SpdbSuite_v10[.]8_LANG[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

SpdbSuite_v10.8_LANG.exe
Size

98.8MB
MD5

73a2d4e539aa027e6e262ebddf1258cb
SHA1

89234150071e526d0dd69199ca7b443650e04000
SHA256

81757aade91f71763faab717e411bcb683004a0a4c6b2c4f6b95c645d70a6d66
SHA512

1b1ba5bdcd3065721f8e6c98571154d64a8d06d1cb771c84d6f0b342a71bfeba0da4f00793d4ce63b7d79a4d243112351d65a36444525d86b3ee58e084dea390
SSDEEP

1572864:/ZtL83qpTqPqlHTbTN5yQf0MZL/9aRPDM4ejFomvaVLThjZGGdTkuNwvnOgLbGIw:/SqpeyzPvyc0MZRrR+nLaGCg2OgLbrd+

Score

3^/10

Malware Config

Signatures

Unsigned PE 4 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/killer.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack002/$PLUGINSDIR/System.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2

Files

SpdbSuite_v10.8_LANG.exe
.exe windows:4 windows x86 arch:x86

e160ef8e55bb9d162da4e266afd9eef3

Code Sign

05:01:2d:db:9a:0e:b7:1c:0e:f1:92:a3:71:5a:60:9a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/11/2023, 00:00

Not After

27/11/2025, 23:59

Subject

CN=Shanghai Pudong Development Bank Co.\, Ltd.,O=Shanghai Pudong Development Bank Co.\, Ltd.,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

db:1b:c3:65:3c:3e:97:e2:26:a0:27:e4:38:66:bb:58:ad:b9:fa:5d:06:7f:e8:bd:05:88:0c:59:7a:1e:17:5e
Signer

Actual PE Digest

db:1b:c3:65:3c:3e:97:e2:26:a0:27:e4:38:66:bb:58:ad:b9:fa:5d:06:7f:e8:bd:05:88:0c:59:7a:1e:17:5e

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
Sleep
CloseHandle
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
SetErrorMode
GetCommandLineA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary

user32

CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 167KB - Virtual size: 166KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 835B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/killer.dll
.dll windows:6 windows x86 arch:x86

1e610ae5b22b178828e96c6a76ffe702

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

CreateToolhelp32Snapshot
Process32First
GetCurrentProcessId
lstrcmpiA
CloseHandle
TerminateProcess
Process32Next
lstrcpynA
GetCurrentProcess
GlobalFree
OpenProcess
GlobalAlloc
IsProcessorFeaturePresent

user32

wsprintfA

advapi32

OpenProcessToken
AdjustTokenPrivileges
LookupPrivilegeValueA

Exports

Exports

IsProcessRunning
KillProcess

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 36B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.CRT
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/SPDBEbank/SPDBSecSuite.exe
.exe windows:5 windows x86 arch:x86

9eded40c8ac216436bc057ca093c3cbf

Code Sign

05:01:2d:db:9a:0e:b7:1c:0e:f1:92:a3:71:5a:60:9a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/11/2023, 00:00

Not After

27/11/2025, 23:59

Subject

CN=Shanghai Pudong Development Bank Co.\, Ltd.,O=Shanghai Pudong Development Bank Co.\, Ltd.,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:be:0a:cf:bd:10:e8:cc:90:b2:ad:29:c8:fa:c4:9b:9d:2a:ea:15:79:ef:87:ab:44:ea:e3:b6:83:f6:b4:40
Signer

Actual PE Digest

b3:be:0a:cf:bd:10:e8:cc:90:b2:ad:29:c8:fa:c4:9b:9d:2a:ea:15:79:ef:87:ab:44:ea:e3:b6:83:f6:b4:40

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\passguard_IE\passguardwin7ins\Release\passguardwin7ins.pdb

Imports

kernel32

GetCurrentProcess
GetModuleHandleW
WriteFile
GetSystemDirectoryW
LoadResource
GetProcAddress
LockResource
FindResourceW
FreeResource
LocalFree
GetVersion
CloseHandle
DeviceIoControl
LocalAlloc
GetLastError
CreateFileW
SizeofResource
Sleep
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
HeapAlloc
RtlUnwind
HeapReAlloc
LoadLibraryW
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
FlushFileBuffers

user32

MessageBoxW

advapi32

ControlService
ChangeServiceConfigW
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
QueryServiceConfigW

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/SPDBcertNew/SPDBSecSuite.exe
.exe windows:5 windows x86 arch:x86

9eded40c8ac216436bc057ca093c3cbf

Code Sign

05:01:2d:db:9a:0e:b7:1c:0e:f1:92:a3:71:5a:60:9a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/11/2023, 00:00

Not After

27/11/2025, 23:59

Subject

CN=Shanghai Pudong Development Bank Co.\, Ltd.,O=Shanghai Pudong Development Bank Co.\, Ltd.,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:be:0a:cf:bd:10:e8:cc:90:b2:ad:29:c8:fa:c4:9b:9d:2a:ea:15:79:ef:87:ab:44:ea:e3:b6:83:f6:b4:40
Signer

Actual PE Digest

b3:be:0a:cf:bd:10:e8:cc:90:b2:ad:29:c8:fa:c4:9b:9d:2a:ea:15:79:ef:87:ab:44:ea:e3:b6:83:f6:b4:40

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\passguard_IE\passguardwin7ins\Release\passguardwin7ins.pdb

Imports

kernel32

GetCurrentProcess
GetModuleHandleW
WriteFile
GetSystemDirectoryW
LoadResource
GetProcAddress
LockResource
FindResourceW
FreeResource
LocalFree
GetVersion
CloseHandle
DeviceIoControl
LocalAlloc
GetLastError
CreateFileW
SizeofResource
Sleep
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
HeapAlloc
RtlUnwind
HeapReAlloc
LoadLibraryW
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
FlushFileBuffers

user32

MessageBoxW

advapi32

ControlService
ChangeServiceConfigW
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
QueryServiceConfigW

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CryptoKitsilent.exe
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7f:9f:b9:09:ae:61:b8:5c:7c:39:e3:4b:02:14:02:20:81:aa:bf:1a
Signer

Actual PE Digest

7f:9f:b9:09:ae:61:b8:5c:7c:39:e3:4b:02:14:02:20:81:aa:bf:1a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 868KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/CryptoKit.CertEnrollment.Pro.x64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

dd3ea581adf714f27471f7b23e4bd7a5

Code Sign

20:15:02:ea:e9:a9:2a:2f:e2:ff:ae:43:f7:4b:5f:23
Certificate

Issuer

CN=CFCA OV CodeSign OCA,O=China Financial Certification Authority,C=CN

Not Before

28/08/2015, 07:59

Not After

10/12/2018, 07:59

Subject

CN=cfca_timestamp_rsa,O=China Financial Certification Authority,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

fa:bf:ba:4f:83:2e:5f:49:6a:3f:7f:bd:36:ae:84:e4:e6:75:4f:fa
Signer

Actual PE Digest

fa:bf:ba:4f:83:2e:5f:49:6a:3f:7f:bd:36:ae:84:e4:e6:75:4f:fa

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\9\Toolkits\CertEnrollment_Pro_IE\Binaries\x64\Release\CryptoKit.CertEnrollment.Pro.x64.pdb

Imports

kernel32

GetThreadLocale
SetThreadLocale
lstrlenA
FormatMessageW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
lstrcmpiW
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
MultiByteToWideChar
GetLastError
SetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
LocalAlloc
HeapFree
GetProcessHeap
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
WideCharToMultiByte
CreateFileW
ReadFile
CloseHandle
DeleteFileW
WriteFile
GetTempPathW
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
FreeResource
HeapAlloc
RtlPcToFileHeader
RtlUnwindEx
RtlLookupFunctionEntry
GetCurrentThreadId
FlsSetValue
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlCaptureContext
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
HeapSetInformation
HeapCreate
HeapDestroy
EncodePointer
DecodePointer
FlsGetValue
FlsFree
FlsAlloc
HeapReAlloc
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LCMapStringW
GetConsoleCP
GetConsoleMode
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
SetFilePointer
LCMapStringA
GetStringTypeA
GetStringTypeW
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
LocalFree

user32

LoadStringW
CharNextW

advapi32

CryptSetKeyParam
CryptGetProvParam
CryptCreateHash
CryptHashData
CryptSignHashW
CryptDestroyHash
CryptDestroyKey
CryptGetUserKey
CryptImportKey
CryptDecrypt
CryptGenKey
CryptExportKey
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegQueryValueExW
ControlTraceW
CryptAcquireContextW
CryptReleaseContext
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
CryptGenRandom
CryptGetKeyParam
TraceEvent
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegCreateKeyExW
RegOpenKeyExW
CryptEnumProvidersW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString

crypt32

CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CryptEncodeObject
CertAddEncodedCertificateToStore
CertSetCertificateContextProperty
CryptExportPublicKeyInfo
CertVerifyTimeValidity
CryptAcquireCertificatePrivateKey
CryptDecodeObjectEx
CertFindExtension
CertNameToStrW
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertFreeCertificateContext
CertFindCertificateInStore
CertAddCertificateContextToStore

shlwapi

StrStrIW
PathFileExistsW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 285KB - Virtual size: 285KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 82KB - Virtual size: 81KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/CryptoKit.CertEnrollment.Pro.x86.dll
.dll regsvr32 windows:5 windows x86 arch:x86

36c4602a8f5966e2e09f75574266513a

Code Sign

20:15:02:ea:e9:a9:2a:2f:e2:ff:ae:43:f7:4b:5f:23
Certificate

Issuer

CN=CFCA OV CodeSign OCA,O=China Financial Certification Authority,C=CN

Not Before

28/08/2015, 07:59

Not After

10/12/2018, 07:59

Subject

CN=cfca_timestamp_rsa,O=China Financial Certification Authority,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

50:b1:41:05:f4:96:68:b3:b9:a1:5d:a1:26:c9:e5:75:cf:6e:04:d1
Signer

Actual PE Digest

50:b1:41:05:f4:96:68:b3:b9:a1:5d:a1:26:c9:e5:75:cf:6e:04:d1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\9\Toolkits\CertEnrollment_Pro_IE\Binaries\x86\Release\CryptoKit.CertEnrollment.Pro.x86.pdb

Imports

kernel32

GetThreadLocale
SetThreadLocale
lstrlenA
FormatMessageW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
MultiByteToWideChar
GetLastError
SetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
LocalAlloc
HeapFree
GetProcessHeap
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
WideCharToMultiByte
CreateFileW
ReadFile
CloseHandle
DeleteFileW
WriteFile
GetTempPathW
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
FreeResource
HeapAlloc
RtlUnwind
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
LCMapStringW
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoA
SetFilePointer
LCMapStringA
GetStringTypeA
GetStringTypeW
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
LocalFree

user32

LoadStringW
CharNextW

advapi32

CryptImportKey
CryptGetProvParam
CryptCreateHash
CryptHashData
CryptSignHashW
CryptDestroyHash
CryptDestroyKey
CryptGetUserKey
CryptSetKeyParam
CryptDecrypt
CryptGenKey
CryptExportKey
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegQueryValueExW
ControlTraceW
CryptAcquireContextW
CryptReleaseContext
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
CryptGenRandom
CryptGetKeyParam
TraceEvent
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
CryptEnumProvidersW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString

crypt32

CryptAcquireCertificatePrivateKey
CertVerifyTimeValidity
CertDuplicateCertificateContext
CertDeleteCertificateFromStore
CryptEncodeObject
CertAddEncodedCertificateToStore
CertSetCertificateContextProperty
CryptExportPublicKeyInfo
CryptDecodeObjectEx
CertFindExtension
CertNameToStrW
CertAddCertificateContextToStore
CertFindCertificateInStore
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore
CertFreeCertificateContext

shlwapi

StrStrIW
PathFileExistsW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 245KB - Virtual size: 245KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/npCryptoKit.CertEnrollment.Pro.x86.dll
.dll windows:5 windows x86 arch:x86

d94a041089060a294290ae7aaa879081

Code Sign

20:15:02:ea:e9:a9:2a:2f:e2:ff:ae:43:f7:4b:5f:23
Certificate

Issuer

CN=CFCA OV CodeSign OCA,O=China Financial Certification Authority,C=CN

Not Before

28/08/2015, 07:59

Not After

10/12/2018, 07:59

Subject

CN=cfca_timestamp_rsa,O=China Financial Certification Authority,C=CN

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

31:95:bf:c7:46:75:6f:84:6d:bc:d0:83:a9:d6:1a:68:9b:02:81:39
Signer

Actual PE Digest

31:95:bf:c7:46:75:6f:84:6d:bc:d0:83:a9:d6:1a:68:9b:02:81:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\8\Toolkits\CertEnrollment_Pro_NPAPI\Binaries\x86\Release\npCryptoKit.CertEnrollment.Pro.x86.pdb

Imports

kernel32

GetOEMCP
IsValidCodePage
GetModuleHandleW
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapAlloc
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetACP
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
LCMapStringW
EnterCriticalSection
LeaveCriticalSection
GetConsoleCP
GetConsoleMode
VirtualAlloc
HeapReAlloc
SetFilePointer
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
LoadLibraryA
InitializeCriticalSectionAndSpinCount
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
InterlockedIncrement
GetCPInfo
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
RtlUnwind
RaiseException
GetCommandLineA
GetCurrentThreadId
VerifyVersionInfoW
VerSetConditionMask
GetVersionExW
GetTempPathW
WriteFile
DeleteFileW
CloseHandle
ReadFile
CreateFileW
WideCharToMultiByte
FileTimeToLocalFileTime
SystemTimeToFileTime
FreeResource
LoadResource
SizeofResource
FindResourceW
FileTimeToSystemTime
GetProcessHeap
HeapFree
FormatMessageW
InterlockedDecrement
MultiByteToWideChar
lstrlenA
SetLastError
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
GetEnvironmentStrings
LocalAlloc

user32

LoadStringW

advapi32

RegSetValueExW
CryptEnumProvidersW
CryptGetProvParam
CryptCreateHash
CryptHashData
CryptSignHashW
CryptDestroyHash
CryptDestroyKey
CryptGenKey
CryptExportKey
RegCreateKeyExW
CryptGetUserKey
TraceEvent
CryptReleaseContext
CryptAcquireContextW
ControlTraceW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegisterTraceGuidsW
UnregisterTraceGuids
CryptSetKeyParam
CryptImportKey
CryptDecrypt
CryptGetKeyParam
CryptGenRandom
RegDeleteKeyW

ole32

StringFromGUID2
CoCreateGuid
CoCreateInstance
CoUninitialize
CoInitialize

oleaut32

SysFreeString
SysAllocStringByteLen
SysStringByteLen
SysAllocString

crypt32

CertOpenStore
CertCloseStore
CertFindExtension
CertNameToStrW
CertFreeCertificateContext
CertGetCertificateContextProperty
CryptExportPublicKeyInfo
CertAddEncodedCertificateToStore
CertSetCertificateContextProperty
CryptDecodeObjectEx
CryptAcquireCertificatePrivateKey
CertVerifyTimeValidity
CertEnumCertificatesInStore
CertAddCertificateContextToStore
CertDuplicateCertificateContext
CertFindCertificateInStore
CryptEncodeObject
CertDeleteCertificateFromStore

shlwapi

PathFileExistsW
StrStrIW

Exports

Exports

NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Install
NP_Shutdown

Sections

.text
Size: 256KB - Virtual size: 256KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 57KB - Virtual size: 56KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 82KB - Virtual size: 82KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SPDBPassGuardX.dll
.dll regsvr32 windows:5 windows x86 arch:x86

f7798b5147f1444d7279b9aa0a686f39

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:6a:53:45:5c:c7:00:12:fa:23:ce:7a:80:f8:5e:47
Certificate

Issuer

CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/07/2013, 12:00

Not After

22/10/2023, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:87:2c:cf:a0:8f:6e:18:1a:42:d9:6a:9c:87:26:e9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23/11/2021, 00:00

Not After

22/11/2023, 23:59

Subject

CN=Shanghai Pudong Development Bank Co.\, Ltd.,O=Shanghai Pudong Development Bank Co.\, Ltd.,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

6c:2b:a2:40:ec:2b:85:f5:30:3c:74:b2:01:1d:9d:f3:64:cc:92:b1:81:8c:34:17:62:9e:c0:ca:43:3d:26:ba
Signer

Actual PE Digest

6c:2b:a2:40:ec:2b:85:f5:30:3c:74:b2:01:1d:9d:f3:64:cc:92:b1:81:8c:34:17:62:9e:c0:ca:43:3d:26:ba

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetThreadLocale
GetThreadLocale
GetModuleHandleA
LoadLibraryA
GetFileType
GetStdHandle
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableA
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
SetFilePointer
SetStdHandle
FlushFileBuffers
GetConsoleCP
ReadFile
LoadLibraryW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
SetHandleCount
GetLocaleInfoW
HeapCreate
IsValidCodePage
GetOEMCP
GetACP
IsDebuggerPresent
SetUnhandledExceptionFilter
GetLocaleInfoA
QueryPerformanceCounter
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
CompareStringW
GetCPInfo
LCMapStringW
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
SetConsoleCtrlHandler
ExitProcess
GetCommandLineA
ExitThread
VirtualQuery
GetSystemInfo
VirtualProtect
GetSystemTimeAsFileTime
RtlUnwind
DecodePointer
EncodePointer
InterlockedExchange
GetStringTypeW
HeapSize
HeapReAlloc
HeapDestroy
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
InterlockedPushEntrySList
InterlockedCompareExchange
InitializeCriticalSection
QueryPerformanceFrequency
CreateThread
EnterCriticalSection
WaitForSingleObject
GetComputerNameExA
FindResourceW
LoadResource
GetProcessHeap
HeapAlloc
HeapFree
GetTickCount
GetCurrentProcessId
ProcessIdToSessionId
FindResourceExW
lstrlenA
Sleep
LocalAlloc
LocalFree
LoadLibraryExW
FreeLibrary
SetLastError
InterlockedIncrement
GetModuleFileNameW
GetVersion
GetCurrentThreadId
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
FlushInstructionCache
TerminateProcess
LeaveCriticalSection
LockResource
InterlockedDecrement
SizeofResource
CreateFileW
WriteFile
GetModuleHandleExW
GetSystemDirectoryW
lstrcmpiW
GetModuleHandleW
GetProcAddress
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
RaiseException
lstrlenW
GetCurrentProcess
SetPriorityClass
DeviceIoControl
CreateFileA
GetVersionExW
GetLastError
CloseHandle
WideCharToMultiByte
MultiByteToWideChar
UnhandledExceptionFilter
GetSystemTimeAsFileTime
CreateEventA
GetModuleFileNameW
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
LocalAlloc
LocalFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
FlushFileBuffers
VirtualQuery
GetCommandLineA
HeapFree
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
RaiseException
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
LocalAlloc
LocalFree
GetModuleFileNameW
ExitProcess
LoadLibraryA
GetModuleHandleA
GetProcAddress

user32

GetWindowLongW
SetWindowLongW
CharNextW
MessageBoxA
UnregisterClassA
ShowWindow
SetFocus
GetDesktopWindow
IsChild
GetClassInfoExW
LoadCursorW
ReleaseDC
GetProcessWindowStation
GetUserObjectInformationW
DialogBoxParamW
EndDialog
GetDlgItem
SendMessageA
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
EndPaint
GetDC
SetWindowPos
GetClientRect
BeginPaint
CallWindowProcW
PtInRect
UnionRect
DefWindowProcW
GetFocus
DestroyWindow
IsWindow
InvalidateRect
GetKeyState
RegisterClassExW
CreateWindowExW
MessageBoxW
SetWindowTextW
SendMessageW
GetWindowRect
SetTimer
KillTimer
MoveWindow
LoadStringW
SetCursor
SetRectEmpty
CallNextHookEx
GetWindowThreadProcessId
FrameRect
SetForegroundWindow
GetSystemMetrics
keybd_event
HideCaret
LoadBitmapW
GetKeyboardState
ToAscii
SetWindowTextA
FillRect
UpdateWindow
GetWindowDC
SetWindowsHookExW
UnhookWindowsHookEx
DrawEdge
DrawTextW
CharUpperBuffW

gdi32

CreateFontIndirectW
SetBkMode
CreateSolidBrush
DeleteObject
SetTextColor
SetBkColor
SelectObject
LPtoDP
SetMapMode
DeleteDC
CreateDCW
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
DeleteMetaFile
CreateRectRgnIndirect
SetTextAlign
TextOutW
GetDeviceCaps
SetViewportOrgEx

advapi32

RegCreateKeyExW
DeregisterEventSource
RegEnumValueW
RegEnumKeyW
RegQueryValueExW
ControlService
StartServiceW
QueryServiceStatus
DeleteService
CloseServiceHandle
OpenSCManagerW
CreateServiceW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
RegOpenKeyExW
RegisterEventSourceA
ReportEventA

shell32

ShellExecuteExW

ole32

StringFromGUID2
CoUninitialize
OleSaveToStream
WriteClassStm
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
CreateOleAdviseHolder
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc
CoCreateInstance
CoSetProxyBlanket
CreateDataAdviseHolder

oleaut32

RegisterTypeLi
UnRegisterTypeLi
OleTranslateColor
SysAllocStringLen
VariantCopy
OleCreatePropertyFrame
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
VariantChangeType
VariantClear
SysStringByteLen
SafeArrayGetLBound
SafeArrayGetUBound
SysAllocString
SysFreeString
SafeArrayDestroy
SafeArrayGetElement
VariantInit

shlwapi

StrCmpIW
PathFileExistsW
SHRegGetUSValueA

iphlpapi

GetAdaptersInfo

psapi

GetModuleFileNameExW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

wtsapi32

WTSQuerySessionInformationW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: - Virtual size: 767KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 209KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ahR0
Size: - Virtual size: 4.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.ahR1
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ahR2
Size: 7.5MB - Virtual size: 7.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 15KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SPDBPassGuardX.exe
.exe windows:5 windows x86 arch:x86

9eded40c8ac216436bc057ca093c3cbf

Code Sign

05:01:2d:db:9a:0e:b7:1c:0e:f1:92:a3:71:5a:60:9a
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

08/11/2023, 00:00

Not After

27/11/2025, 23:59

Subject

CN=Shanghai Pudong Development Bank Co.\, Ltd.,O=Shanghai Pudong Development Bank Co.\, Ltd.,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b3:be:0a:cf:bd:10:e8:cc:90:b2:ad:29:c8:fa:c4:9b:9d:2a:ea:15:79:ef:87:ab:44:ea:e3:b6:83:f6:b4:40
Signer

Actual PE Digest

b3:be:0a:cf:bd:10:e8:cc:90:b2:ad:29:c8:fa:c4:9b:9d:2a:ea:15:79:ef:87:ab:44:ea:e3:b6:83:f6:b4:40

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

F:\passguard_IE\passguardwin7ins\Release\passguardwin7ins.pdb

Imports

kernel32

GetCurrentProcess
GetModuleHandleW
WriteFile
GetSystemDirectoryW
LoadResource
GetProcAddress
LockResource
FindResourceW
FreeResource
LocalFree
GetVersion
CloseHandle
DeviceIoControl
LocalAlloc
GetLastError
CreateFileW
SizeofResource
Sleep
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
HeapAlloc
RtlUnwind
HeapReAlloc
LoadLibraryW
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent
FlushFileBuffers

user32

MessageBoxW

advapi32

ControlService
ChangeServiceConfigW
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
QueryServiceConfigW

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
npSPDBPassGuardX.dll
.dll windows:5 windows x86 arch:x86

b7baa36597187119abcaac31c2108a10

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:6a:53:45:5c:c7:00:12:fa:23:ce:7a:80:f8:5e:47
Certificate

Issuer

CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/07/2013, 12:00

Not After

22/10/2023, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:87:2c:cf:a0:8f:6e:18:1a:42:d9:6a:9c:87:26:e9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23/11/2021, 00:00

Not After

22/11/2023, 23:59

Subject

CN=Shanghai Pudong Development Bank Co.\, Ltd.,O=Shanghai Pudong Development Bank Co.\, Ltd.,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

f7:69:92:da:f8:c9:a4:16:71:8e:b1:a6:32:49:4b:0a:ad:3f:df:d4:1c:91:68:c8:47:aa:b2:09:16:86:8e:ae
Signer

Actual PE Digest

f7:69:92:da:f8:c9:a4:16:71:8e:b1:a6:32:49:4b:0a:ad:3f:df:d4:1c:91:68:c8:47:aa:b2:09:16:86:8e:ae

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

QueryPerformanceCounter
GetLocaleInfoA
SetConsoleMode
ReadConsoleInputA
GetCurrentThreadId
InitializeCriticalSection
RaiseException
DeleteCriticalSection
FlushInstructionCache
LocalFree
lstrlenA
FlushConsoleInputBuffer
LoadLibraryA
GlobalMemoryStatus
GetVersion
InterlockedPopEntrySList
VirtualFree
InterlockedPushEntrySList
GetProcessHeap
SetEnvironmentVariableA
CreateFileW
SetStdHandle
FreeLibrary
SetFilePointer
ReadFile
FlushFileBuffers
GetConsoleMode
GetConsoleCP
IsValidLocale
EnumSystemLocalesA
GetUserDefaultLCID
WaitForMultipleObjects
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStartupInfoW
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetLocaleInfoW
HeapSize
QueryPerformanceFrequency
HeapDestroy
HeapCreate
LoadLibraryW
SetConsoleCtrlHandler
lstrcmpiA
EnterCriticalSection
GetTickCount
LeaveCriticalSection
GetCurrentProcessId
OpenProcess
GetExitCodeProcess
GetModuleHandleA
GetProcAddress
GetModuleFileNameA
GetSystemDirectoryA
GetModuleHandleExA
GetExitCodeThread
Sleep
GetNativeSystemInfo
CreateThread
WaitForSingleObject
GetComputerNameExA
InterlockedDecrement
WideCharToMultiByte
GetLocalTime
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
GetCurrentProcess
SetPriorityClass
DeviceIoControl
CreateFileA
ExitProcess
TerminateProcess
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TlsFree
TlsSetValue
TlsGetValue
SetEndOfFile
TlsAlloc
IsValidCodePage
WriteFile
SetLastError
GetOEMCP
GetACP
IsProcessorFeaturePresent
LCMapStringW
GetCPInfo
CompareStringW
GetCommandLineA
VirtualQuery
GetSystemInfo
GetModuleHandleW
VirtualAlloc
VirtualProtect
ExitThread
HeapReAlloc
GetSystemTimeAsFileTime
RtlUnwind
HeapAlloc
GetVersionExA
GetLastError
GetStringTypeW
CloseHandle
HeapFree
GetModuleFileNameW
GetStdHandle
GetFileType
WriteConsoleW
DecodePointer
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
MultiByteToWideChar
EncodePointer
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery

user32

MessageBoxW
GetWindowLongA
CallWindowProcA
GetKeyState
SetWindowLongW
SetWindowLongA
GetProcessWindowStation
GetUserObjectInformationW
UnregisterClassA
IsWindow
DestroyWindow
LoadStringA
MessageBoxA
WindowFromPoint
ScreenToClient
ChildWindowFromPoint
GetWindowThreadProcessId
MessageBeep
EnumDisplayMonitors
GetMonitorInfoA
CreateWindowExA
GetClassInfoExA
RegisterClassExA
GetSysColorBrush
GetWindowDC
DrawTextA
FillRect
InvalidateRect
UpdateWindow
OffsetRect
EqualRect
CopyRect
SetRectEmpty
IsRectEmpty
GetDlgCtrlID
SetFocus
EnableWindow
SetTimer
ShowWindow
ReleaseDC
GetDC
ClientToScreen
GetClientRect
GetWindowRect
SetWindowPos
SetWindowTextA
SendMessageA
DefWindowProcA
KillTimer

gdi32

SetTextColor
SetBkMode
SetBkColor
CreateFontIndirectA
DeleteObject
CreateSolidBrush
SelectObject

advapi32

RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegOpenKeyExA
RegQueryValueExA
RegCloseKey
CloseServiceHandle

shell32

ShellExecuteExA

ole32

CoInitialize
CoCreateInstance
CoSetProxyBlanket
CoUninitialize
CoInitializeSecurity

oleaut32

SysAllocString
SysAllocStringLen
SysFreeString
VariantClear
VariantInit

iphlpapi

GetAdaptersInfo

shlwapi

PathRemoveFileSpecA
PathFileExistsA
SHRegGetUSValueA
PathAppendA

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

imm32

ImmReleaseContext
ImmAssociateContext
ImmGetContext

ws2_32

WSACleanup
WSAStartup
inet_ntoa
gethostname
gethostbyname

Exports

Exports

NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: - Virtual size: 779KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 214KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mic0
Size: - Virtual size: 5.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mic1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mic2
Size: 9.6MB - Virtual size: 9.6MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
npSignMessenger_spdb.dll
.dll regsvr32 windows:5 windows x86 arch:x86

6f7f219bdb89372832e76d779808ee43

Code Sign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

02:6a:53:45:5c:c7:00:12:fa:23:ce:7a:80:f8:5e:47
Certificate

Issuer

CN=DigiCert Global Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/07/2013, 12:00

Not After

22/10/2023, 12:00

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:4d:69:72:4b:94:fa:3c:2a:4a:3d:29:07:80:3d:5a
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

21/09/2022, 00:00

Not After

21/11/2033, 23:59

Subject

CN=DigiCert Timestamp 2022 - 2,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:87:2c:cf:a0:8f:6e:18:1a:42:d9:6a:9c:87:26:e9
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

23/11/2021, 00:00

Not After

22/11/2023, 23:59

Subject

CN=Shanghai Pudong Development Bank Co.\, Ltd.,O=Shanghai Pudong Development Bank Co.\, Ltd.,ST=上海市,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

45:b3:c8:c1:0e:cb:a0:0d:9c:f6:9d:31:b9:1b:0d:8f:42:3d:4a:5a:9f:b4:c2:e6:c9:f8:1a:88:01:5b:69:1d
Signer

Actual PE Digest

45:b3:c8:c1:0e:cb:a0:0d:9c:f6:9d:31:b9:1b:0d:8f:42:3d:4a:5a:9f:b4:c2:e6:c9:f8:1a:88:01:5b:69:1d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetEnvironmentVariableA
FlushFileBuffers
WriteConsoleW
SetStdHandle
SetFilePointerEx
GetConsoleMode
InitializeSListHead
InterlockedPopEntrySList
InterlockedPushEntrySList
VirtualAlloc
VirtualFree
GetModuleHandleA
GetVersion
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
LoadLibraryW
ReadConsoleInputA
SetConsoleMode
ReadConsoleW
ExpandEnvironmentStringsW
GetTickCount
SetThreadLocale
GetThreadLocale
QueryDosDeviceW
GetLogicalDriveStringsW
CreateFileMappingW
UnmapViewOfFile
MapViewOfFile
EncodePointer
LoadLibraryA
GetFileAttributesW
CreateFileW
ReadFile
GetFileSize
SetErrorMode
CreateFileA
CreateDirectoryA
OutputDebugStringW
OutputDebugStringA
ExpandEnvironmentStringsA
GetTimeZoneInformation
GetSystemTime
CloseHandle
SetFilePointer
WriteFile
SystemTimeToTzSpecificLocalTime
WideCharToMultiByte
GetConsoleCP
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
SetEndOfFile
GetTimeFormatW
GetDateFormatW
SetConsoleCtrlHandler
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetSystemTimeAsFileTime
GetCurrentProcessId
QueryPerformanceCounter
GetModuleFileNameA
GetFileType
GetStringTypeW
GetOEMCP
GetACP
IsValidCodePage
GetStdHandle
GetStartupInfoW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
TerminateProcess
Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
AreFileApisANSI
GetModuleHandleExW
ExitProcess
GetCommandLineA
GetCPInfo
MultiByteToWideChar
GetVersionExW
FindResourceExW
FindResourceW
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
lstrcmpiW
FormatMessageW
MulDiv
SizeofResource
LoadResource
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
EnterCriticalSection
SetLastError
GetLastError
GetCurrentThreadId
RaiseException
GetCurrentProcess
GetProcessHeap
HeapSize
HeapFree
HeapReAlloc
HeapAlloc
HeapDestroy
FlushInstructionCache
LocalFree
GetProcAddress
FreeLibrary
LockResource
InterlockedDecrement
InterlockedIncrement
DecodePointer
RtlUnwind
IsProcessorFeaturePresent
IsDebuggerPresent
GetSystemTimeAsFileTime
CreateEventA
GetModuleHandleA
TerminateProcess
GetCurrentProcess
CreateToolhelp32Snapshot
Thread32First
GetCurrentProcessId
GetCurrentThreadId
OpenThread
Thread32Next
CloseHandle
SuspendThread
ResumeThread
WriteProcessMemory
GetSystemInfo
VirtualAlloc
VirtualProtect
VirtualFree
GetProcessAffinityMask
SetProcessAffinityMask
GetCurrentThread
SetThreadAffinityMask
Sleep
LoadLibraryA
FreeLibrary
GetTickCount
SystemTimeToFileTime
FileTimeToSystemTime
GlobalFree
HeapAlloc
HeapFree
GetProcAddress
ExitProcess
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
MultiByteToWideChar
GetModuleHandleW
LoadResource
FindResourceExW
FindResourceExA
WideCharToMultiByte
GetThreadLocale
GetUserDefaultLCID
GetSystemDefaultLCID
EnumResourceNamesA
EnumResourceNamesW
EnumResourceLanguagesA
EnumResourceLanguagesW
EnumResourceTypesA
EnumResourceTypesW
CreateFileW
LoadLibraryW
GetLastError
GetCommandLineA
GetCPInfo
InterlockedIncrement
InterlockedDecrement
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RaiseException
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
HeapReAlloc
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
WriteFile
RtlUnwind
SetFilePointer
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
CreateFileA
FlushFileBuffers
VirtualQuery

user32

ShowWindow
DestroyWindow
SetWindowPos
IsWindow
CreateWindowExW
GetClassInfoExW
RegisterClassExW
UnregisterClassW
CallWindowProcW
IsChild
CharNextW
SetFocus
GetActiveWindow
GetFocus
GetKeyState
GetDesktopWindow
GetProcessWindowStation
DefWindowProcW
GetUserObjectInformationW
GetDC
MessageBoxA
LoadCursorW
GetParent
SetWindowLongW
GetWindowLongW
EqualRect
OffsetRect
IntersectRect
MessageBoxW
GetClientRect
InvalidateRect
SetWindowRgn
EndPaint
BeginPaint
ReleaseDC

gdi32

SetWindowOrgEx
SetViewportOrgEx
LPtoDP
TextOutW
SetTextAlign
SetMapMode
SaveDC
RestoreDC
GetDeviceCaps
DeleteDC
CreateRectRgnIndirect
CreateDCW

comdlg32

GetOpenFileNameW

advapi32

ReportEventA
RegisterEventSourceA
RegCloseKey
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegEnumKeyExW
RegOpenKeyExW
RegQueryInfoKeyW
RegSetValueExW
CryptReleaseContext
CryptDestroyKey
CryptDestroyHash
CryptGenKey
CryptGetUserKey
CryptExportKey
CryptCreateHash
CryptHashData
CryptSignHashW
RegQueryValueExW
CryptAcquireContextW
CryptSetKeyParam
CryptGetKeyParam
CryptSetHashParam
CryptGetHashParam
CryptSetProvParam
CryptGetProvParam
CryptEnumProvidersW
DeregisterEventSource

ole32

StringFromGUID2
CoCreateInstance
OleRegGetMiscStatus
OleRegGetUserType
CreateOleAdviseHolder
CoGetObject
CoTaskMemFree
CoTaskMemAlloc
CoTaskMemRealloc
OleRegEnumVerbs

oleaut32

SysAllocString
UnRegisterTypeLi
SysAllocStringLen
SysFreeString
SysStringLen
VariantInit
VariantClear
VariantChangeType
VarUI4FromStr
LoadTypeLi
LoadRegTypeLi
OleCreatePropertyFrame
SystemTimeToVariantTime
RegisterTypeLi

shlwapi

PathAppendA
PathFileExistsA
PathAppendW
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

crypt32

CertCreateCertificateContext
CertFreeCertificateContext
CertDeleteCertificateFromStore
CertGetCertificateContextProperty
CryptAcquireCertificatePrivateKey
CertOpenStore
CertAddCertificateContextToStore
CertAddEncodedCertificateToStore
CertNameToStrW
CertGetNameStringW
CertEnumCertificatesInStore
CryptExportPublicKeyInfo
PFXImportCertStore
CryptEncodeObject
CertCloseStore
CryptMsgClose
CryptMsgUpdate
CryptMsgGetParam
CertSetCertificateContextProperty
CryptSignAndEncodeCertificate
CryptSignMessage
CryptVerifyMessageSignature
CryptVerifyDetachedMessageSignature
CryptDecryptMessage
CertCreateSelfSignCertificate
CertGetCertificateChain
CertFreeCertificateChain
CertVerifyCertificateChainPolicy
CryptMsgOpenToDecode
CertDuplicateCertificateContext

cryptui

CryptUIWizImport
CryptUIDlgSelectCertificateW

psapi

GetMappedFileNameW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer
NP_GetEntryPoints
NP_Initialize
NP_Shutdown

Sections

.text
Size: - Virtual size: 893KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 233KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mic0
Size: - Virtual size: 4.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.mic1
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.mic2
Size: 9.0MB - Virtual size: 9.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e160ef8e55bb9d162da4e266afd9eef3

Code Sign

05:01:2d:db:9a:0e:b7:1c:0e:f1:92:a3:71:5a:60:9aCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

db:1b:c3:65:3c:3e:97:e2:26:a0:27:e4:38:66:bb:58:ad:b9:fa:5d:06:7f:e8:bd:05:88:0c:59:7a:1e:17:5eSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 105KB

.ndata Size: - Virtual size: 68KB

.rsrc Size: 167KB - Virtual size: 166KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 835B

.data Size: 512B - Virtual size: 104B

.reloc Size: 1024B - Virtual size: 582B

1e610ae5b22b178828e96c6a76ffe702

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

advapi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 724B

.data Size: 512B - Virtual size: 36B

.CRT Size: 512B - Virtual size: 4B

.rsrc Size: 512B - Virtual size: 480B

.reloc Size: 512B - Virtual size: 152B

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

05:01:2d:db:9a:0e:b7:1c:0e:f1:92:a3:71:5a:60:9a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

db:1b:c3:65:3c:3e:97:e2:26:a0:27:e4:38:66:bb:58:ad:b9:fa:5d:06:7f:e8:bd:05:88:0c:59:7a:1e:17:5e
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 105KB

.ndata
Size: - Virtual size: 68KB

.rsrc
Size: 167KB - Virtual size: 166KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 835B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 582B

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 724B

.data
Size: 512B - Virtual size: 36B

.CRT
Size: 512B - Virtual size: 4B

.rsrc
Size: 512B - Virtual size: 480B

.reloc
Size: 512B - Virtual size: 152B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

05:01:2d:db:9a:0e:b7:1c:0e:f1:92:a3:71:5a:60:9a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b3:be:0a:cf:bd:10:e8:cc:90:b2:ad:29:c8:fa:c4:9b:9d:2a:ea:15:79:ef:87:ab:44:ea:e3:b6:83:f6:b4:40
Signer

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 11KB - Virtual size: 11KB

05:01:2d:db:9a:0e:b7:1c:0e:f1:92:a3:71:5a:60:9a
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

b3:be:0a:cf:bd:10:e8:cc:90:b2:ad:29:c8:fa:c4:9b:9d:2a:ea:15:79:ef:87:ab:44:ea:e3:b6:83:f6:b4:40
Signer

.text
Size: 30KB - Virtual size: 30KB

.rdata
Size: 12KB - Virtual size: 11KB

.data
Size: 5KB - Virtual size: 12KB

.rsrc
Size: 2.6MB - Virtual size: 2.6MB

.reloc
Size: 11KB - Virtual size: 11KB

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate