Sandboxie-Classic-x64-v5[.]68[.]3[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Sandboxie-Classic-x64-v5.68.3.exe
Size

2.9MB
MD5

6fb119ee67843d25f9ff460b62ab3c85
SHA1

aa94f9ecfc7973e6c471cd1d835bc2c2dead2258
SHA256

290dd23c8a3501b89d69ad2a3182b8bf02462d13335b1719b290cbfce700331c
SHA512

a08410cbf8577e237113d134e464be03c649e231c45ea30766744abc566b4f8e82f82fd8e28450ef6c9ac4d6829e6fed61083c94534e4f4d51729f3e1ccb13d2
SSDEEP

49152:vfwEguNs1E2L32/8Qs/j6kwBKcqDlHMEqqkE17KYlgguXXPmn7qYaWaeYYWnlL:vfwZ7Eeu8QsuHKbJHMVm+tDvmMWa5

Score

3^/10

Malware Config

Signatures

Unsigned PE 3 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

Sandboxie-Classic-x64-v5.68.3.exe
.exe windows:4 windows x86 arch:x86

Password: nucleAR

ab6770b0a8635b9d92a5838920cfe770

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

24:d2:d8:a2:64:70:06:47:81:1e:8f:72:e5:fa:8e:04:8d:5d:37:5f:30:92:53:90:d5:ca:58:aa:71:8b:91:3b
Signer

Actual PE Digest

24:d2:d8:a2:64:70:06:47:81:1e:8f:72:e5:fa:8e:04:8d:5d:37:5f:30:92:53:90:d5:ca:58:aa:71:8b:91:3b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileAttributesA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CompareFileTime
SearchPathA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
CreateDirectoryA
lstrcmpiA
GetTempPathA
GetCommandLineA
GetVersion
SetErrorMode
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
LoadLibraryA
SetFileTime
CloseHandle
GlobalFree
lstrcmpA
ExpandEnvironmentStringsA
GetExitCodeProcess
GlobalAlloc
WaitForSingleObject
ExitProcess
GetWindowsDirectoryA
GetProcAddress
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
ReadFile
FindClose
GetPrivateProfileStringA
WritePrivateProfileStringA
WriteFile
MulDiv
LoadLibraryExA
GetModuleHandleA
MultiByteToWideChar
FreeLibrary

user32

GetWindowRect
EnableMenuItem
GetSystemMenu
ScreenToClient
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetForegroundWindow
PostQuitMessage
RegisterClassA
EndDialog
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
OpenClipboard
TrackPopupMenu
SendMessageTimeoutA
GetDC
LoadImageA
GetDlgItem
FindWindowExA
IsWindow
SetClipboardData
SetWindowLongA
EmptyClipboard
SetTimer
CreateDialogParamA
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegDeleteValueA
SetFileSecurityA
RegOpenKeyExA
RegDeleteKeyA
RegEnumValueA
RegCloseKey
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_Destroy
ord17
ImageList_AddMasked

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 23KB - Virtual size: 23KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 108KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 29KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

Password: nucleAR

738dc9bb91549f627cf1953c2000e1d6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
MultiByteToWideChar
SetCurrentDirectoryA
GetPrivateProfileStringA
GetPrivateProfileIntA
GetModuleHandleA
lstrcmpiA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock

user32

GetDlgCtrlID
CloseClipboard
GetClipboardData
MapWindowPoints
LoadCursorA
GetClientRect
SetWindowRgn
LoadIconA
GetWindowLongA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
SetCursor
PtInRect
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
EnableMenuItem
DrawTextA
GetSystemMenu
OpenClipboard
LoadImageA

gdi32

SetTextColor
DeleteObject
CombineRgn
CreateRectRgn
GetDIBits
SelectObject
CreateCompatibleDC
GetObjectA

shell32

SHGetPathFromIDListA
ShellExecuteA
SHBrowseForFolderA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallType.ini
$PLUGINSDIR/KmdUtil.exe
.exe windows:6 windows x64 arch:x64

Password: nucleAR

e74127d0470ed67341494767b56b1a47

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:a3:cb:46:f9:db:0f:41:66:86:40:51:18:97:9b:a0:d0:b6:7e:d4:ef:89:13:25:8d:dd:bf:15:68:b1:c3:41
Signer

Actual PE Digest

a4:a3:cb:46:f9:db:0f:41:66:86:40:51:18:97:9b:a0:d0:b6:7e:d4:ef:89:13:25:8d:dd:bf:15:68:b1:c3:41

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\KmdUtil.pdb

Imports

ntdll

NtUnloadDriver
RtlUnwindEx
RtlPcToFileHeader
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitUnicodeString

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses

sbiedll

Sbie_snwprintf
SbieApi_Ioctl
SbieApi_Call
SbieApi_GetVersion
SbieApi_QueryConf
SbieApi_GetHomePath
SbieApi_LogMsgEx
SbieApi_IsBoxEnabled

kernel32

GetModuleFileNameW
LoadLibraryW
LocalAlloc
FormatMessageW
CloseHandle
GetCurrentProcess
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcessId
ExitProcess
TerminateProcess
ProcessIdToSessionId
OpenProcess
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
GetFileType
GetStartupInfoW
FreeLibrary
GetModuleHandleExW
SetLastError
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
LoadLibraryExW
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
SetFilePointerEx
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
RaiseException
CreateFileW
WriteConsoleW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLastError
GetCommandLineW
LocalFree
QueryPerformanceCounter
InitializeSListHead
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
Sleep

user32

SendMessageW
RegisterClassW
GetMessageW
MessageBoxW
CreateWindowExW
PostMessageW
DefWindowProcW
GetWindowLongW
DestroyWindow
ShowWindow
SetFocus
GetFocus
GetWindowRect
SystemParametersInfoW
LoadIconW
LoadCursorW
GetWindow
GetParent
GetDesktopWindow
DispatchMessageW

gdi32

CreateFontIndirectW
GetStockObject

advapi32

AdjustTokenPrivileges
CopySid
GetAce
GetSecurityDescriptorDacl
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
ConvertSidToStringSidW
ConvertStringSidToSidW
RegCreateKeyExW
CloseServiceHandle
LookupPrivilegeValueW
RegDeleteKeyW
OpenProcessToken
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
RegSetValueExW
RegOpenKeyExW
RegCloseKey

shell32

CommandLineToArgvW

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

Password: nucleAR

4e5f0ae8071ae04cdb537283701198ff

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetACP
GlobalFree
GetModuleHandleA
lstrcpynA
lstrcmpA
MulDiv
GlobalAlloc
lstrlenA
lstrcpyA

user32

SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
SetWindowTextA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

DeleteObject
CreateFontIndirectA
GetDeviceCaps

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SbieDll.dll
.dll windows:6 windows x64 arch:x64

Password: nucleAR

d2ecec1c646e70038494a19c6b41eb06

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:7a:0d:67:04:b9:9c:25:7f:47:dc:93:5a:7c:ce:41:63:96:cb:21:63:c0:ca:27:bf:0d:0c:b3:9f:98:31:da
Signer

Actual PE Digest

2a:7a:0d:67:04:b9:9c:25:7f:47:dc:93:5a:7c:ce:41:63:96:cb:21:63:c0:ca:27:bf:0d:0c:b3:9f:98:31:da

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieDll.pdb

Imports

ntdll

RtlRestoreContext
NtSetInformationJobObject
NtAssignProcessToJobObject
NtOpenJobObject
NtCreateJobObject
RtlCaptureContext
NtUnmapViewOfSection
NtMapViewOfSection
RtlEqualSid
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlCreateAcl
NtAdjustPrivilegesToken
NtFilterToken
NtDuplicateObject
NtSetInformationToken
NtOpenThread
NtOpenProcess
RtlConvertSidToUnicodeString
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
NtQuerySecurityObject
RtlNtStatusToDosError
NtProtectVirtualMemory
NtLoadDriver
LdrQueryImageFileExecutionOptions
LdrQueryProcessModuleInformation
LdrUnloadDll
LdrLoadDll
NtYieldExecution
NtNotifyChangeMultipleKeys
NtNotifyChangeKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtSaveKey
NtLoadKey2
NtLoadKey
NtDeleteKey
NtSetInformationKey
NtQueryKey
NtImpersonateAnonymousToken
NtImpersonateThread
NtDuplicateToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenSection
NtCreateSection
NtOpenSemaphore
NtCreateSemaphore
NtOpenMutant
NtCreateMutant
NtOpenEvent
NtCreateEvent
NtCreateSymbolicLinkObject
NtImpersonateClientOfPort
NtSecureConnectPort
NtCreatePort
NtQueryDirectoryObject
NtCreateDirectoryObject
RtlUnicodeStringToAnsiString
NtOpenProcessToken
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitString
NtQueryInformationProcess
NtSetInformationThread
RtlSetThreadErrorMode
RtlGetFullPathName_U
RtlSetCurrentDirectory_U
RtlGetCurrentDirectory_U
NtNotifyChangeDirectoryFile
NtWaitForSingleObject
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlCompareUnicodeString
NtQuerySystemInformation
NtSetInformationProcess
NtQueryVolumeInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
NtDeviceIoControlFile
NtWriteFile
NtReadFile
NtDeleteFile
NtSetInformationFile
NtQueryFullAttributesFile
NtQueryAttributesFile
NtQueryInformationFile
NtQueryDirectoryFile
NtOpenFile
NtCreateFile
NtOpenDirectoryObject
NtQueryObject
NtAllocateVirtualMemory
LdrGetProcedureAddress
NtDeleteValueKey
NtSetValueKey
NtEnumerateKey
NtCreateKey
NtOpenKey
NtQueryValueKey
RtlInitUnicodeString
NtRequestWaitReplyPort
NtRegisterThreadTerminatePort
NtConnectPort
NtClose
NtQueryVirtualMemory
NtReadVirtualMemory
_strlwr
__C_specific_handler
memcpy
memset
_wcsicmp
__chkstk
_wcsnicmp
towlower
wcsstr
wcschr
_itow
memmove
wcscpy_s
wcsncpy
_wcslwr
wcstol
_wtoi
wcsncmp
memcmp
wcsrchr
_ultow
wcstoul
_wtoi64
strchr
strncmp
wcsncpy_s
tolower
iswctype
strstr
_strnicmp

kernel32

GlobalFree
SetLocaleInfoW
SetLocaleInfoA
PostQueuedCompletionStatus
EnumResourceNamesW
FormatMessageW
LoadLibraryExW
GetVersionExW
GetLongPathNameW
GetFullPathNameW
WinExec
OpenProcess
CreateProcessA
TerminateProcess
QueueUserWorkItem
CreateFileA
SizeofResource
WriteProcessMemory
ReadProcessMemory
VirtualAllocEx
DuplicateHandle
GetProcessId
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetWindowsDirectoryW
HeapDestroy
HeapCreate
SetThreadPriority
GetExitCodeProcess
OpenEventW
DeleteCriticalSection
RaiseException
GlobalAddAtomW
SetThreadExecutionState
UnmapViewOfFile
MapViewOfFileEx
GetThreadTimes
SleepEx
GetTickCount64
FindResourceA
FindResourceW
LockResource
LoadResource
GlobalLock
GlobalUnlock
GlobalSize
GetConsoleWindow
SetConsoleTitleW
SetConsoleTitleA
GetConsoleTitleW
GetConsoleTitleA
AllocConsole
GetStartupInfoW
OpenThread
WaitForMultipleObjects
WideCharToMultiByte
GetSystemInfo
GetSystemWindowsDirectoryW
ReplaceFileW
MoveFileWithProgressW
MoveFileExW
GetPrivateProfileStringW
GetTickCount
QueueUserAPC
OpenMutexW
CreateMutexW
ReleaseMutex
TryEnterCriticalSection
GetFileSizeEx
GetFileAttributesW
DeleteFileW
CreateDirectoryW
GetEnvironmentVariableW
GetEnvironmentStringsW
QueryPerformanceFrequency
QueryPerformanceCounter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleA
ProcessIdToSessionId
GetCurrentProcessId
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
Sleep
OutputDebugStringW
IsDebuggerPresent
GetModuleFileNameW
CreateProcessW
CreateThread
ExitProcess
SetEnvironmentVariableW
GetCommandLineW
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
LoadLibraryW
GetModuleHandleW
FreeLibrary
ExpandEnvironmentStringsW
CreateEventW
WaitForSingleObject
GlobalAlloc
GetProcAddress
CloseHandle
SetFilePointerEx
ReadFile
CreateFileW
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
VirtualProtectEx
VirtualQueryEx
SetLastError

Exports

Exports

File_GetName
Key_GetName
SbieApi_Call
SbieApi_CheckInternetAccess
SbieApi_DisableForceProcess
SbieApi_EnumBoxes
SbieApi_EnumBoxesEx
SbieApi_EnumProcessEx
SbieApi_GetBlockedDll
SbieApi_GetFileName
SbieApi_GetHomePath
SbieApi_GetMessage
SbieApi_GetUnmountHive
SbieApi_GetVersion
SbieApi_GetVersionEx
SbieApi_HookTramp
SbieApi_Ioctl
SbieApi_IsBoxEnabled
SbieApi_Log
SbieApi_LogEx
SbieApi_LogMsgEx
SbieApi_LogMsgExt
SbieApi_MonitorControl
SbieApi_MonitorGetEx
SbieApi_MonitorPut
SbieApi_MonitorPut2
SbieApi_MonitorPut2Ex
SbieApi_MonitorPutMsg
SbieApi_OpenProcess
SbieApi_ProcessExemptionControl
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryConfBool
SbieApi_QueryConfNumber
SbieApi_QueryPathList
SbieApi_QueryProcess
SbieApi_QueryProcessEx
SbieApi_QueryProcessEx2
SbieApi_QueryProcessInfo
SbieApi_QueryProcessInfoEx
SbieApi_QueryProcessInfoStr
SbieApi_QueryProcessPath
SbieApi_ReloadConf
SbieApi_SessionLeader
SbieApi_SetUserName
SbieApi_vLogEx
SbieDll_AssocQueryCommand
SbieDll_AssocQueryProgram
SbieDll_CallServer
SbieDll_CallServerQueue
SbieDll_CheckPatternInList
SbieDll_CheckProcessLocalSystem
SbieDll_CheckStringInList
SbieDll_CheckStringInListA
SbieDll_ComCreateProxy
SbieDll_ComCreateStub
SbieDll_DeviceChange
SbieDll_DisableCHPE
SbieDll_DisableElevationHook
SbieDll_ExpandAndRunProgram
SbieDll_FindArgumentEnd
SbieDll_FormatMessage
SbieDll_FormatMessage0
SbieDll_FormatMessage1
SbieDll_FormatMessage2
SbieDll_FreeMem
SbieDll_GetBorderColor
SbieDll_GetDrivePath
SbieDll_GetHandlePath
SbieDll_GetLanguage
SbieDll_GetPublicSD
SbieDll_GetServiceRegistryValue
SbieDll_GetSettingsForName
SbieDll_GetSettingsForName_bool
SbieDll_GetStartError
SbieDll_GetStringForStringList
SbieDll_GetSysFunction
SbieDll_GetTokenElevationType
SbieDll_GetUserPathEx
SbieDll_Hook
SbieDll_HookInit
SbieDll_InitPStore
SbieDll_InjectLow
SbieDll_InjectLow_InitHelper
SbieDll_InjectLow_InitSyscalls
SbieDll_InjectLow_SendHandle
SbieDll_IsBoxedService
SbieDll_IsDirectory
SbieDll_IsDllSkipHook
SbieDll_IsOpenCOM
SbieDll_IsOpenClsid
SbieDll_IsReservedFileName
SbieDll_KillAll
SbieDll_KillOne
SbieDll_MatchImage
SbieDll_Mount
SbieDll_OpenProcess
SbieDll_PortName
SbieDll_QueryConf
SbieDll_QueryFileAttributes
SbieDll_QueueCreate
SbieDll_QueueGetReq
SbieDll_QueueGetRpl
SbieDll_QueuePutReq
SbieDll_QueuePutRpl
SbieDll_RegisterDllCallback
SbieDll_RunFromHome
SbieDll_RunSandboxed
SbieDll_RunStartExe
SbieDll_SetFakeAdmin
SbieDll_StartBoxedService
SbieDll_StartCOM
SbieDll_StartSbieSvc
SbieDll_TraceModule
SbieDll_TranslateNtToDosPath
SbieDll_UnHookModule
SbieDll_Unmount
SbieDll_UpdateConf
Sbie_snprintf
Sbie_snwprintf

Sections

.text
Size: 608KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SbieMsg.dll
.dll windows:6 windows x64 arch:x64

Password: nucleAR

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:5b:e2:fb:45:96:ed:66:ef:4a:23:61:c0:b2:e9:e8:1b:59:bc:2a:ef:96:f6:97:9c:fb:34:86:0b:66:92:1d
Signer

Actual PE Digest

22:5b:e2:fb:45:96:ed:66:ef:4a:23:61:c0:b2:e9:e8:1b:59:bc:2a:ef:96:f6:97:9c:fb:34:86:0b:66:92:1d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieMsg.pdb

Sections

.rdata
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

Password: nucleAR

f2ac1ab587d5531d5f1bf76c094aef4c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
GlobalAlloc
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 510B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Warning.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
32/SbieDll.dll
.dll windows:6 windows x86 arch:x86

Password: nucleAR

c1359bc68d6da54a1415b724059a8f65

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c8:f9:bc:99:19:6d:a5:89:fb:eb:d1:dd:83:5e:3a:e1:f1:a5:c5:f7:92:6d:16:1b:42:54:fa:f0:41:1b:7e:eb
Signer

Actual PE Digest

c8:f9:bc:99:19:6d:a5:89:fb:eb:d1:dd:83:5e:3a:e1:f1:a5:c5:f7:92:6d:16:1b:42:54:fa:f0:41:1b:7e:eb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\Win32\SbieRelease\SbieDll.pdb

Imports

ntdll

RtlUnwind
NtSetInformationJobObject
NtAssignProcessToJobObject
NtOpenJobObject
NtClose
NtCreateJobObject
NtUnmapViewOfSection
NtMapViewOfSection
RtlEqualSid
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlCreateAcl
NtAdjustPrivilegesToken
NtFilterToken
NtDuplicateObject
NtSetInformationToken
NtOpenThread
NtOpenProcess
RtlConvertSidToUnicodeString
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
NtQuerySecurityObject
NtQueryVirtualMemory
RtlNtStatusToDosError
NtLoadDriver
LdrQueryImageFileExecutionOptions
LdrQueryProcessModuleInformation
LdrUnloadDll
LdrLoadDll
NtYieldExecution
NtNotifyChangeMultipleKeys
NtNotifyChangeKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtSaveKey
NtLoadKey2
NtLoadKey
NtDeleteKey
NtSetInformationKey
NtQueryKey
NtImpersonateAnonymousToken
NtImpersonateThread
NtDuplicateToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenSection
NtCreateSection
NtOpenSemaphore
NtCreateSemaphore
NtOpenMutant
NtCreateMutant
NtOpenEvent
NtCreateEvent
NtCreateSymbolicLinkObject
NtImpersonateClientOfPort
NtSecureConnectPort
NtCreatePort
NtQueryDirectoryObject
NtCreateDirectoryObject
NtAllocateVirtualMemory
RtlUnicodeStringToAnsiString
NtOpenProcessToken
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitString
NtQueryInformationProcess
NtSetInformationThread
RtlSetThreadErrorMode
RtlGetFullPathName_U
RtlSetCurrentDirectory_U
RtlGetCurrentDirectory_U
NtNotifyChangeDirectoryFile
NtWaitForSingleObject
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlCompareUnicodeString
NtQuerySystemInformation
NtSetInformationProcess
NtQueryVolumeInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
NtDeviceIoControlFile
NtWriteFile
NtReadFile
NtDeleteFile
NtSetInformationFile
NtQueryFullAttributesFile
NtQueryAttributesFile
NtQueryInformationFile
NtQueryDirectoryFile
NtOpenFile
NtCreateFile
NtOpenDirectoryObject
NtQueryObject
NtProtectVirtualMemory
LdrGetProcedureAddress
NtDeleteValueKey
NtSetValueKey
NtEnumerateKey
NtCreateKey
NtOpenKey
NtQueryValueKey
RtlInitUnicodeString
NtRequestWaitReplyPort
NtRegisterThreadTerminatePort
NtConnectPort
_strlwr
memcpy
memset
_wcsicmp
_chkstk
_wcsnicmp
towlower
wcsstr
wcschr
_itow
memmove
wcscpy_s
wcsncpy
_wcslwr
wcstol
_wtoi
wcsncmp
_stricmp
wcsrchr
_alldiv
_allmul
_ultow
wcstoul
_wtoi64
strchr
strncmp
wcsncpy_s
tolower
iswctype
strstr
_strnicmp

kernel32

WaitForSingleObject
IsWow64Process
SetLocaleInfoW
SetLocaleInfoA
PostQueuedCompletionStatus
EnumResourceNamesW
FormatMessageW
LoadLibraryExW
GetVersionExW
GetLongPathNameW
GetFullPathNameW
WinExec
OpenProcess
CreateProcessA
TerminateProcess
QueueUserWorkItem
CreateFileA
SizeofResource
WriteProcessMemory
ReadProcessMemory
DuplicateHandle
GetProcessId
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetWindowsDirectoryW
HeapDestroy
HeapCreate
SetThreadPriority
GetExitCodeProcess
OpenEventW
DeleteCriticalSection
RaiseException
GlobalAddAtomW
SetThreadExecutionState
UnmapViewOfFile
MapViewOfFileEx
GetThreadTimes
SleepEx
GetTickCount64
FindResourceA
FindResourceW
LockResource
LoadResource
GlobalLock
GlobalUnlock
GlobalSize
GetConsoleWindow
SetConsoleTitleW
SetConsoleTitleA
GetConsoleTitleW
GetConsoleTitleA
AllocConsole
GetStartupInfoW
OpenThread
WaitForMultipleObjects
WideCharToMultiByte
GetSystemInfo
ReplaceFileW
MoveFileWithProgressW
MoveFileExW
GetPrivateProfileStringW
GetSystemWindowsDirectoryW
GetTickCount
QueueUserAPC
OpenMutexW
CreateMutexW
ReleaseMutex
TryEnterCriticalSection
GetFileSizeEx
GetFileAttributesW
DeleteFileW
CreateDirectoryW
GetEnvironmentVariableW
GetEnvironmentStringsW
QueryPerformanceFrequency
QueryPerformanceCounter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleA
ProcessIdToSessionId
GetCurrentProcessId
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
Sleep
OutputDebugStringW
IsDebuggerPresent
GetModuleFileNameW
CreateProcessW
CreateThread
ExitProcess
SetEnvironmentVariableW
GetCommandLineW
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
LoadLibraryW
GetModuleHandleW
FreeLibrary
ExpandEnvironmentStringsW
CreateEventW
GlobalFree
GlobalAlloc
GetProcAddress
CloseHandle
SetFilePointerEx
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
VirtualProtectEx
VirtualQueryEx
SetLastError
CreateFileW
ReadFile

Exports

Exports

SbieApi_Call
SbieApi_CheckInternetAccess
SbieApi_DisableForceProcess
SbieApi_EnumBoxes
SbieApi_EnumProcessEx
SbieApi_GetFileName
SbieApi_GetHomePath
SbieApi_GetMessage
SbieApi_GetUnmountHive
SbieApi_GetVersion
SbieApi_GetVersionEx
SbieApi_HookTramp
SbieApi_IsBoxEnabled
SbieApi_Log
SbieApi_LogEx
SbieApi_MonitorControl
SbieApi_MonitorGetEx
SbieApi_MonitorPut
SbieApi_MonitorPut2
SbieApi_OpenProcess
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryConfBool
SbieApi_QueryPathList
SbieApi_QueryProcess
SbieApi_QueryProcessEx
SbieApi_QueryProcessInfo
SbieApi_QueryProcessPath
SbieApi_ReloadConf
SbieApi_SessionLeader
SbieApi_SetUserName
SbieDll_AssocQueryCommand
SbieDll_AssocQueryProgram
SbieDll_CallServer
SbieDll_ComCreateProxy
SbieDll_ComCreateStub
SbieDll_DeviceChange
SbieDll_DisableElevationHook
SbieDll_ExpandAndRunProgram
SbieDll_FormatMessage
SbieDll_FormatMessage0
SbieDll_FormatMessage1
SbieDll_FormatMessage2
SbieDll_FreeMem
SbieDll_GetDrivePath
SbieDll_GetHandlePath
SbieDll_GetLanguage
SbieDll_GetServiceRegistryValue
SbieDll_GetStartError
SbieDll_GetTokenElevationType
SbieDll_GetUserPathEx
SbieDll_Hook
SbieDll_InitPStore
SbieDll_IsBoxedService
SbieDll_IsDirectory
SbieDll_IsOpenCOM
SbieDll_IsOpenClsid
SbieDll_KillAll
SbieDll_KillOne
SbieDll_Mount
SbieDll_PortName
SbieDll_QueueCreate
SbieDll_QueueGetReq
SbieDll_QueueGetRpl
SbieDll_QueuePutReq
SbieDll_QueuePutRpl
SbieDll_RegisterDllCallback
SbieDll_RunFromHome
SbieDll_RunSandboxed
SbieDll_StartBoxedService
SbieDll_StartCOM
SbieDll_StartSbieSvc
SbieDll_TranslateNtToDosPath
SbieDll_Unmount
SbieDll_UpdateConf
Sbie_snprintf
Sbie_snwprintf
_File_GetName@20
_Key_GetName@20
_SbieApi_CheckInternetAccess@12
_SbieApi_DisableForceProcess@8
_SbieApi_EnumBoxes@8
_SbieApi_EnumBoxesEx@12
_SbieApi_EnumProcessEx@20
_SbieApi_GetBlockedDll@8
_SbieApi_GetFileName@16
_SbieApi_GetHomePath@16
_SbieApi_GetMessage@24
_SbieApi_GetUnmountHive@4
_SbieApi_GetVersion@4
_SbieApi_GetVersionEx@8
_SbieApi_HookTramp@8
_SbieApi_Ioctl@4
_SbieApi_IsBoxEnabled@4
_SbieApi_LogMsgEx@16
_SbieApi_LogMsgExt@12
_SbieApi_MonitorControl@8
_SbieApi_MonitorGetEx@16
_SbieApi_MonitorPut2@12
_SbieApi_MonitorPut2Ex@20
_SbieApi_MonitorPut@8
_SbieApi_MonitorPutMsg@8
_SbieApi_OpenProcess@8
_SbieApi_ProcessExemptionControl@16
_SbieApi_QueryBoxPath@28
_SbieApi_QueryConf@20
_SbieApi_QueryConfBool@12
_SbieApi_QueryConfNumber@12
_SbieApi_QueryPathList@20
_SbieApi_QueryProcess@20
_SbieApi_QueryProcessEx2@28
_SbieApi_QueryProcessEx@24
_SbieApi_QueryProcessInfo@8
_SbieApi_QueryProcessInfoEx@16
_SbieApi_QueryProcessInfoStr@16
_SbieApi_QueryProcessPath@28
_SbieApi_ReloadConf@8
_SbieApi_SessionLeader@8
_SbieApi_SetUserName@8
_SbieApi_vLogEx@16
_SbieDll_AssocQueryCommand@4
_SbieDll_AssocQueryProgram@4
_SbieDll_CallServer@4
_SbieDll_CallServerQueue@16
_SbieDll_CheckPatternInList@16
_SbieDll_CheckProcessLocalSystem@4
_SbieDll_CheckStringInList@12
_SbieDll_CheckStringInListA@12
_SbieDll_ComCreateProxy@16
_SbieDll_ComCreateStub@16
_SbieDll_DeviceChange@8
_SbieDll_DisableCHPE@0
_SbieDll_DisableElevationHook@0
_SbieDll_ExpandAndRunProgram@4
_SbieDll_FindArgumentEnd@4
_SbieDll_FormatMessage0@4
_SbieDll_FormatMessage1@8
_SbieDll_FormatMessage2@12
_SbieDll_FormatMessage@8
_SbieDll_FreeMem@4
_SbieDll_GetBorderColor@16
_SbieDll_GetDrivePath@4
_SbieDll_GetHandlePath@12
_SbieDll_GetLanguage@4
_SbieDll_GetPublicSD@0
_SbieDll_GetServiceRegistryValue@12
_SbieDll_GetSettingsForName@24
_SbieDll_GetSettingsForName_bool@16
_SbieDll_GetStartError@0
_SbieDll_GetStringForStringList@20
_SbieDll_GetSysFunction@4
_SbieDll_GetTokenElevationType@0
_SbieDll_GetUserPathEx@4
_SbieDll_Hook@16
_SbieDll_HookInit@0
_SbieDll_InitPStore@0
_SbieDll_InjectLow@12
_SbieDll_InjectLow_InitHelper@0
_SbieDll_InjectLow_InitSyscalls@4
_SbieDll_InjectLow_SendHandle@4
_SbieDll_IsBoxedService@4
_SbieDll_IsDirectory@4
_SbieDll_IsDllSkipHook@4
_SbieDll_IsOpenCOM@0
_SbieDll_IsOpenClsid@12
_SbieDll_IsReservedFileName@4
_SbieDll_KillAll@8
_SbieDll_KillOne@4
_SbieDll_MatchImage@12
_SbieDll_Mount@12
_SbieDll_OpenProcess@8
_SbieDll_PortName@0
_SbieDll_QueryConf@20
_SbieDll_QueryFileAttributes@16
_SbieDll_QueueCreate@8
_SbieDll_QueueGetReq@24
_SbieDll_QueueGetRpl@16
_SbieDll_QueuePutReq@20
_SbieDll_QueuePutRpl@16
_SbieDll_RegisterDllCallback@4
_SbieDll_RunFromHome@16
_SbieDll_RunSandboxed@24
_SbieDll_RunStartExe@8
_SbieDll_SetFakeAdmin@4
_SbieDll_StartBoxedService@8
_SbieDll_StartCOM@4
_SbieDll_StartSbieSvc@4
_SbieDll_TraceModule@4
_SbieDll_TranslateNtToDosPath@4
_SbieDll_UnHookModule@4
_SbieDll_Unmount@4
_SbieDll_UpdateConf@20

Sections

.text
Size: 512KB - Virtual size: 512KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 162KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 270B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
32/SbieSvc.exe
.exe windows:6 windows x86 arch:x86

Password: nucleAR

c69c6cf4c68d13734cf7d6afbe337bc9

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0b:c2:e2:1b:42:26:01:08:a3:ee:0c:4b:20:52:f9:0f:41:01:2c:4a:fd:7a:1e:aa:63:ff:a9:5b:56:c7:06:14
Signer

Actual PE Digest

0b:c2:e2:1b:42:26:01:08:a3:ee:0c:4b:20:52:f9:0f:41:01:2c:4a:fd:7a:1e:aa:63:ff:a9:5b:56:c7:06:14

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\Win32\SbieRelease\SbieSvc.pdb

Imports

sbiedll

_SbieDll_FormatMessage0@4
_SbieDll_GetLanguage@4
SbieApi_Log
_SbieDll_FindArgumentEnd@4
_SbieApi_ReloadConf@8
_SbieApi_SessionLeader@8
_SbieDll_CheckPatternInList@16
_SbieDll_CheckStringInList@12
_SbieApi_EnumBoxesEx@12
_SbieDll_GetPublicSD@0
_SbieApi_QueryConfNumber@12
_SbieApi_LogMsgExt@12
_SbieDll_DisableCHPE@0
_SbieDll_GetSettingsForName_bool@16
_SbieApi_CheckInternetAccess@12
_SbieDll_QueuePutRpl@16
_SbieDll_QueueGetReq@24
_SbieApi_OpenProcess@8
_SbieDll_FreeMem@4
_SbieDll_KillOne@4
_SbieApi_QueryPathList@20
_SbieApi_GetHomePath@16
_SbieDll_GetStringForStringList@20
_SbieDll_InjectLow@12
_SbieDll_InjectLow_InitSyscalls@4
_SbieDll_InjectLow_InitHelper@0
_SbieDll_PortName@0
_SbieDll_FormatMessage2@12
_SbieDll_GetServiceRegistryValue@12
_SbieDll_TranslateNtToDosPath@4
_SbieDll_RunStartExe@8
_SbieApi_GetUnmountHive@4
_SbieApi_SetUserName@8
_SbieApi_QueryConfBool@12
_SbieApi_QueryConf@20
_SbieApi_EnumProcessEx@20
_SbieApi_QueryProcessPath@28
_SbieApi_QueryProcessInfo@8
_SbieApi_QueryProcessEx2@28
_SbieApi_GetMessage@24
_SbieApi_GetVersionEx@8
SbieApi_Call
_SbieDll_RunSandboxed@24
_SbieApi_IsBoxEnabled@4
_SbieDll_IsOpenClsid@12
_SbieDll_ComCreateStub@16
_SbieDll_RunFromHome@16
_SbieApi_QueryProcess@20
SbieApi_LogEx
_SbieDll_QueueCreate@8

ntdll

NtCreateFile
RtlSetDaclSecurityDescriptor
NtSetInformationFile
NtDuplicateObject
NtOpenProcess
RtlCreateVirtualAccountSid
NtLoadDriver
RtlInitUnicodeString
NtReplyWaitReceivePort
NtRequestPort
NtCreatePort
NtUnloadKey
NtOpenKey
NtClose
NtAcceptConnectPort
RtlUnwind
NtResumeProcess
NtSuspendProcess
NtGetNextThread
NtAdjustPrivilegesToken
NtReadVirtualMemory
NtQueryInformationThread
NtSetInformationProcess
NtOpenDirectoryObject
NtReadFile
NtCompleteConnectPort
NtImpersonateClientOfPort
NtRequestWaitReplyPort
NtConnectPort
RtlNtStatusToDosError
NtOpenFile
NtDeleteFile
NtQueryObject
NtFilterToken
NtDuplicateToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenProcessToken
NtSetInformationThread
NtAllocateVirtualMemory
RtlInitializeSid
RtlSubAuthoritySid
NtSetInformationToken
NtQueryInformationProcess
RtlCreateSecurityDescriptor
NtLoadKey
NtQuerySystemInformation
NtWriteFile

kernel32

FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStringTypeW
GetStdHandle
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
EncodePointer
VirtualQuery
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
WaitForSingleObjectEx
CloseHandle
GetLastError
HeapCreate
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetEvent
CreateMutexW
OpenMutexW
CreateEventW
OpenEventW
Sleep
WaitForMultipleObjects
ExitProcess
TerminateProcess
CreateThread
GetCurrentThread
GetTickCount
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
LocalFree
GetEnvironmentVariableW
SetCurrentDirectoryW
GetFullPathNameW
GetPrivateProfileStringW
CreateFileW
SetFilePointer
WriteFile
SetLastError
DeviceIoControl
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
SetThreadPriority
TerminateThread
OpenProcess
GetLocalTime
GetVersionExW
VirtualAlloc
VirtualFree
LocalAlloc
GetSystemWindowsDirectoryW
DuplicateHandle
ResetEvent
QueueUserAPC
GetCurrentThreadId
OpenThread
ProcessIdToSessionId
IsProcessInJob
CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
SetInformationJobObject
QueryInformationJobObject
GetModuleHandleW
GetProcAddress
LoadLibraryW
GlobalSize
RegisterWaitForSingleObject
UnregisterWait
AllocConsole
GetConsoleWindow
GetConsoleProcessList
GetFileSizeEx
OutputDebugStringW
RaiseException
InitializeCriticalSectionAndSpinCount
GetCommandLineW
GetSystemInfo
GetFinalPathNameByHandleW
DefineDosDeviceW
GetLogicalDrives
GetCompressedFileSizeW
GetExitCodeProcess
CreateProcessW
CancelIo
TlsAlloc
TlsGetValue
TlsSetValue
SuspendThread
ResumeThread
WriteProcessMemory
IsWow64Process
GetModuleFileNameW
GetModuleHandleA
QueryFullProcessImageNameW
QueueUserWorkItem
DeleteFileW
GetFileAttributesW
ReadFile
SetEndOfFile
SetFileAttributesW
GetWindowsDirectoryW
CopyFileW
MultiByteToWideChar
WideCharToMultiByte
ReadProcessMemory
MulDiv
LCMapStringW
SetStdHandle
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
DecodePointer
WaitForSingleObject
WriteConsoleW

user32

GetMonitorInfoW
EndPaint
BeginPaint
ShowWindow
RegisterClassExW
PackDDElParam
GetRawInputDeviceInfoW
GetRawInputDeviceInfoA
UserHandleGrantAccess
GetWindowInfo
MonitorFromWindow
ChangeDisplaySettingsExW
ChangeDisplaySettingsExA
GetIconInfo
GetWindow
GetWindowThreadProcessId
GetClassNameW
GetClassNameA
EnumThreadWindows
EnumWindows
GetShellWindow
FindWindowExW
FindWindowExA
FindWindowW
FindWindowA
EnumChildWindows
GetParent
GetDesktopWindow
GetClassLongW
GetClassLongA
GetWindowLongW
GetWindowLongA
ClipCursor
MapWindowPoints
ScreenToClient
ClientToScreen
SetCursorPos
GetWindowRect
GetClientRect
GetPropW
GetPropA
SetPropW
ReleaseDC
GetDC
SetForegroundWindow
IsWindowEnabled
IsWindowUnicode
KillTimer
EnumClipboardFormats
GetClipboardData
GetClipboardSequenceNumber
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
DestroyWindow
IsWindow
CreateWindowExW
SendMessageW
wsprintfW
GetMessageW
DispatchMessageW
SetTimer
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
CreateDesktopW
SetThreadDesktop
GetThreadDesktop
CreateWindowStationW
SetProcessWindowStation
GetProcessWindowStation
SendMessageA
RegisterClassW
DefWindowProcW
PostMessageW
SendNotifyMessageW
SendMessageTimeoutW
SendNotifyMessageA
PostMessageA

advapi32

CreateProcessAsUserW
OpenThreadToken
DuplicateTokenEx
OpenProcessToken
AdjustTokenPrivileges
GetTokenInformation
LookupAccountSidW
LookupPrivilegeValueW
RegCloseKey
RegOpenKeyExW
RegQueryValueExW
ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
LookupAccountNameW
LsaFreeMemory
LsaManageSidNameMapping
CloseServiceHandle
OpenSCManagerW
OpenServiceW
QueryServiceStatusEx
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetTokenInformation
SetSecurityInfo
ControlService
EnumServicesStatusExW
StartServiceW
OpenEventLogW
ReportEventW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW
RevertToSelf
SetThreadToken
AddAccessAllowedAce
DuplicateToken
EqualSid
GetLengthSid
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
CryptAcquireContextW
CryptReleaseContext
CryptGetHashParam
CryptCreateHash
CryptHashData
CryptDestroyHash
EnumServicesStatusW
QueryServiceConfigW
AccessCheck
GetSecurityInfo
QueryServiceConfig2W

psapi

GetModuleBaseNameW
GetProcessMemoryInfo
GetModuleFileNameExW
EnumProcessModules

ole32

CoSetProxyBlanket
CoInitializeEx
CoGetClassObject
CoMarshalInterface
CoUnmarshalInterface
CoInitializeSecurity
CoQueryProxyBlanket
CoInitialize
CoCopyProxy
StringFromGUID2
CoTaskMemFree
CoGetObject
CoRegisterClassObject
CoRevokeClassObject
CreateStreamOnHGlobal

crypt32

CryptProtectData
CryptUnprotectData

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

gdi32

SetBkColor
DeleteDC
CreateCompatibleDC
TextOutW
GetDeviceCaps
SetTextColor
SelectObject
GetDIBits
GetMetaFileBitsEx
CreateFontW
GetEnhMetaFileBits
CreateSolidBrush

netapi32

NetUseAdd

wtsapi32

WTSQueryUserToken

rpcrt4

RpcStringFreeW
UuidFromStringW
RpcMgmtEpEltInqBegin
RpcBindingToStringBindingW
RpcMgmtEpEltInqDone
RpcMgmtEpEltInqNextW

bcrypt

BCryptHashData
BCryptCreateHash
BCryptVerifySignature
BCryptFinishHash
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptDestroyKey
BCryptDestroyHash

Sections

.text
Size: 232KB - Virtual size: 231KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
KmdUtil.exe
.exe windows:6 windows x64 arch:x64

e74127d0470ed67341494767b56b1a47

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a4:a3:cb:46:f9:db:0f:41:66:86:40:51:18:97:9b:a0:d0:b6:7e:d4:ef:89:13:25:8d:dd:bf:15:68:b1:c3:41
Signer

Actual PE Digest

a4:a3:cb:46:f9:db:0f:41:66:86:40:51:18:97:9b:a0:d0:b6:7e:d4:ef:89:13:25:8d:dd:bf:15:68:b1:c3:41

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\KmdUtil.pdb

Imports

ntdll

NtUnloadDriver
RtlUnwindEx
RtlPcToFileHeader
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
RtlInitUnicodeString

psapi

EnumProcessModules
GetModuleBaseNameW
EnumProcesses

sbiedll

Sbie_snwprintf
SbieApi_Ioctl
SbieApi_Call
SbieApi_GetVersion
SbieApi_QueryConf
SbieApi_GetHomePath
SbieApi_LogMsgEx
SbieApi_IsBoxEnabled

kernel32

GetModuleFileNameW
LoadLibraryW
LocalAlloc
FormatMessageW
CloseHandle
GetCurrentProcess
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcessId
ExitProcess
TerminateProcess
ProcessIdToSessionId
OpenProcess
GetModuleHandleW
GetProcAddress
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
GetCurrentThreadId
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStdHandle
GetFileType
GetStartupInfoW
FreeLibrary
GetModuleHandleExW
SetLastError
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
InitializeCriticalSectionAndSpinCount
GetSystemTimeAsFileTime
LoadLibraryExW
LCMapStringW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetStringTypeW
MultiByteToWideChar
WideCharToMultiByte
SetFilePointerEx
SetStdHandle
FlushFileBuffers
WriteFile
GetConsoleOutputCP
GetConsoleMode
HeapSize
HeapReAlloc
RaiseException
CreateFileW
WriteConsoleW
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetLastError
GetCommandLineW
LocalFree
QueryPerformanceCounter
InitializeSListHead
FindClose
FindFirstFileExW
FindNextFileW
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
Sleep

user32

SendMessageW
RegisterClassW
GetMessageW
MessageBoxW
CreateWindowExW
PostMessageW
DefWindowProcW
GetWindowLongW
DestroyWindow
ShowWindow
SetFocus
GetFocus
GetWindowRect
SystemParametersInfoW
LoadIconW
LoadCursorW
GetWindow
GetParent
GetDesktopWindow
DispatchMessageW

gdi32

CreateFontIndirectW
GetStockObject

advapi32

AdjustTokenPrivileges
CopySid
GetAce
GetSecurityDescriptorDacl
SetEntriesInAclW
GetNamedSecurityInfoW
SetNamedSecurityInfoW
ConvertSidToStringSidW
ConvertStringSidToSidW
RegCreateKeyExW
CloseServiceHandle
LookupPrivilegeValueW
RegDeleteKeyW
OpenProcessToken
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CreateServiceW
ControlService
RegSetValueExW
RegOpenKeyExW
RegCloseKey

shell32

CommandLineToArgvW

Sections

.text
Size: 135KB - Virtual size: 135KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
LICENSE.TXT
Manifest0.txt
Manifest1.txt
.xml
Manifest2.txt
.xml
SandboxieBITS.exe
.exe windows:6 windows x64 arch:x64

aee802e3cccb1677e41bac39f56ce1df

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3e:19:8c:98:94:db:f2:d2:ce:bc:42:e3:69:75:02:76:e5:62:93:86:a7:eb:26:7b:b6:3a:e4:32:01:c5:5c:84
Signer

Actual PE Digest

3e:19:8c:98:94:db:f2:d2:ce:bc:42:e3:69:75:02:76:e5:62:93:86:a7:eb:26:7b:b6:3a:e4:32:01:c5:5c:84

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SandboxieBITS.pdb

Imports

advapi32

SetThreadToken
OpenProcessToken
DuplicateTokenEx
LogonUserW
StartServiceCtrlDispatcherW

kernel32

SetEnvironmentVariableW
CloseHandle
GetLastError
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentProcessId
GetCurrentThreadId
GetVersionExW
GetModuleHandleW
GetProcAddress
LoadLibraryW
WriteConsoleW
CreateFileW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
SetFilePointerEx
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
TerminateProcess
GetModuleHandleExW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW

user32

MessageBoxW
wsprintfW

ole32

CoImpersonateClient

wtsapi32

WTSQueryUserToken

sbiedll

SbieDll_Hook

Sections

.text
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SandboxieCrypto.exe
.exe windows:6 windows x64 arch:x64

8c637e597e8ee423c0cc4e20772a1aa7

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

43:51:8d:d8:44:7c:d9:21:78:da:9a:dc:40:03:22:5b:76:21:a3:7a:32:a6:5a:2c:57:ba:78:d8:1c:35:85:d6
Signer

Actual PE Digest

43:51:8d:d8:44:7c:d9:21:78:da:9a:dc:40:03:22:5b:76:21:a3:7a:32:a6:5a:2c:57:ba:78:d8:1c:35:85:d6

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SandboxieCrypto.pdb

Imports

sbiedll

SbieDll_Hook

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry

kernel32

CreateFileW
CloseHandle
DuplicateHandle
GetLastError
SetLastError
HeapAlloc
HeapFree
GetProcessHeap
SetEvent
WaitForSingleObject
CreateMutexW
OpenMutexW
CreateEventW
SetEnvironmentVariableW
GetCurrentProcessId
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
GetWindowsDirectoryW
GetVersionExW
GetModuleHandleW
GetProcAddress
LoadLibraryW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
OpenEventW
IsDebuggerPresent
HeapReAlloc
HeapSize
SetFilePointerEx
LCMapStringW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW

advapi32

StartServiceCtrlDispatcherW
SetServiceStatus
GetTokenInformation
DuplicateToken
AccessCheckByType
OpenProcessToken
SetThreadToken

user32

MessageBoxW
wsprintfW

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SandboxieDcomLaunch.exe
.exe windows:6 windows x64 arch:x64

defe4f7525e62ff6304d02be652560f7

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

32:14:13:1d:8b:39:e6:06:d7:2e:dd:9f:bf:20:0c:84:b0:26:19:06:17:38:10:c2:58:13:f6:f6:b3:00:a4:f1
Signer

Actual PE Digest

32:14:13:1d:8b:39:e6:06:d7:2e:dd:9f:bf:20:0c:84:b0:26:19:06:17:38:10:c2:58:13:f6:f6:b3:00:a4:f1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SandboxieDcomLaunch.pdb

Imports

sbiedll

SbieApi_QueryProcess
SbieApi_EnumProcessEx
SbieDll_Hook
SbieDll_IsBoxedService
SbieDll_StartBoxedService

kernel32

GetProcessHeap
SetEvent
WaitForSingleObject
CreateEventW
OpenEventW
GetCurrentProcessId
ExitProcess
CreateThread
HeapFree
TlsAlloc
TlsGetValue
TlsSetValue
OpenProcess
GetVersionExW
GetModuleHandleW
GetProcAddress
LoadLibraryW
HeapReAlloc
HeapAlloc
SetLastError
GetLastError
CloseHandle
SetEnvironmentVariableW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
CreateFileW
WriteConsoleW
GetCurrentThreadId
GetStartupInfoW
HeapSize
SetFilePointerEx
LCMapStringW
FlsFree
FlsSetValue
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsProcessorFeaturePresent
RtlUnwindEx
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
TerminateProcess
GetModuleHandleExW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW
FlsAlloc
FlsGetValue

advapi32

StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
QueryServiceStatusEx
QueryServiceStatus
OpenServiceW
ControlService
CloseServiceHandle
GetTokenInformation
DuplicateToken
AccessCheckByType
OpenProcessToken
SetThreadToken

ntdll

NtOpenKey
RtlInitUnicodeString
NtQueryValueKey
RtlAdjustPrivilege
NtClose
NtQueryInformationProcess

user32

MessageBoxW
wsprintfW

Sections

.text
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SandboxieRpcSs.exe
.exe windows:6 windows x64 arch:x64

66434e11f7022b019ec3376fc1cc46e3

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

37:44:14:b1:3d:af:92:f8:b0:79:66:83:d8:f3:99:88:d2:5f:ed:30:89:71:d3:d4:f9:8c:f5:0b:bf:87:ba:27
Signer

Actual PE Digest

37:44:14:b1:3d:af:92:f8:b0:79:66:83:d8:f3:99:88:d2:5f:ed:30:89:71:d3:d4:f9:8c:f5:0b:bf:87:ba:27

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SandboxieRpcSs.pdb

Imports

sbiedll

SbieDll_QueuePutRpl
SbieDll_QueueGetReq
SbieDll_QueueCreate
SbieDll_FreeMem
SbieApi_Log
SbieDll_IsDllSkipHook
SbieDll_IsBoxedService
SbieDll_IsOpenCOM
SbieDll_CallServer
SbieDll_Hook
SbieDll_ExpandAndRunProgram
SbieDll_StartBoxedService
SbieDll_KillAll
SbieApi_QueryConfBool
SbieApi_QueryConf
SbieApi_EnumProcessEx
SbieApi_QueryProcess
SbieApi_QueryProcessInfo

ws2_32

listen
bind
gethostbyname
gethostname
WSAStartup
WSASetLastError
WSASocketW

advapi32

StartServiceW
StartServiceCtrlDispatcherW
SetServiceStatus
QueryServiceStatusEx
QueryServiceStatus
OpenServiceW
ControlService
CloseServiceHandle
RegQueryValueExW
RegOpenKeyExW
GetTokenInformation
DuplicateToken
AccessCheckByType
OpenThreadToken
OpenProcessToken
SetThreadToken

kernel32

GetCurrentProcess
GetModuleFileNameW
WriteFile
WriteConsoleW
CreateFileW
TerminateProcess
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
HeapReAlloc
HeapSize
GetModuleHandleExW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetModuleHandleW
CloseHandle
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
SetEvent
WaitForSingleObject
CreateEventW
GetProcessTimes
ExitProcess
CreateThread
OpenProcess
GetSystemTimeAsFileTime
RegisterWaitForSingleObject
UnregisterWait
SetEnvironmentVariableW
GetLastError
SetLastError
CreateMutexW
OpenMutexW
OpenEventW
GetCurrentProcessId
GetCurrentThreadId
SetThreadPriority
ResumeThread
TlsAlloc
TlsGetValue
TlsSetValue
GetVersionExW
CreateFileMappingW
GetProcAddress
LoadLibraryW
Sleep
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
GetStdHandle
SetFilePointerEx
RtlPcToFileHeader
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetStringTypeW
SetStdHandle
FreeEnvironmentStringsW
QueryPerformanceCounter
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
RtlUnwindEx
InitializeCriticalSectionAndSpinCount
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
GetEnvironmentStringsW

ntdll

RtlInitUnicodeString
NtQueryValueKey
RtlAdjustPrivilege
NtYieldExecution
NtUnmapViewOfSection
NtMapViewOfSection
NtClose
NtOpenKey

user32

MessageBoxW
wsprintfW
GetWindowThreadProcessId
EnumWindows
GetWindowLongW
CreateWindowExW
RegisterClassW
DefWindowProcW
DispatchMessageW
GetMessageW

Sections

.text
Size: 93KB - Virtual size: 92KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SandboxieWUAU.exe
.exe windows:6 windows x64 arch:x64

7543884921d4df14a987223e4a1f4a61

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

81:16:99:1f:7c:5b:3a:6e:77:e2:e6:43:2d:1c:b5:cd:92:bc:e2:0f:1b:dd:90:82:c6:4e:25:2b:2b:71:a4:6e
Signer

Actual PE Digest

81:16:99:1f:7c:5b:3a:6e:77:e2:e6:43:2d:1c:b5:cd:92:bc:e2:0f:1b:dd:90:82:c6:4e:25:2b:2b:71:a4:6e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SandboxieWUAU.pdb

Imports

sbiedll

SbieDll_Hook
SbieApi_EnumProcessEx
SbieApi_QueryProcess

ntdll

RtlVirtualUnwind
RtlUnwindEx
RtlPcToFileHeader
RtlCaptureContext
RtlLookupFunctionEntry

kernel32

CreateFileW
GetConsoleMode
GetConsoleOutputCP
WriteConsoleW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LeaveCriticalSection
FlushFileBuffers
HeapReAlloc
HeapSize
HeapFree
SetLastError
GetCurrentThreadId
GetVersionExW
GetLastError
CloseHandle
LoadLibraryW
HeapAlloc
GetProcAddress
GetCurrentProcessId
GetProcessHeap
CreateProcessW
GetModuleHandleW
SetFilePointerEx
LCMapStringW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
ExitProcess
TerminateProcess
GetModuleHandleExW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetStdHandle
GetStringTypeW

Sections

.text
Size: 57KB - Virtual size: 57KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 39KB - Virtual size: 38KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieCtrl.exe
.exe windows:6 windows x64 arch:x64

6ce98a41349a1ffa8aad92af3b0577c5

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

97:73:91:07:51:3e:7e:96:e0:94:3c:9e:3a:ab:eb:9a:bc:6a:a2:1c:ad:0f:b4:6e:c9:60:c7:f0:c4:d6:24:fc
Signer

Actual PE Digest

97:73:91:07:51:3e:7e:96:e0:94:3c:9e:3a:ab:eb:9a:bc:6a:a2:1c:ad:0f:b4:6e:c9:60:c7:f0:c4:d6:24:fc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieCtrl.pdb

Imports

sbiedll

SbieDll_UpdateConf
SbieDll_GetTokenElevationType
SbieDll_KillOne
SbieDll_DeviceChange
SbieApi_ReloadConf
SbieApi_SessionLeader
SbieApi_MonitorGetEx
SbieApi_MonitorControl
SbieApi_ProcessExemptionControl
SbieApi_GetMessage
SbieDll_FreeMem
SbieDll_CallServer
SbieDll_GetStartError
SbieDll_StartSbieSvc
SbieApi_GetVersionEx
SbieDll_IsReservedFileName
SbieApi_EnumProcessEx
SbieApi_QueryProcessInfo
SbieApi_QueryProcessEx
SbieDll_TranslateNtToDosPath
SbieDll_GetUserPathEx
SbieDll_GetDrivePath
SbieDll_QueryFileAttributes
SbieApi_QueryConfBool
SbieApi_QueryConf
SbieApi_GetFileName
SbieApi_QueryBoxPath
SbieDll_KillAll
SbieApi_IsBoxEnabled
SbieApi_EnumBoxesEx
SbieDll_GetBorderColor
SbieApi_DisableForceProcess
SbieApi_Log
SbieApi_GetHomePath
SbieApi_Call
SbieDll_RunFromHome
SbieDll_GetLanguage
SbieDll_FormatMessage2
SbieDll_FormatMessage1
SbieDll_FormatMessage0
SbieDll_FormatMessage

ntdll

RtlUnwindEx
VerSetConditionMask
NtOpenKey
NtQueryDirectoryObject
NtOpenDirectoryObject
NtClose
RtlInitUnicodeString
NtQueryDirectoryFile
NtCreateFile
RtlPcToFileHeader

psapi

GetModuleFileNameExW

winhttp

WinHttpSendRequest
WinHttpReceiveResponse
WinHttpReadData
WinHttpCloseHandle
WinHttpOpen
WinHttpOpenRequest
WinHttpSetOption
WinHttpConnect

kernel32

GetUserDefaultUILanguage
FindResourceExW
GetCurrentDirectoryW
FlushFileBuffers
GetFileSize
GetFullPathNameW
GetVolumeInformationW
LockFile
SetEndOfFile
SetFilePointer
UnlockFile
DuplicateHandle
GetCurrentProcess
lstrcmpiW
lstrcpyW
SetErrorMode
FileTimeToLocalFileTime
GetFileAttributesExW
SystemTimeToTzSpecificLocalTime
VerifyVersionInfoW
GetProfileIntW
SearchPathW
GetTempFileNameW
GetStringTypeW
InitializeCriticalSectionEx
GetCPInfo
FileTimeToSystemTime
WaitForSingleObjectEx
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetSystemDefaultUILanguage
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
WriteConsoleW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
SetFilePointerEx
GetConsoleMode
GetConsoleOutputCP
GetTimeZoneInformation
LoadResource
LockResource
SizeofResource
FindResourceW
DecodePointer
RaiseException
GetLastError
HeapAlloc
HeapReAlloc
HeapFree
HeapSize
GetProcessHeap
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LocalFree
CloseHandle
LocalAlloc
FormatMessageW
GlobalAlloc
GlobalFree
CreateFileW
WriteFile
GetTempPathW
GlobalUnlock
GlobalLock
GetLocaleInfoW
GlobalFlags
QueryPerformanceCounter
OutputDebugStringW
ExitProcess
ExitThread
FreeLibraryAndExitThread
GetCommandLineA
HeapQueryInformation
GetSystemInfo
VirtualAlloc
VirtualQuery
QueryPerformanceFrequency
SetStdHandle
GetFileType
GetStdHandle
FlsAlloc
FlsGetValue
LocalReAlloc
GlobalHandle
GlobalReAlloc
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSection
WritePrivateProfileStringW
GetPrivateProfileStringW
GetPrivateProfileIntW
GetCurrentThread
GlobalGetAtomNameW
lstrcmpA
ResumeThread
SuspendThread
SetThreadPriority
SetEvent
VirtualProtect
CompareStringW
QueryActCtxW
FindActCtxSectionStringW
DeactivateActCtx
ActivateActCtx
CreateActCtxW
GlobalFindAtomW
GlobalAddAtomW
lstrcmpW
GlobalDeleteAtom
LoadLibraryExW
GetModuleHandleExW
GetSystemDirectoryW
EncodePointer
OutputDebugStringA
SetLastError
OpenProcess
GetProcessTimes
LCIDToLocaleName
GetModuleHandleA
WaitForMultipleObjects
CreateEventW
CopyFileW
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
DeleteFileW
GetDriveTypeW
CreateThread
ExpandEnvironmentStringsW
MoveFileW
RemoveDirectoryW
FindNextFileW
FindFirstFileW
FindClose
CreateDirectoryW
FreeLibrary
GetModuleFileNameW
GetSystemTimeAsFileTime
OpenEventW
WaitForSingleObject
ProcessIdToSessionId
OpenMutexW
CreateMutexW
FlsSetValue
FlsFree
LCMapStringW
GetShortPathNameW
SetCurrentDirectoryW
GetCommandLineW
WideCharToMultiByte
GetTickCount
GetFileAttributesW
GetSystemWindowsDirectoryW
GetVersionExW
GetModuleHandleW
GetCurrentProcessId
GlobalSize
ReadFile
GetFileSizeEx
Sleep
MulDiv
GetWindowsDirectoryW
GetFileTime
MultiByteToWideChar
LoadLibraryW
GetProcAddress
GetCurrentThreadId
ResetEvent

user32

GetWindowRgn
CreateMenu
SubtractRect
TranslateMDISysAccel
DefMDIChildProcW
DefFrameProcW
DrawMenuBar
GetUpdateRect
CharUpperBuffW
GetDoubleClickTime
CopyAcceleratorTableW
DestroyAcceleratorTable
CreateAcceleratorTableW
GetKeyboardState
ToUnicodeEx
MapVirtualKeyExW
IsCharLowerW
GetKeyboardLayout
WaitMessage
PostThreadMessageW
GetComboBoxInfo
UpdateLayeredWindow
DrawIcon
FrameRect
CopyIcon
SetCursorPos
IsZoomed
DrawFrameControl
DrawEdge
EnumDisplayMonitors
NotifyWinEvent
HideCaret
EnableScrollBar
MessageBeep
DrawFocusRect
GetNextDlgGroupItem
LockWindowUpdate
GetMenuDefaultItem
TrackMouseEvent
CharUpperW
SetParent
GetSystemMenu
UnionRect
SendDlgItemMessageA
CopyImage
RealChildWindowFromPoint
ShowOwnedPopups
ReuseDDElParam
UnpackDDElParam
SetRectEmpty
InsertMenuItemW
TranslateAcceleratorW
LoadAcceleratorsW
BringWindowToTop
DestroyMenu
MapVirtualKeyW
GetKeyNameTextW
MapDialogRect
GetAsyncKeyState
GetNextDlgTabItem
EndDialog
CreateDialogIndirectParamW
IsDialogMessageW
SetWindowTextW
SendDlgItemMessageW
CheckDlgButton
SetDlgItemTextW
GetDlgItemInt
SetDlgItemInt
WinHelpW
GetScrollInfo
SetScrollInfo
GetTopWindow
GetClassLongPtrW
EqualRect
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthW
GetWindowTextW
RemovePropW
GetPropW
SetPropW
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
RedrawWindow
SetActiveWindow
TrackPopupMenu
SetMenu
GetMenu
GetCapture
GetDlgItem
SetWindowPlacement
GetWindowPlacement
IsChild
GetClassInfoExW
GetClassInfoW
RegisterClassW
GetMessageTime
GetMenuCheckMarkDimensions
SetMenuItemBitmaps
CheckMenuItem
GetLastActivePopup
IsWindowEnabled
IntersectRect
InflateRect
FillRect
RemoveMenu
GetMenuState
GetMenuStringW
EnumWindows
GetSysColorBrush
IsWindow
GetIconInfo
CreateIconIndirect
LoadImageW
MonitorFromRect
MonitorFromPoint
SetMenuDefaultItem
ModifyMenuW
AppendMenuW
InsertMenuW
GetMenuItemID
CreatePopupMenu
SetFocus
PostQuitMessage
LoadMenuW
GetActiveWindow
RegisterWindowMessageW
wsprintfW
IsRectEmpty
TabbedTextOutW
GrayStringW
DrawTextExW
SystemParametersInfoW
DrawStateW
DrawTextW
GetMenuItemRect
SetMenuItemInfoW
GetMenuItemInfoW
DeleteMenu
GetMenuItemCount
IsMenu
GetMessagePos
GetMessageW
DrawIconEx
FindWindowExW
SetForegroundWindow
GetDlgCtrlID
IsIconic
InvalidateRect
DestroyCursor
LoadBitmapW
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
EnumChildWindows
PtInRect
OffsetRect
SetRect
InvertRect
SetCursor
GetWindowDC
ReleaseCapture
SetCapture
CallWindowProcW
DestroyIcon
ClientToScreen
GetSubMenu
EnableMenuItem
GetKeyState
GetFocus
IsClipboardFormatAvailable
EmptyClipboard
SetClipboardData
GetWindow
RegisterClipboardFormatW
GetTitleBarInfo
GetMonitorInfoW
MonitorFromWindow
LoadIconW
GetWindowThreadProcessId
FindWindowW
SetClassLongPtrW
WindowFromPoint
GetCursorPos
SetWindowRgn
GetForegroundWindow
GetSystemMetrics
SetWindowPos
SetLayeredWindowAttributes
DestroyWindow
EnumThreadWindows
FlashWindowEx
CopyRect
GetSysColor
EndPaint
BeginPaint
KillTimer
SetTimer
ScreenToClient
GetClipboardData
CloseClipboard
OpenClipboard
SetWindowLongPtrW
GetWindowLongPtrW
SetWindowLongW
GetWindowLongW
UpdateWindow
MoveWindow
ShowWindow
CreateWindowExW
MessageBoxW
MsgWaitForMultipleObjects
PeekMessageW
DispatchMessageW
TranslateMessage
UnregisterClassW
LoadCursorW
GetClassNameW
GetParent
GetDesktopWindow
GetWindowRect
GetClientRect
EnableWindow
IsWindowVisible
EndDeferWindowPos
DeferWindowPos
BeginDeferWindowPos
RegisterClassExW
DefWindowProcW
PostMessageW
SendMessageW
ReleaseDC
GetDC
ValidateRect

gdi32

CreateBitmap
CreateHatchBrush
ExcludeClipRect
MoveToEx
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
OffsetViewportOrgEx
OffsetWindowOrgEx
ScaleViewportExtEx
ScaleWindowExtEx
CreateRectRgnIndirect
SetRectRgn
DPtoLP
EnumFontFamiliesExW
CreatePalette
GetNearestPaletteIndex
GetPaletteEntries
GetSystemPaletteEntries
RealizePalette
CreateDIBitmap
EnumFontFamiliesW
GetTextCharsetInfo
CreateDCW
StretchBlt
CreateDIBSection
SetDIBColorTable
Polygon
Polyline
CreateRoundRectRgn
LPtoDP
GetRgnBox
OffsetRgn
ExtTextOutW
FillRgn
FrameRgn
GetBoundsRect
PtInRegion
ExtFloodFill
SetPaletteEntries
SetPixelV
GetWindowOrgEx
GetViewportOrgEx
GetTextFaceW
CopyMetaFileW
CreatePatternBrush
TextOutW
GetDeviceCaps
GetStockObject
GetTextExtentPoint32W
PatBlt
SelectObject
GetTextMetricsW
DeleteDC
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
GetBkColor
GetTextColor
CreateSolidBrush
DeleteObject
CreatePolygonRgn
CreateFontIndirectW
SetPixel
GetObjectW
CombineRgn
CreateEllipticRgn
CreateRectRgn
Ellipse
SetTextAlign
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
GetPixel
Rectangle
CreatePen
Escape
GetClipBox
GetCurrentObject
PtVisible
RectVisible
RoundRect
SetTextColor
ExtSelectClipRgn
SelectClipRgn
SaveDC
RestoreDC
LineTo
IntersectClipRect
GetWindowExtEx
GetViewportExtEx
GetObjectType

msimg32

TransparentBlt
AlphaBlend

comdlg32

GetOpenFileNameW
ChooseColorW

winspool.drv

OpenPrinterW
DocumentPropertiesW
ClosePrinter

advapi32

EnumServicesStatusW
OpenEventLogW
ReadEventLogW
GetUserNameW
RegCloseKey
RegEnumValueW
RegOpenKeyW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegQueryValueW
RegEnumKeyW
OpenSCManagerW
CloseEventLog
CloseServiceHandle
RegNotifyChangeKeyValue
RegEnumKeyExW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW

shell32

SHBrowseForFolderW
SHGetFileInfoW
ShellExecuteExW
Shell_NotifyIconW
DragQueryFileW
DragAcceptFiles
ord165
SHGetFolderPathW
ExtractIconExW
DragFinish
SHGetSpecialFolderLocation
SHFileOperationW
SHAppBarMessage
SHGetPathFromIDListW
ShellExecuteW
SHGetDesktopFolder

comctl32

_TrackMouseEvent
ImageList_Draw
ImageList_GetIcon
ImageList_GetImageCount
ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Remove
ImageList_GetIconSize
ImageList_GetImageInfo

shlwapi

PathFindExtensionW
PathStripToRootW
StrFormatKBSizeW
PathRemoveFileSpecW
PathIsUNCW
PathFindFileNameW
UrlEscapeW
PathFileExistsW

uxtheme

CloseThemeData
OpenThemeData
DrawThemeBackground
GetThemeSysColor
GetWindowTheme
GetCurrentThemeName
GetThemeColor
IsAppThemed
IsThemeBackgroundPartiallyTransparent
GetThemePartSize
DrawThemeText
DrawThemeParentBackground

ole32

OleDuplicateData
ReleaseStgMedium
CoUninitialize
CoCreateGuid
CoDisconnectObject
CoInitializeEx
CreateStreamOnHGlobal
DoDragDrop
OleGetClipboard
CoLockObjectExternal
RegisterDragDrop
RevokeDragDrop
OleLockRunning
CoTaskMemAlloc
CoInitialize
CoCreateInstance
GetRunningObjectTable
CreateClassMoniker
OleSetContainedObject
OleCreate
OleCreateMenuDescriptor
OleDestroyMenuDescriptor
OleTranslateAccelerator
IsAccelerator
CoTaskMemFree

oleaut32

VarBstrFromDate
VariantCopy
VariantTimeToSystemTime
SystemTimeToVariantTime
LoadTypeLi
VariantChangeType
SysAllocStringLen
SysAllocStringByteLen
SysStringLen
SysFreeString
VariantClear
VariantInit
SysAllocString

gdiplus

GdiplusShutdown
GdipAlloc
GdipFree
GdipLoadImageFromStream
GdipCloneImage
GdipImageGetFrameDimensionsList
GdipGetImageHeight
GdipDisposeImage
GdipGetImageWidth
GdipImageGetFrameDimensionsCount
GdipImageGetFrameCount
GdipImageSelectActiveFrame
GdipCreateHBITMAPFromBitmap
GdipSetInterpolationMode
GdipCreateBitmapFromHBITMAP
GdipDrawImageI
GdipBitmapUnlockBits
GdipBitmapLockBits
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipGetImagePaletteSize
GdipGetImagePalette
GdipGetImagePixelFormat
GdipGetImageGraphicsContext
GdiplusStartup
GdipDrawImageRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdipGetPropertyItem
GdipGetPropertyItemSize

ws2_32

ntohl

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

imm32

ImmReleaseContext
ImmGetContext
ImmGetOpenStatus

winmm

PlaySoundW

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 678KB - Virtual size: 678KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 32KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 100KB - Virtual size: 99KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 152KB - Virtual size: 151KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieCtrl.exe.sig
SbieDll.dll
.dll windows:6 windows x64 arch:x64

d2ecec1c646e70038494a19c6b41eb06

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

2a:7a:0d:67:04:b9:9c:25:7f:47:dc:93:5a:7c:ce:41:63:96:cb:21:63:c0:ca:27:bf:0d:0c:b3:9f:98:31:da
Signer

Actual PE Digest

2a:7a:0d:67:04:b9:9c:25:7f:47:dc:93:5a:7c:ce:41:63:96:cb:21:63:c0:ca:27:bf:0d:0c:b3:9f:98:31:da

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieDll.pdb

Imports

ntdll

RtlRestoreContext
NtSetInformationJobObject
NtAssignProcessToJobObject
NtOpenJobObject
NtCreateJobObject
RtlCaptureContext
NtUnmapViewOfSection
NtMapViewOfSection
RtlEqualSid
RtlGetGroupSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlCreateSecurityDescriptor
RtlAddAccessAllowedAceEx
RtlCreateAcl
NtAdjustPrivilegesToken
NtFilterToken
NtDuplicateObject
NtSetInformationToken
NtOpenThread
NtOpenProcess
RtlConvertSidToUnicodeString
RtlSetSaclSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtSetSecurityObject
NtQuerySecurityObject
RtlNtStatusToDosError
NtProtectVirtualMemory
NtLoadDriver
LdrQueryImageFileExecutionOptions
LdrQueryProcessModuleInformation
LdrUnloadDll
LdrLoadDll
NtYieldExecution
NtNotifyChangeMultipleKeys
NtNotifyChangeKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtSaveKey
NtLoadKey2
NtLoadKey
NtDeleteKey
NtSetInformationKey
NtQueryKey
NtImpersonateAnonymousToken
NtImpersonateThread
NtDuplicateToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenSection
NtCreateSection
NtOpenSemaphore
NtCreateSemaphore
NtOpenMutant
NtCreateMutant
NtOpenEvent
NtCreateEvent
NtCreateSymbolicLinkObject
NtImpersonateClientOfPort
NtSecureConnectPort
NtCreatePort
NtQueryDirectoryObject
NtCreateDirectoryObject
RtlUnicodeStringToAnsiString
NtOpenProcessToken
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitString
NtQueryInformationProcess
NtSetInformationThread
RtlSetThreadErrorMode
RtlGetFullPathName_U
RtlSetCurrentDirectory_U
RtlGetCurrentDirectory_U
NtNotifyChangeDirectoryFile
NtWaitForSingleObject
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlCompareUnicodeString
NtQuerySystemInformation
NtSetInformationProcess
NtQueryVolumeInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
NtDeviceIoControlFile
NtWriteFile
NtReadFile
NtDeleteFile
NtSetInformationFile
NtQueryFullAttributesFile
NtQueryAttributesFile
NtQueryInformationFile
NtQueryDirectoryFile
NtOpenFile
NtCreateFile
NtOpenDirectoryObject
NtQueryObject
NtAllocateVirtualMemory
LdrGetProcedureAddress
NtDeleteValueKey
NtSetValueKey
NtEnumerateKey
NtCreateKey
NtOpenKey
NtQueryValueKey
RtlInitUnicodeString
NtRequestWaitReplyPort
NtRegisterThreadTerminatePort
NtConnectPort
NtClose
NtQueryVirtualMemory
NtReadVirtualMemory
_strlwr
__C_specific_handler
memcpy
memset
_wcsicmp
__chkstk
_wcsnicmp
towlower
wcsstr
wcschr
_itow
memmove
wcscpy_s
wcsncpy
_wcslwr
wcstol
_wtoi
wcsncmp
memcmp
wcsrchr
_ultow
wcstoul
_wtoi64
strchr
strncmp
wcsncpy_s
tolower
iswctype
strstr
_strnicmp

kernel32

GlobalFree
SetLocaleInfoW
SetLocaleInfoA
PostQueuedCompletionStatus
EnumResourceNamesW
FormatMessageW
LoadLibraryExW
GetVersionExW
GetLongPathNameW
GetFullPathNameW
WinExec
OpenProcess
CreateProcessA
TerminateProcess
QueueUserWorkItem
CreateFileA
SizeofResource
WriteProcessMemory
ReadProcessMemory
VirtualAllocEx
DuplicateHandle
GetProcessId
MapViewOfFile
OpenFileMappingW
CreateFileMappingW
GetWindowsDirectoryW
HeapDestroy
HeapCreate
SetThreadPriority
GetExitCodeProcess
OpenEventW
DeleteCriticalSection
RaiseException
GlobalAddAtomW
SetThreadExecutionState
UnmapViewOfFile
MapViewOfFileEx
GetThreadTimes
SleepEx
GetTickCount64
FindResourceA
FindResourceW
LockResource
LoadResource
GlobalLock
GlobalUnlock
GlobalSize
GetConsoleWindow
SetConsoleTitleW
SetConsoleTitleA
GetConsoleTitleW
GetConsoleTitleA
AllocConsole
GetStartupInfoW
OpenThread
WaitForMultipleObjects
WideCharToMultiByte
GetSystemInfo
GetSystemWindowsDirectoryW
ReplaceFileW
MoveFileWithProgressW
MoveFileExW
GetPrivateProfileStringW
GetTickCount
QueueUserAPC
OpenMutexW
CreateMutexW
ReleaseMutex
TryEnterCriticalSection
GetFileSizeEx
GetFileAttributesW
DeleteFileW
CreateDirectoryW
GetEnvironmentVariableW
GetEnvironmentStringsW
QueryPerformanceFrequency
QueryPerformanceCounter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TlsSetValue
TlsGetValue
TlsAlloc
GetModuleHandleA
ProcessIdToSessionId
GetCurrentProcessId
SetEvent
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
Sleep
OutputDebugStringW
IsDebuggerPresent
GetModuleFileNameW
CreateProcessW
CreateThread
ExitProcess
SetEnvironmentVariableW
GetCommandLineW
LocalFree
LocalAlloc
GetSystemTimeAsFileTime
LoadLibraryW
GetModuleHandleW
FreeLibrary
ExpandEnvironmentStringsW
CreateEventW
WaitForSingleObject
GlobalAlloc
GetProcAddress
CloseHandle
SetFilePointerEx
ReadFile
CreateFileW
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetCurrentProcess
GetCurrentThread
GetCurrentThreadId
SuspendThread
ResumeThread
GetThreadContext
SetThreadContext
FlushInstructionCache
VirtualAlloc
VirtualProtect
VirtualFree
VirtualQuery
VirtualProtectEx
VirtualQueryEx
SetLastError

Exports

Exports

File_GetName
Key_GetName
SbieApi_Call
SbieApi_CheckInternetAccess
SbieApi_DisableForceProcess
SbieApi_EnumBoxes
SbieApi_EnumBoxesEx
SbieApi_EnumProcessEx
SbieApi_GetBlockedDll
SbieApi_GetFileName
SbieApi_GetHomePath
SbieApi_GetMessage
SbieApi_GetUnmountHive
SbieApi_GetVersion
SbieApi_GetVersionEx
SbieApi_HookTramp
SbieApi_Ioctl
SbieApi_IsBoxEnabled
SbieApi_Log
SbieApi_LogEx
SbieApi_LogMsgEx
SbieApi_LogMsgExt
SbieApi_MonitorControl
SbieApi_MonitorGetEx
SbieApi_MonitorPut
SbieApi_MonitorPut2
SbieApi_MonitorPut2Ex
SbieApi_MonitorPutMsg
SbieApi_OpenProcess
SbieApi_ProcessExemptionControl
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryConfBool
SbieApi_QueryConfNumber
SbieApi_QueryPathList
SbieApi_QueryProcess
SbieApi_QueryProcessEx
SbieApi_QueryProcessEx2
SbieApi_QueryProcessInfo
SbieApi_QueryProcessInfoEx
SbieApi_QueryProcessInfoStr
SbieApi_QueryProcessPath
SbieApi_ReloadConf
SbieApi_SessionLeader
SbieApi_SetUserName
SbieApi_vLogEx
SbieDll_AssocQueryCommand
SbieDll_AssocQueryProgram
SbieDll_CallServer
SbieDll_CallServerQueue
SbieDll_CheckPatternInList
SbieDll_CheckProcessLocalSystem
SbieDll_CheckStringInList
SbieDll_CheckStringInListA
SbieDll_ComCreateProxy
SbieDll_ComCreateStub
SbieDll_DeviceChange
SbieDll_DisableCHPE
SbieDll_DisableElevationHook
SbieDll_ExpandAndRunProgram
SbieDll_FindArgumentEnd
SbieDll_FormatMessage
SbieDll_FormatMessage0
SbieDll_FormatMessage1
SbieDll_FormatMessage2
SbieDll_FreeMem
SbieDll_GetBorderColor
SbieDll_GetDrivePath
SbieDll_GetHandlePath
SbieDll_GetLanguage
SbieDll_GetPublicSD
SbieDll_GetServiceRegistryValue
SbieDll_GetSettingsForName
SbieDll_GetSettingsForName_bool
SbieDll_GetStartError
SbieDll_GetStringForStringList
SbieDll_GetSysFunction
SbieDll_GetTokenElevationType
SbieDll_GetUserPathEx
SbieDll_Hook
SbieDll_HookInit
SbieDll_InitPStore
SbieDll_InjectLow
SbieDll_InjectLow_InitHelper
SbieDll_InjectLow_InitSyscalls
SbieDll_InjectLow_SendHandle
SbieDll_IsBoxedService
SbieDll_IsDirectory
SbieDll_IsDllSkipHook
SbieDll_IsOpenCOM
SbieDll_IsOpenClsid
SbieDll_IsReservedFileName
SbieDll_KillAll
SbieDll_KillOne
SbieDll_MatchImage
SbieDll_Mount
SbieDll_OpenProcess
SbieDll_PortName
SbieDll_QueryConf
SbieDll_QueryFileAttributes
SbieDll_QueueCreate
SbieDll_QueueGetReq
SbieDll_QueueGetRpl
SbieDll_QueuePutReq
SbieDll_QueuePutRpl
SbieDll_RegisterDllCallback
SbieDll_RunFromHome
SbieDll_RunSandboxed
SbieDll_RunStartExe
SbieDll_SetFakeAdmin
SbieDll_StartBoxedService
SbieDll_StartCOM
SbieDll_StartSbieSvc
SbieDll_TraceModule
SbieDll_TranslateNtToDosPath
SbieDll_UnHookModule
SbieDll_Unmount
SbieDll_UpdateConf
Sbie_snprintf
Sbie_snwprintf

Sections

.text
Size: 608KB - Virtual size: 608KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 29KB - Virtual size: 29KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.idata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.detourd
Size: 512B - Virtual size: 284B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.detourc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieDrv.sys
.sys windows:10 windows x64 arch:x64

4effc10da76e009329b1d268599721cc

Code Sign

33:00:00:00:69:9d:42:c9:76:75:b5:08:82:00:00:00:00:00:69
Certificate

Issuer

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

11/01/2024, 20:09

Not After

10/01/2025, 20:09

Subject

CN=Microsoft Windows Hardware Compatibility Publisher,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

33:00:00:00:0d:69:0d:5d:78:93:d0:76:df:00:00:00:00:00:0d
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/10/2014, 20:31

Not After

15/10/2029, 20:41

Subject

CN=Microsoft Windows Third Party Component CA 2014,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7a:c9:62:ef:2b:05:8f:aa:2e:ae:fe:19:4e:1a:d2:35:62:6f:d9:93:25:b6:13:d6:09:61:66:99:67:b3:f3:66
Signer

Actual PE Digest

7a:c9:62:ef:2b:05:8f:aa:2e:ae:fe:19:4e:1a:d2:35:62:6f:d9:93:25:b6:13:d6:09:61:66:99:67:b3:f3:66

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieDrv.pdb

Imports

ntoskrnl.exe

KeSetEvent
KeWaitForSingleObject
IoGetCurrentProcess
RtlConvertSidToUnicodeString
SeQueryInformationToken
PsReferencePrimaryToken
PsDereferencePrimaryToken
ZwCreateFile
ZwQueryInformationFile
ZwClose
ZwCreateSection
ZwMapViewOfSection
ZwUnmapViewOfSection
wcsrchr
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
RtlGetVersion
KeDelayExecutionThread
PsGetVersion
ZwOpenKey
ZwQueryValueKey
RtlCreateAcl
RtlAddAce
RtlAddAccessAllowedAceEx
RtlSetSaclSecurityDescriptor
DbgPrint
ZwSetInformationFile
ZwWriteFile
IoCreateFileSpecifyDeviceObjectHint
NtClose
ObOpenObjectByPointer
IoFileObjectType
ZwOpenSymbolicLinkObject
ZwQuerySymbolicLinkObject
PsGetProcessWin32WindowStation
ExWindowStationObjectType
MmProbeAndLockPages
MmProtectMdlSystemAddress
MmMapLockedPagesSpecifyCache
IoAllocateMdl
IoIs32bitProcess
ZwWaitForSingleObject
ZwUnloadKey
wcsncpy_s
_wcslwr
KeBugCheckEx
ExInitializeResourceLite
ExDeleteResourceLite
IoCreateFile
ZwReadFile
wcstoul
_wtoi
KeEnterCriticalRegion
KeLeaveCriticalRegion
ZwCreateDirectoryObject
SeSinglePrivilegeCheck
PsGetCurrentThreadId
PsGetProcessId
ZwDuplicateObject
ZwOpenDirectoryObject
ZwSetSecurityObject
ZwCreateSymbolicLinkObject
wcscmp
PsProcessType
PsLookupProcessByProcessId
ObReferenceObjectByName
ZwQueryDirectoryObject
wcsstr
LpcPortObjectType
MmGetSystemRoutineAddress
ZwCreateKey
ZwSetValueKey
ObQueryNameString
KeInitializeEvent
ZwSetInformationToken
ZwLoadKey
ObOpenObjectByName
IoAllocateErrorLogEntry
IoWriteErrorLogEntry
PsGetThreadProcessId
PsGetThreadProcess
PsThreadType
RtlInt64ToUnicodeString
PsSetCreateProcessNotifyRoutineEx
PsSetLoadImageNotifyRoutine
PsRemoveLoadImageNotifyRoutine
PsGetProcessCreateTimeQuadPart
PsSetThreadHardErrorsAreDisabled
_ultow_s
SeQuerySessionIdToken
PsDereferenceImpersonationToken
PsReferenceImpersonationToken
PsGetProcessSessionId
SeTokenObjectType
KeStackAttachProcess
KeUnstackDetachProcess
PsGetProcessPeb
ZwOpenProcess
RtlLengthSid
ZwQueryInformationProcess
PsCreateSystemThread
PsTerminateSystemThread
ZwTerminateProcess
PsGetProcessJob
SeTokenIsAdmin
ZwQueryInformationToken
MmIsAddressValid
NtDeviceIoControlFile
PsImpersonateClient
ZwQuerySystemInformation
strcmp
PsSetCreateThreadNotifyRoutine
PsRemoveCreateThreadNotifyRoutine
PsGetThreadId
SeTokenType
ZwDuplicateToken
ZwOpenThreadToken
ZwOpenProcessToken
SeTokenImpersonationLevel
PsGetProcessExitProcessCalled
ZwDeviceIoControlFile
RtlEqualSid
RtlAddAccessAllowedAce
ZwSetInformationProcess
_stricmp
RtlQueryRegistryValues
RtlWalkFrameChain
PsGetProcessImageFileName
PsIsProtectedProcess
strchr
RtlUnicodeToUTF8N
RtlTimeFieldsToTime
ExSystemTimeToLocalTime
SeLocateProcessImageName
_wtol
KeAcquireSpinLockRaiseToDpc
KeReleaseSpinLock
RtlUnicodeToMultiByteN
__C_specific_handler
LpcRequestPort
SeFilterToken
PsGetCurrentProcessId
ObfDereferenceObject
ObfReferenceObject
ObReferenceObjectByHandle
IoDeleteDevice
IoCreateDevice
towlower
_itow
ZwYieldExecution
ExAcquireResourceSharedLite
RtlUnicodeStringToInteger
_wcsnicmp
_wcsicmp
RtlFreeUnicodeString
RtlCompareUnicodeString
ZwOpenProcessTokenEx
wcschr
IofCompleteRequest
ExGetPreviousMode
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
ProbeForWrite
ExRaiseStatus
ProbeForRead
ExFreePoolWithTag
ExAllocatePoolWithTag
KeGetCurrentIrql
RtlInitUnicodeString
wcsncpy
CmUnRegisterCallback
wcsncmp
RtlAnsiCharToUnicodeChar

hal

KeQueryPerformanceCounter

fltmgr.sys

FltRegisterFilter
FltUnregisterFilter
FltStartFiltering
FltSetCallbackDataDirty
FltGetFileNameInformation
FltReleaseFileNameInformation

ksecdd.sys

BCryptDestroyHash
BCryptFinishHash
BCryptHashData
BCryptCreateHash
BCryptVerifySignature
BCryptDestroyKey
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptOpenAlgorithmProvider

fwpkclnt.sys

FwpmBfeStateSubscribeChanges0
FwpmBfeStateUnsubscribeChanges0
FwpsCalloutUnregisterById0
FwpsCalloutRegister1
FwpmEngineOpen0
FwpmEngineClose0
FwpmTransactionBegin0
FwpmTransactionCommit0
FwpmTransactionAbort0
FwpmSubLayerAdd0
FwpmCalloutAdd0
FwpmBfeStateGet0
FwpmFilterAdd0

Sections

.text
Size: 174KB - Virtual size: 174KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INITDATA
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 21KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 304B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieIni.exe
.exe windows:6 windows x64 arch:x64

f120a1a2d28dc899649e3f5421c103fb

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:3f:42:e3:a4:7a:ee:6d:96:be:ce:0c:a2:fc:67:f5:a6:85:cd:b5:55:ef:1a:fe:6e:85:34:6d:f3:6c:ff:4d
Signer

Actual PE Digest

38:3f:42:e3:a4:7a:ee:6d:96:be:ce:0c:a2:fc:67:f5:a6:85:cd:b5:55:ef:1a:fe:6e:85:34:6d:f3:6c:ff:4d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieIni.pdb

Imports

sbiedll

SbieDll_UpdateConf
SbieApi_QueryConf
SbieDll_TranslateNtToDosPath
SbieApi_EnumBoxesEx
SbieApi_IsBoxEnabled

kernel32

TerminateProcess
WriteConsoleW
CreateFileW
CloseHandle
GetCommandLineW
HeapAlloc
GetProcessHeap
ExitProcess
HeapReAlloc
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
GetModuleHandleW
RtlUnwindEx
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
GetCurrentProcess
GetModuleHandleExW
GetCommandLineA
HeapFree
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
CompareStringW
LCMapStringW
GetFileType
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize

Sections

.text
Size: 80KB - Virtual size: 79KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieMsg.dll
.dll windows:6 windows x64 arch:x64

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

22:5b:e2:fb:45:96:ed:66:ef:4a:23:61:c0:b2:e9:e8:1b:59:bc:2a:ef:96:f6:97:9c:fb:34:86:0b:66:92:1d
Signer

Actual PE Digest

22:5b:e2:fb:45:96:ed:66:ef:4a:23:61:c0:b2:e9:e8:1b:59:bc:2a:ef:96:f6:97:9c:fb:34:86:0b:66:92:1d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieMsg.pdb

Sections

.rdata
Size: 512B - Virtual size: 328B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 3.1MB - Virtual size: 3.1MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SbieSvc.exe
.exe windows:6 windows x64 arch:x64

c1045676a7ff089f27ceb12289c18acc

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a3:a2:f7:a8:39:2c:e3:50:d1:e6:23:f7:1d:8e:3b:40:f3:0d:9e:a7:b2:60:3d:61:3d:59:05:18:bf:51:cb:3f
Signer

Actual PE Digest

a3:a2:f7:a8:39:2c:e3:50:d1:e6:23:f7:1d:8e:3b:40:f3:0d:9e:a7:b2:60:3d:61:3d:59:05:18:bf:51:cb:3f

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SbieSvc.pdb

Imports

sbiedll

SbieApi_EnumProcessEx
SbieApi_QueryProcessPath
SbieApi_QueryProcessInfo
SbieApi_QueryProcessEx2
SbieApi_GetMessage
SbieApi_GetVersionEx
SbieApi_Call
SbieDll_RunSandboxed
SbieApi_IsBoxEnabled
SbieDll_IsOpenClsid
SbieDll_ComCreateStub
SbieDll_RunFromHome
SbieApi_QueryConfBool
SbieApi_SetUserName
SbieApi_GetUnmountHive
SbieDll_RunStartExe
SbieApi_QueryProcess
SbieDll_GetServiceRegistryValue
SbieDll_FormatMessage2
SbieDll_PortName
SbieDll_InjectLow_InitHelper
SbieDll_InjectLow_InitSyscalls
SbieDll_InjectLow
SbieDll_GetStringForStringList
SbieApi_GetHomePath
SbieApi_QueryPathList
SbieDll_KillOne
SbieDll_FreeMem
SbieDll_QueueCreate
SbieDll_QueueGetReq
SbieDll_QueuePutRpl
SbieApi_CheckInternetAccess
SbieDll_GetSettingsForName_bool
SbieDll_DisableCHPE
SbieApi_LogMsgExt
SbieApi_QueryConfNumber
SbieDll_GetPublicSD
SbieApi_EnumBoxesEx
SbieDll_CheckStringInList
SbieDll_CheckPatternInList
SbieApi_SessionLeader
SbieApi_ReloadConf
SbieDll_FindArgumentEnd
SbieApi_OpenProcess
SbieDll_GetLanguage
SbieDll_FormatMessage0
SbieApi_QueryConf
SbieDll_TranslateNtToDosPath
SbieApi_LogEx
SbieApi_Log

ntdll

NtSetInformationFile
NtReadFile
NtWriteFile
NtCreateFile
NtQueryKey
RtlSetDaclSecurityDescriptor
RtlCreateVirtualAccountSid
NtLoadDriver
RtlInitUnicodeString
NtReplyWaitReceivePort
NtRequestPort
NtCreatePort
NtUnloadKey
NtOpenKey
NtClose
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlPcToFileHeader
RtlUnwindEx
NtDuplicateObject
NtOpenProcess
NtResumeProcess
NtSuspendProcess
NtGetNextThread
NtAdjustPrivilegesToken
NtReadVirtualMemory
NtQueryInformationThread
NtSetInformationProcess
NtOpenDirectoryObject
NtImpersonateClientOfPort
NtCompleteConnectPort
NtAcceptConnectPort
NtRequestWaitReplyPort
NtConnectPort
RtlNtStatusToDosError
NtOpenFile
NtDeleteFile
NtQueryObject
NtFilterToken
NtDuplicateToken
NtQueryInformationToken
NtOpenThreadToken
NtOpenProcessToken
NtSetInformationThread
NtAllocateVirtualMemory
RtlInitializeSid
RtlSubAuthoritySid
NtSetInformationToken
NtQueryInformationProcess
RtlCreateSecurityDescriptor
NtLoadKey
NtQuerySystemInformation

kernel32

FlsAlloc
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
GetFileType
GetStringTypeW
GetStdHandle
GetModuleHandleExW
LoadLibraryExW
FreeLibrary
TlsFree
EncodePointer
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
IsProcessorFeaturePresent
GetStartupInfoW
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
FlsSetValue
CloseHandle
GetLastError
HeapCreate
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
DeleteCriticalSection
SetEvent
FlsFree
CreateMutexW
OpenMutexW
CreateEventW
OpenEventW
Sleep
WaitForMultipleObjects
ExitProcess
TerminateProcess
CreateThread
GetCurrentThread
GetTickCount
CreateFileMappingW
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GlobalAlloc
GlobalUnlock
GlobalLock
GlobalFree
LocalFree
GetEnvironmentVariableW
SetCurrentDirectoryW
GetFullPathNameW
GetPrivateProfileStringW
CreateFileW
SetFilePointer
WriteFile
SetLastError
DeviceIoControl
GetProcessTimes
GetCurrentProcess
GetCurrentProcessId
SetThreadPriority
TerminateThread
OpenProcess
GetLocalTime
GetVersionExW
VirtualAlloc
VirtualFree
LocalAlloc
GetSystemWindowsDirectoryW
DuplicateHandle
ResetEvent
QueueUserAPC
GetCurrentThreadId
OpenThread
ProcessIdToSessionId
IsProcessInJob
CreateJobObjectW
AssignProcessToJobObject
TerminateJobObject
SetInformationJobObject
QueryInformationJobObject
GetModuleHandleW
GetProcAddress
LoadLibraryW
GlobalSize
RegisterWaitForSingleObject
UnregisterWait
AllocConsole
GetConsoleWindow
GetConsoleProcessList
GetFileSizeEx
OutputDebugStringW
RaiseException
InitializeCriticalSectionAndSpinCount
GetCommandLineW
GetSystemInfo
GetFinalPathNameByHandleW
DefineDosDeviceW
GetLogicalDrives
GetCompressedFileSizeW
GetExitCodeProcess
CreateProcessW
CancelIo
TlsAlloc
TlsGetValue
TlsSetValue
SuspendThread
ResumeThread
WriteProcessMemory
IsWow64Process
GetModuleFileNameW
QueryFullProcessImageNameW
QueueUserWorkItem
DeleteFileW
GetFileAttributesW
ReadFile
SetEndOfFile
SetFileAttributesW
GetWindowsDirectoryW
CopyFileW
MultiByteToWideChar
WideCharToMultiByte
ReadProcessMemory
MulDiv
LCMapStringW
SetStdHandle
SetFilePointerEx
HeapSize
HeapReAlloc
FlushFileBuffers
GetConsoleOutputCP
GetConsoleMode
WriteConsoleW
FlsGetValue
WaitForSingleObject

user32

EndPaint
SendNotifyMessageW
SendNotifyMessageA
SendMessageTimeoutW
SendMessageW
SendMessageA
GetProcessWindowStation
SetProcessWindowStation
CreateWindowStationW
BeginPaint
SetThreadDesktop
CreateDesktopW
EmptyClipboard
SetClipboardData
CloseClipboard
OpenClipboard
SetTimer
DispatchMessageW
GetMessageW
wsprintfW
ShowWindow
RegisterClassExW
GetMonitorInfoW
PackDDElParam
GetRawInputDeviceInfoW
GetRawInputDeviceInfoA
UserHandleGrantAccess
GetWindowInfo
MonitorFromWindow
ChangeDisplaySettingsExW
ChangeDisplaySettingsExA
GetIconInfo
GetWindow
GetWindowThreadProcessId
GetClassNameW
GetClassNameA
EnumThreadWindows
EnumWindows
GetShellWindow
FindWindowExW
FindWindowExA
FindWindowW
FindWindowA
EnumChildWindows
GetParent
GetDesktopWindow
GetClassLongPtrW
GetClassLongPtrA
GetClassLongW
GetClassLongA
GetWindowLongPtrW
GetWindowLongPtrA
GetWindowLongW
GetWindowLongA
ClipCursor
MapWindowPoints
ScreenToClient
ClientToScreen
SetCursorPos
GetWindowRect
GetClientRect
GetPropW
GetPropA
SetPropW
ReleaseDC
GetDC
SetForegroundWindow
IsWindowEnabled
IsWindowUnicode
KillTimer
EnumClipboardFormats
GetClipboardData
GetClipboardSequenceNumber
IsZoomed
IsIconic
IsWindowVisible
SetWindowPos
DestroyWindow
IsWindow
CreateWindowExW
RegisterClassW
DefWindowProcW
PostMessageW
GetThreadDesktop
PostMessageA

advapi32

CreateProcessAsUserW
QueryServiceStatusEx
OpenServiceW
OpenSCManagerW
CloseServiceHandle
LsaManageSidNameMapping
LsaFreeMemory
LookupAccountNameW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertStringSidToSidW
RegQueryValueExW
RegOpenKeyExW
RegCloseKey
LookupPrivilegeValueW
LookupAccountSidW
OpenThreadToken
GetTokenInformation
GetSecurityInfo
AccessCheck
QueryServiceConfig2W
QueryServiceConfigW
EnumServicesStatusW
CryptDestroyHash
CryptHashData
CryptCreateHash
CryptGetHashParam
CryptReleaseContext
CryptAcquireContextW
FreeSid
CheckTokenMembership
AllocateAndInitializeSid
GetLengthSid
EqualSid
DuplicateToken
AddAccessAllowedAce
SetThreadToken
RevertToSelf
StartServiceCtrlDispatcherW
SetServiceStatus
RegisterServiceCtrlHandlerExW
ReportEventW
OpenEventLogW
StartServiceW
EnumServicesStatusExW
ControlService
SetSecurityInfo
SetTokenInformation
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSecurityDescriptorSacl
RegOpenCurrentUser
DuplicateTokenEx
OpenProcessToken
AdjustTokenPrivileges
RegOpenUserClassesRoot

psapi

GetModuleBaseNameW
GetProcessMemoryInfo
GetModuleFileNameExW
EnumProcessModules

ole32

CoInitializeEx
CoGetClassObject
CoMarshalInterface
CoUnmarshalInterface
CoInitializeSecurity
CoQueryProxyBlanket
CoSetProxyBlanket
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemFree
CoGetObject
CoRegisterClassObject
CoRevokeClassObject
CoInitialize
CoCopyProxy

crypt32

CryptUnprotectData
CryptProtectData

userenv

CreateEnvironmentBlock
DestroyEnvironmentBlock

gdi32

CreateSolidBrush
SelectObject
TextOutW
SetTextColor
SetBkColor
CreateFontW
GetDeviceCaps
GetMetaFileBitsEx
GetDIBits
DeleteDC
CreateCompatibleDC
GetEnhMetaFileBits

netapi32

NetUseAdd

wtsapi32

WTSQueryUserToken

rpcrt4

UuidFromStringW
RpcStringFreeW
RpcBindingToStringBindingW
RpcMgmtEpEltInqNextW
RpcMgmtEpEltInqBegin
RpcMgmtEpEltInqDone

bcrypt

BCryptCreateHash
BCryptVerifySignature
BCryptHashData
BCryptImportKeyPair
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptOpenAlgorithmProvider
BCryptFinishHash
BCryptDestroyHash
BCryptDestroyKey

Sections

.text
Size: 283KB - Virtual size: 283KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 84KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieSvc.exe.sig
SboxHostDll.dll
.dll windows:6 windows x64 arch:x64

2c0f64a1270ea0aebe3f33b34754c5f1

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9b:91:36:fd:bf:1d:b8:30:b5:2f:73:55:92:44:ea:15:ef:0d:9b:a7:79:24:79:f2:5d:62:52:6d:1f:1e:25:b0
Signer

Actual PE Digest

9b:91:36:fd:bf:1d:b8:30:b5:2f:73:55:92:44:ea:15:ef:0d:9b:a7:79:24:79:f2:5d:62:52:6d:1f:1e:25:b0

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\SboxHostDll.pdb

Imports

sbiedll

SbieApi_QueryProcessInfo
SbieDll_Hook

psapi

EnumProcesses

kernel32

GetModuleHandleW
CreateMutexW
CloseHandle
GetProcessId
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
GetLastError
lstrcmpiW
GetModuleFileNameW
OpenProcess
GetProcAddress
InitializeCriticalSectionAndSpinCount
RaiseException
DeleteCriticalSection
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
SetFilePointerEx
GetConsoleMode
CreateFileW
WriteConsoleW
LocalFree
SetLastError
GetConsoleOutputCP
WriteFile
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
InterlockedFlushSList
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
GetCurrentProcess
TerminateProcess
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualQuery
ExitProcess
GetModuleHandleExW
FlsAlloc
FlsGetValue
FlsSetValue
FlsFree
LCMapStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStdHandle
GetFileType
GetStringTypeW
SetStdHandle
FlushFileBuffers

advapi32

GetTokenInformation
IsValidSid
GetLengthSid
CopySid
ConvertSidToStringSidW

userenv

UnloadUserProfile

Exports

Exports

InjectDllMain

Sections

.text
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 43KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Start.exe
.exe windows:6 windows x64 arch:x64

a11676e388daa2d38630e540f94b14fa

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

fa:da:c5:3c:46:6a:e3:5e:fd:b0:10:96:20:05:7a:50:f5:e6:78:1f:29:5a:5a:be:5b:dd:99:02:24:a6:b4:cb
Signer

Actual PE Digest

fa:da:c5:3c:46:6a:e3:5e:fd:b0:10:96:20:05:7a:50:f5:e6:78:1f:29:5a:5a:be:5b:dd:99:02:24:a6:b4:cb

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\Sandboxie\Bin\x64\SbieRelease\Start.pdb

Imports

ntdll

RtlVirtualUnwind
RtlCaptureContext
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
NtTerminateThread
NtTerminateProcess
NtOpenKey
RtlNtStatusToDosError
RtlInitUnicodeString
NtSetInformationFile
NtQueryInformationFile
NtCreateFile
NtClose

user32

GetWindowRect
GetClientRect
SetWindowTextW
SetForegroundWindow
KillTimer
LoadImageW
SetTimer
SetDlgItemTextW
GetDlgItem
EndDialog
SendMessageW
CallWindowProcW
CreateWindowExW
DestroyWindow
SendDlgItemMessageW
SetFocus
EnableWindow
GetSystemMetrics
AllowSetForegroundWindow
SetPropW
GetPropW
MessageBoxW
ClientToScreen
GetWindowLongPtrW
ScreenToClient
wsprintfW
ExitWindowsEx
DestroyIcon
DefWindowProcW
RegisterClassW
CreateMenu
CreatePopupMenu
DestroyMenu
GetMenuItemCount
TrackPopupMenu
GetMenuInfo
SetMenuInfo
InsertMenuItemW
GetDC
GetSysColorBrush
DrawIconEx
IsWindowEnabled
GetWindowTextW
MapWindowPoints
GetWindowLongW
SetWindowLongW
GetMessageW
PostThreadMessageW
GetAsyncKeyState
SetWindowLongPtrW
GetDesktopWindow
DialogBoxParamW
SetWindowPos
MoveWindow
ShowWindow
DialogBoxIndirectParamW

shell32

SHBindToParent
ShellExecuteW
ExtractAssociatedIconW
ExtractIconW
ExtractIconExW
SHGetSpecialFolderPathW
SHGetFolderPathW
ShellExecuteExW

shlwapi

SHAutoComplete
PathFileExistsW
AssocQueryStringW
StrStrIW

kernel32

LockResource
SizeofResource
FindResourceW
GlobalAlloc
GlobalUnlock
GlobalLock
GetCommandLineA
GetEnvironmentStringsW
FreeEnvironmentStringsW
LoadResource
GlobalFree
QueryPerformanceCounter
InitializeSListHead
FormatMessageW
WriteConsoleW
HeapSize
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
SetStdHandle
GetStringTypeW
SetFilePointerEx
MultiByteToWideChar
WideCharToMultiByte
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
GetModuleHandleExW
LCMapStringW
FlsFree
FlsSetValue
FlsGetValue
FlsAlloc
GetFileType
GetFileAttributesExW
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
InitializeCriticalSectionAndSpinCount
EncodePointer
RaiseException
LoadLibraryW
GetProcAddress
GetVersionExW
GetCurrentThreadId
GetLastError
HeapAlloc
HeapFree
GetProcessHeap
GetTickCount
GetModuleHandleW
LocalFree
GetCurrentProcessId
GetStartupInfoW
ExpandEnvironmentStringsW
FindClose
FindFirstFileW
FindNextFileW
RemoveDirectoryW
CloseHandle
SetLastError
HeapCreate
HeapDestroy
WaitForSingleObject
CreateEventW
Sleep
ExitProcess
GetExitCodeProcess
CreateThread
CreateProcessW
ProcessIdToSessionId
GetSystemTimeAsFileTime
GetModuleFileNameW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetFileAttributesW
GetFullPathNameW
GetSystemWindowsDirectoryW
CreateFileW
GetLogicalDrives
HeapReAlloc
OpenFileMappingW
MapViewOfFile
UnmapViewOfFile
GetStdHandle
GetCommandLineW
SetCurrentDirectoryW
GetCurrentDirectoryW
WriteFile
FindFirstFileExW

gdi32

CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
SelectObject

sbiedll

SbieApi_QueryConf
File_GetName
Key_GetName
SbieDll_SetFakeAdmin
SbieDll_StartCOM
SbieDll_CallServer
SbieDll_RunSandboxed
SbieDll_FormatMessage
SbieDll_GetTokenElevationType
SbieDll_Unmount
SbieDll_Mount
SbieDll_KillAll
SbieDll_GetLanguage
SbieDll_GetStartError
SbieDll_StartSbieSvc
SbieDll_RunStartExe
SbieDll_GetSysFunction
SbieApi_IsBoxEnabled
SbieApi_ReloadConf
SbieApi_DisableForceProcess
SbieApi_GetHomePath
SbieDll_InitPStore
SbieApi_QueryProcessInfo
SbieDll_GetHandlePath
SbieDll_IsDirectory
SbieDll_IsReservedFileName
SbieDll_TranslateNtToDosPath
SbieApi_EnumBoxes
SbieApi_EnumProcessEx
SbieApi_QueryBoxPath
SbieApi_QueryProcess
SbieDll_FreeMem
SbieDll_CallServerQueue
SbieDll_FormatMessage1
SbieDll_FormatMessage0
SbieApi_QueryConfBool
SbieApi_Call
SbieApi_EnumBoxesEx

ole32

CoTaskMemFree
CoCreateInstance
CoInitialize
CreateStreamOnHGlobal

advapi32

RegEnumValueW

comctl32

InitCommonControlsEx

comdlg32

GetOpenFileNameW

gdiplus

GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream
GdiplusStartup

Sections

.text
Size: 151KB - Virtual size: 150KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 244B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 94KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Start.exe.sig
Templates.ini
UpdUtil.exe
.exe windows:6 windows x64 arch:x64

3792137109807bfef8745bcbd54f161a

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

Issuer

CN=GlobalSign Code Signing Root R45,O=GlobalSign nv-sa,C=BE

Not Before

28/07/2020, 00:00

Not After

28/07/2030, 00:00

Subject

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

Issuer

CN=GlobalSign GCC R45 EV CodeSigning CA 2020,O=GlobalSign nv-sa,C=BE

Not Before

31/10/2023, 15:56

Not After

30/11/2026, 15:56

Subject

SERIALNUMBER=475036h,CN=Tonalio GmbH,O=Tonalio GmbH,STREET=Badner Strasse 8,L=Bad Voeslau,ST=Niederösterreich,C=AT,1.2.840.113549.1.9.1=#0c106365727440746f6e616c696f2e636f6d,1.3.6.1.4.1.311.60.2.1.1=#130f5769656e6572204e65757374616474,1.3.6.1.4.1.311.60.2.1.2=#13114e69656465726f65737465727265696368,1.3.6.1.4.1.311.60.2.1.3=#13024154,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

88:97:65:a8:34:55:d6:6c:12:4c:ca:60:70:b0:22:ca:b9:fb:10:75:c3:f2:14:cb:b5:35:42:a9:2f:1e:23:99
Signer

Actual PE Digest

88:97:65:a8:34:55:d6:6c:12:4c:ca:60:70:b0:22:ca:b9:fb:10:75:c3:f2:14:cb:b5:35:42:a9:2f:1e:23:99

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\a\Sandboxie\Sandboxie\SandboxieTools\x64\Release\UpdUtil.pdb

Imports

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
RtlInitUnicodeString
NtOpenFile
NtDeviceIoControlFile
NtQuerySystemInformationEx
NtCreateFile
NtClose
NtReadFile
NtWriteFile

bcrypt

BCryptDestroyHash
BCryptCloseAlgorithmProvider
BCryptOpenAlgorithmProvider
BCryptImportKeyPair
BCryptHashData
BCryptFinishHash
BCryptCreateHash
BCryptGetProperty
BCryptVerifySignature
BCryptDestroyKey

winhttp

WinHttpReadData
WinHttpOpenRequest
WinHttpSetOption
WinHttpCloseHandle
WinHttpOpen
WinHttpReceiveResponse
WinHttpConnect
WinHttpSendRequest

kernel32

QueryPerformanceCounter
GetModuleHandleW
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
AllocConsole
GetEnvironmentStringsW
CreateProcessW
MoveFileExW
LocalFree
GetNativeSystemInfo
CloseHandle
DeleteFileW
GetUserDefaultLCID
AttachConsole
Sleep
LCIDToLocaleName
FreeEnvironmentStringsW
CreateFileW
LocalAlloc
WaitForSingleObject
GetTempPathW
FindFirstFileA
FindNextFileA
GetFullPathNameA
FindClose
GetFileAttributesW
GetVersionExW
GetModuleHandleA
GetLastError
GetProcAddress
GetFileSizeEx
CreateDirectoryW
GetCurrentProcessId
GetCurrentProcess
RemoveDirectoryW
GetModuleFileNameW
SetFilePointer
ReadFile

advapi32

RegCloseKey
SetNamedSecurityInfoW
InitializeAcl
RegOpenKeyExW
RegQueryValueExW

shell32

CommandLineToArgvW
ShellExecuteExW

version

GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW

msvcp140

?_Getcat@?$ctype@_W@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z
?widen@?$ctype@_W@std@@QEBA_WD@Z
?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ
?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z
?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z
?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ
?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ
?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ
?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z
?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z
?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z
?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z
?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z
?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z
?id@?$ctype@_W@std@@2V0locale@2@A
?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A
?cin@std@@3V?$basic_istream@DU?$char_traits@D@std@@@1@A
?uncaught_exception@std@@YA_NXZ
?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ
?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A
??0_Lockit@std@@QEAA@H@Z
??1_Lockit@std@@QEAA@XZ
??1?$basic_iostream@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@N@Z
??1?$basic_ios@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?showmanyc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JXZ
?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z
?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z
?getloc@ios_base@std@@QEBA?AVlocale@2@XZ
?imbue@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAXAEBVlocale@2@@Z
?sync@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAHXZ
?setbuf@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAPEAV12@PEA_W_J@Z
?get@?$basic_istream@DU?$char_traits@D@std@@@std@@QEAAHXZ
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@K@Z
??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z
?_New_Locimp@_Locimp@locale@std@@CAPEAV123@AEBV123@@Z
?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z
?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z
?id@?$codecvt@_WDU_Mbstatet@@@std@@2V0locale@2@A
??4?$_Yarn@D@std@@QEAAAEAV01@PEBD@Z
??1?$codecvt@_WDU_Mbstatet@@@std@@MEAA@XZ
??0?$codecvt@_WDU_Mbstatet@@@std@@QEAA@_K@Z
?out@?$codecvt@_WDU_Mbstatet@@@std@@QEBAHAEAU_Mbstatet@@PEB_W1AEAPEB_WPEAD3AEAPEAD@Z
?_Addfac@_Locimp@locale@std@@AEAAXPEAVfacet@23@_K@Z
?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ
?_Incref@facet@locale@std@@UEAAXXZ
??Bid@locale@std@@QEAA_KXZ
??0?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
?_Pninc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@IEAAPEA_WXZ
??0?$basic_ios@_WU?$char_traits@_W@std@@@std@@IEAA@XZ
??0?$basic_iostream@_WU?$char_traits@_W@std@@@std@@QEAA@PEAV?$basic_streambuf@_WU?$char_traits@_W@std@@@1@@Z
??1?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAA@XZ
?_Lock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?_Unlock@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@UEAAXXZ
?xsputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEB_W_J@Z
?uflow@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAAGXZ
?xsgetn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@MEAA_JPEA_W_J@Z

vcruntime140_1

__CxxFrameHandler4

vcruntime140

__std_exception_destroy
__std_exception_copy
__std_terminate
strchr
wcsrchr
__C_specific_handler
_CxxThrowException
__current_exception
__current_exception_context
memset
memcpy
memmove

api-ms-win-crt-heap-l1-1-0

_set_new_mode
malloc
realloc
free
_callnewh

api-ms-win-crt-string-l1-1-0

_wcsicmp
toupper
wcstok
_wcsdup
strncpy_s
_wcsnicmp

api-ms-win-crt-runtime-l1-1-0

_set_errno
_get_wide_winmain_command_line
_register_thread_local_exe_atexit_callback
_invalid_parameter_noinfo_noreturn
_initterm
_initterm_e
_initialize_wide_environment
exit
_configure_wide_argv
terminate
_c_exit
_set_app_type
_seh_filter_exe
_cexit
_crt_atexit
_register_onexit_function
_exit
_initialize_onexit_table

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
_set_fmode
__stdio_common_vswprintf
__acrt_iob_func
freopen
__p__commode

api-ms-win-crt-convert-l1-1-0

mbstowcs_s

api-ms-win-crt-math-l1-1-0

__setusermatherr

api-ms-win-crt-locale-l1-1-0

_configthreadlocale

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
whatsnew.html
.html

Sharing

General

Malware Config

Signatures

Files

Password: nucleAR

ab6770b0a8635b9d92a5838920cfe770

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

24:d2:d8:a2:64:70:06:47:81:1e:8f:72:e5:fa:8e:04:8d:5d:37:5f:30:92:53:90:d5:ca:58:aa:71:8b:91:3bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 23KB - Virtual size: 23KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1KB - Virtual size: 108KB

.ndata Size: - Virtual size: 40KB

.rsrc Size: 29KB - Virtual size: 28KB

Password: nucleAR

738dc9bb91549f627cf1953c2000e1d6

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

Password: nucleAR

e74127d0470ed67341494767b56b1a47

Code Sign

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:edCertificate

Extended Key Usages

Key Usages

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

a4:a3:cb:46:f9:db:0f:41:66:86:40:51:18:97:9b:a0:d0:b6:7e:d4:ef:89:13:25:8d:dd:bf:15:68:b1:c3:41Signer

Headers

DLL Characteristics

File Characteristics

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

24:d2:d8:a2:64:70:06:47:81:1e:8f:72:e5:fa:8e:04:8d:5d:37:5f:30:92:53:90:d5:ca:58:aa:71:8b:91:3b
Signer

.text
Size: 23KB - Virtual size: 23KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1KB - Virtual size: 108KB

.ndata
Size: - Virtual size: 40KB

.rsrc
Size: 29KB - Virtual size: 28KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

a4:a3:cb:46:f9:db:0f:41:66:86:40:51:18:97:9b:a0:d0:b6:7e:d4:ef:89:13:25:8d:dd:bf:15:68:b1:c3:41
Signer

.text
Size: 135KB - Virtual size: 135KB

.rdata
Size: 51KB - Virtual size: 50KB

.data
Size: 3KB - Virtual size: 7KB

.pdata
Size: 6KB - Virtual size: 5KB

_RDATA
Size: 512B - Virtual size: 244B

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 320B

77:bd:0e:05:b7:59:0b:b6:1d:47:61:53:1e:3f:75:ed
Certificate

30:e4:c5:b0:c5:d7:7d:c1:5f:fa:ca:77
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

2a:7a:0d:67:04:b9:9c:25:7f:47:dc:93:5a:7c:ce:41:63:96:cb:21:63:c0:ca:27:bf:0d:0c:b3:9f:98:31:da
Signer

.text
Size: 608KB - Virtual size: 608KB

.rdata
Size: 164KB - Virtual size: 164KB

.data
Size: 5KB - Virtual size: 15KB

.pdata
Size: 29KB - Virtual size: 29KB

.idata
Size: 12KB - Virtual size: 11KB

.detourd
Size: 512B - Virtual size: 284B

.detourc
Size: 11KB - Virtual size: 10KB

.rsrc
Size: 20KB - Virtual size: 19KB