ussm_setup[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

ussm_setup.exe
Size

13.5MB
MD5

98b8665b96a90c222664747ba5ce87ca
SHA1

978f73a86c03e03082140ce62b8ec9befd8f68f3
SHA256

79d09a008ac61e606845d0e17b4fd423bb584807a5c6ae8eb6584215c6856e7b
SHA512

153adbc03c7fc3172e63433fe21c2df36c162aa67d868f94b2fc5c23c016550378a043acaeeab1fdc0d27ad1cce69393f42a95d4af7880f16eb4ea444ca30585
SSDEEP

393216:TBK1BgFlNlvvA0fEPi4YGplf1oRm5TyEsOPuzffKD:TA1BgFZv4443B1oM5TZs5rW

Score

3^/10

Malware Config

Signatures

Unsigned PE 9 IoCs

Checks for missing Authenticode signature.

Processes:

resource
unpack001/$PLUGINSDIR/AccessControl.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/UserInfo.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$PLUGINSDIR/nsis_appid.dll
unpack001/LiveScreensaverCreator.exe
unpack001/Setup.e32
unpack001/SetupLdr.e32
unpack001/ussm.exe

Files

ussm_setup.exe
.exe windows:4 windows x86 arch:x86

56a78d55f3f7af51443e58e0ce2fb5f6

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

25-10-2022 00:00

Not After

24-10-2025 23:59

Subject

SERIALNUMBER=04240305,CN=Finalhit Limited,O=Finalhit Limited,ST=East Sussex,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

25-10-2022 00:00

Not After

24-10-2025 23:59

Subject

SERIALNUMBER=04240305,CN=Finalhit Limited,O=Finalhit Limited,ST=East Sussex,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

57:79:c8:06:c5:7a:4d:1f:6e:b9:cb:e9:bc:27:68:17:49:0a:83:d8:69:8b:cd:16:9d:19:3f:37:8c:a3:b8:d7
Signer

Actual PE Digest

57:79:c8:06:c5:7a:4d:1f:6e:b9:cb:e9:bc:27:68:17:49:0a:83:d8:69:8b:cd:16:9d:19:3f:37:8c:a3:b8:d7

Digest Algorithm

sha256

PE Digest Matches

true

cd:a0:39:48:2f:ec:1e:44:86:01:4a:99:6d:63:6e:b6:ae:e1:50:74
Signer

Actual PE Digest

cd:a0:39:48:2f:ec:1e:44:86:01:4a:99:6d:63:6e:b6:ae:e1:50:74

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetSpecialFolderLocation
SHFileOperationW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
SHGetFileInfoW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

GetClientRect
EndPaint
DrawTextW
IsWindowEnabled
DispatchMessageW
wsprintfA
CharNextA
CharPrevW
MessageBoxIndirectW
GetDlgItemTextW
SetDlgItemTextW
GetSystemMetrics
FillRect
AppendMenuW
TrackPopupMenu
OpenClipboard
SetClipboardData
CloseClipboard
IsWindowVisible
CallWindowProcW
GetMessagePos
CheckDlgButton
LoadCursorW
SetCursor
GetSysColor
SetWindowPos
GetWindowLongW
PeekMessageW
SetClassLongW
GetSystemMenu
EnableMenuItem
GetWindowRect
ScreenToClient
EndDialog
RegisterClassW
SystemParametersInfoW
CreateWindowExW
GetClassInfoW
DialogBoxParamW
CharNextW
ExitWindowsEx
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
FindWindowExW
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
ReleaseDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
EmptyClipboard
CreatePopupMenu

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
lstrcatW
Sleep
lstrcpyA
WriteFile
GetTempFileNameW
CreateFileW
lstrcmpiA
RemoveDirectoryW
CreateProcessW
CreateDirectoryW
GetLastError
CreateThread
GlobalLock
GlobalUnlock
GetDiskFreeSpaceW
WideCharToMultiByte
lstrcpynW
lstrlenW
SetErrorMode
GetVersionExW
GetCommandLineW
GetTempPathW
GetWindowsDirectoryW
SetEnvironmentVariableW
CopyFileW
ExitProcess
GetCurrentProcess
GetModuleFileNameW
GetFileSize
GetTickCount
MulDiv
SetFileAttributesW
GetFileAttributesW
SetCurrentDirectoryW
MoveFileW
GetFullPathNameW
GetShortPathNameW
SearchPathW
CompareFileTime
SetFileTime
CloseHandle
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalFree
GlobalAlloc
GetModuleHandleW
LoadLibraryExW
MoveFileExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
lstrlenA
MultiByteToWideChar
ReadFile
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW

Sections

.text
Size: 26KB - Virtual size: 26KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 172KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 196KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 160KB - Virtual size: 159KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/Live Screensaver/$SYSDIR/Ultra Screen Saver.scr
.exe windows:6 windows x86 arch:x86

059f920960305a27dbc881f03a420ad3

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

25-10-2022 00:00

Not After

24-10-2025 23:59

Subject

SERIALNUMBER=04240305,CN=Finalhit Limited,O=Finalhit Limited,ST=East Sussex,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

25-10-2022 00:00

Not After

24-10-2025 23:59

Subject

SERIALNUMBER=04240305,CN=Finalhit Limited,O=Finalhit Limited,ST=East Sussex,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:fe:fe:05:25:88:ca:20:7f:f7:b7:b7:c1:fc:b0:70:f6:25:f6:bf:ae:7d:d3:de:af:ce:57:6d:f2:02:8c:46
Signer

Actual PE Digest

63:fe:fe:05:25:88:ca:20:7f:f7:b7:b7:c1:fc:b0:70:f6:25:f6:bf:ae:7d:d3:de:af:ce:57:6d:f2:02:8c:46

Digest Algorithm

sha256

PE Digest Matches

true

91:5e:e6:a6:9b:2b:b1:6e:bb:6b:4a:c5:00:c2:b4:4e:ec:a9:e4:b1
Signer

Actual PE Digest

91:5e:e6:a6:9b:2b:b1:6e:bb:6b:4a:c5:00:c2:b4:4e:ec:a9:e4:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

CallNtPowerInformation

winmm

PlaySoundA
timeGetTime
midiOutGetVolume
mciSendStringA
mciGetErrorStringA
mciSendCommandA
midiOutClose
midiOutSetVolume
midiOutOpen

msvfw32

DrawDibDraw
DrawDibClose
DrawDibOpen

kernel32

GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
GetOEMCP
GetCPInfo
GetACP
FindResourceExW
VerSetConditionMask
VerifyVersionInfoA
GetTickCount64
GetProfileIntA
SearchPathA
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
LocalReAlloc
GetTimeZoneInformation
GetStdHandle
HeapQueryInformation
SetStdHandle
GetFullPathNameW
VirtualQuery
VirtualAlloc
ExitProcess
GetCommandLineW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
PeekNamedPipe
GetFileType
GetDriveTypeW
CreateFileW
GetConsoleCP
RtlUnwind
GetStringTypeW
RaiseException
OutputDebugStringW
GlobalFlags
GlobalHandle
GlobalReAlloc
TlsSetValue
TlsGetValue
TlsAlloc
LocalAlloc
InitializeCriticalSectionAndSpinCount
GetPrivateProfileIntA
GetCurrentThread
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
SetThreadPriority
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
TlsFree
GetCurrentThreadId
EncodePointer
lstrcmpA
GetThreadLocale
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
GetCurrentProcess
DuplicateHandle
OutputDebugStringA
UnlockFile
LockFile
FlushFileBuffers
SetLastError
CopyFileA
GlobalSize
SetErrorMode
GetFileTime
GetSystemTime
GetCurrentProcessId
GetPrivateProfileStringA
lstrcmpiA
RemoveDirectoryA
SetFileAttributesA
DeleteFileA
OpenProcess
FindClose
FindNextFileA
TerminateProcess
FindFirstFileA
SetEndOfFile
SetFilePointer
WriteFile
MulDiv
GlobalUnlock
CreateEventA
GlobalLock
ResetEvent
GlobalFree
GlobalAlloc
SetEvent
ResumeThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
CreateProcessA
lstrcpyA
lstrcatA
lstrlenA
CreateDirectoryA
FreeLibrary
LoadLibraryA
OpenMutexA
WaitForMultipleObjects
CreateThread
GetDateFormatA
GetLocaleInfoA
GetTimeFormatA
GetFileSize
ReadFile
QueryPerformanceCounter
GetSystemInfo
QueryPerformanceFrequency
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
GetProcAddress
GetSystemWow64DirectoryA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetVersionExA
GetSystemDirectoryA
GetFileAttributesA
Sleep
GetModuleHandleA
UnmapViewOfFile
GetCurrentDirectoryA
ReleaseMutex
CreateMutexA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileInformationByHandle
GetCommandLineA
GetVolumeInformationA
GetShortPathNameA
GetTickCount
FreeResource
GetTempFileNameA
CloseHandle
GetTempPathA
WaitForSingleObject
FindResourceA
GetFullPathNameA
FormatMessageA
WideCharToMultiByte
GetLongPathNameA
GetProcessHeap
DeleteCriticalSection
LocalFree
DecodePointer
HeapAlloc
FindResourceW
LoadResource
HeapReAlloc
LockResource
CreateFileA
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
SizeofResource
GetModuleFileNameA
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
ReadConsoleW
CompareStringW
LCMapStringW
SetFilePointerEx
WriteConsoleW
GetConsoleOutputCP
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
InitializeSListHead

user32

CreateDialogIndirectParamA
IsDialogMessageA
SetWindowTextA
IsWindowEnabled
SendDlgItemMessageA
CheckDlgButton
SetDlgItemTextA
MoveWindow
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
GetWindowLongA
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
GetMessageTime
GetMessagePos
EndDialog
ClientToScreen
EndPaint
BeginPaint
TabbedTextOutA
GrayStringA
UnhookWindowsHookEx
CharUpperA
RemoveMenu
AppendMenuA
InsertMenuA
GetNextDlgGroupItem
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
DrawTextExA
DrawTextA
GetCursor
OffsetRect
GetWindow
WaitForInputIdle
GetForegroundWindow
FindWindowA
SetForegroundWindow
IsWindowVisible
FillRect
GetDesktopWindow
InflateRect
GetDC
CreatePopupMenu
GetMenuDefaultItem
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
CopyIcon
MessageBeep
IsWindow
GetSysColor
SetCursor
GetClientRect
GetSysColorBrush
PtInRect
GetCursorPos
GetWindowThreadProcessId
UnionRect
RegisterWindowMessageA
GetCapture
ValidateRect
MessageBoxA
GetUpdateRect
InvalidateRect
IsRectEmpty
SetCapture
GetNextDlgTabItem
WindowFromPoint
SetRectEmpty
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
GetMessageA
TranslateMessage
IntersectRect
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
RealChildWindowFromPoint
ReleaseCapture
GetActiveWindow
DestroyMenu
GetMenuItemInfoA
CopyImage
GetAsyncKeyState
TrackMouseEvent
DestroyIcon
LoadImageW
DeleteMenu
SetTimer
KillTimer
WaitMessage
LoadCursorW
CharNextA
CopyAcceleratorTableA
DispatchMessageA
NotifyWinEvent
MapVirtualKeyA
IsZoomed
GetKeyNameTextA
SetLayeredWindowAttributes
DrawStateA
SetClassLongA
SetWindowRgn
SetParent
DrawEdge
DrawFrameControl
InvalidateRgn
UnregisterClassA
ReleaseDC
UpdateWindow
RegisterClassExA
GetParent
LoadIconA
GetWindowDC
SendMessageA
CreateWindowExA
DefWindowProcA
ShowWindow
SetWindowPos
DestroyWindow
LoadCursorA
GetWindowRect
PostQuitMessage
SetRect
PeekMessageA
SystemParametersInfoA
GetMonitorInfoA
GetSystemMetrics
EnumDisplayMonitors
PostMessageA
LoadImageA
EnableWindow
LoadIconW
ScreenToClient
GetKeyState
CopyRect
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
CharUpperBuffA
ModifyMenuA
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
PostThreadMessageA
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
RegisterClipboardFormatA
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
DrawIcon
FrameRect
SetCursorPos
BringWindowToTop
GetSystemMenu
LoadMenuW
GetMenuItemCount

gdi32

TextOutA
CreateRectRgn
CreateRectRgnIndirect
GetStockObject
CreateSolidBrush
DeleteDC
OffsetRgn
CreatePolygonRgn
GetBkColor
GetCurrentObject
GetTextColor
SetTextColor
GetBkMode
GetTextMetricsA
SetBkColor
SetDIBColorTable
CreateDIBSection
GetDIBits
GetPaletteEntries
StretchDIBits
DeleteEnhMetaFile
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
PlayEnhMetaFile
SetEnhMetaFileBits
SetWinMetaFileBits
CopyMetaFileA
CreateDCA
CreateHatchBrush
CreatePen
CreatePatternBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
ExtSelectClipRgn
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
SelectClipRgn
MoveToEx
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
PatBlt
SetRectRgn
DPtoLP
GetTextExtentPoint32A
EnumFontFamiliesExA
GetNearestPaletteIndex
GetSystemPaletteEntries
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
CreateEllipticRgn
Ellipse
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceA
DeleteObject
CombineRgn
GetRgnBox
BitBlt
CreateCompatibleBitmap
StretchBlt
RealizePalette
SetBkMode
CreateFontIndirectA
CreateBitmap
SelectObject
CreateCompatibleDC
SetPixel
GetDeviceCaps
CreateHalftonePalette
CreatePalette
GetObjectA
SelectPalette
SetDIBitsToDevice

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegEnumKeyExA
RegEnumValueA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueA
RegCloseKey

shell32

ShellExecuteA
SHGetFolderPathA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileA
DragFinish
SHBrowseForFolderA
SHAppBarMessage
ShellExecuteExA

comctl32

InitCommonControlsEx

shlwapi

PathStripPathA
PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
StrFormatKBSizeA
PathRemoveFileSpecW

uxtheme

OpenThemeData
DrawThemeText
DrawThemeParentBackground
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
IsAppThemed
GetThemeSysColor
GetThemePartSize

ole32

CoRegisterMessageFilter
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoInitializeEx
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
RevokeDragDrop
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CoUninitialize
CreateStreamOnHGlobal
CoInitialize
CoTaskMemFree
CoCreateInstance
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoRevokeClassObject

oleaut32

VariantCopy
SysAllocStringByteLen
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
SysAllocString
SafeArrayDestroy
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
OleLoadPicture

oledlg

ord8

gdiplus

GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipDrawImageI
GdipGetImagePixelFormat
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImageGraphicsContext
GdipDisposeImage

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 551KB - Virtual size: 550KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$APPDATA/Live Screensaver/Live Screensaver.lsc
.xml
$APPDATA/Live Screensaver/conf.dat
$APPDATA/Ultra Screen Saver/Ultra Screen Saver.ssp
$APPDATA/Ultra Screen Saver/conf.dat
$PLUGINSDIR/AccessControl.dll
.dll windows:4 windows x86 arch:x86

b79de4e8687b3fce7173ec8dc917f685

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrcpynA
CloseHandle
GetCurrentProcess
LocalAlloc
lstrlenA
LoadLibraryA
GetProcAddress
lstrcmpiA
GetLastError
lstrcatA
GetFileAttributesA
lstrcpyA
LocalFree
GlobalAlloc

user32

wsprintfA

advapi32

LookupPrivilegeValueA
RegCloseKey
LookupAccountNameA
AdjustTokenPrivileges
GetUserNameA
GetSidSubAuthorityCount
RegSetKeySecurity
IsValidSid
SetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSidSubAuthority
OpenProcessToken
SetSecurityDescriptorOwner
GetSidIdentifierAuthority
RegGetKeySecurity
LookupAccountSidA
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegOpenKeyExA

Exports

Exports

ClearOnFile
ClearOnRegKey
DenyOnFile
DenyOnRegKey
DisableFileInheritance
DisableRegKeyInheritance
EnableFileInheritance
EnableRegKeyInheritance
GetCurrentUserName
GetFileGroup
GetFileOwner
GetRegKeyGroup
GetRegKeyOwner
GrantOnFile
GrantOnRegKey
NameToSid
RevokeOnFile
RevokeOnRegKey
SetFileGroup
SetFileOwner
SetOnFile
SetOnRegKey
SetRegKeyGroup
SetRegKeyOwner
SidToName

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 348B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 972B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/UserInfo.dll
.dll windows:4 windows x86 arch:x86

5e62e8e248e7364886b604bd1fcf4c13

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

advapi32

FreeSid
EqualSid
AllocateAndInitializeSid
GetTokenInformation
OpenProcessToken
OpenThreadToken
GetUserNameW

kernel32

GlobalFree
GetVersion
GlobalAlloc
CloseHandle
GetModuleHandleA
GetLastError
GetCurrentProcess
GetCurrentThread
GetProcAddress
lstrcpynW

Exports

Exports

GetAccountType
GetName
GetOriginalAccountType

Sections

.text
Size: 1024B - Virtual size: 714B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 705B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 240B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/nsis_appid.dll
.dll windows:5 windows x86 arch:x86

486440cfe9a90cc06a50c4146cd7dcef

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

SHStrDupW

kernel32

GlobalFree
GlobalAlloc
lstrcpyW

shell32

SHGetPropertyStoreFromParsingName

ole32

PropVariantClear

Exports

Exports

set_appid

Sections

.text
Size: 512B - Virtual size: 377B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 459B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 436B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 156B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/Live Screensaver.scr
.exe windows:6 windows x86 arch:x86

31a6c3932ea83844b0684ef9cf2a68ff

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

25-10-2022 00:00

Not After

24-10-2025 23:59

Subject

SERIALNUMBER=04240305,CN=Finalhit Limited,O=Finalhit Limited,ST=East Sussex,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

25-10-2022 00:00

Not After

24-10-2025 23:59

Subject

SERIALNUMBER=04240305,CN=Finalhit Limited,O=Finalhit Limited,ST=East Sussex,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:6b:93:92:f1:b3:27:0b:21:7f:a9:7a:18:ab:3c:4a:26:51:a0:a9:20:33:fd:dd:37:6d:9c:51:b6:44:85:cc
Signer

Actual PE Digest

36:6b:93:92:f1:b3:27:0b:21:7f:a9:7a:18:ab:3c:4a:26:51:a0:a9:20:33:fd:dd:37:6d:9c:51:b6:44:85:cc

Digest Algorithm

sha256

PE Digest Matches

true

4e:10:55:87:7d:ce:38:d1:de:2d:54:88:6f:cc:7c:47:63:f0:89:eb
Signer

Actual PE Digest

4e:10:55:87:7d:ce:38:d1:de:2d:54:88:6f:cc:7c:47:63:f0:89:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetModuleFileNameA
GetLongPathNameA
GetLastError
FormatMessageA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
LocalFree
GetFullPathNameA
GetVersionExA
MultiByteToWideChar
DeleteFileA
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
GetCurrentThreadId
GetProcessHeap
HeapAlloc
GetProcAddress
GetModuleHandleW
HeapFree
GetModuleHandleExW
DebugBreak
IsDebuggerPresent
OutputDebugStringW
SetLastError
CloseHandle
GetEnvironmentVariableW
FreeLibrary
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
OutputDebugStringA
CreateFileW
GetFileAttributesW
FindResourceA
HeapReAlloc
HeapSize
GetCurrentProcess
SetProcessWorkingSetSize
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
GetShortPathNameA
CreateDirectoryA
GetTempPathA
DecodePointer
RaiseException
OpenSemaphoreW
WaitForSingleObject
DeleteCriticalSection
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStdHandle
ExitProcess
GetFileType
SetStdHandle
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
InitializeCriticalSectionEx
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
VirtualQuery
VirtualAlloc
FindClose
FindFirstFileA
FlushFileBuffers
GetFileSize
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
GetVolumeInformationA
DuplicateHandle
LoadLibraryA
lstrcmpiA
MoveFileA
GetThreadLocale
GlobalSize
GlobalFree
MulDiv
CopyFileA
lstrcmpA
GetCurrentThread
GlobalDeleteAtom
CompareStringA
GetTickCount64
EncodePointer
GetSystemDirectoryW
lstrcmpW
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
SetEvent
SetThreadPriority
ResumeThread
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileAttributesA
InitializeCriticalSectionAndSpinCount
GlobalReAlloc
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
ReplaceFileA
SystemTimeToFileTime
GetUserDefaultLCID
LocalAlloc
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesExA
GetFileSizeEx
LocalFileTimeToFileTime
SetErrorMode
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalHandle
LocalReAlloc
GetACP
GlobalFlags
GetCurrentDirectoryA
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
GetOEMCP
GetCPInfo
VerSetConditionMask
lstrcpyA
VerifyVersionInfoA
GetWindowsDirectoryA
FindResourceExW
GetProfileIntA
SearchPathA
Sleep
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
GetLocaleInfoEx
QueryPerformanceFrequency
LCMapStringEx
CompareStringEx
GetStringTypeW
RtlUnwind
GetSystemInfo

user32

EndDeferWindowPos
IsWindowVisible
IsIconic
GetDlgCtrlID
SetFocus
GetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
TrackPopupMenu
GetForegroundWindow
SetForegroundWindow
ValidateRect
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetWindowTextLengthA
GetWindowRect
AdjustWindowRectEx
MapWindowPoints
CopyRect
EqualRect
GetClassLongA
GetClassNameA
GetTopWindow
GetWindow
LoadIconA
SetScrollInfo
GetScrollInfo
WinHelpA
MonitorFromWindow
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
GetMessageA
TranslateMessage
ShowOwnedPopups
ShowWindow
MoveWindow
CheckDlgButton
SendDlgItemMessageA
SetWindowTextA
IsDialogMessageA
GetKeyNameTextA
MapVirtualKeyA
BringWindowToTop
ReleaseCapture
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
CreatePopupMenu
DestroyMenu
InsertMenuItemA
SetRectEmpty
IntersectRect
DestroyIcon
LoadImageA
UnpackDDElParam
ReuseDDElParam
DrawStateA
IsRectEmpty
LoadImageW
CopyImage
SetWindowContextHelpId
MapDialogRect
CharNextA
SetCapture
DrawIcon
LoadCursorW
SystemParametersInfoA
GetSysColorBrush
RealChildWindowFromPoint
WaitMessage
WindowFromPoint
DeleteMenu
PostThreadMessageA
GetMenuItemInfoA
GetAsyncKeyState
CopyAcceleratorTableA
InvalidateRgn
GetSystemMenu
SetParent
SetLayeredWindowAttributes
DrawEdge
DrawFrameControl
DrawFocusRect
DrawIconEx
BeginDeferWindowPos
LoadMenuW
GetNextDlgGroupItem
CallWindowProcA
GetMenuDefaultItem
TrackMouseEvent
LockWindowUpdate
GetKeyboardLayout
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
DestroyAcceleratorTable
IsZoomed
NotifyWinEvent
SetCursorPos
MonitorFromPoint
EnableScrollBar
GetDoubleClickTime
GetIconInfo
CopyIcon
SetMenuDefaultItem
ModifyMenuA
HideCaret
InvertRect
FrameRect
IsCharLowerA
MapVirtualKeyExA
CharUpperBuffA
UpdateLayeredWindow
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
GetComboBoxInfo
DestroyCursor
GetWindowRgn
DefWindowProcA
GetMessageTime
GetMessagePos
CharUpperA
GetSystemMetrics
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
EnumDisplayMonitors
SetRect
GetMonitorInfoA
OffsetRect
UnionRect
InsertMenuA
AppendMenuA
RemoveMenu
IsWindow
DestroyWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClientRect
EnableWindow
LoadIconW
SendMessageA
SetCursor
LoadCursorA
PostMessageA
CallNextHookEx
SetWindowsHookExA
KillTimer
UnhookWindowsHookEx
UpdateWindow
GetParent
SetTimer
InvalidateRect
SetWindowRgn
FillRect
GetCursorPos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
RegisterClipboardFormatA
GetLastActivePopup
GetWindowThreadProcessId
PtInRect
SetClassLongA
ShowCursor
GetWindowLongA
SetWindowLongA
GetQueueStatus
InflateRect
PostQuitMessage
ScreenToClient
UnregisterClassA
DeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
LoadAcceleratorsW
MessageBoxA
GetSysColor
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
GetDesktopWindow
SetActiveWindow
IsWindowEnabled
GetActiveWindow
RegisterClassA
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamA
ReleaseDC
GetDC
MessageBeep

gdi32

ScaleWindowExtEx
PatBlt
CreateCompatibleBitmap
CopyMetaFileA
CreateDCA
GetDeviceCaps
CreateBitmap
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
GetTextFaceA
SetPixelV
GetViewportOrgEx
GetWindowOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
SetPaletteEntries
ExtFloodFill
RoundRect
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
OffsetRgn
CreateRoundRectRgn
EnumFontFamiliesExA
Rectangle
Polyline
Polygon
CreatePolygonRgn
GetObjectA
CreateFontIndirectA
DeleteDC
CreateCompatibleDC
BitBlt
CreateFontA
CreateSolidBrush
CreateRectRgnIndirect
GetStockObject
GetTextExtentPoint32A
SelectObject
DeleteObject
CombineRgn
SetROP2
SetTextColor
SetTextAlign
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
GetTextCharsetInfo
EnumFontFamiliesA
GetRgnBox
SetRectRgn
GetMapMode
GetTextMetricsA
LPtoDP
DPtoLP
Ellipse
CreateEllipticRgn
GetTextColor
GetBkColor
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
OffsetWindowOrgEx
CreateDIBitmap
RealizePalette
ScaleViewportExtEx

advapi32

RegSetValueExA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
RegGetValueW
RegQueryValueExW
RegOpenKeyExW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptReleaseContext
GetFileSecurityA

shell32

ShellExecuteExA
ShellExecuteA
SHGetFolderPathA
SHGetKnownFolderPath
SHBrowseForFolderA
SHAppBarMessage
SHGetDesktopFolder
SHGetFileInfoA
DragFinish
SHGetPathFromIDListA
DragQueryFileA
SHGetSpecialFolderLocation

ole32

StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
DoDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleIsCurrentClipboard
CoCreateInstance
CoTaskMemFree
CoRevokeClassObject
CoInitializeEx
CoTaskMemAlloc
CoRegisterMessageFilter
OleFlushClipboard
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
OleDraw
CreateStreamOnHGlobal
CoInitialize
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData

oleaut32

LoadTypeLi
VarBstrFromDate
VariantCopy
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayDestroy
SafeArrayCreate
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysAllocStringByteLen
VariantInit
VariantChangeType
OleCreateFontIndirect
SysStringLen
SysFreeString
VariantClear

msimg32

AlphaBlend
TransparentBlt

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
StrFormatKBSizeA
PathRemoveFileSpecW
ord12

uxtheme

DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemeColor
GetCurrentThemeName
GetThemePartSize
IsAppThemed
GetThemeSysColor
GetWindowTheme
DrawThemeText

oledlg

ord8

urlmon

CoInternetGetSession
CoInternetSetFeatureEnabled
CoInternetQueryInfo

wininet

InternetCrackUrlA
InternetOpenA
InternetQueryOptionA
InternetCloseHandle
InternetOpenUrlA
InternetGetConnectedState
InternetCanonicalizeUrlA
InternetReadFile
InternetWriteFile
InternetQueryDataAvailable
InternetGetLastResponseInfoA
InternetSetStatusCallback
InternetSetFilePointer

gdiplus

GdipDeleteGraphics
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipBitmapUnlockBits

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

Exports

Exports

?KeyboardProc@@YGJHIJ@Z
?MouseProc@@YGJHIJ@Z
?installKbdHook@@YGHPAUHINSTANCE__@@@Z
?installMouseHook@@YGHPAUHINSTANCE__@@@Z

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 469KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 546KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Default.isl
ISCC.exe
.exe windows:6 windows x86 arch:x86

6365e51f21fd9e9da74abe24a796a16d

Code Sign

6c:e6:8a:ba:67:d5:52:4d:80:71:10:ce:4a:7d:d8:9a
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

24-03-2022 14:29

Not After

24-03-2023 14:29

Subject

CN=Open Source Developer\, Martijn Laan,O=Open Source Developer,L=Aalsmeer,ST=Noord-Holland,C=NL,1.2.840.113549.1.9.1=#0c146d6c61616e406a72736f6674776172652e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6c:e6:8a:ba:67:d5:52:4d:80:71:10:ce:4a:7d:d8:9a
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

24-03-2022 14:29

Not After

24-03-2023 14:29

Subject

CN=Open Source Developer\, Martijn Laan,O=Open Source Developer,L=Aalsmeer,ST=Noord-Holland,C=NL,1.2.840.113549.1.9.1=#0c146d6c61616e406a72736f6674776172652e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

44:92:9c:ce:ca:cc:5b:9d:76:84:b5:e1:9c:81:0f:15:ba:b5:a3:db:d3:ca:5f:0c:f6:27:57:ae:63:5d:22:a6
Signer

Actual PE Digest

44:92:9c:ce:ca:cc:5b:9d:76:84:b5:e1:9c:81:0f:15:ba:b5:a3:db:d3:ca:5f:0c:f6:27:57:ae:63:5d:22:a6

Digest Algorithm

sha256

PE Digest Matches

true

ea:4b:08:a9:85:c9:4d:2e:3a:49:ea:ac:e8:67:6d:fb:1a:df:3d:7c
Signer

Actual PE Digest

ea:4b:08:a9:85:c9:4d:2e:3a:49:ea:ac:e8:67:6d:fb:1a:df:3d:7c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

EnterCriticalSection
ReleaseMutex
SetFilePointer
GetACP
CloseHandle
LocalFree
SuspendThread
VirtualProtect
GetTickCount
GetFullPathNameW
VirtualFree
GetFileSize
HeapAlloc
GetStartupInfoW
ExitProcess
GetFileAttributesW
SetCurrentDirectoryW
GetCurrentDirectoryW
InitializeCriticalSection
GetCPInfoExW
GetThreadPriority
GetCurrentProcess
SetThreadPriority
VirtualAlloc
SetConsoleCursorPosition
RtlUnwind
GetCPInfo
GetCommandLineW
GetSystemInfo
ResumeThread
GetProcAddress
LeaveCriticalSection
GetStdHandle
GetVersionExW
VerifyVersionInfoW
GetModuleHandleW
FreeLibrary
HeapCreate
HeapDestroy
ReadFile
GetDiskFreeSpaceW
VerSetConditionMask
GetUserDefaultUILanguage
FindFirstFileW
SetLastError
GetModuleFileNameW
GetLastError
lstrlenW
SetEndOfFile
CompareStringW
CreateThread
HeapFree
WideCharToMultiByte
MultiByteToWideChar
FindClose
CreateMutexW
LoadLibraryW
LoadLibraryA
ResetEvent
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetLocalTime
WaitForSingleObject
GetCurrentThread
WriteFile
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
LoadLibraryExW
GetSystemDefaultUILanguage
EnumCalendarInfoW
GetConsoleScreenBufferInfo
SetConsoleTextAttribute
LocalAlloc
GetCurrentThreadId
UnhandledExceptionFilter
SetConsoleCtrlHandler
VirtualQuery
CreateEventW
VirtualQueryEx
GetThreadLocale
Sleep
SetThreadLocale

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
CharLowerBuffW
LoadStringW
CharUpperW
PeekMessageW
GetSystemMetrics
MessageBoxW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

iscmplr

ISDllGetVersion
ISDllCompileScriptW

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegFlushKey
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 744KB - Virtual size: 744KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 150B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ISCmplr.dll
.dll windows:6 windows x86 arch:x86

fc288ec45555131a1738f9c4204c02eb

Code Sign

6c:e6:8a:ba:67:d5:52:4d:80:71:10:ce:4a:7d:d8:9a
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

24-03-2022 14:29

Not After

24-03-2023 14:29

Subject

CN=Open Source Developer\, Martijn Laan,O=Open Source Developer,L=Aalsmeer,ST=Noord-Holland,C=NL,1.2.840.113549.1.9.1=#0c146d6c61616e406a72736f6674776172652e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6c:e6:8a:ba:67:d5:52:4d:80:71:10:ce:4a:7d:d8:9a
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

24-03-2022 14:29

Not After

24-03-2023 14:29

Subject

CN=Open Source Developer\, Martijn Laan,O=Open Source Developer,L=Aalsmeer,ST=Noord-Holland,C=NL,1.2.840.113549.1.9.1=#0c146d6c61616e406a72736f6674776172652e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fe:9c:e0:51:4f:7a:b5:43:c0:ab:20:ff:45:32:59:5b:b2:81:0b:34:ab:27:dd:58:39:30:0f:d1:04:65:8f:2e
Signer

Actual PE Digest

fe:9c:e0:51:4f:7a:b5:43:c0:ab:20:ff:45:32:59:5b:b2:81:0b:34:ab:27:dd:58:39:30:0f:d1:04:65:8f:2e

Digest Algorithm

sha256

PE Digest Matches

true

f6:4f:30:d7:e2:14:c9:cb:08:13:8c:37:53:24:25:2d:18:0a:5e:e7
Signer

Actual PE Digest

f6:4f:30:d7:e2:14:c9:cb:08:13:8c:37:53:24:25:2d:18:0a:5e:e7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

SetFileAttributesW
SetFileTime
GetFileTime
GetACP
GetExitCodeProcess
CloseHandle
LocalFree
SizeofResource
VirtualProtect
TlsAlloc
UpdateResourceW
IsValidCodePage
FindNextFileW
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
GetSystemTime
RtlUnwind
GetCPInfo
GetStdHandle
FileTimeToLocalFileTime
GetModuleHandleW
FreeLibrary
InterlockedExchangeAdd
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
CopyFileW
MapViewOfFile
LoadLibraryA
ResetEvent
FreeResource
GetVersion
RaiseException
MoveFileW
GetSystemTimeAsFileTime
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
TerminateProcess
LockResource
BeginUpdateResourceW
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
EnumResourceLanguagesW
WaitForMultipleObjects
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
VirtualAlloc
GetSystemInfo
GetCommandLineW
DuplicateHandle
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
TlsFree
UnmapViewOfFile
lstrlenW
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
SystemTimeToFileTime
GetSystemDirectoryW
DeleteFileW
GetLocalTime
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
IsValidLocale
TlsSetValue
EndUpdateResourceW
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

shell32

SHGetMalloc
SHGetSpecialFolderLocation
SHGetPathFromIDListW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CharUpperBuffW
CharNextW
MapVirtualKeyW
MsgWaitForMultipleObjects
CharLowerBuffW
LoadStringW
CharUpperW
PeekMessageW
GetSystemMetrics
GetKeyNameTextW
MessageBoxW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

CryptReleaseContext
RegQueryValueExW
RegCloseKey
CryptAcquireContextA
RegOpenKeyExW
CryptGenRandom

Exports

Exports

ISDllCompileScript
ISDllCompileScriptW
ISDllGetVersion
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 238B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 260KB - Virtual size: 260KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ISPP.dll
.dll windows:6 windows x86 arch:x86

c5eb7a55345f2ccd5aea20c3e8725586

Code Sign

6c:e6:8a:ba:67:d5:52:4d:80:71:10:ce:4a:7d:d8:9a
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

24-03-2022 14:29

Not After

24-03-2023 14:29

Subject

CN=Open Source Developer\, Martijn Laan,O=Open Source Developer,L=Aalsmeer,ST=Noord-Holland,C=NL,1.2.840.113549.1.9.1=#0c146d6c61616e406a72736f6674776172652e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6c:e6:8a:ba:67:d5:52:4d:80:71:10:ce:4a:7d:d8:9a
Certificate

Issuer

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Not Before

24-03-2022 14:29

Not After

24-03-2023 14:29

Subject

CN=Open Source Developer\, Martijn Laan,O=Open Source Developer,L=Aalsmeer,ST=Noord-Holland,C=NL,1.2.840.113549.1.9.1=#0c146d6c61616e406a72736f6674776172652e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

99:a3:80:0a:26:55:3b:65:ab:dc:6e:84:a6:b3:ea:39
Certificate

Issuer

CN=Certum Trusted Network CA 2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

19-05-2021 05:32

Not After

18-05-2036 05:32

Subject

CN=Certum Code Signing 2021 CA,O=Asseco Data Systems S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:77:a0:00:8f:f4:d1:b0:c6:3d:9f:3a:48:83:8d:6b
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

23-10-2020 00:00

Not After

22-01-2032 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #2,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

34:35:b2:41:d1:f4:24:9a:ae:05:e2:ca:60:77:70:84:12:70:0c:6f:bb:9e:43:16:82:9b:5b:04:82:71:d4:54
Signer

Actual PE Digest

34:35:b2:41:d1:f4:24:9a:ae:05:e2:ca:60:77:70:84:12:70:0c:6f:bb:9e:43:16:82:9b:5b:04:82:71:d4:54

Digest Algorithm

sha256

PE Digest Matches

true

a4:d8:b9:b5:46:36:fc:ea:c0:0a:88:6c:4d:9d:43:a8:38:43:c0:be
Signer

Actual PE Digest

a4:d8:b9:b5:46:36:fc:ea:c0:0a:88:6c:4d:9d:43:a8:38:43:c0:be

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetFileType
QueryDosDeviceW
GetACP
GetExitCodeProcess
CloseHandle
LocalFree
VirtualProtect
TlsAlloc
FindNextFileW
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
FileTimeToLocalFileTime
GetModuleHandleW
FreeLibrary
HeapDestroy
FileTimeToDosDateTime
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
CreateThread
CompareStringW
CopyFileW
MapViewOfFile
LoadLibraryA
ResetEvent
GetVolumeInformationW
GetDriveTypeW
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
GetFileAttributesExW
LoadLibraryExW
FileTimeToSystemTime
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
SuspendThread
GetTickCount
WritePrivateProfileStringW
GetFileSize
GetTempFileNameW
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetThreadPriority
GetCurrentProcess
SetThreadPriority
VirtualAlloc
GetCommandLineW
GetSystemInfo
GetTempPathW
LeaveCriticalSection
GetProcAddress
ResumeThread
SearchPathW
GetLogicalDriveStringsW
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
TlsFree
GetConsoleOutputCP
UnmapViewOfFile
GetConsoleCP
lstrlenW
SetEndOfFile
QueryPerformanceCounter
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
GetLocaleInfoW
CreateFileW
DeleteFileW
IsDBCSLeadByteEx
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
CreateFileMappingW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
RemoveDirectoryW
CreateEventW
GetPrivateProfileStringW
SetThreadLocale
GetThreadLocale

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

WaitForInputIdle
TranslateMessage
CharLowerBuffW
PeekMessageW
CharUpperW
GetSystemMetrics
MessageBoxW
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

RegFlushKey
RegQueryValueExW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW

Exports

Exports

ISPreprocessScriptW
TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 853KB - Virtual size: 853KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 25KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 464B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 180B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 512B - Virtual size: 69B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ISPPBuiltins.iss
Languages/Armenian.isl
Languages/BrazilianPortuguese.isl
Languages/Bulgarian.isl
Languages/Catalan.isl
Languages/Corsican.isl
Languages/Czech.isl
Languages/Danish.isl
Languages/Dutch.isl
Languages/Finnish.isl
Languages/French.isl
Languages/German.isl
Languages/Hebrew.isl
Languages/Icelandic.isl
Languages/Italian.isl
Languages/Japanese.isl
Languages/Norwegian.isl
Languages/Polish.isl
Languages/Portuguese.isl
Languages/Russian.isl
Languages/Slovak.isl
Languages/Slovenian.isl
Languages/Spanish.isl
Languages/Turkish.isl
Languages/Ukrainian.isl
LiveScreensaver.exe
.exe windows:6 windows x86 arch:x86

31a6c3932ea83844b0684ef9cf2a68ff

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

25-10-2022 00:00

Not After

24-10-2025 23:59

Subject

SERIALNUMBER=04240305,CN=Finalhit Limited,O=Finalhit Limited,ST=East Sussex,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

25-10-2022 00:00

Not After

24-10-2025 23:59

Subject

SERIALNUMBER=04240305,CN=Finalhit Limited,O=Finalhit Limited,ST=East Sussex,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:6b:93:92:f1:b3:27:0b:21:7f:a9:7a:18:ab:3c:4a:26:51:a0:a9:20:33:fd:dd:37:6d:9c:51:b6:44:85:cc
Signer

Actual PE Digest

36:6b:93:92:f1:b3:27:0b:21:7f:a9:7a:18:ab:3c:4a:26:51:a0:a9:20:33:fd:dd:37:6d:9c:51:b6:44:85:cc

Digest Algorithm

sha256

PE Digest Matches

true

4e:10:55:87:7d:ce:38:d1:de:2d:54:88:6f:cc:7c:47:63:f0:89:eb
Signer

Actual PE Digest

4e:10:55:87:7d:ce:38:d1:de:2d:54:88:6f:cc:7c:47:63:f0:89:eb

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CreateFileA
GetModuleFileNameA
GetLongPathNameA
GetLastError
FormatMessageA
WideCharToMultiByte
SizeofResource
LockResource
LoadResource
FindResourceW
LocalFree
GetFullPathNameA
GetVersionExA
MultiByteToWideChar
DeleteFileA
GlobalAlloc
GlobalLock
GlobalUnlock
FormatMessageW
GetCurrentThreadId
GetProcessHeap
HeapAlloc
GetProcAddress
GetModuleHandleW
HeapFree
GetModuleHandleExW
DebugBreak
IsDebuggerPresent
OutputDebugStringW
SetLastError
CloseHandle
GetEnvironmentVariableW
FreeLibrary
LoadLibraryW
LoadLibraryExW
GetModuleFileNameW
OutputDebugStringA
CreateFileW
GetFileAttributesW
FindResourceA
HeapReAlloc
HeapSize
GetCurrentProcess
SetProcessWorkingSetSize
GetModuleHandleA
LeaveCriticalSection
EnterCriticalSection
CreateSemaphoreExW
CreateMutexExW
GetCurrentProcessId
GetShortPathNameA
CreateDirectoryA
GetTempPathA
DecodePointer
RaiseException
OpenSemaphoreW
WaitForSingleObject
DeleteCriticalSection
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
IsValidCodePage
GetTimeZoneInformation
ReadConsoleW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
EnumSystemLocalesW
IsValidLocale
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStdHandle
ExitProcess
GetFileType
SetStdHandle
HeapQueryInformation
FreeLibraryAndExitThread
ExitThread
CreateThread
GetCommandLineW
GetCommandLineA
InitializeCriticalSectionEx
WaitForSingleObjectEx
ReleaseMutex
ReleaseSemaphore
VirtualQuery
VirtualAlloc
FindClose
FindFirstFileA
FlushFileBuffers
GetFileSize
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
GetVolumeInformationA
DuplicateHandle
LoadLibraryA
lstrcmpiA
MoveFileA
GetThreadLocale
GlobalSize
GlobalFree
MulDiv
CopyFileA
lstrcmpA
GetCurrentThread
GlobalDeleteAtom
CompareStringA
GetTickCount64
EncodePointer
GetSystemDirectoryW
lstrcmpW
GlobalAddAtomA
GlobalFindAtomA
GlobalGetAtomNameA
SetEvent
SetThreadPriority
ResumeThread
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetFileAttributesA
InitializeCriticalSectionAndSpinCount
GlobalReAlloc
GetDiskFreeSpaceA
GetFileTime
SetFileTime
GetTempFileNameA
ReplaceFileA
SystemTimeToFileTime
GetUserDefaultLCID
LocalAlloc
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
FileTimeToLocalFileTime
GetFileAttributesExA
GetFileSizeEx
LocalFileTimeToFileTime
SetErrorMode
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalHandle
LocalReAlloc
GetACP
GlobalFlags
GetCurrentDirectoryA
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
GetOEMCP
GetCPInfo
VerSetConditionMask
lstrcpyA
VerifyVersionInfoA
GetWindowsDirectoryA
FindResourceExW
GetProfileIntA
SearchPathA
Sleep
ResetEvent
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
FindFirstFileW
FindFirstFileExW
FindNextFileW
GetFileAttributesExW
AreFileApisANSI
GetFileInformationByHandleEx
GetLocaleInfoEx
QueryPerformanceFrequency
LCMapStringEx
CompareStringEx
GetStringTypeW
RtlUnwind
GetSystemInfo

user32

EndDeferWindowPos
IsWindowVisible
IsIconic
GetDlgCtrlID
SetFocus
GetFocus
GetKeyState
GetCapture
GetMenu
SetMenu
TrackPopupMenu
GetForegroundWindow
SetForegroundWindow
ValidateRect
RedrawWindow
ScrollWindow
SetScrollPos
GetScrollPos
SetScrollRange
GetScrollRange
ShowScrollBar
SetPropA
GetPropA
RemovePropA
GetWindowTextA
GetWindowTextLengthA
GetWindowRect
AdjustWindowRectEx
MapWindowPoints
CopyRect
EqualRect
GetClassLongA
GetClassNameA
GetTopWindow
GetWindow
LoadIconA
SetScrollInfo
GetScrollInfo
WinHelpA
MonitorFromWindow
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
GetMessageA
TranslateMessage
ShowOwnedPopups
ShowWindow
MoveWindow
CheckDlgButton
SendDlgItemMessageA
SetWindowTextA
IsDialogMessageA
GetKeyNameTextA
MapVirtualKeyA
BringWindowToTop
ReleaseCapture
LoadAcceleratorsA
TranslateAcceleratorA
LoadMenuA
CreatePopupMenu
DestroyMenu
InsertMenuItemA
SetRectEmpty
IntersectRect
DestroyIcon
LoadImageA
UnpackDDElParam
ReuseDDElParam
DrawStateA
IsRectEmpty
LoadImageW
CopyImage
SetWindowContextHelpId
MapDialogRect
CharNextA
SetCapture
DrawIcon
LoadCursorW
SystemParametersInfoA
GetSysColorBrush
RealChildWindowFromPoint
WaitMessage
WindowFromPoint
DeleteMenu
PostThreadMessageA
GetMenuItemInfoA
GetAsyncKeyState
CopyAcceleratorTableA
InvalidateRgn
GetSystemMenu
SetParent
SetLayeredWindowAttributes
DrawEdge
DrawFrameControl
DrawFocusRect
DrawIconEx
BeginDeferWindowPos
LoadMenuW
GetNextDlgGroupItem
CallWindowProcA
GetMenuDefaultItem
TrackMouseEvent
LockWindowUpdate
GetKeyboardLayout
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
DestroyAcceleratorTable
IsZoomed
NotifyWinEvent
SetCursorPos
MonitorFromPoint
EnableScrollBar
GetDoubleClickTime
GetIconInfo
CopyIcon
SetMenuDefaultItem
ModifyMenuA
HideCaret
InvertRect
FrameRect
IsCharLowerA
MapVirtualKeyExA
CharUpperBuffA
UpdateLayeredWindow
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
IsClipboardFormatAvailable
GetUpdateRect
SubtractRect
CreateMenu
GetComboBoxInfo
DestroyCursor
GetWindowRgn
DefWindowProcA
GetMessageTime
GetMessagePos
CharUpperA
GetSystemMetrics
GetMenuStringA
GetMenuState
GetSubMenu
GetMenuItemID
GetMenuItemCount
EnumDisplayMonitors
SetRect
GetMonitorInfoA
OffsetRect
UnionRect
InsertMenuA
AppendMenuA
RemoveMenu
IsWindow
DestroyWindow
OpenClipboard
EmptyClipboard
SetClipboardData
CloseClipboard
GetClientRect
EnableWindow
LoadIconW
SendMessageA
SetCursor
LoadCursorA
PostMessageA
CallNextHookEx
SetWindowsHookExA
KillTimer
UnhookWindowsHookEx
UpdateWindow
GetParent
SetTimer
InvalidateRect
SetWindowRgn
FillRect
GetCursorPos
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
RegisterClipboardFormatA
GetLastActivePopup
GetWindowThreadProcessId
PtInRect
SetClassLongA
ShowCursor
GetWindowLongA
SetWindowLongA
GetQueueStatus
InflateRect
PostQuitMessage
ScreenToClient
UnregisterClassA
DeferWindowPos
SetWindowPlacement
GetWindowPlacement
SetWindowPos
IsChild
IsMenu
CreateWindowExA
GetClassInfoExA
GetClassInfoA
LoadAcceleratorsW
MessageBoxA
GetSysColor
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
TabbedTextOutA
GrayStringA
DrawTextExA
DrawTextA
GetDesktopWindow
SetActiveWindow
IsWindowEnabled
GetActiveWindow
RegisterClassA
GetNextDlgTabItem
GetDlgItem
EndDialog
CreateDialogIndirectParamA
ReleaseDC
GetDC
MessageBeep

gdi32

ScaleWindowExtEx
PatBlt
CreateCompatibleBitmap
CopyMetaFileA
CreateDCA
GetDeviceCaps
CreateBitmap
CreateHatchBrush
CreatePen
CreatePatternBrush
CreateRectRgn
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
SelectClipRgn
ExtSelectClipRgn
SelectPalette
SetBkColor
SetBkMode
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
GetTextFaceA
SetPixelV
GetViewportOrgEx
GetWindowOrgEx
PtInRegion
GetBoundsRect
FrameRgn
FillRgn
SetPaletteEntries
ExtFloodFill
RoundRect
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
OffsetRgn
CreateRoundRectRgn
EnumFontFamiliesExA
Rectangle
Polyline
Polygon
CreatePolygonRgn
GetObjectA
CreateFontIndirectA
DeleteDC
CreateCompatibleDC
BitBlt
CreateFontA
CreateSolidBrush
CreateRectRgnIndirect
GetStockObject
GetTextExtentPoint32A
SelectObject
DeleteObject
CombineRgn
SetROP2
SetTextColor
SetTextAlign
MoveToEx
TextOutA
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
GetTextCharsetInfo
EnumFontFamiliesA
GetRgnBox
SetRectRgn
GetMapMode
GetTextMetricsA
LPtoDP
DPtoLP
Ellipse
CreateEllipticRgn
GetTextColor
GetBkColor
SetDIBColorTable
CreateDIBSection
StretchBlt
SetPixel
OffsetWindowOrgEx
CreateDIBitmap
RealizePalette
ScaleViewportExtEx

advapi32

RegSetValueExA
SetFileSecurityA
RegQueryValueA
RegEnumKeyA
CryptAcquireContextA
CryptCreateHash
CryptDestroyHash
RegGetValueW
RegQueryValueExW
RegOpenKeyExW
EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister
RegQueryValueExA
RegEnumKeyExA
RegDeleteKeyA
RegEnumValueA
RegQueryInfoKeyA
RegCreateKeyExA
RegCloseKey
RegOpenKeyExA
RegDeleteValueA
CryptDestroyKey
CryptDecrypt
CryptEncrypt
CryptDeriveKey
CryptHashData
CryptReleaseContext
GetFileSecurityA

shell32

ShellExecuteExA
ShellExecuteA
SHGetFolderPathA
SHGetKnownFolderPath
SHBrowseForFolderA
SHAppBarMessage
SHGetDesktopFolder
SHGetFileInfoA
DragFinish
SHGetPathFromIDListA
DragQueryFileA
SHGetSpecialFolderLocation

ole32

StgCreateDocfileOnILockBytes
StgOpenStorageOnILockBytes
CreateILockBytesOnHGlobal
DoDragDrop
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleIsCurrentClipboard
CoCreateInstance
CoTaskMemFree
CoRevokeClassObject
CoInitializeEx
CoTaskMemAlloc
CoRegisterMessageFilter
OleFlushClipboard
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
OleDraw
CreateStreamOnHGlobal
CoInitialize
OleUninitialize
OleInitialize
CoFreeUnusedLibraries
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData

oleaut32

LoadTypeLi
VarBstrFromDate
VariantCopy
SafeArrayAccessData
SafeArrayGetLBound
SafeArrayGetUBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayDestroy
SafeArrayCreate
VariantTimeToSystemTime
SystemTimeToVariantTime
SafeArrayUnaccessData
SysAllocString
SysAllocStringLen
SysAllocStringByteLen
VariantInit
VariantChangeType
OleCreateFontIndirect
SysStringLen
SysFreeString
VariantClear

msimg32

AlphaBlend
TransparentBlt

comctl32

InitCommonControlsEx

shlwapi

PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
StrFormatKBSizeA
PathRemoveFileSpecW
ord12

uxtheme

DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
OpenThemeData
CloseThemeData
GetThemeColor
GetCurrentThemeName
GetThemePartSize
IsAppThemed
GetThemeSysColor
GetWindowTheme
DrawThemeText

oledlg

ord8

urlmon

CoInternetGetSession
CoInternetSetFeatureEnabled
CoInternetQueryInfo

wininet

InternetCrackUrlA
InternetOpenA
InternetQueryOptionA
InternetCloseHandle
InternetOpenUrlA
InternetGetConnectedState
InternetCanonicalizeUrlA
InternetReadFile
InternetWriteFile
InternetQueryDataAvailable
InternetGetLastResponseInfoA
InternetSetStatusCallback
InternetSetFilePointer

gdiplus

GdipDeleteGraphics
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImageGraphicsContext
GdipDisposeImage
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipBitmapUnlockBits

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

winspool.drv

DocumentPropertiesA
ClosePrinter
OpenPrinterA

Exports

Exports

?KeyboardProc@@YGJHIJ@Z
?MouseProc@@YGJHIJ@Z
?installKbdHook@@YGHPAUHINSTANCE__@@@Z
?installMouseHook@@YGHPAUHINSTANCE__@@@Z

Sections

.text
Size: 1.9MB - Virtual size: 1.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 469KB - Virtual size: 468KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 546KB - Virtual size: 545KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
LiveScreensaverCreator.exe
.exe windows:6 windows x86 arch:x86

daf574f3040b477b1ee15e12a0c73af8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtectEx
GetLastError
CreateMutexA
ContinueDebugEvent
ResumeThread
OutputDebugStringA
OutputDebugStringW
SetThreadContext
GetThreadContext
WaitForDebugEvent
WriteProcessMemory
UnmapViewOfFile
InitializeCriticalSection
FreeConsole
CreateThread
SuspendThread
DebugActiveProcess
SetEnvironmentVariableA
GetCurrentProcessId
MapViewOfFile
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
GetVersionExA
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
SetLastError
ReleaseMutex
WaitForSingleObject
OpenMutexA
SetErrorMode
GetShortPathNameA
GetModuleFileNameA
GetShortPathNameW
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
SetFilePointer
CreateFileA
ExitProcess
GetLocalTime
MultiByteToWideChar
SearchPathA
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetWindowsDirectoryA
GetPrivateProfileStringA
EnterCriticalSection
DeleteFileA
MoveFileA
CreateProcessA
GetStartupInfoA
GetCommandLineA
GetCurrentThreadId
ReadFile
GetFileSize
GetProcessHeap
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
LoadLibraryW
FreeLibrary
SetConsoleCtrlHandler
FatalAppExitA
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetLocaleInfoW
GetStdHandle
WriteFile
IsProcessorFeaturePresent
CompareStringW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
LCMapStringW
HeapAlloc
GetDateFormatA
GetTimeFormatA
GetModuleHandleW
HeapFree
GetSystemTimeAsFileTime
GetStartupInfoW
RaiseException
RtlUnwind
ReadProcessMemory
LeaveCriticalSection
GetExitCodeProcess
GetCurrentThread
SetThreadPriority
Sleep
GetTickCount
VirtualQueryEx
CreateEventA
SetEvent
CloseHandle
GetModuleHandleA
WritePrivateProfileStringA
GetCommandLineW
FormatMessageA
LocalFree
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
DeleteCriticalSection
SetEndOfFile
SetFilePointerEx
CreateFileW
FindClose
RemoveDirectoryW
DeleteFileW
DeviceIoControl
GetFullPathNameW
FindFirstFileW
FindNextFileW
GetFileAttributesW
CreateDirectoryExW
CopyFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
GetFileTime
SetFileTime
MoveFileExW
GetDiskFreeSpaceExW
CreateDirectoryW
AreFileApisANSI

user32

BeginPaint
EndPaint
KillTimer
GetAsyncKeyState
DefDlgProcA
DrawTextA
CreateDialogParamA
RegisterClassExA
DialogBoxParamA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
InSendMessage
UnpackDDElParam
DefWindowProcW
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageW
PeekMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
LoadStringA
LoadStringW
FindWindowA
DestroyWindow
GetDesktopWindow
GetSystemMetrics
MoveWindow
SendMessageA
SetPropA
EnumThreadWindows
GetPropA
WaitForInputIdle
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
FreeDDElParam

gdi32

SelectObject
BitBlt
DeleteObject
CreatePalette
CreateDCA
SelectPalette
RealizePalette
CreateDIBitmap
DeleteDC
CreateCompatibleDC

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

SHGetSpecialFolderPathA

Sections

.qezich
Size: - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.dosr
Size: 396KB - Virtual size: 394KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.ebimc
Size: - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lbjwa
Size: 760KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.uwzxec
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.riyatd
Size: 132KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.aqftlu
Size: 3.7MB - Virtual size: 3.8MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.hnwvi
Size: 164KB - Virtual size: 204KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Setup.e32
.exe windows:6 windows x86 arch:x86

8507116e3d0e7e02e36e7dc5b8aa1af8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

mpr

WNetEnumResourceW
WNetGetUniversalNameW
WNetGetConnectionW
WNetCloseEnum
WNetOpenEnumW

comdlg32

GetSaveFileNameW
GetOpenFileNameW

comctl32

FlatSB_SetScrollInfo
InitCommonControls
ImageList_DragMove
ImageList_Destroy
_TrackMouseEvent
ImageList_DragShowNolock
ImageList_Add
FlatSB_SetScrollProp
ImageList_GetDragImage
ImageList_Create
ImageList_EndDrag
ImageList_DrawEx
ImageList_SetImageCount
FlatSB_GetScrollPos
FlatSB_SetScrollPos
InitializeFlatSB
FlatSB_GetScrollInfo
ImageList_Write
ImageList_SetBkColor
ImageList_GetBkColor
ImageList_BeginDrag
ImageList_GetIcon
ImageList_GetImageCount
ImageList_DragEnter
ImageList_GetIconSize
ImageList_SetIconSize
ImageList_Read
ImageList_DragLeave
ImageList_Draw
ImageList_Remove

shell32

SHBrowseForFolderW
SHGetMalloc
SHGetFileInfoW
SHChangeNotify
Shell_NotifyIconW
ShellExecuteW
SHGetPathFromIDListW
ShellExecuteExW

user32

CopyImage
CreateWindowExW
GetMenuItemInfoW
SetMenuItemInfoW
DefFrameProcW
GetDCEx
GetMessageW
PeekMessageW
MonitorFromWindow
GetDlgCtrlID
ScrollWindowEx
SetTimer
WindowFromPoint
BeginPaint
RegisterClipboardFormatW
FrameRect
MapVirtualKeyW
OffsetRect
IsWindowUnicode
RegisterWindowMessageW
FillRect
GetMenuStringW
DispatchMessageW
SendMessageA
DefMDIChildProcW
EnumWindows
GetClassInfoW
GetSystemMenu
WaitForInputIdle
ShowOwnedPopups
GetScrollRange
GetScrollPos
SetScrollPos
GetActiveWindow
SetActiveWindow
DrawEdge
InflateRect
GetKeyboardLayoutList
OemToCharBuffA
LoadBitmapW
DrawFocusRect
EnumChildWindows
GetScrollBarInfo
SendNotifyMessageW
ReleaseCapture
UnhookWindowsHookEx
LoadCursorW
GetCapture
SetCapture
CreatePopupMenu
ScrollWindow
ShowCaret
GetMenuItemID
GetLastActivePopup
CharLowerBuffW
GetSystemMetrics
SetWindowLongW
PostMessageW
DrawMenuBar
SetParent
IsZoomed
CharUpperBuffW
GetClientRect
IsChild
ClientToScreen
SetWindowPlacement
IsIconic
CallNextHookEx
GetMonitorInfoW
ShowWindow
CheckMenuItem
CharUpperW
DefWindowProcW
GetForegroundWindow
SetForegroundWindow
GetWindowTextW
EnableWindow
DestroyWindow
IsDialogMessageW
EndMenu
RegisterClassW
CharNextW
GetWindowThreadProcessId
RedrawWindow
GetDC
GetFocus
SetFocus
EndPaint
ExitWindowsEx
ReleaseDC
MsgWaitForMultipleObjectsEx
LoadKeyboardLayoutW
GetClassLongW
ActivateKeyboardLayout
GetParent
CharToOemBuffA
DrawTextW
SetScrollRange
InsertMenuItemW
PeekMessageA
GetPropW
SetClassLongW
MessageBoxW
MessageBeep
SetPropW
SetRectEmpty
UpdateWindow
RemovePropW
GetSubMenu
MsgWaitForMultipleObjects
DestroyMenu
DestroyIcon
SetWindowsHookExW
IsWindowVisible
DispatchMessageA
UnregisterClassW
GetTopWindow
SendMessageW
AdjustWindowRectEx
DrawIcon
IsWindow
EnumThreadWindows
InvalidateRect
GetKeyboardState
DrawFrameControl
ScreenToClient
SendMessageTimeoutW
BringWindowToTop
SetCursor
CreateIcon
CreateMenu
LoadStringW
CharLowerW
SetWindowPos
SetWindowRgn
GetMenuItemCount
RemoveMenu
AppendMenuW
GetSysColorBrush
GetKeyboardLayoutNameW
GetWindowDC
TranslateMessage
DrawTextExW
MapWindowPoints
EnumDisplayMonitors
CallWindowProcW
DestroyCursor
ReplyMessage
GetScrollInfo
SetWindowTextW
GetMessageExtraInfo
EnableScrollBar
GetSysColor
TrackPopupMenu
DrawIconEx
PostQuitMessage
GetClassNameW
ShowScrollBar
EnableMenuItem
GetIconInfo
GetMessagePos
LoadImageW
SetScrollInfo
GetKeyNameTextW
GetDesktopWindow
GetCursorPos
SetCursorPos
HideCaret
GetMenu
GetMenuState
SetMenu
SetRect
GetKeyState
FindWindowExW
MonitorFromPoint
SystemParametersInfoW
LoadIconW
GetCursor
GetWindow
GetWindowLongW
GetWindowRect
InsertMenuW
KillTimer
WaitMessage
IsWindowEnabled
IsDialogMessageA
TranslateMDISysAccel
GetWindowPlacement
FindWindowW
DeleteMenu
GetKeyboardLayout

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

oleaut32

SafeArrayPutElement
LoadTypeLib
GetErrorInfo
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
SafeArrayCreate
SafeArrayGetElement
GetActiveObject
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
VariantCopy
RegisterTypeLib
VariantChangeType
VariantCopyInd

advapi32

RegSetValueExW
ConvertStringSecurityDescriptorToSecurityDescriptorW
OpenThreadToken
GetUserNameW
RegQueryInfoKeyW
EqualSid
GetTokenInformation
RegCreateKeyExW
SetSecurityDescriptorDacl
RegEnumKeyExW
AdjustTokenPrivileges
RegDeleteKeyW
LookupPrivilegeValueW
RegOpenKeyExW
OpenProcessToken
FreeSid
AllocateAndInitializeSid
RegDeleteValueW
RegFlushKey
RegEnumValueW
RegQueryValueExW
ConvertSidToStringSidW
RegCloseKey
InitializeSecurityDescriptor

netapi32

NetWkstaGetInfo
NetApiBufferFree

msvcrt

memcpy

winhttp

WinHttpGetIEProxyConfigForCurrentUser
WinHttpSetTimeouts
WinHttpSetStatusCallback
WinHttpConnect
WinHttpReceiveResponse
WinHttpQueryAuthSchemes
WinHttpGetProxyForUrl
WinHttpReadData
WinHttpCloseHandle
WinHttpQueryHeaders
WinHttpOpenRequest
WinHttpAddRequestHeaders
WinHttpOpen
WinHttpWriteData
WinHttpSetCredentials
WinHttpQueryDataAvailable
WinHttpSetOption
WinHttpSendRequest
WinHttpQueryOption

kernel32

SetFileAttributesW
SetFileTime
GetACP
GetExitCodeProcess
IsBadWritePtr
CloseHandle
LocalFree
GetCurrentProcessId
SizeofResource
VirtualProtect
TerminateThread
QueryPerformanceFrequency
IsDebuggerPresent
FindNextFileW
GetFullPathNameW
VirtualFree
HeapAlloc
ExitProcess
WriteProfileStringW
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetTimeZoneInformation
FileTimeToLocalFileTime
GetModuleHandleW
FreeLibrary
HeapDestroy
CompareFileTime
ReadFile
CreateProcessW
TransactNamedPipe
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
OpenMutexW
CreateThread
CompareStringW
CopyFileW
CreateMutexW
LoadLibraryA
ResetEvent
MulDiv
FreeResource
GetDriveTypeW
GetVersion
RaiseException
MoveFileW
GlobalAddAtomW
GetSystemTimeAsFileTime
FormatMessageW
OpenProcess
SwitchToThread
GetExitCodeThread
OutputDebugStringW
GetCurrentThread
GetLogicalDrives
LocalFileTimeToFileTime
SetNamedPipeHandleState
LoadLibraryExW
TerminateProcess
LockResource
FileTimeToSystemTime
GetShortPathNameW
GetCurrentThreadId
UnhandledExceptionFilter
MoveFileExW
GlobalFindAtomW
VirtualQuery
GlobalFree
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
ReleaseMutex
FlushFileBuffers
LoadResource
SuspendThread
GetTickCount
WritePrivateProfileStringW
GetFileSize
GlobalDeleteAtom
GetStartupInfoW
GetFileAttributesW
GetCurrentDirectoryW
SetCurrentDirectoryW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
GetCurrentProcess
SetThreadPriority
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
DeviceIoControl
LCMapStringW
GetDiskFreeSpaceW
VerSetConditionMask
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
lstrcmpW
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetEnvironmentVariableW
GetLocalTime
WaitForSingleObject
WriteFile
CreateNamedPipeW
ExitThread
DeleteCriticalSection
GetDateFormatW
TlsGetValue
SetErrorMode
GetComputerNameW
IsValidLocale
TlsSetValue
CreateDirectoryW
GetOverlappedResult
GetSystemDefaultUILanguage
EnumCalendarInfoW
GetProfileStringW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
IsDBCSLeadByte
CreateEventW
GetPrivateProfileStringW
WaitForMultipleObjectsEx
GetThreadLocale
SetThreadLocale

ole32

StgCreateDocfileOnILockBytes
CoCreateInstance
CLSIDFromString
CoUninitialize
IsEqualGUID
OleInitialize
CoFreeUnusedLibraries
CreateILockBytesOnHGlobal
CLSIDFromProgID
OleUninitialize
CoDisconnectObject
CoInitialize
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID

gdi32

Arc
Pie
SetBkMode
SelectPalette
CreateCompatibleBitmap
ExcludeClipRect
RectVisible
SetWindowOrgEx
MaskBlt
AngleArc
Chord
SetTextColor
StretchBlt
SetDIBits
SetViewportOrgEx
CreateRectRgn
RealizePalette
SetDIBColorTable
GetDIBColorTable
RoundRect
RestoreDC
SetRectRgn
GetTextMetricsW
RemoveFontResourceW
GetWindowOrgEx
CreatePalette
CreateBrushIndirect
PatBlt
LineDDA
PolyBezierTo
GetStockObject
CreateSolidBrush
Polygon
Rectangle
MoveToEx
DeleteDC
SaveDC
BitBlt
Ellipse
FrameRgn
GetDeviceCaps
GetBitmapBits
GetTextExtentPoint32W
GetClipBox
Polyline
IntersectClipRect
GetSystemPaletteEntries
CreateBitmap
AddFontResourceW
CreateDIBitmap
GetStretchBltMode
CreateDIBSection
CreatePenIndirect
SetStretchBltMode
GetDIBits
CreateFontIndirectW
PolyBezier
LineTo
GetRgnBox
EnumFontsW
CreateHalftonePalette
DeleteObject
SelectObject
ExtFloodFill
UnrealizeObject
SetBkColor
CreateCompatibleDC
GetObjectW
GetBrushOrgEx
GetCurrentPositionEx
SetROP2
GetTextExtentPointW
ExtTextOutW
SetBrushOrgEx
GetPixel
ArcTo
GdiFlush
SetPixel
EnumFontFamiliesExW
GetPaletteEntries

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 2.8MB - Virtual size: 2.8MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 30KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 151B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 76B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 233KB - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SetupLdr.e32
.exe windows:6 windows x86 arch:x86

e569e6f445d32ba23766ad67d1e3787f

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

kernel32

GetACP
GetExitCodeProcess
LocalFree
CloseHandle
SizeofResource
VirtualProtect
VirtualFree
GetFullPathNameW
ExitProcess
HeapAlloc
GetCPInfoExW
RtlUnwind
GetCPInfo
GetStdHandle
GetModuleHandleW
FreeLibrary
HeapDestroy
ReadFile
CreateProcessW
GetLastError
GetModuleFileNameW
SetLastError
FindResourceW
CreateThread
CompareStringW
LoadLibraryA
ResetEvent
GetVersion
RaiseException
FormatMessageW
SwitchToThread
GetExitCodeThread
GetCurrentThread
LoadLibraryExW
LockResource
GetCurrentThreadId
UnhandledExceptionFilter
VirtualQuery
VirtualQueryEx
Sleep
EnterCriticalSection
SetFilePointer
LoadResource
SuspendThread
GetTickCount
GetFileSize
GetStartupInfoW
GetFileAttributesW
InitializeCriticalSection
GetSystemWindowsDirectoryW
GetThreadPriority
SetThreadPriority
GetCurrentProcess
VirtualAlloc
GetSystemInfo
GetCommandLineW
LeaveCriticalSection
GetProcAddress
ResumeThread
GetVersionExW
VerifyVersionInfoW
HeapCreate
GetWindowsDirectoryW
VerSetConditionMask
GetDiskFreeSpaceW
FindFirstFileW
GetUserDefaultUILanguage
lstrlenW
QueryPerformanceCounter
SetEndOfFile
HeapFree
WideCharToMultiByte
FindClose
MultiByteToWideChar
LoadLibraryW
SetEvent
CreateFileW
GetLocaleInfoW
GetSystemDirectoryW
DeleteFileW
GetLocalTime
GetEnvironmentVariableW
WaitForSingleObject
WriteFile
ExitThread
DeleteCriticalSection
TlsGetValue
GetDateFormatW
SetErrorMode
IsValidLocale
TlsSetValue
CreateDirectoryW
GetSystemDefaultUILanguage
EnumCalendarInfoW
LocalAlloc
GetUserDefaultLangID
RemoveDirectoryW
CreateEventW
SetThreadLocale
GetThreadLocale

comctl32

InitCommonControls

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

user32

CreateWindowExW
TranslateMessage
CharLowerBuffW
CallWindowProcW
CharUpperW
PeekMessageW
GetSystemMetrics
SetWindowLongW
MessageBoxW
DestroyWindow
CharUpperBuffW
CharNextW
MsgWaitForMultipleObjects
LoadStringW
ExitWindowsEx
DispatchMessageW

oleaut32

SysAllocStringLen
SafeArrayPtrOfIndex
VariantCopy
SafeArrayGetLBound
SafeArrayGetUBound
VariantInit
VariantClear
SysFreeString
SysReAllocStringLen
VariantChangeType
SafeArrayCreate

netapi32

NetWkstaGetInfo
NetApiBufferFree

advapi32

ConvertStringSecurityDescriptorToSecurityDescriptorW
RegQueryValueExW
AdjustTokenPrivileges
GetTokenInformation
ConvertSidToStringSidW
LookupPrivilegeValueW
RegCloseKey
OpenProcessToken
RegOpenKeyExW

Exports

Exports

TMethodImplementationIntercept
__dbk_fcall_wrapper
dbkFCallWrapperAddr

Sections

.text
Size: 718KB - Virtual size: 718KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 27KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.didata
Size: 512B - Virtual size: 420B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 512B - Virtual size: 154B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: - Virtual size: 24B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 93B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 68KB - Virtual size: 68KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
WizModernImage-IS.bmp
WizModernSmallImage-IS.bmp
icon.ico
islzma.dll
.dll windows:4 windows x86 arch:x86

2fd0852a33777f73fc5472bdc76fe193

Code Sign

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:81:d0:0b:a4:4e:10:4d:30:d3:86:3c:53:22:42:ec
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

18-02-2020 19:50

Not After

16-02-2021 14:11

Subject

CN=Open Source Developer\, Martijn Laan,O=Open Source Developer,L=Aalsmeer,ST=Noord-Holland,C=NL,1.2.840.113549.1.9.1=#0c146d6c61616e406a72736f6674776172652e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6b:32:6a:0f:03:28:d3:7a:1d:53:0b:fd:23:bd:48:e2
Certificate

Issuer

CN=Certum Trusted Network CA,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

29-10-2015 11:30

Not After

09-06-2027 11:30

Subject

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:81:d0:0b:a4:4e:10:4d:30:d3:86:3c:53:22:42:ec
Certificate

Issuer

CN=Certum Code Signing CA SHA2,OU=Certum Certification Authority,O=Unizeto Technologies S.A.,C=PL

Not Before

18-02-2020 19:50

Not After

16-02-2021 14:11

Subject

CN=Open Source Developer\, Martijn Laan,O=Open Source Developer,L=Aalsmeer,ST=Noord-Holland,C=NL,1.2.840.113549.1.9.1=#0c146d6c61616e406a72736f6674776172652e6f7267

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:1a:35:72:30:15:82:63:30:d0:13:71:7e:82:41:08
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

02-05-2019 00:00

Not After

01-08-2030 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #1,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5c:47:9b:03:fc:ca:67:16:4b:6c:0b:a7:95:2a:92:73:03:86:27:92:1d:0b:df:31:b5:2f:81:22:6b:7a:47:41
Signer

Actual PE Digest

5c:47:9b:03:fc:ca:67:16:4b:6c:0b:a7:95:2a:92:73:03:86:27:92:1d:0b:df:31:b5:2f:81:22:6b:7a:47:41

Digest Algorithm

sha256

PE Digest Matches

true

3d:e2:11:89:fe:81:62:a3:31:6a:2c:4c:4f:42:96:f4:18:bf:aa:3c
Signer

Actual PE Digest

3d:e2:11:89:fe:81:62:a3:31:6a:2c:4c:4f:42:96:f4:18:bf:aa:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

VirtualAlloc
VirtualFree
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
WaitForSingleObject
SetEvent
InitializeCriticalSection
CreateEventA
CreateSemaphoreA
ReleaseSemaphore
GetLastError
ResetEvent
CloseHandle
HeapFree
HeapAlloc
ExitThread
GetCurrentThreadId
CreateThread
GetCommandLineA
GetVersionExA
GetProcessHeap
HeapDestroy
HeapCreate
HeapReAlloc
GetProcAddress
GetModuleHandleA
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
Sleep
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
RtlUnwind
LoadLibraryA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapSize
MultiByteToWideChar
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW

Exports

Exports

LZMA_Encode3
LZMA_End3
LZMA_Init3
LZMA_SetProps3

Sections

.text
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 176B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
ss.exe
.exe windows:6 windows x86 arch:x86

059f920960305a27dbc881f03a420ad3

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

25-10-2022 00:00

Not After

24-10-2025 23:59

Subject

SERIALNUMBER=04240305,CN=Finalhit Limited,O=Finalhit Limited,ST=East Sussex,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

25-10-2022 00:00

Not After

24-10-2025 23:59

Subject

SERIALNUMBER=04240305,CN=Finalhit Limited,O=Finalhit Limited,ST=East Sussex,C=GB,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024742

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

11-05-2022 00:00

Not After

10-08-2033 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #3,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

63:fe:fe:05:25:88:ca:20:7f:f7:b7:b7:c1:fc:b0:70:f6:25:f6:bf:ae:7d:d3:de:af:ce:57:6d:f2:02:8c:46
Signer

Actual PE Digest

63:fe:fe:05:25:88:ca:20:7f:f7:b7:b7:c1:fc:b0:70:f6:25:f6:bf:ae:7d:d3:de:af:ce:57:6d:f2:02:8c:46

Digest Algorithm

sha256

PE Digest Matches

true

91:5e:e6:a6:9b:2b:b1:6e:bb:6b:4a:c5:00:c2:b4:4e:ec:a9:e4:b1
Signer

Actual PE Digest

91:5e:e6:a6:9b:2b:b1:6e:bb:6b:4a:c5:00:c2:b4:4e:ec:a9:e4:b1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

powrprof

CallNtPowerInformation

winmm

PlaySoundA
timeGetTime
midiOutGetVolume
mciSendStringA
mciGetErrorStringA
mciSendCommandA
midiOutClose
midiOutSetVolume
midiOutOpen

msvfw32

DrawDibDraw
DrawDibClose
DrawDibOpen

kernel32

GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
VirtualProtect
GetOEMCP
GetCPInfo
GetACP
FindResourceExW
VerSetConditionMask
VerifyVersionInfoA
GetTickCount64
GetProfileIntA
SearchPathA
CreateEventW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetSystemTimeAsFileTime
LocalReAlloc
GetTimeZoneInformation
GetStdHandle
HeapQueryInformation
SetStdHandle
GetFullPathNameW
VirtualQuery
VirtualAlloc
ExitProcess
GetCommandLineW
GetModuleHandleExW
FreeLibraryAndExitThread
ExitThread
PeekNamedPipe
GetFileType
GetDriveTypeW
CreateFileW
GetConsoleCP
RtlUnwind
GetStringTypeW
RaiseException
OutputDebugStringW
GlobalFlags
GlobalHandle
GlobalReAlloc
TlsSetValue
TlsGetValue
TlsAlloc
LocalAlloc
InitializeCriticalSectionAndSpinCount
GetPrivateProfileIntA
GetCurrentThread
GetFileSizeEx
GetFileAttributesExA
FileTimeToLocalFileTime
SetThreadPriority
CompareStringA
GlobalGetAtomNameA
GlobalFindAtomA
GlobalAddAtomA
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetSystemDirectoryW
TlsFree
GetCurrentThreadId
EncodePointer
lstrcmpA
GetThreadLocale
LoadLibraryW
GetModuleHandleW
GetModuleFileNameW
GetCurrentProcess
DuplicateHandle
OutputDebugStringA
UnlockFile
LockFile
FlushFileBuffers
SetLastError
CopyFileA
GlobalSize
SetErrorMode
GetFileTime
GetSystemTime
GetCurrentProcessId
GetPrivateProfileStringA
lstrcmpiA
RemoveDirectoryA
SetFileAttributesA
DeleteFileA
OpenProcess
FindClose
FindNextFileA
TerminateProcess
FindFirstFileA
SetEndOfFile
SetFilePointer
WriteFile
MulDiv
GlobalUnlock
CreateEventA
GlobalLock
ResetEvent
GlobalFree
GlobalAlloc
SetEvent
ResumeThread
InitializeCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
CreateProcessA
lstrcpyA
lstrcatA
lstrlenA
CreateDirectoryA
FreeLibrary
LoadLibraryA
OpenMutexA
WaitForMultipleObjects
CreateThread
GetDateFormatA
GetLocaleInfoA
GetTimeFormatA
GetFileSize
ReadFile
QueryPerformanceCounter
GetSystemInfo
QueryPerformanceFrequency
MapViewOfFile
OpenFileMappingA
CreateFileMappingA
GetProcAddress
GetSystemWow64DirectoryA
GetWindowsDirectoryA
WritePrivateProfileStringA
GetVersionExA
GetSystemDirectoryA
GetFileAttributesA
Sleep
GetModuleHandleA
UnmapViewOfFile
GetCurrentDirectoryA
ReleaseMutex
CreateMutexA
SystemTimeToTzSpecificLocalTime
FileTimeToSystemTime
GetFileInformationByHandle
GetCommandLineA
GetVolumeInformationA
GetShortPathNameA
GetTickCount
FreeResource
GetTempFileNameA
CloseHandle
GetTempPathA
WaitForSingleObject
FindResourceA
GetFullPathNameA
FormatMessageA
WideCharToMultiByte
GetLongPathNameA
GetProcessHeap
DeleteCriticalSection
LocalFree
DecodePointer
HeapAlloc
FindResourceW
LoadResource
HeapReAlloc
LockResource
CreateFileA
GetLastError
HeapSize
InitializeCriticalSectionEx
HeapFree
SizeofResource
GetModuleFileNameA
GetConsoleMode
SetConsoleMode
ReadConsoleInputW
ReadConsoleW
CompareStringW
LCMapStringW
SetFilePointerEx
WriteConsoleW
GetConsoleOutputCP
GetCurrentDirectoryW
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
InitializeSListHead

user32

CreateDialogIndirectParamA
IsDialogMessageA
SetWindowTextA
IsWindowEnabled
SendDlgItemMessageA
CheckDlgButton
SetDlgItemTextA
MoveWindow
MonitorFromWindow
WinHelpA
GetScrollInfo
SetScrollInfo
CallNextHookEx
SetWindowsHookExA
GetLastActivePopup
GetTopWindow
GetClassNameA
GetClassLongA
SetWindowLongA
GetWindowLongA
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetFocus
SetFocus
GetDlgCtrlID
GetDlgItem
IsIconic
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
SetWindowPlacement
GetWindowPlacement
IsChild
IsMenu
GetClassInfoExA
GetClassInfoA
RegisterClassA
CallWindowProcA
GetMessageTime
GetMessagePos
EndDialog
ClientToScreen
EndPaint
BeginPaint
TabbedTextOutA
GrayStringA
UnhookWindowsHookEx
CharUpperA
RemoveMenu
AppendMenuA
InsertMenuA
GetNextDlgGroupItem
GetMenuItemID
GetSubMenu
GetMenuState
GetMenuStringA
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
DrawTextExA
DrawTextA
GetCursor
OffsetRect
GetWindow
WaitForInputIdle
GetForegroundWindow
FindWindowA
SetForegroundWindow
IsWindowVisible
FillRect
GetDesktopWindow
InflateRect
GetDC
CreatePopupMenu
GetMenuDefaultItem
DrawFocusRect
DrawIconEx
GetIconInfo
EnableScrollBar
HideCaret
InvertRect
CopyIcon
MessageBeep
IsWindow
GetSysColor
SetCursor
GetClientRect
GetSysColorBrush
PtInRect
GetCursorPos
GetWindowThreadProcessId
UnionRect
RegisterWindowMessageA
GetCapture
ValidateRect
MessageBoxA
GetUpdateRect
InvalidateRect
IsRectEmpty
SetCapture
GetNextDlgTabItem
WindowFromPoint
SetRectEmpty
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
SetMenuItemInfoA
LoadBitmapW
GetMessageA
TranslateMessage
IntersectRect
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
RealChildWindowFromPoint
ReleaseCapture
GetActiveWindow
DestroyMenu
GetMenuItemInfoA
CopyImage
GetAsyncKeyState
TrackMouseEvent
DestroyIcon
LoadImageW
DeleteMenu
SetTimer
KillTimer
WaitMessage
LoadCursorW
CharNextA
CopyAcceleratorTableA
DispatchMessageA
NotifyWinEvent
MapVirtualKeyA
IsZoomed
GetKeyNameTextA
SetLayeredWindowAttributes
DrawStateA
SetClassLongA
SetWindowRgn
SetParent
DrawEdge
DrawFrameControl
InvalidateRgn
UnregisterClassA
ReleaseDC
UpdateWindow
RegisterClassExA
GetParent
LoadIconA
GetWindowDC
SendMessageA
CreateWindowExA
DefWindowProcA
ShowWindow
SetWindowPos
DestroyWindow
LoadCursorA
GetWindowRect
PostQuitMessage
SetRect
PeekMessageA
SystemParametersInfoA
GetMonitorInfoA
GetSystemMetrics
EnumDisplayMonitors
PostMessageA
LoadImageA
EnableWindow
LoadIconW
ScreenToClient
GetKeyState
CopyRect
DestroyCursor
GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcA
DefFrameProcA
DrawMenuBar
CharUpperBuffA
ModifyMenuA
GetDoubleClickTime
SetMenuDefaultItem
LockWindowUpdate
DestroyAcceleratorTable
CreateAcceleratorTableA
LoadAcceleratorsW
ToAsciiEx
GetKeyboardState
MapVirtualKeyExA
IsCharLowerA
GetKeyboardLayout
PostThreadMessageA
GetComboBoxInfo
MonitorFromPoint
UpdateLayeredWindow
RegisterClipboardFormatA
ReuseDDElParam
UnpackDDElParam
InsertMenuItemA
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
DrawIcon
FrameRect
SetCursorPos
BringWindowToTop
GetSystemMenu
LoadMenuW
GetMenuItemCount

gdi32

TextOutA
CreateRectRgn
CreateRectRgnIndirect
GetStockObject
CreateSolidBrush
DeleteDC
OffsetRgn
CreatePolygonRgn
GetBkColor
GetCurrentObject
GetTextColor
SetTextColor
GetBkMode
GetTextMetricsA
SetBkColor
SetDIBColorTable
CreateDIBSection
GetDIBits
GetPaletteEntries
StretchDIBits
DeleteEnhMetaFile
GetEnhMetaFileHeader
GetEnhMetaFilePaletteEntries
PlayEnhMetaFile
SetEnhMetaFileBits
SetWinMetaFileBits
CopyMetaFileA
CreateDCA
CreateHatchBrush
CreatePen
CreatePatternBrush
Escape
ExcludeClipRect
GetClipBox
GetObjectType
GetPixel
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
PtVisible
RectVisible
RestoreDC
SaveDC
ExtSelectClipRgn
SetMapMode
SetLayout
GetLayout
SetPolyFillMode
SetROP2
SetTextAlign
SelectClipRgn
MoveToEx
ExtTextOutA
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
GetMapMode
PatBlt
SetRectRgn
DPtoLP
GetTextExtentPoint32A
EnumFontFamiliesExA
GetNearestPaletteIndex
GetSystemPaletteEntries
CreateDIBitmap
EnumFontFamiliesA
GetTextCharsetInfo
CreateEllipticRgn
Ellipse
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
Rectangle
RoundRect
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceA
DeleteObject
CombineRgn
GetRgnBox
BitBlt
CreateCompatibleBitmap
StretchBlt
RealizePalette
SetBkMode
CreateFontIndirectA
CreateBitmap
SelectObject
CreateCompatibleDC
SetPixel
GetDeviceCaps
CreateHalftonePalette
CreatePalette
GetObjectA
SelectPalette
SetDIBitsToDevice

msimg32

TransparentBlt
AlphaBlend

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegSetValueExA
RegEnumKeyExA
RegEnumValueA
RegEnumKeyA
RegDeleteValueA
RegDeleteKeyA
RegCreateKeyExA
RegOpenKeyExA
RegQueryValueExA
RegQueryValueA
RegCloseKey

shell32

ShellExecuteA
SHGetFolderPathA
SHGetFileInfoA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHGetDesktopFolder
DragQueryFileA
DragFinish
SHBrowseForFolderA
SHAppBarMessage
ShellExecuteExA

comctl32

InitCommonControlsEx

shlwapi

PathStripPathA
PathIsUNCA
PathStripToRootA
PathFindExtensionA
PathFindFileNameA
UrlUnescapeA
StrFormatKBSizeA
PathRemoveFileSpecW

uxtheme

OpenThemeData
DrawThemeText
DrawThemeParentBackground
CloseThemeData
DrawThemeBackground
GetThemeColor
GetCurrentThemeName
IsThemeBackgroundPartiallyTransparent
GetWindowTheme
IsAppThemed
GetThemeSysColor
GetThemePartSize

ole32

CoRegisterMessageFilter
OleLockRunning
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoInitializeEx
CreateILockBytesOnHGlobal
StgOpenStorageOnILockBytes
RevokeDragDrop
StgCreateDocfileOnILockBytes
CoGetClassObject
CoDisconnectObject
CLSIDFromProgID
CLSIDFromString
CoCreateGuid
ReleaseStgMedium
OleDuplicateData
CoTaskMemAlloc
CoUninitialize
CreateStreamOnHGlobal
CoInitialize
CoTaskMemFree
CoCreateInstance
RegisterDragDrop
CoLockObjectExternal
OleGetClipboard
DoDragDrop
OleIsCurrentClipboard
OleFlushClipboard
CoFreeUnusedLibraries
OleInitialize
OleUninitialize
CoRevokeClassObject

oleaut32

VariantCopy
SysAllocStringByteLen
VarBstrFromDate
LoadTypeLi
OleCreateFontIndirect
SysAllocString
SafeArrayDestroy
SysFreeString
VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringLen
OleLoadPicture

oledlg

ord8

gdiplus

GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipDrawImageI
GdipGetImagePixelFormat
GdipCloneImage
GdiplusStartup
GdipFree
GdipAlloc
GdiplusShutdown
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipGetImagePalette
GdipGetImageGraphicsContext
GdipDisposeImage

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

wininet

InternetCanonicalizeUrlA
InternetCrackUrlA

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

Sections

.text
Size: 2.1MB - Virtual size: 2.1MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 551KB - Virtual size: 550KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 428KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
ussm.exe
.exe windows:6 windows x86 arch:x86

daf574f3040b477b1ee15e12a0c73af8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

VirtualProtectEx
GetLastError
CreateMutexA
ContinueDebugEvent
ResumeThread
OutputDebugStringA
OutputDebugStringW
SetThreadContext
GetThreadContext
WaitForDebugEvent
WriteProcessMemory
UnmapViewOfFile
InitializeCriticalSection
FreeConsole
CreateThread
SuspendThread
DebugActiveProcess
SetEnvironmentVariableA
GetCurrentProcessId
MapViewOfFile
DuplicateHandle
GetCurrentProcess
CreateFileMappingA
GetVersionExA
GetProcAddress
LoadLibraryA
GetEnvironmentVariableA
VirtualProtect
VirtualAlloc
SetLastError
ReleaseMutex
WaitForSingleObject
OpenMutexA
SetErrorMode
GetShortPathNameA
GetModuleFileNameA
GetShortPathNameW
GetModuleFileNameW
GlobalUnlock
GlobalLock
GlobalAlloc
WideCharToMultiByte
IsBadReadPtr
GlobalAddAtomA
GlobalAddAtomW
GlobalFree
GlobalGetAtomNameA
GlobalDeleteAtom
GlobalGetAtomNameW
SetFilePointer
CreateFileA
ExitProcess
GetLocalTime
MultiByteToWideChar
SearchPathA
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
GetWindowsDirectoryA
GetPrivateProfileStringA
EnterCriticalSection
DeleteFileA
MoveFileA
CreateProcessA
GetStartupInfoA
GetCommandLineA
GetCurrentThreadId
ReadFile
GetFileSize
GetProcessHeap
FlushFileBuffers
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
HeapReAlloc
GetStringTypeW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
GetTimeZoneInformation
LoadLibraryW
FreeLibrary
SetConsoleCtrlHandler
FatalAppExitA
IsValidCodePage
GetOEMCP
GetACP
QueryPerformanceCounter
HeapDestroy
HeapCreate
GetFileType
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
HeapSize
GetLocaleInfoW
GetStdHandle
WriteFile
IsProcessorFeaturePresent
CompareStringW
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
GetCPInfo
LCMapStringW
HeapAlloc
GetDateFormatA
GetTimeFormatA
GetModuleHandleW
HeapFree
GetSystemTimeAsFileTime
GetStartupInfoW
RaiseException
RtlUnwind
ReadProcessMemory
LeaveCriticalSection
GetExitCodeProcess
GetCurrentThread
SetThreadPriority
Sleep
GetTickCount
VirtualQueryEx
CreateEventA
SetEvent
CloseHandle
GetModuleHandleA
WritePrivateProfileStringA
GetCommandLineW
FormatMessageA
LocalFree
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
InterlockedExchange
DeleteCriticalSection
SetEndOfFile
SetFilePointerEx
CreateFileW
FindClose
RemoveDirectoryW
DeleteFileW
DeviceIoControl
GetFullPathNameW
FindFirstFileW
FindNextFileW
GetFileAttributesW
CreateDirectoryExW
CopyFileW
GetCurrentDirectoryW
SetCurrentDirectoryW
GetFileInformationByHandle
GetFileAttributesExW
GetFileTime
SetFileTime
MoveFileExW
GetDiskFreeSpaceExW
CreateDirectoryW
AreFileApisANSI

user32

BeginPaint
EndPaint
KillTimer
GetAsyncKeyState
DefDlgProcA
DrawTextA
CreateDialogParamA
RegisterClassExA
DialogBoxParamA
GetWindowTextLengthA
GetWindowTextA
SetWindowTextA
GetDlgItem
CreateDialogIndirectParamA
ShowWindow
UpdateWindow
InSendMessage
UnpackDDElParam
DefWindowProcW
DefWindowProcA
LoadCursorA
RegisterClassW
CreateWindowExW
RegisterClassA
CreateWindowExA
GetWindowThreadProcessId
SendMessageW
PeekMessageA
EnumWindows
IsWindowUnicode
PackDDElParam
PostMessageW
PostMessageA
IsWindow
LoadStringA
LoadStringW
FindWindowA
DestroyWindow
GetDesktopWindow
GetSystemMetrics
MoveWindow
SendMessageA
SetPropA
EnumThreadWindows
GetPropA
WaitForInputIdle
SetTimer
GetMessageA
TranslateMessage
DispatchMessageA
MessageBoxA
FreeDDElParam

gdi32

SelectObject
BitBlt
DeleteObject
CreatePalette
CreateDCA
SelectPalette
RealizePalette
CreateDIBitmap
DeleteDC
CreateCompatibleDC

comdlg32

GetOpenFileNameA
GetSaveFileNameA

shell32

SHGetSpecialFolderPathA

Sections

.xwptns
Size: - Virtual size: 2.4MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.xodyqr
Size: 604KB - Virtual size: 603KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.sbei
Size: - Virtual size: 177KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.fiobzx
Size: 760KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.qkadt
Size: 52KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.udrif
Size: 132KB - Virtual size: 256KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bgmt
Size: 4.6MB - Virtual size: 4.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.lbdvjf
Size: 168KB - Virtual size: 400KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

56a78d55f3f7af51443e58e0ce2fb5f6

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

57:79:c8:06:c5:7a:4d:1f:6e:b9:cb:e9:bc:27:68:17:49:0a:83:d8:69:8b:cd:16:9d:19:3f:37:8c:a3:b8:d7Signer

cd:a0:39:48:2f:ec:1e:44:86:01:4a:99:6d:63:6e:b6:ae:e1:50:74Signer

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 26KB - Virtual size: 26KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 1KB - Virtual size: 172KB

.ndata Size: - Virtual size: 196KB

.rsrc Size: 160KB - Virtual size: 159KB

059f920960305a27dbc881f03a420ad3

Code Sign

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43Certificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

57:79:c8:06:c5:7a:4d:1f:6e:b9:cb:e9:bc:27:68:17:49:0a:83:d8:69:8b:cd:16:9d:19:3f:37:8c:a3:b8:d7
Signer

cd:a0:39:48:2f:ec:1e:44:86:01:4a:99:6d:63:6e:b6:ae:e1:50:74
Signer

.text
Size: 26KB - Virtual size: 26KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 1KB - Virtual size: 172KB

.ndata
Size: - Virtual size: 196KB

.rsrc
Size: 160KB - Virtual size: 159KB

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

ba:83:9f:36:fe:98:68:14:fc:4a:c8:2d:c3:24:9d:e1
Certificate

90:39:7f:9a:d2:4a:3a:13:f2:bd:91:5f:08:38:a9:43
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

63:fe:fe:05:25:88:ca:20:7f:f7:b7:b7:c1:fc:b0:70:f6:25:f6:bf:ae:7d:d3:de:af:ce:57:6d:f2:02:8c:46
Signer

91:5e:e6:a6:9b:2b:b1:6e:bb:6b:4a:c5:00:c2:b4:4e:ec:a9:e4:b1
Signer

.text
Size: 2.1MB - Virtual size: 2.1MB

.rdata
Size: 551KB - Virtual size: 550KB

.data
Size: 31KB - Virtual size: 428KB

.rsrc
Size: 182KB - Virtual size: 182KB

.text
Size: 10KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 348B

.reloc
Size: 1024B - Virtual size: 972B

.text
Size: 8KB - Virtual size: 8KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 120B

.reloc
Size: 1024B - Virtual size: 662B