeLibrary
GetStdHandle
InitializeCriticalSection
DuplicateHandle
SetStdHandle
lstrcpyA
ReadFile
GetLastError
GetModuleHandleW
GetCurrentProcess
TerminateProcess
EnterCriticalSection
GetCurrentThreadId
FlushFileBuffers
LeaveCriticalSection
lstrlenA
WriteFile
RaiseException
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetProcessHeap
Process32FirstW

user32

GetWindowThreadProcessId
EnumWindows
PostMessageW
GetClassNameW
GetWindowTextW
GetDC
EnumDisplayMonitors
ReleaseDC
GetMonitorInfoW
wsprintfA
wsprintfW
MessageBoxW
CreateWindowExW
DestroyWindow
SendMessageW
FindWindowExW
GetSystemMetrics
CharLowerW
SwitchToThisWindow
FindWindowW
WaitForInputIdle
EnumDisplayDevicesW

gdi32

SelectObject
BitBlt
DeleteDC
CreateCompatibleBitmap
CreateCompatibleDC
CreateDCW
GetDIBits
GetDeviceCaps
GetObjectW

advapi32

MapGenericMask
AccessCheck
GetTokenInformation
IsValidSid
CryptAcquireContextW
CryptGetProvParam
CryptReleaseContext
EnumDependentServicesW
QueryServiceStatus
SetTokenInformation
ChangeServiceConfigW
ControlService
StartServiceW
EnumServicesStatusW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
LookupAccountSidW
IsValidAcl
GetAce
ConvertSidToStringSidW
OpenSCManagerW
OpenProcessToken
RevertToSelf
AdjustTokenPrivileges
GetFileSecurityW
ImpersonateSelf
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetSecurityInfo
ConvertStringSidToSidW
SetEntriesInAclW
SetSecurityInfo
RegEnumValueW
RegQueryInfoKeyW
RegEnumKeyExW
RegDeleteValueW
OpenThreadToken
RegSetValueExW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
RegOpenCurrentUser
DuplicateToken
DuplicateTokenEx
ImpersonateLoggedOnUser
CreateProcessWithLogonW
CreateProcessAsUserW
LookupPrivilegeValueW
RegCreateKeyExW
GetLengthSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetKernelObjectSecurity

shell32

SHChangeNotify
ShellExecuteExW

ole32

CoInitializeSecurity
CoSetProxyBlanket
CLSIDFromProgID
CoTaskMemFree
CoUninitialize
CoInitialize
CreateStreamOnHGlobal
CoInitializeEx
CoCreateInstance
CoMarshalInterface

oleaut32

VarBstrFromI4
VariantClear
SysAllocString
SystemTimeToVariantTime
SysFreeString

cryptui

CryptUIDlgViewContext

Exports

Exports

NcLoop

Sections

.text
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 896B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kdnchost.exe
.exe windows:5 windows x86 arch:x86

bd32d6f246b606d123791588145e5cfb

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:01:ec:99:a8:86:cb:65:3c:7e:63:90:4d:46:bd:32:17:1b:2f:18:ae:8e:dd:7f:6b:ee:ab:0f:d3:45:75:dd
Signer

Actual PE Digest

25:01:ec:99:a8:86:cb:65:3c:7e:63:90:4d:46:bd:32:17:1b:2f:18:ae:8e:dd:7f:6b:ee:ab:0f:d3:45:75:dd

Digest Algorithm

sha256

PE Digest Matches

true

16:b7:c0:8d:98:0e:40:6b:e5:35:95:27:18:88:97:e6:6e:ee:5f:e4
Signer

Actual PE Digest

16:b7:c0:8d:98:0e:40:6b:e5:35:95:27:18:88:97:e6:6e:ee:5f:e4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\projects\kdnc_release\bin\kdnchost.pdb

Imports

kernel32

TerminateProcess
GetCurrentProcess
Sleep
FlushFileBuffers
GetLastError
GetProcAddress
LoadLibraryA
WriteFile
GetStdHandle

user32

wsprintfA

Sections

.text
Size: 512B - Virtual size: 334B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 614B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
kdui.exe
.exe windows:5 windows x86 arch:x86

cae9b3b4e70ab97c1318a883ab3dfebb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\projects\kdnc_release\bin\kdui.pdb

Imports

gdiplus

GdipFillPath
GdipDrawPath
GdipSetPageUnit
GdipSetSmoothingMode
GdipCreateFromHDC
GdipAddPathArcI
GdipClosePathFigure
GdipResetPath
GdipSetPenColor
GdipSetPenMode
GdipCreateSolidFill
GdipDeleteGraphics
GdipDeletePath
GdipCreatePath
GdipDeletePen
GdipCreatePen1
GdipDeleteBrush
GdiplusStartup

kernel32

GetCurrentProcess
GetModuleHandleW
lstrcmpW
GetCommandLineW
TerminateProcess

user32

BeginPaint
EndPaint
LoadImageW
ShowWindow
GetForegroundWindow
SetForegroundWindow
SetLayeredWindowAttributes
GetDesktopWindow
DispatchMessageW
TranslateMessage
GetMessageW
UnregisterClassW
DrawTextW
SetFocus
DefWindowProcW
RegisterClassExW
LoadCursorW
LoadIconW
FillRect
GetDC
PostMessageW
GetParent
InvalidateRect
GetClientRect
TrackMouseEvent
SetWindowLongW
CreateWindowExW
PostQuitMessage

gdi32

SelectObject
SetBkMode
CreateSolidBrush
CreateCompatibleDC
GetObjectW
BitBlt
DeleteDC
CreateFontW
SetTextColor
DeleteObject

shell32

CommandLineToArgvW

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 562B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
kontur.updater.exe
.exe windows:4 windows x86 arch:x86

14b0fecbed4a918c9c5c5d940cc1045e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

DispatchMessageW
wsprintfA
IsWindowVisible
PeekMessageW
wvsprintfW
MessageBoxIndirectW
CharNextA
CharPrevW
GetSystemMetrics
GetDlgItemTextW
SetDlgItemTextW
TrackPopupMenu
CreatePopupMenu
FillRect
CloseClipboard
OpenClipboard
EndPaint
IsDlgButtonChecked
CallWindowProcW
GetMessagePos
LoadCursorW
GetAsyncKeyState
CheckDlgButton
SetWindowPos
SetCursor
GetSysColor
SetClassLongW
GetWindowLongW
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassW
ScreenToClient
EndDialog
GetClassInfoW
SystemParametersInfoW
CreateWindowExW
ExitWindowsEx
DialogBoxParamW
CharNextW
SetTimer
DestroyWindow
CreateDialogParamW
SetForegroundWindow
SetWindowTextW
PostQuitMessage
SendMessageTimeoutW
ShowWindow
wsprintfW
GetDlgItem
FindWindowExW
IsWindow
GetDC
SetWindowLongW
LoadImageW
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageW
DefWindowProcW
GetClientRect
DrawTextW
SetClipboardData
EmptyClipboard
AppendMenuW

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
MoveFileExW
GetTempFileNameW
lstrcmpiA
WriteFile
CreateProcessW
CreateDirectoryW
RemoveDirectoryW
GlobalLock
GlobalUnlock
CreateThread
WideCharToMultiByte
lstrcpynW
GetDiskFreeSpaceW
SetErrorMode
GetVersionExW
lstrlenW
GetTempPathW
GetWindowsDirectoryW
GetCommandLineW
CopyFileW
ExitProcess
SetEnvironmentVariableW
GetModuleFileNameW
GetFileSize
GetCurrentProcess
GetTickCount
Sleep
CreateFileW
GetFileAttributesW
SetCurrentDirectoryW
SetFileAttributesW
MoveFileW
GetFullPathNameW
GetLastError
SearchPathW
CompareFileTime
GetShortPathNameW
CloseHandle
lstrcmpiW
SetFileTime
ExpandEnvironmentStringsW
GlobalFree
lstrcmpW
GetModuleHandleW
LoadLibraryExW
GlobalAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
FreeLibrary
lstrcpyA
lstrcatW
ReadFile
MultiByteToWideChar
lstrlenA
FindClose
FindNextFileW
SetFilePointer
DeleteFileW
MulDiv
FindFirstFileW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 139KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 144KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
manifest_gecko.json
manifest_webkit.json
rtPKCS11.cf.dll
.dll windows:6 windows x86 arch:x86

56e9b29bc26ebd2375a5bbcfa5dd626d

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:e2:c3:50:6b:60:19:36:fc:8f:d3:fa
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2022, 07:33

Not After

17/11/2024, 09:34

Subject

SERIALNUMBER=1037700094541,CN=Aktiv-Soft Joint-Stock Company,O=Aktiv-Soft Joint-Stock Company,STREET=Sharikopodshipnikovskaya st.\, 1 floor 4 room IX room 11,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

78:03:18:42:45:70:8a:41:cf:6f:01:b8:ee:b4:a9:54
Certificate

Issuer

CN=GlobalSign,OU=GlobalSign Root CA - R3,O=GlobalSign

Not Before

28/07/2020, 00:00

Not After

18/03/2029, 00:00

Subject

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:e2:c3:50:6b:60:19:36:fc:8f:d3:fa
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2022, 07:33

Not After

17/11/2024, 09:34

Subject

SERIALNUMBER=1037700094541,CN=Aktiv-Soft Joint-Stock Company,O=Aktiv-Soft Joint-Stock Company,STREET=Sharikopodshipnikovskaya st.\, 1 floor 4 room IX room 11,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

13:32:ce:38:24:16:70:74:9d:10:7a:cd:80:e8:67:67:16:dc:47:ae:69:47:7d:91:03:5d:c5:19:1b:f5:58:5a
Signer

Actual PE Digest

13:32:ce:38:24:16:70:74:9d:10:7a:cd:80:e8:67:67:16:dc:47:ae:69:47:7d:91:03:5d:c5:19:1b:f5:58:5a

Digest Algorithm

sha256

PE Digest Matches

true

4c:14:f3:82:62:0a:0f:4f:59:fd:e4:af:12:24:b9:41:21:c4:ab:33
Signer

Actual PE Digest

4c:14:f3:82:62:0a:0f:4f:59:fd:e4:af:12:24:b9:41:21:c4:ab:33

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

rtlib

??0Lib_StringW@@QAE@PB_W@Z
?Attach@Lib_Buffer@@QAEXPAXI@Z
?Find@Lib_StringW@@QBEHPB_W@Z
?Flush@Lib_StringW@@QAEXXZ
?Lib_Write_Buffer@@YAXIPAXAAVLib_String@@_W@Z
?Make_Lower@Lib_StringW@@QAEXXZ
?Unlock@Lib_Environment_Manager@@QAEXXZ
?Lock@Lib_Environment_Manager@@QAEXXZ
?Is_Valid_Environment@Lib_Environment_Manager@@QAE_NPAVLib_Environment@@@Z
??4Lib_Protected_Buffer@@QAEAAV0@ABVLib_Buffer@@@Z
?Lib_UTF8_Buffer_To_WString@@YA_NPAEKAAVLib_String@@@Z
??H@YA?AVLib_String@@ABV0@PB_W@Z
??4Lib_StringW@@QAEABV0@PB_W@Z
??0Lib_String@@QAE@ABV0@@Z
?LIBT_PRINT_THREAD_INFO@@YAX_N@Z
?Lib_Create_Impersonated_Thread_Ex@@YA_NPAXIP6GI0@Z0IAAVLib_Result@@PAI0PAPAX@Z
?Get_Text_Registry_Format@Lib_Guid@@QBE?AVLib_String@@XZ
?Create_New@Lib_Guid@@QAEXXZ
??1Lib_Guid@@UAE@XZ
??0Lib_Guid@@QAE@XZ
?Get_Environment_For_User_Data@Lib_Environment_Manager@@QAEPAVLib_Environment@@PAX@Z
?Check_Environment_And_Release@Lib_Environment_Manager@@QAE_NPAVLib_Environment@@AAVLib_Result@@@Z
??4Lib_Result@@QAEAAV0@ABV0@@Z
??8@YA_NABVLib_String@@PB_W@Z
??0Lib_Buffer@@QAE@I@Z
?Lib_Cacl_CRC32@@YAKPAEK@Z
?Format@Lib_StringW@@QAAXPB_WZZ
?Empty@Lib_StringW@@QAEXXZ
?GetA@Lib_StringW@@QBE?AV?$LibT_Buffer@D@@XZ
?Set_Size@Lib_Buffer@@QAEXI@Z
??0Lib_Protected_Buffer@@QAE@ABV0@@Z
?Append@Lib_Buffer@@QAEXABV1@@Z
?Make_Reverse@Lib_Buffer@@QAEXXZ
?Attach_Copy@Lib_Buffer@@QAEXPAXI@Z
??0Lib_Buffer@@QAE@IPAX_N@Z
?Create_Public_With_Unique_Name@Lib_Event@@QAE_N_N00@Z
?Wait_Until_Object_0@Lib_Synchro@@QAE_NK@Z
??4Lib_Synchro@@QAEAAV0@ABV0@@Z
?Get_Name@Lib_Synchro@@QBE?AVLib_String@@XZ
?LIBT_PRINT_ERROR@@YAXABVLib_String@@@Z
?Unlock@Lib_Environment@@QAEXXZ
?Lock@Lib_Environment@@QAEXXZ
??8Lib_Buffer@@QBE_NABV0@@Z
?flush@Lib_Event@@MAEXXZ
?Release@Lib_Synchro@@UAE_NXZ
?Create@Lib_Mutex@@QAE_NPAU_SECURITY_ATTRIBUTES@@_N@Z
??1Lib_Mutex@@UAE@XZ
??0Lib_Mutex@@QAE@XZ
?Reset@Lib_Event@@QBE_NXZ
?Set@Lib_Event@@QBE_NXZ
?Open@Lib_Event@@QAE_NPB_WK_N@Z
??1Lib_Event@@UAE@XZ
??0Lib_Event@@QAE@XZ
?Wait@Lib_Synchro@@QAEKK@Z
?Set_Name@Lib_Synchro@@QAEXPB_W@Z
??BLib_Handle@@QBEPAXXZ
?Close@Lib_Handle@@QAE_NXZ
??0Lib_String@@QAE@PBD@Z
??0Lib_String@@QAE@XZ
??4Lib_StringW@@QAEABV0@ABV0@@Z
?free@Lib_Buffer@@IBEXPAX@Z
?alloc@Lib_Buffer@@IBEPAXI@Z
?Alloc_Buffer@Lib_Container@@SAPAXI@Z
?Is_Empty@Lib_StringW@@QBE_NXZ
??8Lib_StringW@@QBE_NABV0@@Z
?Free_Buffer@Lib_Container@@SAXPAX@Z
??1Lib_Container@@UAE@XZ
?Set_Result_Code@Lib_Result@@QAEXK@Z
?Set_Result_Source@Lib_Result@@QAEXK@Z
?Lib_WString_To_UTF8_Buffer@@YA_NPB_WKAAVLib_Buffer@@@Z
?Get_Length@Lib_StringW@@QBEIXZ
?GetW@Lib_StringW@@QBEPB_WXZ
?Append@Lib_Buffer@@QAEXPAXI@Z
??0Lib_Protected_Buffer@@QAE@ABVLib_Buffer@@@Z
?flush@Lib_Protected_Buffer@@IAEXXZ
?Attach_Copy@Lib_Protected_Buffer@@QAEXPAXI@Z
??4Lib_Protected_Buffer@@QAEAAV0@ABV0@@Z
??BLib_Protected_Buffer@@QBE?AVLib_Buffer@@XZ
??8Lib_Protected_Buffer@@QBE_NABV0@@Z
??1Lib_Protected_Buffer@@UAE@XZ
??0Lib_Protected_Buffer@@QAE@XZ
?flush@Lib_Buffer@@IAEXXZ
??4Lib_Buffer@@QAEAAV0@ABV0@@Z
??1Lib_Buffer@@UAE@XZ
??0Lib_Buffer@@QAE@ABV0@@Z
??0Lib_Buffer@@QAE@XZ
?libtGet_Module_Name_With_Extension@@YA?AVLib_String@@PAUHINSTANCE__@@@Z
??1Lib_Environment_Manager@@QAE@XZ
??0Lib_Environment_Manager@@QAE@P6APAXPAVLib_Environment@@AAVLib_Result@@@ZP6A_NPAX1@ZP6A_N3@Z5@Z
??_7Lib_String@@6B@
?LIBT_PRINT_WARNING@@YAXABVLib_String@@@Z
?LIBT_PRINT_STRING@@YAXABVLib_String@@@Z
?LIBT_PRINT_BUFFER_AS_STRING_A@@YAXABVLib_String@@PAEK@Z
?LIBT_PRINT_BUFFER@@YAXPAEK@Z
?LIBT_PRINT_PTR@@YAXABVLib_String@@PAX@Z
?LIBT_PRINT_DWORD@@YAXABVLib_String@@K@Z
?LIBT_PRINT_BYTE@@YAXABVLib_String@@E@Z
?Release_Environment@Lib_Environment_Manager@@QAE_NPAVLib_Environment@@AAVLib_Result@@@Z
?Get_Environment@Lib_Environment_Manager@@QAEPAVLib_Environment@@AAVLib_Result@@@Z
?Establish_Environment@Lib_Environment_Manager@@QAE_NAAVLib_Result@@@Z
?Get_Result_Code@Lib_Result@@QBEKXZ
?Get_Result_Source@Lib_Result@@QBEKXZ
?Set_Result@Lib_Result@@QAEXKK@Z
??1Lib_Result@@UAE@XZ
??0Lib_Result@@QAE@XZ
??1Lib_String@@UAE@XZ
??0Lib_StringW@@QAE@PBD@Z
?Get_User_Data@Lib_Environment@@QAEPAXXZ

rtapii

?Free@APIi_Context@@QAE_N_N@Z
?Start_Readers_State_Monitor@APIi_Context@@QAE_NP6AJIIJ@ZPAX@Z
?Stop_Readers_State_Monitor@APIi_Context@@QAE_NXZ
?Enum_Readers@APIi_Context@@QAE_NAAV?$LibT_Array@VLib_String@@$03@@@Z
?Find_Out_token_SCard_Type@APIi_Context@@SA_NPB_WAAEK@Z
?Begin_Transaction@APIi_token_SCard@@QAE_NXZ
?End_Transaction@APIi_token_SCard@@QAE_NK@Z
?Init@APIi_Context@@QAE_NK@Z
?Get_ATR@APIi_token_SCard@@QAE_NAAVLib_Buffer@@@Z
?Get_Sec_Attribs@APIi_token_SCard_FCP@@QAEPAVAPIi_token_SCard_Sec_Attribs@@XZ
?Get_RSF_Parameters@APIi_token_SCard_FCP@@QAEPAVAPIi_token_SCard_RSF_Parameters@@XZ
?Get_Info@APIi_token_SCard_Info@@QBE?AVLib_Buffer@@XZ
?Open_Reader@APIi_Context@@QAE_NPB_WKPAPAVAPIi_token_SCard@@KKKK@Z
?Close_Reader@APIi_Context@@QAE_NPAPAVAPIi_token_SCard@@K@Z
?Get_Last_Error@APIi_Context@@SA?AVLib_Result@@XZ
?Get_Number_Of_Virtual_token_Readers@APIi_Context@@SAKK@Z
??0APIi_Context@@QAE@XZ
??1APIi_Context@@QAE@XZ
?Get_Reader_Name@APIi_token_SCard@@QBE?AVLib_String@@XZ
?Get_Context_Registry_Flags@APIi_Settings@@SAKXZ

crypt32

CertCreateCertificateContext
CertFreeCertificateContext
CryptImportPublicKeyInfo
CryptEncodeObject

advapi32

CryptAcquireContextW
CryptGenRandom
CryptReleaseContext
CryptGenKey
CryptDestroyKey
CryptGetKeyParam
CryptGetHashParam
CryptExportKey
CryptImportKey
CryptEncrypt
CryptDecrypt
CryptCreateHash
CryptHashData
CryptDestroyHash

user32

MessageBoxW

kernel32

GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStdHandle
HeapAlloc
HeapSize
HeapReAlloc
HeapFree
GetModuleFileNameW
GetModuleHandleExW
ExitProcess
LoadLibraryExW
InterlockedFlushSList
InterlockedPushEntrySList
RaiseException
RtlUnwind
GetOEMCP
GetStartupInfoW
IsDebuggerPresent
GetCurrentThreadId
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetCommandLineA
IsProcessorFeaturePresent
InitializeSListHead
GetCPInfo
GetStringTypeW
LCMapStringW
GetModuleHandleW
GetSystemTimeAsFileTime
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
SetLastError
DecodePointer
EncodePointer
MultiByteToWideChar
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
QueryPerformanceFrequency
QueryPerformanceCounter
LoadLibraryW
GetProcAddress
FreeLibrary
FileTimeToSystemTime
WideCharToMultiByte
WaitForMultipleObjects
GetLastError
DisableThreadLibraryCalls
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
SetFilePointerEx
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleCP
GetConsoleMode
CloseHandle
CreateFileW
UnhandledExceptionFilter
WriteConsoleW

Exports

Exports

C_CancelFunction
C_CloseAllSessions
C_CloseSession
C_CopyObject
C_CreateObject
C_Decrypt
C_DecryptDigestUpdate
C_DecryptFinal
C_DecryptInit
C_DecryptUpdate
C_DecryptVerifyUpdate
C_DeriveKey
C_DestroyObject
C_Digest
C_DigestEncryptUpdate
C_DigestFinal
C_DigestInit
C_DigestKey
C_DigestUpdate
C_EX_ChangeVolumeAttributes
C_EX_CreateCSR
C_EX_FormatDrive
C_EX_FreeBuffer
C_EX_GenerateActivationPassword
C_EX_GetCertificateInfoText
C_EX_GetDriveSize
C_EX_GetFunctionListExtended
C_EX_GetJournal
C_EX_GetLicense
C_EX_GetTokenInfoExtended
C_EX_GetTokenName
C_EX_GetVolumesInfo
C_EX_InitToken
C_EX_LoadActivationKey
C_EX_PKCS7Sign
C_EX_SetActivationPassword
C_EX_SetLicense
C_EX_SetLocalPIN
C_EX_SetTokenName
C_EX_SignInvisible
C_EX_SignInvisibleInit
C_EX_SlotManage
C_EX_TokenManage
C_EX_UnblockUserPIN
C_Encrypt
C_EncryptFinal
C_EncryptInit
C_EncryptUpdate
C_Finalize
C_FindObjects
C_FindObjectsFinal
C_FindObjectsInit
C_GenerateKey
C_GenerateKeyPair
C_GenerateRandom
C_GetAttributeValue
C_GetFunctionList
C_GetFunctionStatus
C_GetInfo
C_GetMechanismInfo
C_GetMechanismList
C_GetObjectSize
C_GetOperationState
C_GetSessionInfo
C_GetSlotInfo
C_GetSlotList
C_GetTokenInfo
C_InitPIN
C_InitToken
C_Initialize
C_Login
C_Logout
C_OpenSession
C_SeedRandom
C_SetAttributeValue
C_SetOperationState
C_SetPIN
C_Sign
C_SignEncryptUpdate
C_SignFinal
C_SignInit
C_SignRecover
C_SignRecoverInit
C_SignUpdate
C_UnwrapKey
C_Verify
C_VerifyFinal
C_VerifyInit
C_VerifyRecover
C_VerifyRecoverInit
C_VerifyUpdate
C_WaitForSlotEvent
C_WrapKey
PKCS11_Create_Certificate
PKCS11_Create_Private_Key_On_token_ECP
PKCS11_Create_Private_Key_On_token_Lite
PKCS11_Create_Private_Key_On_token_S
PKCS11_Create_Public_Key_On_token_ECP
PKCS11_Create_Public_Key_On_token_Lite
PKCS11_Create_Public_Key_On_token_S
PKCS11_Delete_Certificate
PKCS11_Delete_Private_Key
PKCS11_Delete_Public_Key

Sections

.text
Size: 461KB - Virtual size: 461KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 116KB - Virtual size: 115KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
rtPKCS11ECP.cf.dll
.dll windows:6 windows x86 arch:x86

04b3624ca43a3ceb05fafcc38c4d4474

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:e2:c3:50:6b:60:19:36:fc:8f:d3:fa
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2022, 07:33

Not After

17/11/2024, 09:34

Subject

SERIALNUMBER=1037700094541,CN=Aktiv-Soft Joint-Stock Company,O=Aktiv-Soft Joint-Stock Company,STREET=Sharikopodshipnikovskaya st.\, 1 floor 4 room IX room 11,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1b:e2:c3:50:6b:60:19:36:fc:8f:d3:fa
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

14/06/2022, 07:33

Not After

17/11/2024, 09:34

Subject

SERIALNUMBER=1037700094541,CN=Aktiv-Soft Joint-Stock Company,O=Aktiv-Soft Joint-Stock Company,STREET=Sharikopodshipnikovskaya st.\, 1 floor 4 room IX room 11,L=Moscow,ST=Moscow,C=RU,1.3.6.1.4.1.311.60.2.1.2=#13064d6f73636f77,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

59:25:16:cb:66:a2:e1:d0:35:df:29:92:98:41:ab:91:8e:a8:e2:cd:9c:97:f7:77:29:23:ae:a9:f6:5a:63:20
Signer

Actual PE Digest

59:25:16:cb:66:a2:e1:d0:35:df:29:92:98:41:ab:91:8e:a8:e2:cd:9c:97:f7:77:29:23:ae:a9:f6:5a:63:20

Digest Algorithm

sha256

PE Digest Matches

true

0e:52:86:75:dc:00:68:51:3f:f6:e3:5a:ec:03:66:5e:78:0d:14:79
Signer

Actual PE Digest

0e:52:86:75:dc:00:68:51:3f:f6:e3:5a:ec:03:66:5e:78:0d:14:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

winscard

SCardCancel
SCardDisconnect
SCardIsValidContext
SCardTransmit
SCardStatusW
SCardEndTransaction
SCardReconnect
SCardBeginTransaction
SCardGetStatusChangeW
SCardConnectW
SCardReleaseContext
SCardEstablishContext
g_rgSCardT1Pci
g_rgSCardRawPci
g_rgSCardT0Pci
SCardReleaseStartedEvent
SCardAccessStartedEvent
SCardFreeMemory
SCardListReadersW

crypt32

CryptProtectData
CryptUnprotectData
CertOpenStore
CertCloseStore
CertEnumCertificatesInStore
CertFindCertificateInStore
CertDuplicateCertificateContext
CertFreeCertificateContext
CertGetCertificateContextProperty

kernel32

CreateEventW
CloseHandle
WaitForMultipleObjects
SetEvent
GetCurrentProcess
GetCurrentThread
DuplicateHandle
OpenMutexW
OpenFileMappingW
WaitForSingleObject
MapViewOfFile
UnmapViewOfFile
ReleaseMutex
InitializeCriticalSectionEx
GetLastError
DecodePointer
DeleteCriticalSection
LocalFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
WideCharToMultiByte
Sleep
SetLastError
InitializeSRWLock
ReleaseSRWLockExclusive
ReleaseSRWLockShared
AcquireSRWLockExclusive
AcquireSRWLockShared
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStdHandle
GetFileType
WriteFile
GetModuleHandleW
GetProcAddress
MultiByteToWideChar
VirtualFree
QueryPerformanceCounter
GetCurrentProcessId
GetSystemTimeAsFileTime
GetEnvironmentVariableW
GetACP
FindClose
FindFirstFileW
FindNextFileW
GetConsoleMode
GetConsoleOutputCP
ReadConsoleA
ReadConsoleW
CreateMutexW
LoadLibraryA
FreeLibrary
InitializeCriticalSectionAndSpinCount
ResetEvent
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
InitializeSListHead
QueryPerformanceFrequency
GetExitCodeThread
GetStringTypeW
TryEnterCriticalSection
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
SetEndOfFile
EncodePointer
LCMapStringEx
GetCPInfo
OutputDebugStringW
RaiseException
FlushFileBuffers
HeapReAlloc
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
SetFilePointerEx
GetFileSizeEx
SetStdHandle
GetCurrentDirectoryW
GetFullPathNameW
FindFirstFileExW
IsValidCodePage
GetOEMCP
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
GetProcessHeap
GetTimeZoneInformation
HeapSize
WriteConsoleW
SetConsoleMode
SleepConditionVariableSRW
LCMapStringW
CompareStringW
RtlUnwind
InterlockedFlushSList
LoadLibraryExW
CreateThread
ExitThread
FreeLibraryAndExitThread
GetModuleHandleExW
ExitProcess
SetConsoleCtrlHandler
ReadFile
CreateFileW
GetDriveTypeW
GetFileInformationByHandle
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetModuleFileNameW
HeapFree
HeapAlloc

user32

GetProcessWindowStation
MessageBoxW
GetUserObjectInformationW

advapi32

CryptEnumProvidersW
CryptSignHashW
CryptDestroyHash
CryptCreateHash
CryptDecrypt
CryptExportKey
CryptGetUserKey
CryptGetProvParam
CryptSetHashParam
CryptDestroyKey
CryptReleaseContext
CryptAcquireContextW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
IsTextUnicode
GetTokenInformation
OpenProcessToken
OpenThreadToken

bcrypt

BCryptGenRandom

Exports

Exports

C_CancelFunction
C_CloseAllSessions
C_CloseSession
C_CopyObject
C_CreateObject
C_Decrypt
C_DecryptDigestUpdate
C_DecryptFinal
C_DecryptInit
C_DecryptUpdate
C_DecryptVerifyUpdate
C_DeriveKey
C_DestroyObject
C_Digest
C_DigestEncryptUpdate
C_DigestFinal
C_DigestInit
C_DigestKey
C_DigestUpdate
C_EX_ChangeVolumeAttributes
C_EX_CreateCSR
C_EX_FormatDrive
C_EX_FreeBuffer
C_EX_GenerateActivationPassword
C_EX_GetCertificateInfoText
C_EX_GetDriveSize
C_EX_GetFunctionListExtended
C_EX_GetJournal
C_EX_GetLicense
C_EX_GetTokenInfoExtended
C_EX_GetTokenName
C_EX_GetVolumesInfo
C_EX_InitToken
C_EX_LoadActivationKey
C_EX_PKCS7Sign
C_EX_PKCS7Verify
C_EX_PKCS7VerifyFinal
C_EX_PKCS7VerifyInit
C_EX_PKCS7VerifyUpdate
C_EX_SetActivationPassword
C_EX_SetLicense
C_EX_SetLocalPIN
C_EX_SetTokenName
C_EX_SignInvisible
C_EX_SignInvisibleInit
C_EX_SlotManage
C_EX_Stub
C_EX_TokenManage
C_EX_UnblockUserPIN
C_EX_UnwrapKey
C_EX_WrapKey
C_Encrypt
C_EncryptFinal
C_EncryptInit
C_EncryptUpdate
C_Finalize
C_FindObjects
C_FindObjectsFinal
C_FindObjectsInit
C_GenerateKey
C_GenerateKeyPair
C_GenerateRandom
C_GetAttributeValue
C_GetFunctionList
C_GetFunctionStatus
C_GetInfo
C_GetMechanismInfo
C_GetMechanismList
C_GetObjectSize
C_GetOperationState
C_GetSessionInfo
C_GetSlotInfo
C_GetSlotList
C_GetTokenInfo
C_InitPIN
C_InitToken
C_Initialize
C_Login
C_Logout
C_OpenSession
C_SeedRandom
C_SetAttributeValue
C_SetOperationState
C_SetPIN
C_Sign
C_SignEncryptUpdate
C_SignFinal
C_SignInit
C_SignRecover
C_SignRecoverInit
C_SignUpdate
C_UnwrapKey
C_Verify
C_VerifyFinal
C_VerifyInit
C_VerifyRecover
C_VerifyRecoverInit
C_VerifyUpdate
C_WaitForSlotEvent
C_WrapKey

Sections

.text
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 878KB - Virtual size: 878KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 43KB - Virtual size: 53KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 148KB - Virtual size: 147KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninstall.exe
.exe windows:4 windows x86 arch:x86

20181beb3151868c29d9526246a01b9a

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

18/04/2022, 14:35

Not After

15/07/2025, 14:35

Subject

SERIALNUMBER=1026605606620,CN=AO Proizvodstvennaya Firma SKB Kontur,O=AO Proizvodstvennaya Firma SKB Kontur,STREET=Street Narodnaya Volya\, building 19A,L=Yekaterinburg,ST=Sverdlovskaya oblast,C=RU,1.3.6.1.4.1.311.60.2.1.2=#131453766572646c6f76736b617961206f626c617374,1.3.6.1.4.1.311.60.2.1.3=#13025255,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

e5:33:90:a4:38:02:c4:79:73:7a:af:c4:c4:0f:38:fa:30:55:9d:9f:ff:89:c5:a0:64:3b:9d:f1:a1:b0:fa:12
Signer

Actual PE Digest

e5:33:90:a4:38:02:c4:79:73:7a:af:c4:c4:0f:38:fa:30:55:9d:9f:ff:89:c5:a0:64:3b:9d:f1:a1:b0:fa:12

Digest Algorithm

sha256

PE Digest Matches

true

2d:37:d6:6d:25:e6:e1:81:47:88:c1:4b:c5:de:92:c3:ce:10:2c:85
Signer

Actual PE Digest

2d:37:d6:6d:25:e6:e1:81:47:88:c1:4b:c5:de:92:c3:ce:10:2c:85

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegEnumValueW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
RegOpenKeyExW
RegCreateKeyExW

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHFileOperationW
ShellExecuteExW

ole32

CoCreateInstance
OleUninitialize
OleInitialize
IIDFromString
CoTaskMemFree

comctl32

ImageList_Destroy
ord17
ImageList_AddMasked
ImageList_Create

user32

CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
AppendMenuW
TrackPopupMenu
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
IsDlgButtonChecked
GetAsyncKeyState
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
IsWindowEnabled
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
CharNextA
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
PeekMessageW
DispatchMessageW
wvsprintfW
SystemParametersInfoW
wsprintfA
CreatePopupMenu

gdi32

GetDeviceCaps
SetBkColor
SelectObject
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor

kernel32

lstrcmpiA
CreateFileW
GetTempFileNameW
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
WriteFile
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
Sleep
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
GetLastError
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
MulDiv
lstrcpyA
MoveFileExW
lstrcatW
GetSystemDirectoryW
GetProcAddress
GetModuleHandleA
GetExitCodeProcess
WaitForSingleObject
CopyFileW

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 180KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 88KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

20181beb3151868c29d9526246a01b9a

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ceCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ceCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12Certificate

Extended Key Usages

Key Usages

34:12:31:99:23:4f:8e:9d:4a:3d:c6:be:4c:1f:a2:76:78:a5:a7:5d:0b:0e:8c:28:62:3d:ca:93:e8:d4:72:94Signer

a3:89:68:9e:b7:99:ce:dc:76:3e:88:bf:ee:e4:e2:b8:9b:5c:ea:09Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 6KB - Virtual size: 180KB

.ndata Size: - Virtual size: 88KB

.rsrc Size: 18KB - Virtual size: 18KB

85f08eb0cbec010ecbc287fa68321173

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 19KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

509a34b3a68a773e0afb4259e68f9f82

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

34:12:31:99:23:4f:8e:9d:4a:3d:c6:be:4c:1f:a2:76:78:a5:a7:5d:0b:0e:8c:28:62:3d:ca:93:e8:d4:72:94
Signer

a3:89:68:9e:b7:99:ce:dc:76:3e:88:bf:ee:e4:e2:b8:9b:5c:ea:09
Signer

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 6KB - Virtual size: 180KB

.ndata
Size: - Virtual size: 88KB

.rsrc
Size: 18KB - Virtual size: 18KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 19KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

79:cd:5e:96:2c:a0:d7:68:41:f9:78:ce
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

83:07:b6:31:d0:9a:bc:2c:5e:d3:23:f1:0f:9b:30:3b:0a:e6:1d:41:30:9b:a2:f6:fb:33:fc:ba:16:72:5b:f8
Signer

fe:ce:85:6d:74:d7:3c:c0:87:a0:1d:a4:73:7b:8a:68:ea:13:5c:aa
Signer

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 23KB - Virtual size: 23KB

.data
Size: 4KB - Virtual size: 11KB

.rsrc
Size: 17KB - Virtual size: 16KB

.reloc
Size: 9KB - Virtual size: 8KB

04:09:18:1b:5f:d5:bb:66:75:53:43:b5:6f:95:50:08
Certificate

08:8e:be:b7:b3:0d:ea:18:0e:79:20:fd:07:0b:db:a7
Certificate

0a:7a:4a:88:9e:c9:99:42:90:06:63:38:4d:86:97:9d
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

7d:21:c5:f8:03:84:2c:af:07:3b:76:14:a1:ad:67:3b:2c:7a:51:bb:31:94:f9:1b:50:ea:fe:94:8c:dc:24:f2
Signer