ad1af65ae75d3d4a3720b8f1a57e03fb_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

ad1af65ae75d3d4a3720b8f1a57e03fb_JaffaCakes118
Size

12.8MB
MD5

ad1af65ae75d3d4a3720b8f1a57e03fb
SHA1

569b5add3e119a317fa0414fb17f6546a0e17628
SHA256

62785bfab54aff8b4099c82fb0e47513803f90b424fe7aa60c4c3130e43094cd
SHA512

ee907d8173a961a39e6c0c41541960679c2fb84406f5be3cd62a0c7253a3ae96839d0d5a8b265f41bb4306450fb7e0cdf61874df61f88726922464f0125a0cd1
SSDEEP

393216:61MRhCobRSmt1QaoHR6iCqAddRpqqvMW99LHDlXOlK:66OWuao3CqAd7RvMWnx+A

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 4 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/md5dll.dll	acprotect
static1/unpack001/$PLUGINSDIR/nsArray.dll	acprotect
static1/unpack008/$PLUGINSDIR/AccessControl.dll	acprotect
static1/unpack008/$PLUGINSDIR/md5dll.dll	acprotect

UPX packed file 4 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/md5dll.dll	upx
static1/unpack001/$PLUGINSDIR/nsArray.dll	upx
static1/unpack008/$PLUGINSDIR/AccessControl.dll	upx
static1/unpack008/$PLUGINSDIR/md5dll.dll	upx

Unsigned PE 29 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$APPDATA/Reimage Express/cpuidsdk.dll
unpack001/$PLUGINSDIR/DcryptDll.dll
unpack001/$PLUGINSDIR/ExecDos.dll
unpack001/$PLUGINSDIR/IpConfig.dll
unpack001/$PLUGINSDIR/LogEx.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/WmiInspector.dll
unpack001/$PLUGINSDIR/inetc.dll
unpack001/$PLUGINSDIR/md5dll.dll
unpack006/out.upx
unpack001/$PLUGINSDIR/nsArray.dll
unpack007/out.upx
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/$PLUGINSDIR/registry.dll
unpack001/$PLUGINSDIR/stack.dll
unpack001/$PLUGINSDIR/xml.dll
unpack008/$PLUGINSDIR/AccessControl.dll
unpack009/out.upx
unpack008/$PLUGINSDIR/ExecDos.dll
unpack008/$PLUGINSDIR/IpConfig.dll
unpack008/$PLUGINSDIR/LogEx.dll
unpack008/$PLUGINSDIR/System.dll
unpack008/$PLUGINSDIR/UserInfo.dll
unpack008/$PLUGINSDIR/WmiInspector.dll
unpack008/$PLUGINSDIR/inetc.dll
unpack008/$PLUGINSDIR/md5dll.dll
unpack008/$PLUGINSDIR/nsExec.dll
unpack008/$PLUGINSDIR/stack.dll
unpack008/$PLUGINSDIR/xml.dll

Files

ad1af65ae75d3d4a3720b8f1a57e03fb_JaffaCakes118
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-06-2016 00:00

Not After

28-07-2017 23:59

Subject

CN=Reimage Limited,O=Reimage Limited,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-06-2016 00:00

Not After

28-07-2017 23:59

Subject

CN=Reimage Limited,O=Reimage Limited,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12-01-2016 00:00

Not After

11-04-2027 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

86:42:f3:c0:27:0b:2c:04:c7:cb:f9:66:ea:71:f0:0a:fe:19:1b:c0:2b:b1:f3:4c:a3:4f:3c:8f:97:81:25:63
Signer

Actual PE Digest

86:42:f3:c0:27:0b:2c:04:c7:cb:f9:66:ea:71:f0:0a:fe:19:1b:c0:2b:b1:f3:4c:a3:4f:3c:8f:97:81:25:63

Digest Algorithm

sha256

PE Digest Matches

true

57:33:33:58:0e:6a:71:17:9a:3b:e8:cf:13:e1:e0:c5:d4:85:12:c4
Signer

Actual PE Digest

57:33:33:58:0e:6a:71:17:9a:3b:e8:cf:13:e1:e0:c5:d4:85:12:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$APPDATA/Reimage Express/TweaksDefinitions7.dat
.zip
$APPDATA/Reimage Express/TweaksDefinitions8.dat
.zip
$APPDATA/Reimage Express/TweaksDefinitionsVista.dat
.zip
$APPDATA/Reimage Express/TweaksDefinitionsXP.dat
.zip
$APPDATA/Reimage Express/cpuidsdk.dll
.dll windows:4 windows x64 arch:x64

6ced4e11af731f89f3ac0d1ac177edcf

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

c:\cpuid\applications\cpuidsdk\makefiles\win32_dll\vc2005\x64\release\cpuidsdk64.pdb

Imports

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

user32

GetSystemMetrics
wsprintfA

ole32

CoSetProxyBlanket
CoCreateInstance
CoInitializeSecurity
CoInitialize
CoInitializeEx
CoUninitialize

oleaut32

VariantInit
SafeArrayGetVartype
SafeArrayGetElemsize
SafeArrayGetElement
VariantClear
SysAllocString
SysFreeString
SysAllocStringByteLen
SysStringLen

kernel32

lstrlenA
GetSystemInfo
FreeLibrary
LoadLibraryA
GetProcAddress
Sleep
WaitForSingleObject
ReleaseMutex
GetLastError
SetLastError
GetVersionExA
WideCharToMultiByte
CloseHandle
SetFilePointer
MultiByteToWideChar
CreateMutexA
GlobalMemoryStatus
GetCurrentDirectoryA
GetModuleFileNameA
GetTempPathA
GetModuleHandleA
GetCurrentProcess
CreateFileA
LocalFree
DeviceIoControl
LocalAlloc
GetProcessAffinityMask
GetCurrentThread
GetVolumeInformationA
ReadFile
WriteFile
GetOverlappedResult
CreateEventA
WriteConsoleA
QueryPerformanceFrequency
QueryPerformanceCounter
GetTickCount
CreateDirectoryA
GetComputerNameA
RemoveDirectoryA
DeleteFileA
GetWindowsDirectoryA
SizeofResource
LockResource
LoadResource
FindResourceA
GetSystemDirectoryA
lstrcmpiA
HeapFree
HeapAlloc
GetCurrentThreadId
FlsSetValue
GetCommandLineA
GetProcessHeap
RtlLookupFunctionEntry
RtlUnwindEx
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlCaptureContext
RaiseException
RtlPcToFileHeader
RtlVirtualUnwind
EnterCriticalSection
LeaveCriticalSection
GetStdHandle
FlsGetValue
TlsFree
FlsFree
TlsSetValue
FlsAlloc
HeapSetInformation
HeapCreate
HeapDestroy
ExitProcess
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
GetConsoleCP
GetConsoleMode
HeapSize
SetStdHandle
FlushFileBuffers
InitializeCriticalSection
GetLocaleInfoA
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetConsoleOutputCP
WriteConsoleW
SetEndOfFile

advapi32

ImpersonateSelf
OpenThreadToken
AllocateAndInitializeSid
InitializeSecurityDescriptor
FreeSid
GetLengthSid
InitializeAcl
AddAccessAllowedAce
SetSecurityDescriptorDacl
SetSecurityDescriptorGroup
SetSecurityDescriptorOwner
IsValidSecurityDescriptor
AccessCheck
RevertToSelf
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
OpenSCManagerA
ControlService
StartServiceA
OpenServiceA
DeleteService
CreateServiceA
CloseServiceHandle
OpenProcessToken

Exports

Exports

QueryInterface

Sections

.text
Size: 952KB - Virtual size: 952KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 191KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 79KB - Virtual size: 78KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/DcryptDll.dll
.dll windows:5 windows x86 arch:x86

1daf45fd074126f5eabcc532bc3e5bf5

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpW
CreateFileA
lstrlenW
WriteFile
ReadFile
DeleteFileA
GetFileSize
CloseHandle
lstrlenA
lstrcmpA
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
LoadLibraryW
InterlockedExchange
GetLastError
GetCurrentThreadId
DecodePointer
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetCurrentThread
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
HeapAlloc
RaiseException
IsProcessorFeaturePresent
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
GetStringTypeW
LeaveCriticalSection
FatalAppExitA
EnterCriticalSection
GetUserDefaultLCID
GetLocaleInfoW
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
HeapSize
GetModuleFileNameW
HeapReAlloc
SetConsoleCtrlHandler
FreeLibrary
RtlUnwind

user32

wsprintfW

Exports

Exports

Decrypt
HexDecoder
HexEncoder
LoadStr
MD5Hash

Sections

.text
Size: 115KB - Virtual size: 115KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ExecDos.dll
.dll windows:5 windows x86 arch:x86

a5d239ed12c9442d63c73cb9ff7cad0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
Sleep
lstrcatW
lstrcmpiW
TerminateProcess
ReadFile
GetExitCodeProcess
PeekNamedPipe
CreateFileW
FlushFileBuffers
WriteFile
lstrlenW
CloseHandle
CreateProcessW
DuplicateHandle
GetCurrentProcess
CreatePipe
GetProcAddress
GetModuleHandleW
GlobalAlloc
GetExitCodeThread
WaitForSingleObject
CreateThread
lstrcpyW
lstrcpynW

user32

wsprintfW
GetClassNameW
GetDlgItem
FindWindowExW
SendMessageW

Exports

Exports

exec
isdone
wait

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/IpConfig.dll
.dll windows:5 windows x86 arch:x86

3f0fda09180f619ca116344bede41608

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\Visual Studio\NSIS Plugins\IpConfig\Output\Unicode\Plugins\IpConfig.pdb

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GlobalAlloc
lstrcpynW
GlobalFree
lstrcpyW
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
HeapFree
GetProcessHeap
GetLastError
GetCurrentThreadId
GetCommandLineA
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
HeapSize
ExitProcess
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

wsprintfW

ole32

CoSetProxyBlanket
CoCreateInstance

oleaut32

SafeArrayGetUBound
SysFreeString
SafeArrayGetElement
VariantInit
SysAllocStringByteLen
VariantCopy
VariantClear
SafeArrayGetLBound
SysStringLen
SysAllocString

Exports

Exports

GetAllNetworkAdaptersIDs
GetAllNetworkAdaptersIDsCB
GetDNSSuffixSearchList
GetEnabledNetworkAdaptersIDs
GetEnabledNetworkAdaptersIDsCB
GetHostName
GetNetworkAdapterConnectionID
GetNetworkAdapterConnectionSpecificDNSSuffix
GetNetworkAdapterDHCPLeaseExpires
GetNetworkAdapterDHCPLeaseObtained
GetNetworkAdapterDHCPServer
GetNetworkAdapterDNSServers
GetNetworkAdapterDNSServersCB
GetNetworkAdapterDefaultIPGateways
GetNetworkAdapterDefaultIPGatewaysCB
GetNetworkAdapterDescription
GetNetworkAdapterIDFromDescription
GetNetworkAdapterIDFromIPAddress
GetNetworkAdapterIDFromMACAddress
GetNetworkAdapterIPAddresses
GetNetworkAdapterIPAddressesCB
GetNetworkAdapterIPSubNets
GetNetworkAdapterIPSubNetsCB
GetNetworkAdapterMACAddress
GetNetworkAdapterPrimaryWINSServer
GetNetworkAdapterSecondaryWINSServer
GetNetworkAdapterType
GetNodeType
GetPrimaryDNSSuffix
IsIPRoutingEnabled
IsNetworkAdapterAutoSense
IsNetworkAdapterDHCPEnabled
IsWINSProxyEnabled

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LogEx.dll
.dll windows:4 windows x86 arch:x86

549d7b44067bbcdf42bf6a90a80a3a9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CreateFileW
CloseHandle
GlobalFree
GlobalAlloc
VirtualFree
ReadFile
VirtualAlloc
GetFileSize
lstrcpyW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
InterlockedDecrement
InterlockedIncrement

user32

FindWindowExW
GetDlgItem
SendMessageW
SetWindowTextW

Exports

Exports

AddFile
Close
Init
Write

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WmiInspector.dll
.dll windows:5 windows x86 arch:x86

7f0e53ce204644197ed8a4abb8792a26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\sources\NSISplugins\WmiInspector\Release\WmiInspector.pdb

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
FlushFileBuffers
CloseHandle
CreateFileW
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
GetLastError
lstrlenA
LocalFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
HeapFree
HeapAlloc
RtlUnwind
EncodePointer
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
GetModuleFileNameW
HeapSize
IsProcessorFeaturePresent
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LoadLibraryW

ole32

CoSetProxyBlanket
CoCreateInstance

oleaut32

SysFreeString
VariantInit
SysAllocStringByteLen
VariantClear
SysStringLen
SysAllocString

Exports

Exports

AntiVirus
CPU
FireWall
FullOS
FullSQLVersion
OS
OSVersion
Request
Resolution
SQLVersion
ShortUserName
UserName
UserSID

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

86cdacc6fa5e3ff4938d358350751516

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcstol
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
wcsrchr
wcstoul
wcsstr
wcschr
memset
_chkesp

kernel32

DeleteFileW
WideCharToMultiByte
CreateFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleW
MulDiv
lstrcpyW
GlobalAlloc
LoadLibraryW
GetProcAddress
lstrcmpiW
CreateFileW
lstrlenW
WriteFile
ReadFile
lstrcmpW
lstrcpynW
GetLastError
GetFileSize
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatW

user32

MessageBoxW
GetParent
ShowWindow
SetWindowLongW
IsWindow
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect
SetTimer
LoadIconW
DestroyWindow
KillTimer
UpdateWindow
RedrawWindow
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
FindWindowExW
wsprintfA
wsprintfW
GetWindowLongW

wininet

HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpAddRequestHeadersW
HttpOpenRequestW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/installer-164x314.bmp
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 162B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/nsArray.dll
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

Clear
Get
Iterate
Join
Length
Remove
RemoveList
Set
SetList
Sort
Split

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:6 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 521B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 280B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 864B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 580B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/registry.dll
.dll windows:4 windows x86 arch:x86

421a02aae559045e04759aae146087eb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CloseHandle
CreateProcessA
CreateProcessW
GlobalAlloc
SearchPathA
SearchPathW
GetFileAttributesA
GetFileAttributesW
CreateFileA
CreateFileW
WriteFile
WideCharToMultiByte
GetWindowsDirectoryW
lstrlenA
lstrlenW
MultiByteToWideChar
GlobalFree

user32

FindWindowExA
SetWindowTextA
SetWindowTextW
MessageBoxW
GetDlgItem

advapi32

RegQueryValueExA
RegQueryValueExW
RegOpenKeyExA
RegOpenKeyExW
RegCreateKeyExA
RegCreateKeyExW
RegEnumValueA
RegEnumValueW
RegEnumKeyExA
RegEnumKeyExW
RegCloseKey
RegSetValueExA
RegDeleteValueW
RegDeleteValueA
RegDeleteKeyW
RegDeleteKeyA
RegSetValueExW

Exports

Exports

_Close
_CopyKey
_CopyValue
_CreateKey
_DeleteKey
_DeleteKeyEmpty
_DeleteValue
_Find
_HexToStrA
_HexToStrW
_KeyExists
_MoveKey
_MoveValue
_Open
_Read
_ReadExtra
_RestoreKey
_SaveKey
_StrToHexA
_StrToHexW
_Unload
_Write
_WriteExtra

Sections

.text
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 322KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/stack.dll
.dll windows:4 windows x86 arch:x86

454e327924e76e3c69e4915b2b6f1a25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcmpiA
lstrcpyA
lstrcpynA
GlobalUnlock
lstrlenA
lstrcatA
GlobalLock

user32

EndDialog
wsprintfA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
SendMessageA
GetDlgItem
DialogBoxParamA

Exports

Exports

_Debug
_Unload
_dll_clear
_dll_create
_dll_delete
_dll_delete_range
_dll_destroy
_dll_exchange
_dll_insert
_dll_move
_dll_move_range
_dll_push_sort
_dll_push_sort_int
_dll_read
_dll_reverse_range
_dll_size
_dll_sort_all
_dll_sort_all_int
_dll_write
_ns_clear
_ns_pop_front
_ns_push_back
_ns_push_front
_ns_read
_ns_size
_ns_write

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 642B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/xml.dll
.dll windows:5 windows x86 arch:x86

5bbd63919e9f724979e2ebcc7e04a7e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GetProcessHeap
SetEndOfFile
RtlUnwind
DecodePointer
EncodePointer
GetLastError
RaiseException
GetCurrentThreadId
GetCommandLineA
HeapAlloc
HeapFree
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetStdHandle
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
ReadFile
SetFilePointer
CloseHandle
LCMapStringW
Sleep
HeapSize
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
LoadLibraryW
CreateFileA
GetStringTypeW
SetStdHandle
FlushFileBuffers
HeapReAlloc
WriteConsoleW
CreateFileW

Exports

Exports

_GetText
_GotoPath
_LoadFile
_Unload

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/ProtectorUpdater.exe
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-06-2016 00:00

Not After

28-07-2017 23:59

Subject

CN=Reimage Limited,O=Reimage Limited,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-06-2016 00:00

Not After

28-07-2017 23:59

Subject

CN=Reimage Limited,O=Reimage Limited,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12-01-2016 00:00

Not After

11-04-2027 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

f4:b4:0a:5b:8f:4f:da:16:05:e8:3a:02:85:dd:56:18:b2:2e:a0:8c:05:1f:3f:00:3c:80:97:e8:f5:90:4e:45
Signer

Actual PE Digest

f4:b4:0a:5b:8f:4f:da:16:05:e8:3a:02:85:dd:56:18:b2:2e:a0:8c:05:1f:3f:00:3c:80:97:e8:f5:90:4e:45

Digest Algorithm

sha256

PE Digest Matches

true

f0:f3:ef:ea:94:99:2b:ea:f5:04:5a:7a:ff:0e:a8:66:5d:ea:08:b1
Signer

Actual PE Digest

f0:f3:ef:ea:94:99:2b:ea:f5:04:5a:7a:ff:0e:a8:66:5d:ea:08:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.9MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 38KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/AccessControl.dll
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

ClearOnFile
ClearOnRegKey
DenyOnFile
DenyOnRegKey
DisableFileInheritance
DisableRegKeyInheritance
EnableFileInheritance
EnableRegKeyInheritance
GetCurrentUserName
GetFileGroup
GetFileOwner
GetRegKeyGroup
GetRegKeyOwner
GrantOnFile
GrantOnRegKey
NameToSid
RevokeOnFile
RevokeOnRegKey
SetFileGroup
SetFileOwner
SetOnFile
SetOnRegKey
SetRegKeyGroup
SetRegKeyOwner
SidToName

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 5KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:5 windows x86 arch:x86

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 996B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ExecDos.dll
.dll windows:5 windows x86 arch:x86

a5d239ed12c9442d63c73cb9ff7cad0e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
Sleep
lstrcatW
lstrcmpiW
TerminateProcess
ReadFile
GetExitCodeProcess
PeekNamedPipe
CreateFileW
FlushFileBuffers
WriteFile
lstrlenW
CloseHandle
CreateProcessW
DuplicateHandle
GetCurrentProcess
CreatePipe
GetProcAddress
GetModuleHandleW
GlobalAlloc
GetExitCodeThread
WaitForSingleObject
CreateThread
lstrcpyW
lstrcpynW

user32

wsprintfW
GetClassNameW
GetDlgItem
FindWindowExW
SendMessageW

Exports

Exports

exec
isdone
wait

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 20B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 334B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/IpConfig.dll
.dll windows:5 windows x86 arch:x86

3f0fda09180f619ca116344bede41608

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Projects\Visual Studio\NSIS Plugins\IpConfig\Output\Unicode\Plugins\IpConfig.pdb

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GlobalAlloc
lstrcpynW
GlobalFree
lstrcpyW
FlushFileBuffers
CloseHandle
CreateFileA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetLocaleInfoA
HeapFree
GetProcessHeap
GetLastError
GetCurrentThreadId
GetCommandLineA
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
GetProcAddress
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
Sleep
HeapSize
ExitProcess
HeapAlloc
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
RtlUnwind
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
HeapReAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetFilePointer
WriteFile
GetConsoleCP
GetConsoleMode
MultiByteToWideChar
LoadLibraryA
InitializeCriticalSectionAndSpinCount
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW

user32

wsprintfW

ole32

CoSetProxyBlanket
CoCreateInstance

oleaut32

SafeArrayGetUBound
SysFreeString
SafeArrayGetElement
VariantInit
SysAllocStringByteLen
VariantCopy
VariantClear
SafeArrayGetLBound
SysStringLen
SysAllocString

Exports

Exports

GetAllNetworkAdaptersIDs
GetAllNetworkAdaptersIDsCB
GetDNSSuffixSearchList
GetEnabledNetworkAdaptersIDs
GetEnabledNetworkAdaptersIDsCB
GetHostName
GetNetworkAdapterConnectionID
GetNetworkAdapterConnectionSpecificDNSSuffix
GetNetworkAdapterDHCPLeaseExpires
GetNetworkAdapterDHCPLeaseObtained
GetNetworkAdapterDHCPServer
GetNetworkAdapterDNSServers
GetNetworkAdapterDNSServersCB
GetNetworkAdapterDefaultIPGateways
GetNetworkAdapterDefaultIPGatewaysCB
GetNetworkAdapterDescription
GetNetworkAdapterIDFromDescription
GetNetworkAdapterIDFromIPAddress
GetNetworkAdapterIDFromMACAddress
GetNetworkAdapterIPAddresses
GetNetworkAdapterIPAddressesCB
GetNetworkAdapterIPSubNets
GetNetworkAdapterIPSubNetsCB
GetNetworkAdapterMACAddress
GetNetworkAdapterPrimaryWINSServer
GetNetworkAdapterSecondaryWINSServer
GetNetworkAdapterType
GetNodeType
GetPrimaryDNSSuffix
IsIPRoutingEnabled
IsNetworkAdapterAutoSense
IsNetworkAdapterDHCPEnabled
IsWINSProxyEnabled

Sections

.text
Size: 83KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LogEx.dll
.dll windows:4 windows x86 arch:x86

549d7b44067bbcdf42bf6a90a80a3a9e

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WriteFile
CreateFileW
CloseHandle
GlobalFree
GlobalAlloc
VirtualFree
ReadFile
VirtualAlloc
GetFileSize
lstrcpyW
WideCharToMultiByte
MultiByteToWideChar
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetLastError
ExitProcess
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetModuleHandleA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
HeapFree
HeapAlloc
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
HeapReAlloc
GetProcAddress
LoadLibraryA
RtlUnwind
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
InterlockedDecrement
InterlockedIncrement

user32

FindWindowExW
GetDlgItem
SendMessageW
SetWindowTextW

Exports

Exports

AddFile
Close
Init
Write

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:5 windows x86 arch:x86

45d25ca52c312b2254c60dbcb30342d1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersion
GetCurrentThread
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetLastError
GlobalFree
CloseHandle
lstrcpynW
GlobalAlloc

advapi32

OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
EqualSid
FreeSid
GetUserNameW
OpenThreadToken

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 686B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 753B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 48B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/WmiInspector.dll
.dll windows:5 windows x86 arch:x86

7f0e53ce204644197ed8a4abb8792a26

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\sources\NSISplugins\WmiInspector\Release\WmiInspector.pdb

Imports

kernel32

InterlockedIncrement
InterlockedDecrement
GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
FlushFileBuffers
CloseHandle
CreateFileW
GetStringTypeW
LCMapStringW
WriteConsoleW
SetStdHandle
GetLastError
lstrlenA
LocalFree
GetCurrentThreadId
DecodePointer
GetCommandLineA
HeapFree
HeapAlloc
RtlUnwind
EncodePointer
RaiseException
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
SetLastError
GetProcAddress
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
WriteFile
GetModuleFileNameW
HeapSize
IsProcessorFeaturePresent
SetFilePointer
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapReAlloc
LoadLibraryW

ole32

CoSetProxyBlanket
CoCreateInstance

oleaut32

SysFreeString
VariantInit
SysAllocStringByteLen
VariantClear
SysStringLen
SysAllocString

Exports

Exports

AntiVirus
CPU
FireWall
FullOS
FullSQLVersion
OS
OSVersion
Request
Resolution
SQLVersion
ShortUserName
UserName
UserSID

Sections

.text
Size: 65KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/inetc.dll
.dll windows:4 windows x86 arch:x86

86cdacc6fa5e3ff4938d358350751516

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

msvcrt

wcstol
_adjust_fdiv
malloc
_initterm
free
strlen
strchr
strrchr
wcsrchr
wcstoul
wcsstr
wcschr
memset
_chkesp

kernel32

DeleteFileW
WideCharToMultiByte
CreateFileA
CreateThread
WaitForSingleObject
TerminateThread
GetModuleHandleW
MulDiv
lstrcpyW
GlobalAlloc
LoadLibraryW
GetProcAddress
lstrcmpiW
CreateFileW
lstrlenW
WriteFile
ReadFile
lstrcmpW
lstrcpynW
GetLastError
GetFileSize
GlobalFree
CloseHandle
SleepEx
SetFilePointer
GetTickCount
lstrcatW

user32

MessageBoxW
GetParent
ShowWindow
SetWindowLongW
IsWindow
SetWindowTextW
SendDlgItemMessageW
GetDlgItem
PostMessageW
GetWindowTextW
SendMessageW
SetDlgItemTextW
SetWindowPos
SystemParametersInfoW
GetClientRect
GetWindowRect
SetTimer
LoadIconW
DestroyWindow
KillTimer
UpdateWindow
RedrawWindow
DispatchMessageW
TranslateMessage
IsDialogMessageW
GetMessageW
IsWindowVisible
EnableWindow
CreateDialogParamW
FindWindowExW
wsprintfA
wsprintfW
GetWindowLongW

wininet

HttpSendRequestW
HttpSendRequestExW
HttpQueryInfoW
FtpCreateDirectoryW
FtpOpenFileW
InternetGetLastResponseInfoW
InternetSetFilePointer
InternetSetOptionW
InternetQueryOptionW
HttpAddRequestHeadersA
InternetCloseHandle
InternetErrorDlg
HttpAddRequestHeadersW
HttpOpenRequestW
HttpEndRequestW
InternetConnectW
InternetCrackUrlW
InternetOpenW
InternetReadFile
InternetWriteFile

comctl32

ord17

Exports

Exports

get
head
post
put

Sections

.text
Size: 19KB - Virtual size: 18KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

UPX0
Size: - Virtual size: 28KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/nsExec.dll
.dll windows:5 windows x86 arch:x86

8700d0ebbb41c81ea52718af1ab70a93

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyW
MultiByteToWideChar
lstrlenA
lstrcmpiW
lstrlenW
ExitProcess
CloseHandle
GetExitCodeProcess
WaitForSingleObject
CreateProcessW
lstrcpynW
GetCommandLineW
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
ReadFile
GetModuleHandleW
GetTickCount
GetStartupInfoW
CreatePipe
GetVersionExW
GlobalLock
DeleteFileW
lstrcatW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
CreateFileW
CopyFileW
GetTempFileNameW
GlobalFree
GlobalAlloc
GetModuleFileNameW
GetProcAddress
PeekNamedPipe
GetCurrentProcess

user32

CharPrevW
CharNextW
SendMessageW
FindWindowExW
wsprintfW

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 454B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/stack.dll
.dll windows:4 windows x86 arch:x86

454e327924e76e3c69e4915b2b6f1a25

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
lstrcmpiA
lstrcpyA
lstrcpynA
GlobalUnlock
lstrlenA
lstrcatA
GlobalLock

user32

EndDialog
wsprintfA
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuA
CreatePopupMenu
SendMessageA
GetDlgItem
DialogBoxParamA

Exports

Exports

_Debug
_Unload
_dll_clear
_dll_create
_dll_delete
_dll_delete_range
_dll_destroy
_dll_exchange
_dll_insert
_dll_move
_dll_move_range
_dll_push_sort
_dll_push_sort_int
_dll_read
_dll_reverse_range
_dll_size
_dll_sort_all
_dll_sort_all_int
_dll_write
_ns_clear
_ns_pop_front
_ns_push_back
_ns_push_front
_ns_read
_ns_size
_ns_write

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 360B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 642B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/xml.dll
.dll windows:5 windows x86 arch:x86

5bbd63919e9f724979e2ebcc7e04a7e6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpyW
lstrcpynW
GlobalAlloc
WideCharToMultiByte
MultiByteToWideChar
GetProcessHeap
SetEndOfFile
RtlUnwind
DecodePointer
EncodePointer
GetLastError
RaiseException
GetCurrentThreadId
GetCommandLineA
HeapAlloc
HeapFree
IsProcessorFeaturePresent
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
EnterCriticalSection
LeaveCriticalSection
WriteFile
GetStdHandle
GetModuleFileNameW
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
ReadFile
SetFilePointer
CloseHandle
LCMapStringW
Sleep
HeapSize
ExitProcess
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetConsoleCP
GetConsoleMode
LoadLibraryW
CreateFileA
GetStringTypeW
SetStdHandle
FlushFileBuffers
HeapReAlloc
WriteConsoleW
CreateFileW

Exports

Exports

_GetText
_GotoPath
_LoadFile
_Unload

Sections

.text
Size: 139KB - Virtual size: 139KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 7KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LZMA.EXE
.exe windows:4 windows x86 arch:x86

725d7c328da8b5c7989b84fbe16f738f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-06-2016 00:00

Not After

28-07-2017 23:59

Subject

CN=Reimage Limited,O=Reimage Limited,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-06-2016 00:00

Not After

28-07-2017 23:59

Subject

CN=Reimage Limited,O=Reimage Limited,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12-01-2016 00:00

Not After

11-04-2027 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6b:c8:cd:86:08:94:50:33:b4:90:89:0e:ce:f3:ad:e9:ec:c6:05:79:2b:93:33:14:f1:96:75:53:58:21:16:85
Signer

Actual PE Digest

6b:c8:cd:86:08:94:50:33:b4:90:89:0e:ce:f3:ad:e9:ec:c6:05:79:2b:93:33:14:f1:96:75:53:58:21:16:85

Digest Algorithm

sha256

PE Digest Matches

true

12:4a:e1:ca:c0:bf:c5:7c:4d:f0:1a:99:75:a2:4f:fc:88:ec:16:e1
Signer

Actual PE Digest

12:4a:e1:ca:c0:bf:c5:7c:4d:f0:1a:99:75:a2:4f:fc:88:ec:16:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

user32

CharUpperW
CharUpperA

msvcrt

_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
__p___initenv
exit
_XcptFilter
_exit
?terminate@@YAXXZ
??1type_info@@UAE@XZ
_except_handler3
_beginthreadex
free
malloc
memmove
strlen
memcpy
memcmp
_CxxThrowException
__CxxFrameHandler
_iob
fprintf
??3@YAXPAX@Z
??2@YAPAXI@Z
_setmode
_purecall
__set_app_type

kernel32

SetEndOfFile
SetFilePointer
GetFileSize
CreateFileA
WriteFile
GetStdHandle
ReadFile
InitializeCriticalSection
ReleaseSemaphore
CreateSemaphoreA
ResetEvent
SetEvent
CreateEventA
CloseHandle
WaitForSingleObject
VirtualFree
VirtualAlloc
GetModuleHandleA
GetProcAddress
GlobalMemoryStatus
GetSystemInfo
GetLastError
WideCharToMultiByte
MultiByteToWideChar
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
GetCurrentProcess
GetProcessTimes
GetTickCount
GetVersionExA

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
LanguageSelect.exe
.exe windows:5 windows x86 arch:x86

be41bf7b8cc010b614bd36bbca606973

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-06-2016 00:00

Not After

28-07-2017 23:59

Subject

CN=Reimage Limited,O=Reimage Limited,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-06-2016 00:00

Not After

28-07-2017 23:59

Subject

CN=Reimage Limited,O=Reimage Limited,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12-01-2016 00:00

Not After

11-04-2027 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

c3:90:d0:1d:9e:59:14:14:9b:97:eb:8f:1c:ab:eb:22:1b:9f:c3:a6:f5:82:11:74:43:bb:0b:a1:43:e1:33:7a
Signer

Actual PE Digest

c3:90:d0:1d:9e:59:14:14:9b:97:eb:8f:1c:ab:eb:22:1b:9f:c3:a6:f5:82:11:74:43:bb:0b:a1:43:e1:33:7a

Digest Algorithm

sha256

PE Digest Matches

true

ed:13:00:47:90:82:bc:da:cd:61:6f:fe:df:09:95:b3:55:59:cf:5b
Signer

Actual PE Digest

ed:13:00:47:90:82:bc:da:cd:61:6f:fe:df:09:95:b3:55:59:cf:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 458KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 1.8MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ReiExpressContainer.exe
.exe windows:5 windows x64 arch:x64

3a06c8b625b82f5c291e44b102114141

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-06-2016 00:00

Not After

28-07-2017 23:59

Subject

CN=Reimage Limited,O=Reimage Limited,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-06-2016 00:00

Not After

28-07-2017 23:59

Subject

CN=Reimage Limited,O=Reimage Limited,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12-01-2016 00:00

Not After

11-04-2027 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

73:c9:39:8b:22:18:20:04:b8:1d:54:73:39:95:38:20:fe:cd:ff:ae:5c:60:9b:12:7b:7a:4e:c9:7d:78:f0:ae
Signer

Actual PE Digest

73:c9:39:8b:22:18:20:04:b8:1d:54:73:39:95:38:20:fe:cd:ff:ae:5c:60:9b:12:7b:7a:4e:c9:7d:78:f0:ae

Digest Algorithm

sha256

PE Digest Matches

true

bd:26:15:77:4d:47:a3:46:a9:97:77:80:db:62:5c:24:12:c5:8b:b4
Signer

Actual PE Digest

bd:26:15:77:4d:47:a3:46:a9:97:77:80:db:62:5c:24:12:c5:8b:b4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\REI_WS1\Production2\Release\x64\ReiExpressContainer.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

psapi

GetProcessImageFileNameW

wininet

InternetOpenW
InternetSetCookieW
InternetCloseHandle
InternetGetCookieW

kernel32

CompareStringA
InterlockedPushEntrySList
GetProcessHeap
VirtualFree
InterlockedPopEntrySList
GetComputerNameA
FormatMessageA
GetLocalTime
GetFullPathNameA
GetCurrentDirectoryA
GetTempPathA
DeleteFileA
CreateDirectoryA
SetFileAttributesA
GetFileAttributesA
CreateFileA
MoveFileA
GetVersionExA
LoadLibraryA
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
MultiByteToWideChar
CreateThread
Sleep
ResumeThread
GetThreadTimes
SuspendThread
MapViewOfFile
UnmapViewOfFile
LeaveCriticalSection
EnterCriticalSection
RaiseException
GetVersionExW
GetDriveTypeW
QueryDosDeviceW
ExitProcess
GetCurrentDirectoryW
GetFileAttributesW
GetModuleFileNameW
GlobalAlloc
GlobalFree
GetPrivateProfileStringW
GetSystemDirectoryW
lstrcpynW
GetCurrentThreadId
CreateEventW
WaitForSingleObject
GetProcAddress
OpenProcess
CloseHandle
GetModuleHandleW
FindResourceExW
GetLastError
OutputDebugStringW
FindResourceW
LoadResource
GetCurrentProcess
ReleaseMutex
FreeLibrary
LoadLibraryW
SetLastError
GetCurrentProcessId
TerminateProcess
CreateProcessW
GetTickCount
IsBadReadPtr
GetCommandLineW
CreateFileMappingW
CreateMutexW
OpenFileMappingW
OpenMutexW
lstrlenA
DeleteFileW
CreateDirectoryW
SystemTimeToFileTime
GetSystemTime
GetFileTime
CreateFileW
GetVersion
lstrcpyW
FormatMessageW
lstrlenW
LockResource
SizeofResource
GetVolumeInformationW
OutputDebugStringA
FreeResource
GlobalUnlock
GlobalLock
MulDiv
LocalFree
GlobalSize
CopyFileW
DeactivateActCtx
CreateActCtxW
ReleaseActCtx
ActivateActCtx
lstrcmpW
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
GlobalGetAtomNameW
SetThreadPriority
LoadLibraryExW
GetLocaleInfoW
GetSystemDefaultUILanguage
ConvertDefaultLocale
GetUserDefaultUILanguage
GetCurrentThread
lstrcmpA
GetPrivateProfileIntW
WritePrivateProfileStringW
ReplaceFileW
SetFileTime
GetTempFileNameW
GetFullPathNameW
GetDiskFreeSpaceW
GlobalFlags
LocalAlloc
TlsGetValue
InitializeCriticalSection
TlsAlloc
GlobalReAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
TlsFree
GetThreadLocale
FileTimeToSystemTime
GetStringTypeExW
lstrcmpiW
MoveFileW
ReadFile
WriteFile
SetFilePointer
FlushFileBuffers
LockFile
UnlockFile
SetEndOfFile
GetFileSize
DuplicateHandle
FindClose
FindFirstFileW
GetShortPathNameW
FileTimeToLocalFileTime
GetFileAttributesExW
SetFileAttributesW
LocalFileTimeToFileTime
GetFileSizeEx
GetWindowsDirectoryW
GetNumberFormatW
GetTempPathW
SetErrorMode
GetProfileIntW
SearchPathW
VirtualProtect
GetStartupInfoW
RtlLookupFunctionEntry
RtlUnwindEx
EncodePointer
DecodePointer
RtlPcToFileHeader
HeapFree
HeapAlloc
GetSystemTimeAsFileTime
HeapReAlloc
ExitThread
HeapQueryInformation
HeapSize
VirtualAlloc
SetThreadStackGuarantee
GetSystemInfo
VirtualQuery
SetStdHandle
GetFileType
SetUnhandledExceptionFilter
GetStdHandle
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
HeapCreate
QueryPerformanceCounter
UnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringW
GetStringTypeW
GetTimeZoneInformation
GetConsoleCP
GetConsoleMode
SetEnvironmentVariableW
SetEnvironmentVariableA
WriteConsoleW

user32

IsZoomed
GetMenuItemInfoW
InflateRect
GetMessageW
TranslateMessage
UnpackDDElParam
ReuseDDElParam
DestroyMenu
SetCursor
ReleaseCapture
LoadAcceleratorsW
InsertMenuItemW
CreatePopupMenu
IntersectRect
SetRectEmpty
TranslateAcceleratorW
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
LoadIconW
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
SetWindowsHookExW
CallNextHookEx
GetSubMenu
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetFocus
SetFocus
GetWindowTextLengthW
DispatchMessageW
BeginDeferWindowPos
GetTopWindow
GetMessageTime
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
SetScrollRange
GetScrollRange
SetScrollPos
CopyAcceleratorTableW
InvalidateRgn
GetNextDlgGroupItem
GetScrollPos
ShowScrollBar
MessageBeep
GetMenuDefaultItem
InvertRect
RedrawWindow
ValidateRect
GetClassInfoW
RegisterClassW
AdjustWindowRectEx
EqualRect
DeferWindowPos
GetScrollInfo
SetScrollInfo
DrawFocusRect
GetWindowPlacement
GetDlgCtrlID
GetMenu
SetWindowPos
CopyRect
GetWindow
GetLastActivePopup
GetSysColor
PostQuitMessage
ShowOwnedPopups
MapDialogRect
SetWindowContextHelpId
RegisterClipboardFormatW
IsRectEmpty
DrawIcon
SetCapture
RealChildWindowFromPoint
GetSysColorBrush
UnregisterClassW
CopyImage
EnumDisplayMonitors
GetKeyNameTextW
MapVirtualKeyW
EndPaint
BeginPaint
ClientToScreen
ScreenToClient
GrayStringW
DrawTextExW
DrawTextW
TabbedTextOutW
FillRect
UnhookWindowsHookEx
GetMenuState
DeleteMenu
GetSystemMenu
SetParent
UnionRect
SetRect
CharUpperW
EndDeferWindowPos
CharNextW
GetMenuStringW
AppendMenuW
GetMenuItemID
InsertMenuW
GetMenuItemCount
RemoveMenu
GetActiveWindow
SetActiveWindow
CreateDialogIndirectParamW
GetDlgItem
IsWindowEnabled
GetNextDlgTabItem
EndDialog
GetWindowLongPtrW
CallWindowProcW
DefWindowProcW
FindWindowA
HideCaret
EnableScrollBar
NotifyWinEvent
PostMessageA
WindowFromPoint
GetWindowTextW
GetAsyncKeyState
PostMessageW
IsWindow
IsIconic
IsWindowVisible
FlashWindow
MessageBoxW
PostThreadMessageW
WaitForInputIdle
GetParent
GetClassNameA
GetWindowLongW
SetWindowLongW
SetLayeredWindowAttributes
InvalidateRect
EnumWindows
CreateWindowExW
SetWindowLongPtrW
RegisterClassExW
UnregisterClassA
EnumChildWindows
SystemParametersInfoW
DestroyWindow
LoadCursorW
GetClassInfoExW
CloseWindow
UpdateWindow
ShowWindow
GetClassNameW
DestroyIcon
RegisterWindowMessageW
GetDC
FindWindowW
SendMessageW
wsprintfW
LoadImageW
OffsetRect
DrawIconEx
GetCursorPos
GetForegroundWindow
GetWindowThreadProcessId
AttachThreadInput
SetForegroundWindow
GetDesktopWindow
KillTimer
SetTimer
ReleaseDC
GetWindowDC
GetWindowRect
BringWindowToTop
SetWindowRgn
LoadMenuW
GetIconInfo
DestroyAcceleratorTable
SetClassLongPtrW
DrawStateW
DrawEdge
DrawFrameControl
ToUnicodeEx
GetKeyboardLayout
GetKeyboardState
CreateAcceleratorTableW
SetCursorPos
LockWindowUpdate
OpenClipboard
SetClipboardData
CloseClipboard
EmptyClipboard
IsCharLowerW
MapVirtualKeyExW
UpdateLayeredWindow
MonitorFromPoint
IsMenu
WaitMessage
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
CopyIcon
LoadBitmapW
GetClientRect
EnableWindow
RegisterWindowMessageA
GetSystemMetrics
SendMessageTimeoutW
PtInRect
SetMenuDefaultItem
GetWindowRgn
DestroyCursor
SubtractRect
GetDoubleClickTime
SetWindowPlacement
CharUpperBuffW

gdi32

GetTextFaceW
SetPixelV
SetPaletteEntries
ExtFloodFill
GetBoundsRect
FrameRgn
FillRgn
PtInRegion
GetViewportOrgEx
GetWindowOrgEx
EnumFontFamiliesExW
OffsetRgn
SetPixel
SetDIBColorTable
Polygon
Polyline
CreatePolygonRgn
CreateRoundRectRgn
GetSystemPaletteEntries
RealizePalette
GetNearestPaletteIndex
GetPaletteEntries
CreatePalette
GetRgnBox
GetTextColor
GetBkColor
GetTextCharsetInfo
EnumFontFamiliesW
CreateDIBitmap
CreateDIBSection
Ellipse
LPtoDP
CreateEllipticRgn
DPtoLP
PatBlt
GetMapMode
SetRectRgn
CreateRectRgnIndirect
GetTextMetricsW
GetTextExtentPoint32W
CreateFontIndirectW
CreateHatchBrush
GetObjectType
SelectPalette
GetStockObject
CreateBitmap
CreatePatternBrush
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetLayout
GetLayout
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetROP2
SetPolyFillMode
SetBkMode
SetBkColor
RestoreDC
SaveDC
CreateDCW
CopyMetaFileW
GetDeviceCaps
DeleteObject
CombineRgn
StretchBlt
CreateRectRgn
CreateCompatibleBitmap
DeleteDC
BitBlt
Rectangle
SelectObject
CreateCompatibleDC
GetObjectW
CreateFontW
CreateSolidBrush
CreatePen

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetFileTitleW

winspool.drv

ClosePrinter
DocumentPropertiesW
OpenPrinterW

advapi32

CryptAcquireContextA
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegQueryValueExW
RegEnumKeyExW
RegSetValueW
RegDeleteValueW
RegDeleteKeyW
RegEnumKeyW
RegQueryValueW
SetFileSecurityW
GetFileSecurityW
RegEnumValueW
CryptReleaseContext
CryptGenRandom
RegSetValueExA
RegQueryValueExA
CryptExportKey
RegCreateKeyExA
CryptDestroyKey
GetUserNameA
RegOpenKeyExA
CryptAcquireContextW
CryptGetUserKey
CryptGetProvParam
CryptEnumProvidersA

shell32

ShellExecuteW
SHGetSpecialFolderPathW
DragFinish
DragQueryFileW
SHAddToRecentDocs
ExtractIconW
SHAppBarMessage
SHBrowseForFolderW
Shell_NotifyIconW
SHGetSpecialFolderLocation
SHGetPathFromIDListW
SHGetDesktopFolder
SHGetFileInfoW

comctl32

InitCommonControlsEx
ImageList_GetIconSize

shlwapi

PathFindExtensionW
PathFindFileNameW
PathStripToRootW
PathIsUNCW
AssocQueryStringW
PathRemoveFileSpecW

ole32

RegisterDragDrop
OleGetClipboard
CoLockObjectExternal
RevokeDragDrop
DoDragDrop
OleLockRunning
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoInitializeEx
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CoGetClassObject
CreateStreamOnHGlobal
OleDraw
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CoCreateGuid
OleDuplicateData
StringFromCLSID
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoSetProxyBlanket
CLSIDFromString
CLSIDFromProgID
OleRun
CoCreateInstance
CoInitialize
CoUninitialize

oleaut32

SystemTimeToVariantTime
VariantTimeToSystemTime
SafeArrayDestroy
SafeArrayCreate
SafeArrayGetDim
OleCreateFontIndirect
SafeArrayGetUBound
SafeArrayAccessData
SafeArrayUnaccessData
SysAllocStringLen
VarBstrCmp
SysStringByteLen
SysAllocStringByteLen
SysStringLen
VariantChangeType
VariantCopy
VariantInit
SysAllocString
VariantClear
SysFreeString
SafeArrayGetElemsize
VarBstrFromDate
SafeArrayGetLBound

oledlg

OleUIBusyW

urlmon

URLDownloadToFileW

gdiplus

GdipGetImageWidth
GdiplusShutdown
GdipSetInterpolationMode
GdipCreateFromHDC
GdiplusStartup
GdipCreateBitmapFromHBITMAP
GdipDisposeImage
GdipDeleteGraphics
GdipAlloc
GdipFree
GdipGetImageHeight
GdipDrawImageI
GdipGetImageGraphicsContext
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCloneImage
GdipGetImagePixelFormat
GdipDrawImageRectI

oleacc

AccessibleObjectFromWindow
CreateStdAccessibleObject
LresultFromObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundW

ws2_32

connect
socket
gethostbyname
bind
getsockname
recv
send
WSAGetLastError
shutdown
closesocket
__WSAFDIsSet
select
htons
inet_addr
inet_ntoa
ntohs
ioctlsocket
setsockopt
WSAStartup

crypt32

CertNameToStrW
CertFreeCertificateContext
CertSetCertificateContextProperty
CryptDecodeObject
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertCreateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetSubjectCertificateFromStore
CryptMsgControl
CryptMsgGetParam
CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptDecryptMessage
CryptEncodeObject
CryptEncryptMessage

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 121KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6.8MB - Virtual size: 6.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ReimageExpress.dat
ReimageReminder.exe
.exe windows:5 windows x64 arch:x64

5a5e0b9aa6368d8b64a1510618f90ecd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-06-2016 00:00

Not After

28-07-2017 23:59

Subject

CN=Reimage Limited,O=Reimage Limited,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-06-2016 00:00

Not After

28-07-2017 23:59

Subject

CN=Reimage Limited,O=Reimage Limited,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12-01-2016 00:00

Not After

11-04-2027 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

cb:45:bd:c9:dc:76:48:e1:1f:5f:16:24:fd:52:31:c1:20:99:43:68:50:14:b5:35:31:e2:30:87:27:eb:f8:0a
Signer

Actual PE Digest

cb:45:bd:c9:dc:76:48:e1:1f:5f:16:24:fd:52:31:c1:20:99:43:68:50:14:b5:35:31:e2:30:87:27:eb:f8:0a

Digest Algorithm

sha256

PE Digest Matches

true

ac:f6:ad:71:29:8b:15:07:bc:f7:1b:8d:b1:ad:6f:25:6a:6d:8e:fb
Signer

Actual PE Digest

ac:f6:ad:71:29:8b:15:07:bc:f7:1b:8d:b1:ad:6f:25:6a:6d:8e:fb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\REI_WS1\Production2\Release\x64\ReimageReminder.pdb

Imports

kernel32

GlobalFlags
LoadResource
GetProcessHeap
WriteConsoleW
SetEnvironmentVariableA
SetEnvironmentVariableW
GetStringTypeW
GetConsoleMode
GetConsoleCP
LCMapStringW
IsValidCodePage
GetCPInfo
RtlCaptureContext
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
TerminateProcess
QueryPerformanceCounter
SystemTimeToFileTime
OutputDebugStringW
SizeofResource
GetLocalTime
LockResource
MultiByteToWideChar
GetCommandLineW
CreateMutexW
WaitForSingleObject
SetEvent
GetLastError
CreateEventW
CloseHandle
CreateThread
GetPrivateProfileStringW
GetVersionExW
OpenMutexW
GetWindowsDirectoryW
GetFileAttributesW
GetPrivateProfileIntW
ExitProcess
CreateProcessW
GetTickCount
WideCharToMultiByte
GetFileAttributesA
LocalFree
Sleep
GetACP
GetOEMCP
GetComputerNameA
FormatMessageA
FileTimeToSystemTime
GetSystemTime
FileTimeToLocalFileTime
GetFullPathNameW
GetFullPathNameA
GetCurrentDirectoryA
GetCurrentDirectoryW
GetTempPathW
GetTempPathA
GetModuleFileNameW
CopyFileW
DeleteFileW
DeleteFileA
HeapCreate
GetVersion
HeapSetInformation
FlsAlloc
FlsFree
FlsSetValue
FlsGetValue
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
SetUnhandledExceptionFilter
GetFileType
SetStdHandle
HeapSize
HeapQueryInformation
ExitThread
VirtualQuery
GetSystemInfo
SetThreadStackGuarantee
VirtualAlloc
RtlPcToFileHeader
HeapReAlloc
HeapAlloc
GetSystemTimeAsFileTime
RtlUnwindEx
RtlLookupFunctionEntry
HeapFree
DecodePointer
EncodePointer
GetStartupInfoW
FindResourceExW
VirtualProtect
SearchPathW
GetProfileIntW
GetFileSizeEx
GetFileAttributesExW
SetErrorMode
GetTempFileNameW
GetNumberFormatW
GetVolumeInformationW
GetCurrentProcess
DuplicateHandle
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
lstrcmpiW
GetSystemDirectoryW
FindResourceW
TlsFree
LocalReAlloc
TlsSetValue
GlobalHandle
GlobalReAlloc
TlsAlloc
TlsGetValue
LocalAlloc
GetThreadLocale
lstrlenA
GlobalGetAtomNameW
lstrcpyW
ResumeThread
SetThreadPriority
GetCurrentProcessId
WritePrivateProfileStringW
lstrcmpA
GetCurrentThread
GetUserDefaultUILanguage
ConvertDefaultLocale
GetSystemDefaultUILanguage
GetLocaleInfoW
LoadLibraryExW
GetCurrentThreadId
GlobalAddAtomW
GlobalFindAtomW
GlobalDeleteAtom
GetModuleHandleW
CompareStringW
InitializeCriticalSectionAndSpinCount
LoadLibraryW
lstrcmpW
FreeResource
RaiseException
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
MulDiv
ActivateActCtx
ReleaseActCtx
CreateActCtxW
DeactivateActCtx
SetLastError
lstrlenW
FreeLibrary
FindFirstFileW
LoadLibraryA
GetProcAddress
CreateFileW
GetVersionExA
GetTimeZoneInformation
GetFileSize
WriteFile
ReadFile
GetFileTime
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSection
SetFilePointer
FindClose
CreateDirectoryW
MoveFileA
MoveFileW
CreateFileA
SetFileAttributesW
SetFileAttributesA
CreateDirectoryA

user32

UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
TranslateAcceleratorW
IsMenu
MonitorFromPoint
UpdateLayeredWindow
UnionRect
MapVirtualKeyExW
IsCharLowerW
EmptyClipboard
CloseClipboard
SetClipboardData
OpenClipboard
GetKeyNameTextW
PostThreadMessageW
LockWindowUpdate
BringWindowToTop
SetCursorPos
CreateAcceleratorTableW
LoadAcceleratorsW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
DrawFrameControl
DrawEdge
DrawStateW
GetSystemMenu
LoadMenuW
SetClassLongPtrW
WindowFromPoint
DestroyAcceleratorTable
SetParent
SetWindowRgn
IsZoomed
DrawIconEx
LoadImageW
GetIconInfo
NotifyWinEvent
EnableScrollBar
HideCaret
DrawFocusRect
InvertRect
GetAsyncKeyState
MapVirtualKeyW
CreatePopupMenu
GetMenuDefaultItem
MessageBeep
GetNextDlgGroupItem
RegisterClipboardFormatW
CharUpperW
DestroyIcon
DeleteMenu
SetLayeredWindowAttributes
EnumDisplayMonitors
SetRectEmpty
CopyImage
SystemParametersInfoW
DestroyMenu
GetMenuItemInfoW
InflateRect
RealChildWindowFromPoint
SetWindowContextHelpId
MapDialogRect
CharNextW
WaitMessage
SetCapture
InvalidateRgn
InvalidateRect
IntersectRect
OffsetRect
SetRect
IsRectEmpty
CopyAcceleratorTableW
LoadCursorW
GetSysColorBrush
UnregisterClassW
GetMessageW
TranslateMessage
GetCursorPos
GetWindowThreadProcessId
LoadIconW
EnableWindow
SendMessageW
GetSystemMetrics
GetClientRect
ShowOwnedPopups
SetCursor
PostQuitMessage
ShowWindow
MoveWindow
SetWindowTextW
IsDialogMessageW
CheckDlgButton
SendDlgItemMessageW
SendDlgItemMessageA
WinHelpW
IsChild
GetCapture
GetClassNameW
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
SetFocus
GetWindowTextLengthW
GetWindowTextW
GetForegroundWindow
GetLastActivePopup
DispatchMessageW
BeginDeferWindowPos
EndDeferWindowPos
GetTopWindow
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageTime
DefFrameProcW
DefMDIChildProcW
DrawMenuBar
TranslateMDISysAccel
CreateMenu
SetMenuDefaultItem
IsClipboardFormatAvailable
FrameRect
GetUpdateRect
CopyIcon
CharUpperBuffW
GetDoubleClickTime
SubtractRect
GetMessagePos
PeekMessageW
MonitorFromWindow
GetMonitorInfoW
MapWindowPoints
ScrollWindow
TrackPopupMenu
GetKeyState
SetMenu
GetWindowRgn
ReleaseCapture
DrawIcon
IsIconic
UnhookWindowsHookEx
SetWindowsHookExW
SetWindowPos
GetDesktopWindow
CallNextHookEx
KillTimer
GetWindowRect
SetTimer
ClientToScreen
RemoveMenu
GetSubMenu
GetMenuItemCount
InsertMenuW
GetMenuItemID
AppendMenuW
GetMenuStringW
GetMenuState
PostMessageW
DestroyCursor
RegisterWindowMessageW
CheckMenuItem
EnableMenuItem
ModifyMenuW
GetParent
GetFocus
LoadBitmapW
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
FillRect
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
ScreenToClient
GetDC
ReleaseDC
GetWindowDC
BeginPaint
EndPaint
GetSysColor
EndDialog
GetNextDlgTabItem
IsWindowEnabled
GetDlgItem
GetWindowLongW
IsWindow
DestroyWindow
CreateDialogIndirectParamW
SetActiveWindow
GetActiveWindow
GetWindow
PtInRect
CopyRect
SetWindowLongW
GetMenu
CallWindowProcW
DefWindowProcW
GetDlgCtrlID
GetWindowPlacement
SetWindowPlacement
SetScrollInfo
GetScrollInfo
DeferWindowPos
EqualRect
AdjustWindowRectEx
RegisterClassW
GetClassInfoW
GetClassInfoExW
CreateWindowExW
MessageBoxW
UpdateWindow
ValidateRect
IsWindowVisible
RedrawWindow
ShowScrollBar
SetForegroundWindow
SetScrollRange
GetScrollRange
SetScrollPos
GetScrollPos

gdi32

SetRectRgn
CombineRgn
GetMapMode
PatBlt
DPtoLP
GetTextExtentPoint32W
GetTextMetricsW
CreateDIBitmap
CreateCompatibleBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreatePalette
GetPaletteEntries
GetNearestPaletteIndex
RealizePalette
GetSystemPaletteEntries
CreateDIBSection
CreateRoundRectRgn
CreatePolygonRgn
CreateEllipticRgn
Polyline
Ellipse
Polygon
SetDIBColorTable
StretchBlt
CreateFontIndirectW
Rectangle
OffsetRgn
EnumFontFamiliesExW
LPtoDP
GetWindowOrgEx
GetViewportOrgEx
PtInRegion
FillRgn
FrameRgn
GetBoundsRect
ExtFloodFill
SetPaletteEntries
SetPixelV
GetTextFaceW
GetTextColor
GetBkColor
GetRgnBox
CreateRectRgnIndirect
CreateHatchBrush
CreateSolidBrush
CreatePen
GetObjectType
SelectPalette
GetStockObject
CreateCompatibleDC
CreatePatternBrush
DeleteDC
ExtSelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SelectObject
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
GetDeviceCaps
CopyMetaFileW
CreateDCW
CreateBitmap
SaveDC
RestoreDC
SetBkColor
SetBkMode
SetPolyFillMode
SetROP2
SetTextColor
SetMapMode
GetClipBox
ExcludeClipRect
IntersectClipRect
LineTo
MoveToEx
SetTextAlign
GetLayout
SetLayout
DeleteObject
SelectClipRgn
CreateRectRgn
GetObjectW
GetViewportExtEx
GetWindowExtEx
BitBlt
GetPixel
SetPixel

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

OpenPrinterW
ClosePrinter
DocumentPropertiesW

advapi32

CryptEnumProvidersA
RegDeleteKeyW
RegCreateKeyExW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegSetValueExW
GetUserNameA
RegOpenKeyExA
RegCreateKeyExA
CryptAcquireContextA
CryptReleaseContext
CryptGenRandom
RegSetValueExA
RegQueryValueExA
CryptExportKey
CryptDestroyKey
RegDeleteValueW
CryptGetProvParam
CryptGetUserKey
CryptAcquireContextW
RegEnumKeyW
RegQueryValueW
RegEnumValueW
RegEnumKeyExW

shell32

SHGetFileInfoW
ShellExecuteExW
ShellExecuteW
SHGetDesktopFolder
SHGetSpecialFolderLocation
SHGetMalloc
SHAppBarMessage
DragQueryFileW
DragFinish
CommandLineToArgvW
SHBrowseForFolderW
SHGetPathFromIDListW

comctl32

ImageList_GetIconSize

shlwapi

PathFindFileNameW
PathStripToRootW
PathIsUNCW
PathFindExtensionW
PathRemoveFileSpecW

ole32

OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleLockRunning
DoDragDrop
OleGetClipboard
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
CreateStreamOnHGlobal
CoRegisterMessageFilter
OleFlushClipboard
OleIsCurrentClipboard
CoRevokeClassObject
CoInitializeEx
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
CLSIDFromProgID
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CLSIDFromString
CoCreateGuid
OleDuplicateData
CoTaskMemAlloc
ReleaseStgMedium
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance
CoGetClassObject

oleaut32

VariantInit
VariantClear
VariantCopy
VariantChangeType
SysAllocStringLen
SysAllocString
DispCallFunc
LoadRegTypeLi
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetElemsize
SafeArrayCreate
SafeArrayDestroy
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VarBstrFromDate
OleCreateFontIndirect
SysFreeString

oledlg

OleUIBusyW

gdiplus

GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipDrawImageI
GdipGetImageGraphicsContext
GdipFree
GdipAlloc
GdipDeleteGraphics
GdipDisposeImage
GdipCreateBitmapFromHBITMAP
GdiplusStartup
GdiplusShutdown
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCloneImage
GdipGetImageWidth
GdipGetImageHeight

ws2_32

connect
socket
gethostbyname
bind
getsockname
recv
send
WSAGetLastError
shutdown
closesocket
__WSAFDIsSet
select
inet_addr
inet_ntoa
ntohs
ioctlsocket
setsockopt
WSAStartup
htons

oleacc

LresultFromObject
AccessibleObjectFromWindow
CreateStdAccessibleObject

imm32

ImmGetOpenStatus
ImmReleaseContext
ImmGetContext

winmm

PlaySoundW

crypt32

CryptMsgClose
CryptMsgUpdate
CryptMsgOpenToDecode
CryptDecryptMessage
CertNameToStrW
CertFreeCertificateContext
CertSetCertificateContextProperty
CryptDecodeObject
CertGetCertificateContextProperty
CertDuplicateCertificateContext
CertCreateCertificateContext
CertEnumCertificatesInStore
CertCloseStore
CertOpenStore
CertGetSubjectCertificateFromStore
CryptMsgControl
CryptEncryptMessage
CryptEncodeObject
CryptMsgGetParam

Sections

.text
Size: 2.7MB - Virtual size: 2.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 123KB - Virtual size: 185KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 117KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 98KB - Virtual size: 98KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 89KB - Virtual size: 88KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
engine.dat
expressicon.ico
reimagewebsite.ico
uninst.exe
.exe windows:5 windows x86 arch:x86

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-06-2016 00:00

Not After

28-07-2017 23:59

Subject

CN=Reimage Limited,O=Reimage Limited,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bc
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

28-06-2016 00:00

Not After

28-07-2017 23:59

Subject

CN=Reimage Limited,O=Reimage Limited,L=Nicosia,ST=Nicosia,C=CY

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10-12-2013 00:00

Not After

09-12-2023 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12-01-2016 00:00

Not After

11-01-2031 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

12-01-2016 00:00

Not After

11-04-2027 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G1,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

26:08:e3:e0:02:57:56:39:29:fa:3e:d1:77:01:5c:b9:2f:3b:25:bb:20:9c:aa:e8:4f:e1:33:f5:6b:28:03:24
Signer

Actual PE Digest

26:08:e3:e0:02:57:56:39:29:fa:3e:d1:77:01:5c:b9:2f:3b:25:bb:20:9c:aa:e8:4f:e1:33:f5:6b:28:03:24

Digest Algorithm

sha256

PE Digest Matches

true

6e:fc:eb:53:81:3c:c4:0a:7a:9c:a6:17:bf:d9:40:e8:09:54:6a:f4
Signer

Actual PE Digest

6e:fc:eb:53:81:3c:c4:0a:7a:9c:a6:17:bf:d9:40:e8:09:54:6a:f4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
CreateFileW
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
CloseHandle
lstrlenW
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrcpynA

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 5.1MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

32f3282581436269b3a75b6675fe3e08

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bcCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bcCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12Certificate

Extended Key Usages

Key Usages

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13Certificate

Extended Key Usages

Key Usages

86:42:f3:c0:27:0b:2c:04:c7:cb:f9:66:ea:71:f0:0a:fe:19:1b:c0:2b:b1:f3:4c:a3:4f:3c:8f:97:81:25:63Signer

57:33:33:58:0e:6a:71:17:9a:3b:e8:cf:13:e1:e0:c5:d4:85:12:c4Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 28KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 5.1MB

.rsrc Size: 15KB - Virtual size: 14KB

.reloc Size: 4KB - Virtual size: 3KB

6ced4e11af731f89f3ac0d1ac177edcf

Headers

File Characteristics

PDB Paths

Imports

version

user32

ole32

oleaut32

kernel32

advapi32

Exports

Exports

Sections

.text Size: 952KB - Virtual size: 952KB

.rdata Size: 191KB - Virtual size: 191KB

.data Size: 89KB - Virtual size: 97KB

.pdata Size: 41KB - Virtual size: 41KB

.rsrc Size: 79KB - Virtual size: 78KB

.reloc Size: 15KB - Virtual size: 15KB

1daf45fd074126f5eabcc532bc3e5bf5

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

Exports

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bc
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

4f:ec:4f:26:5b:70:18:ec:b4:01:5d:9b:53:40:05:bc
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

54:f3:7d:a1:71:67:51:bc:6a:8d:0a:d2:74:b2:8b:13
Certificate

86:42:f3:c0:27:0b:2c:04:c7:cb:f9:66:ea:71:f0:0a:fe:19:1b:c0:2b:b1:f3:4c:a3:4f:3c:8f:97:81:25:63
Signer

57:33:33:58:0e:6a:71:17:9a:3b:e8:cf:13:e1:e0:c5:d4:85:12:c4
Signer

.text
Size: 28KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 5.1MB

.rsrc
Size: 15KB - Virtual size: 14KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 952KB - Virtual size: 952KB

.rdata
Size: 191KB - Virtual size: 191KB

.data
Size: 89KB - Virtual size: 97KB

.pdata
Size: 41KB - Virtual size: 41KB

.rsrc
Size: 79KB - Virtual size: 78KB

.reloc
Size: 15KB - Virtual size: 15KB

.text
Size: 115KB - Virtual size: 115KB

.rdata
Size: 26KB - Virtual size: 26KB

.data
Size: 4KB - Virtual size: 14KB

.idata
Size: 3KB - Virtual size: 2KB

.reloc
Size: 6KB - Virtual size: 5KB

.text
Size: 2KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: - Virtual size: 20B

.reloc
Size: 512B - Virtual size: 334B

.text
Size: 83KB - Virtual size: 82KB

.rdata
Size: 21KB - Virtual size: 20KB

.data
Size: 5KB - Virtual size: 31KB

.rsrc
Size: 512B - Virtual size: 436B

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 20KB - Virtual size: 17KB

.rdata
Size: 4KB - Virtual size: 3KB

.data
Size: 12KB - Virtual size: 12KB

.reloc
Size: 4KB - Virtual size: 3KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B