w:\p4\sprt\project\rang\trunk\output\Release\Win32\saslib.pdb
Overview
overview
8Static
static
3b198a6677c...cs.exe
windows7-x64
8b198a6677c...cs.exe
windows10-2004-x64
8$0.dll
windows7-x64
1$0.dll
windows10-2004-x64
1$2.exe
windows7-x64
1$2.exe
windows10-2004-x64
1$3.exe
windows7-x64
1$3.exe
windows10-2004-x64
1$COMMONFIL...st.exe
windows7-x64
1$COMMONFIL...st.exe
windows10-2004-x64
1$COMMONFIL...64.exe
windows7-x64
1$COMMONFIL...64.exe
windows10-2004-x64
1$COMMONFIL...dr.dll
windows7-x64
1$COMMONFIL...dr.dll
windows10-2004-x64
1$COMMONFIL...dr.sys
windows7-x64
1$COMMONFIL...dr.sys
windows10-2004-x64
1$COMMONFIL...dr.dll
windows7-x64
1$COMMONFIL...dr.dll
windows10-2004-x64
1$COMMONFIL...dr.sys
windows7-x64
1$COMMONFIL...dr.sys
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3ssranghk.dll
windows7-x64
1ssranghk.dll
windows10-2004-x64
1Static task
static1
2 signatures
Behavioral task
behavioral1
Sample
b198a6677cfd2f754cf6cd06e9d1ed8327b2eca0e1fa26d6f5a76fe6e94a1cc8_NeikiAnalytics.exe
Resource
win7-20240419-en
windows7-x64
13 signatures
150 seconds
Behavioral task
behavioral2
Sample
b198a6677cfd2f754cf6cd06e9d1ed8327b2eca0e1fa26d6f5a76fe6e94a1cc8_NeikiAnalytics.exe
Resource
win10v2004-20240611-en
windows10-2004-x64
15 signatures
150 seconds
Behavioral task
behavioral3
Sample
$0.dll
Resource
win7-20240611-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral4
Sample
$0.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral5
Sample
$2.exe
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral6
Sample
$2.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral7
Sample
$3.exe
Resource
win7-20240611-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral8
Sample
$3.exe
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral9
Sample
$COMMONFILES/supportdotcom/rang/driverinst.exe
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral10
Sample
$COMMONFILES/supportdotcom/rang/driverinst.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral11
Sample
$COMMONFILES/supportdotcom/rang/driverinst64.exe
Resource
win7-20240508-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral12
Sample
$COMMONFILES/supportdotcom/rang/driverinst64.exe
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral13
Sample
$COMMONFILES/supportdotcom/rang/nt_amd64/ssmirrdr.dll
Resource
win7-20231129-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral14
Sample
$COMMONFILES/supportdotcom/rang/nt_amd64/ssmirrdr.dll
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral15
Sample
$COMMONFILES/supportdotcom/rang/nt_amd64/ssmirrdr.sys
Resource
win7-20240611-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral16
Sample
$COMMONFILES/supportdotcom/rang/nt_amd64/ssmirrdr.sys
Resource
win10v2004-20240611-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral17
Sample
$COMMONFILES/supportdotcom/rang/nt_x86/ssmirrdr.dll
Resource
win7-20240508-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral18
Sample
$COMMONFILES/supportdotcom/rang/nt_x86/ssmirrdr.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
1 signatures
150 seconds
Behavioral task
behavioral19
Sample
$COMMONFILES/supportdotcom/rang/nt_x86/ssmirrdr.sys
Resource
win7-20240221-en
windows7-x64
0 signatures
150 seconds
Behavioral task
behavioral20
Sample
$COMMONFILES/supportdotcom/rang/nt_x86/ssmirrdr.sys
Resource
win10v2004-20240508-en
windows10-2004-x64
0 signatures
150 seconds
Behavioral task
behavioral21
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240419-en
windows7-x64
2 signatures
150 seconds
Behavioral task
behavioral22
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240508-en
windows10-2004-x64
2 signatures
150 seconds
Behavioral task
behavioral23
Sample
ssranghk.dll
Resource
win7-20240611-en
windows7-x64
1 signatures
150 seconds
Behavioral task
behavioral24
Sample
ssranghk.dll
Resource
win10v2004-20240226-en
windows10-2004-x64
1 signatures
150 seconds
General
-
Target
b198a6677cfd2f754cf6cd06e9d1ed8327b2eca0e1fa26d6f5a76fe6e94a1cc8_NeikiAnalytics.exe
-
Size
798KB
-
MD5
cfa90667982a49e3150b32f5d6debc20
-
SHA1
137ec0bae7d6cc9cadee682adbaa4bb9112dfa3c
-
SHA256
b198a6677cfd2f754cf6cd06e9d1ed8327b2eca0e1fa26d6f5a76fe6e94a1cc8
-
SHA512
16b56d5758610dcde4f31992f6db11545229f27a860b60b38df42a371c5bc6c6eace983325ac1865986b961169a8196a2942a36d4190c656e1b65f4072f15596
-
SSDEEP
24576:o0ZUnnWr7Q8RkCZtcz7w4T7sgUqrx8DAHQ/1/InaE/fBGDPV/77f:7PryCMvw2VY1/InaE/JGDNDD
Score
3/10
Malware Config
Signatures
-
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
resource b198a6677cfd2f754cf6cd06e9d1ed8327b2eca0e1fa26d6f5a76fe6e94a1cc8_NeikiAnalytics.exe unpack001/$0 unpack001/$PLUGINSDIR/System.dll unpack001/ssranghk.dll -
NSIS installer 2 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2
Files
-
b198a6677cfd2f754cf6cd06e9d1ed8327b2eca0e1fa26d6f5a76fe6e94a1cc8_NeikiAnalytics.exe.exe windows:4 windows x86 arch:x86
7fa974366048f9c551ef45714595665e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA
user32
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 36KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$0.dll windows:5 windows x86 arch:x86
54a1203b834a3658d206b4bfdb68eb75
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
FreeLibrary
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
FlushFileBuffers
CloseHandle
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
rpcrt4
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
I_RpcExceptionFilter
NdrClientCall2
Exports
Exports
SimulateSAS
Sections
.text Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$2.exe windows:5 windows x86 arch:x86
e927f1214a60ee955e1e334fb3e8a9e2
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/11/2006, 00:00Not After16/07/2036, 23:59SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
50:79:2d:13:1d:6f:0f:90:32:15:c1:cc:23:26:a5:0cCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before08/07/2013, 00:00Not After06/08/2016, 23:59SubjectCN=Support.com\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Support.com\, Inc.,L=Redwood City,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
w:\p4\sprt\project\rang\trunk\output\Release\Win32\ssrangsv.pdb
Imports
ws2_32
ioctlsocket
WSAStartup
WSAConnect
getsockname
setsockopt
htonl
WSAGetLastError
htons
bind
getpeername
closesocket
listen
accept
WSACreateEvent
WSAEventSelect
WSAEnumNetworkEvents
inet_ntoa
inet_addr
getsockopt
send
select
recv
WSAIoctl
WSASetEvent
socket
WSACloseEvent
gethostbyname
version
GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW
iphlpapi
GetBestRoute
shell32
DoEnvironmentSubstA
SHGetFolderPathW
rpcrt4
RpcStringFreeA
UuidToStringA
UuidFromStringA
powrprof
GetActivePwrScheme
SetActivePwrScheme
ReadPwrScheme
ReadGlobalPwrPolicy
psapi
EnumProcesses
GetProcessImageFileNameW
GetModuleFileNameExW
netapi32
NetUserEnum
NetApiBufferFree
kernel32
ExpandEnvironmentStringsA
LoadLibraryA
LocalFree
FormatMessageA
WideCharToMultiByte
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetThreadTimes
ResumeThread
CreateThread
GetSystemTimeAsFileTime
InterlockedDecrement
SetFilePointerEx
GetFileAttributesExW
SetSystemTime
SetCurrentDirectoryW
lstrlenW
GetCommandLineW
ExitProcess
OpenEventW
GetDateFormatA
GetTimeFormatA
CancelIo
GetVersion
FindNextFileA
FindFirstFileA
SetHandleInformation
FreeConsole
FindClose
GetTempPathW
ReadFile
FileTimeToSystemTime
FindFirstFileW
GetCurrentProcessId
GetCurrentThreadId
CreateFileW
IsBadWritePtr
GetTimeFormatW
FormatMessageW
SetFileAttributesW
MoveFileW
FlushFileBuffers
WriteFile
GetCurrentThread
OutputDebugStringW
CreateDirectoryW
GetCurrentProcess
SetUnhandledExceptionFilter
VirtualQuery
SetFilePointer
GetFileSize
GetDateFormatW
Sleep
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
WaitForMultipleObjects
TerminateProcess
WaitForSingleObjectEx
SetEvent
GetExitCodeProcess
SetProcessShutdownParameters
GlobalLock
GlobalAlloc
GlobalUnlock
GlobalFree
GetComputerNameW
SizeofResource
CreateEventA
WritePrivateProfileStringW
CreateFileA
WaitNamedPipeA
SetNamedPipeHandleState
ConnectNamedPipe
DisconnectNamedPipe
FreeLibrary
Process32First
Thread32First
Thread32Next
Module32First
Process32Next
CreateToolhelp32Snapshot
Module32Next
SuspendThread
CreateDirectoryA
GetLocalTime
GetCurrentDirectoryA
InterlockedIncrement
EncodePointer
DecodePointer
HeapFree
HeapSetInformation
GetStartupInfoW
RaiseException
MoveFileA
DeleteFileA
HeapAlloc
RtlUnwind
LCMapStringW
GetCPInfo
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
HeapSize
GetStdHandle
GetLocaleInfoW
HeapCreate
SetLastError
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
SetHandleCount
GetFileType
GetFileAttributesA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeW
HeapReAlloc
WriteConsoleW
SetStdHandle
CreateProcessA
GetTimeZoneInformation
SetEndOfFile
GetProcessHeap
CompareStringW
SetEnvironmentVariableA
lstrlenA
WaitForSingleObject
GetSystemTime
CloseHandle
CreateEventW
ResetEvent
GetProcAddress
GetLastError
MultiByteToWideChar
GetModuleFileNameW
LoadLibraryW
OpenProcess
GetModuleHandleW
SystemTimeToFileTime
GetFileAttributesW
LocalAlloc
DuplicateHandle
GlobalMemoryStatus
GetVersionExA
GetVersionExW
CopyFileW
CreateNamedPipeA
GetTickCount
CreateProcessW
ExpandEnvironmentStringsW
GetPrivateProfileStringW
GetEnvironmentVariableW
LockResource
GetCurrentDirectoryW
LoadResource
FindResourceW
FreeResource
DeleteFileW
GetOverlappedResult
FindNextFileW
user32
VkKeyScanExW
VkKeyScanExA
GetKeyboardLayout
GetAsyncKeyState
SendMessageTimeoutW
GetKeyboardLayoutList
DefWindowProcW
keybd_event
MapVirtualKeyW
IsIconic
IsWindow
GetClipboardOwner
PostMessageW
EnumDisplaySettingsA
SystemParametersInfoW
DestroyWindow
UnregisterClassW
GetWindowLongW
SetWindowLongW
CreateWindowExW
RegisterClassW
SendMessageW
EnumDesktopWindows
GetProcessWindowStation
GetClientRect
ToAsciiEx
EnumDesktopsW
CloseDesktop
GetClassNameW
WaitForInputIdle
IsRectEmpty
wsprintfW
LoadStringA
PeekMessageA
DispatchMessageA
PostThreadMessageA
ChangeClipboardChain
SetClipboardViewer
EnumWindows
SetTimer
FillRect
SetRect
SetWindowPos
ShowWindow
AdjustWindowRect
GetWindow
mouse_event
DrawIconEx
CopyImage
GetIconInfo
LoadCursorW
CloseClipboard
GetClipboardData
FindWindowW
IsWindowVisible
EmptyClipboard
OpenClipboard
SetClipboardData
GetCursorPos
GetWindowThreadProcessId
PeekMessageW
GetWindowTextW
GetForegroundWindow
ExitWindowsEx
DispatchMessageW
GetThreadDesktop
ClientToScreen
GetWindowRect
OpenDesktopW
CharNextW
CharPrevW
TranslateMessage
GetSystemMetrics
LoadStringW
MessageBoxW
wvsprintfW
MsgWaitForMultipleObjects
PostThreadMessageW
RegisterClipboardFormatW
GetMessageW
ReleaseDC
GetDC
GetUserObjectInformationW
SetThreadDesktop
OpenInputDesktop
advapi32
GetAclInformation
MakeSelfRelativeSD
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
RegQueryValueExA
CreateProcessAsUserW
GetLengthSid
IsValidSecurityDescriptor
ReportEventW
GetSecurityDescriptorLength
DeregisterEventSource
AccessCheck
OpenThreadToken
RegisterEventSourceW
GetUserNameW
ImpersonateLoggedOnUser
RevertToSelf
RegCloseKey
CreateServiceW
CloseServiceHandle
LogonUserA
CryptGenRandom
CryptAcquireContextA
DeleteService
StartServiceCtrlDispatcherW
EqualSid
StartServiceW
QueryServiceStatus
SetServiceStatus
RegisterServiceCtrlHandlerW
RegCreateKeyExW
RegQueryValueExW
RegQueryInfoKeyW
RegDeleteKeyW
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegSetValueExW
CopySid
LookupAccountSidW
AllocateAndInitializeSid
IsValidSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
LookupPrivilegeValueA
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
AdjustTokenPrivileges
LookupPrivilegeValueW
SetTokenInformation
ControlService
OpenServiceW
OpenSCManagerW
DuplicateTokenEx
GetTokenInformation
OpenProcessToken
LogonUserW
ole32
CoMarshalInterThreadInterfaceInStream
OleSetClipboard
CoTaskMemAlloc
ReleaseStgMedium
CoCreateInstance
CoCreateGuid
CoUninitialize
CoSetProxyBlanket
OleGetClipboard
OleUninitialize
OleInitialize
CoInitialize
CoInitializeSecurity
CoInitializeEx
CLSIDFromProgID
CoGetInterfaceAndReleaseStream
oleaut32
VariantInit
VariantCopy
VariantClear
VariantChangeType
SysAllocString
SysFreeString
SysAllocStringLen
userenv
DestroyEnvironmentBlock
CreateEnvironmentBlock
gdi32
GetDeviceCaps
BitBlt
GetBitmapBits
GetStockObject
SetDIBColorTable
GdiFlush
DeleteDC
GetSystemPaletteEntries
DeleteObject
GetObjectW
CreateDIBSection
ExtEscape
GetClipBox
CreateCompatibleBitmap
CreateCompatibleDC
SelectObject
CreateDCW
GetDIBits
Sections
.text Size: 730KB - Virtual size: 730KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 266KB - Virtual size: 265KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 29KB - Virtual size: 47KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$3.exe windows:5 windows x86 arch:x86
8dfcde39d67607bd52e0093f115c6335
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/11/2006, 00:00Not After16/07/2036, 23:59SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
50:79:2d:13:1d:6f:0f:90:32:15:c1:cc:23:26:a5:0cCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before08/07/2013, 00:00Not After06/08/2016, 23:59SubjectCN=Support.com\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Support.com\, Inc.,L=Redwood City,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
w:\p4\sprt\project\rang\trunk\output\Release\Win32\ssrangui.pdb
Imports
netapi32
NetUserEnum
NetApiBufferFree
psapi
GetProcessImageFileNameW
EnumProcesses
kernel32
OpenProcess
Sleep
InitializeCriticalSection
CreateProcessW
WaitForSingleObject
GetTickCount
FileTimeToSystemTime
SetFilePointerEx
WriteFile
ReadFile
CreateFileW
FlushFileBuffers
GetFileAttributesExW
lstrlenA
WideCharToMultiByte
LocalFree
FindFirstFileW
GetLogicalDriveStringsW
TerminateThread
FindClose
OpenThread
GetPrivateProfileStringW
WritePrivateProfileStringW
GetExitCodeProcess
TerminateProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
FlushInstructionCache
GlobalUnlock
CreateNamedPipeA
DisconnectNamedPipe
ConnectNamedPipe
SetNamedPipeHandleState
WaitNamedPipeA
GetOverlappedResult
CreateEventA
lstrlenW
MultiByteToWideChar
lstrcmpW
GetModuleFileNameW
MulDiv
LeaveCriticalSection
SizeofResource
InitializeCriticalSectionAndSpinCount
GlobalAlloc
SetEvent
GlobalLock
GetCurrentProcess
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
ExpandEnvironmentStringsW
SetEndOfFile
CreateFileA
SetStdHandle
WriteConsoleW
GetTimeZoneInformation
SetFilePointer
GetStringTypeW
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
HeapReAlloc
HeapCreate
GetStdHandle
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
DeleteFileA
MoveFileA
RtlUnwind
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
LoadLibraryW
WaitForMultipleObjects
CreateThread
ResumeThread
TlsFree
GetThreadTimes
TlsAlloc
TlsSetValue
TlsGetValue
FormatMessageA
GetCurrentProcessId
ReleaseMutex
InterlockedDecrement
OpenMutexW
OutputDebugStringW
CreateDirectoryW
CreateMutexW
GetCommandLineW
ExitProcess
GetCurrentThread
CloseHandle
GetCurrentThreadId
DeleteCriticalSection
lstrcmpiW
CreateEventW
ResetEvent
EnterCriticalSection
GetProcAddress
SetLastError
GetProcessHeap
RaiseException
SetHandleInformation
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
GlobalAddAtomW
GetLastError
GetModuleHandleW
InterlockedPopEntrySList
user32
CreateDialogParamW
RegisterHotKey
DefWindowProcW
GetWindowThreadProcessId
CreateWindowExW
DispatchMessageA
PeekMessageA
PostThreadMessageA
ShowWindow
PostThreadMessageW
MessageBoxW
RegisterClassW
SetWindowTextW
SendMessageW
MoveWindow
GetDlgCtrlID
SetDlgItemTextW
LoadBitmapW
LoadStringW
SetWindowPos
WaitForInputIdle
IsDialogMessageW
GetActiveWindow
SendDlgItemMessageW
IsDlgButtonChecked
GetDlgItemTextW
EnableWindow
EndPaint
GetWindowTextLengthW
DestroyAcceleratorTable
GetSystemMenu
ScreenToClient
CharNextW
RegisterWindowMessageW
IsChild
SetCapture
MsgWaitForMultipleObjects
GetFocus
GetParent
InvalidateRgn
CreateAcceleratorTableW
DrawEdge
ModifyMenuW
BeginPaint
GetClassInfoExW
GetDC
TranslateMessage
RegisterClassExW
BringWindowToTop
GetWindowLongW
GetWindowTextW
PeekMessageW
GetClassNameW
ReleaseDC
SetWindowLongW
RedrawWindow
GetDesktopWindow
GetSysColor
IsWindow
ReleaseCapture
GetSystemMetrics
IsWindowVisible
CallWindowProcW
GetWindow
DispatchMessageW
ClientToScreen
DestroyWindow
SetTimer
GetWindowRect
SetActiveWindow
PostQuitMessage
TrackPopupMenu
GetWindowDC
FillRect
PostMessageW
KillTimer
GetSubMenu
DrawIconEx
SetForegroundWindow
AttachThreadInput
LoadCursorW
GetClientRect
CreateMenu
SetFocus
wsprintfW
GetForegroundWindow
LoadIconW
InvalidateRect
UnregisterClassA
AppendMenuW
SystemParametersInfoW
GetDlgItem
gdi32
CreateCompatibleBitmap
CreateSolidBrush
BitBlt
GetTextExtentPoint32W
SetTextColor
DeleteDC
CreateFontIndirectW
DeleteObject
SetBkMode
SelectObject
CreateCompatibleDC
GetObjectW
GetClipBox
IntersectClipRect
GetStockObject
StretchBlt
GetDeviceCaps
advapi32
RegCreateKeyExW
RegQueryValueExW
GetTokenInformation
LogonUserW
AddAccessAllowedAce
InitializeAcl
OpenThreadToken
OpenProcessToken
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
LookupAccountSidW
GetLengthSid
CopySid
EqualSid
AllocateAndInitializeSid
IsValidSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
shell32
ShellExecuteExW
SHGetFolderPathW
ShellExecuteW
ole32
CoUninitialize
CoTaskMemRealloc
CLSIDFromProgID
CLSIDFromString
CreateStreamOnHGlobal
StringFromGUID2
OleInitialize
OleUninitialize
CoReleaseMarshalData
CoMarshalInterThreadInterfaceInStream
CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoGetClassObject
CoTaskMemAlloc
CoInitializeEx
GetRunningObjectTable
CoCreateInstance
CreateBindCtx
CreateItemMoniker
OleLockRunning
oleaut32
LoadRegTypeLi
SysStringByteLen
VarUI4FromStr
OleCreateFontIndirect
SysAllocStringLen
VariantInit
SysAllocStringByteLen
VariantCopy
LoadTypeLi
VariantClear
SysStringLen
SysAllocString
SysFreeString
comctl32
InitCommonControlsEx
ws2_32
select
send
getsockopt
WSACloseEvent
WSASetEvent
WSAIoctl
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent
getpeername
ioctlsocket
WSAStartup
inet_addr
WSAConnect
getsockname
setsockopt
inet_ntoa
htonl
WSAGetLastError
accept
listen
gethostbyname
closesocket
socket
bind
htons
recv
Sections
.text Size: 336KB - Virtual size: 336KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 125KB - Virtual size: 125KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 14KB - Virtual size: 23KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 72KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$COMMONFILES/supportdotcom/rang/driverinst.exe.exe windows:5 windows x86 arch:x86
96bcdb3992dedb6fee0000a67d8b862b
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/11/2006, 00:00Not After16/07/2036, 23:59SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
50:79:2d:13:1d:6f:0f:90:32:15:c1:cc:23:26:a5:0cCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before08/07/2013, 00:00Not After06/08/2016, 23:59SubjectCN=Support.com\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Support.com\, Inc.,L=Redwood City,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
w:\p4\sprt\project\rang\trunk\output\Release\Win32\drvinst.pdb
Imports
setupapi
SetupDiEnumDriverInfoA
SetupDiGetClassDevsA
SetupDiCreateDeviceInfoA
SetupDiBuildDriverInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDriverInfoDetailA
SetupDiGetDeviceInstallParamsA
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoList
SetupDiCallClassInstaller
SetupDiDestroyDriverInfoList
SetupDiSetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
newdev
UpdateDriverForPlugAndPlayDevicesA
kernel32
WideCharToMultiByte
LocalFree
GetModuleFileNameA
LocalAlloc
lstrcmpiA
GetLastError
lstrlenA
GetCommandLineW
ExitProcess
user32
wsprintfA
advapi32
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
shell32
CommandLineToArgvW
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 212B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$COMMONFILES/supportdotcom/rang/driverinst64.exe.exe windows:5 windows x64 arch:x64
96bcdb3992dedb6fee0000a67d8b862b
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21/12/2012, 00:00Not After30/12/2020, 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18/10/2012, 00:00Not After29/12/2020, 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/11/2006, 00:00Not After16/07/2036, 23:59SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
50:79:2d:13:1d:6f:0f:90:32:15:c1:cc:23:26:a5:0cCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before08/07/2013, 00:00Not After06/08/2016, 23:59SubjectCN=Support.com\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Support.com\, Inc.,L=Redwood City,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08/02/2010, 00:00Not After07/02/2020, 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
w:\p4\sprt\project\rang\trunk\output\Release\x64\drvinst.pdb
Imports
setupapi
SetupDiEnumDriverInfoA
SetupDiGetClassDevsA
SetupDiCreateDeviceInfoA
SetupDiBuildDriverInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDriverInfoDetailA
SetupDiGetDeviceInstallParamsA
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoList
SetupDiCallClassInstaller
SetupDiDestroyDriverInfoList
SetupDiSetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
newdev
UpdateDriverForPlugAndPlayDevicesA
kernel32
WideCharToMultiByte
LocalFree
GetModuleFileNameA
LocalAlloc
lstrcmpiA
GetLastError
lstrlenA
GetCommandLineW
ExitProcess
user32
wsprintfA
advapi32
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
shell32
CommandLineToArgvW
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 232B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 180B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$COMMONFILES/supportdotcom/rang/nt_amd64/ssmirrdr.dll.dll windows:6 windows x64 arch:x64
9535822323dc9440ba9b40cf9f71dd74
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
49:32:98:ee:fe:01:b1:d6:b8:f3:9a:e0:a1:ed:1c:8fCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before02/07/2009, 00:00Not After01/07/2010, 23:59SubjectCN=support.com\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=support.com\, Inc.,L=Redwood City,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
d:\sprt\project\rang\trunk\win\rang\ssmirrdr\ssmirrdr.dll\objfre_wlh_amd64\amd64\ssmirrdr.pdb
Imports
win32k.sys
EngDeleteSurface
EngAssociateSurface
EngCreateDeviceSurface
EngCreatePalette
EngDeleteSemaphore
EngDeletePalette
PATHOBJ_vGetBounds
EngCreateSemaphore
CLIPOBJ_cEnumStart
CLIPOBJ_bEnum
EngUnmapEvent
EngReleaseSemaphore
EngSetEvent
EngMapEvent
EngAcquireSemaphore
EngAllocMem
EngFreeMem
EngBugCheckEx
Sections
.text Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 588B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 548B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 150B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$COMMONFILES/supportdotcom/rang/nt_amd64/ssmirrdr.sys.sys windows:6 windows x64 arch:x64
8201f3349e7fca04a64640d8bac5a3a6
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
49:32:98:ee:fe:01:b1:d6:b8:f3:9a:e0:a1:ed:1c:8fCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before02/07/2009, 00:00Not After01/07/2010, 23:59SubjectCN=support.com\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=support.com\, Inc.,L=Redwood City,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
d:\sprt\project\rang\trunk\win\rang\ssmirrdr\ssmirrdr.sys\objfre_wlh_amd64\amd64\ssmirrdr.pdb
Imports
ntoskrnl.exe
KeBugCheckEx
videoprt.sys
VideoPortInitialize
VideoPortZeroMemory
Sections
.text Size: 512B - Virtual size: 352B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 228B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 272B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 512B - Virtual size: 320B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$COMMONFILES/supportdotcom/rang/nt_x86/ssmirrdr.dll.dll windows:6 windows x86 arch:x86
2c31acb0b376130ca2719a3f93993560
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
49:32:98:ee:fe:01:b1:d6:b8:f3:9a:e0:a1:ed:1c:8fCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before02/07/2009, 00:00Not After01/07/2010, 23:59SubjectCN=support.com\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=support.com\, Inc.,L=Redwood City,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
d:\sprt\project\rang\trunk\win\rang\ssmirrdr\ssmirrdr.dll\objfre_wlh_x86\i386\ssmirrdr.pdb
Imports
win32k.sys
EngDeletePalette
PATHOBJ_vGetBounds
EngCreatePalette
EngCreateSemaphore
EngDeleteSemaphore
EngDeleteSurface
EngAssociateSurface
EngCreateDeviceSurface
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
EngAcquireSemaphore
EngReleaseSemaphore
EngUnmapEvent
EngMapEvent
EngSetEvent
EngAllocMem
EngFreeMem
EngBugCheckEx
Sections
.text Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 527B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 472B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 428B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$COMMONFILES/supportdotcom/rang/nt_x86/ssmirrdr.sys.sys windows:6 windows x86 arch:x86
518167d6aeefde1975592d28cbae7110
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15/06/2007, 00:00Not After14/06/2012, 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04/12/2003, 00:00Not After03/12/2013, 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
49:32:98:ee:fe:01:b1:d6:b8:f3:9a:e0:a1:ed:1c:8fCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before02/07/2009, 00:00Not After01/07/2010, 23:59SubjectCN=support.com\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=support.com\, Inc.,L=Redwood City,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21/05/2009, 00:00Not After20/05/2019, 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
d:\sprt\project\rang\trunk\win\rang\ssmirrdr\ssmirrdr.sys\objfre_wlh_x86\i386\ssmirrdr.pdb
Imports
ntoskrnl.exe
KeTickCount
videoprt.sys
VideoPortZeroMemory
VideoPortInitialize
Sections
.text Size: 512B - Virtual size: 188B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 175B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 246B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 86B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$COMMONFILES/supportdotcom/rang/ssmirrdr-nt_amd64.cat
-
$COMMONFILES/supportdotcom/rang/ssmirrdr-nt_x86.cat
-
$COMMONFILES/supportdotcom/rang/ssmirrdr.inf
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
2017f2acbdaa42ab3e4adeb8b4c37e7b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 100B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 520B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PROGRAMFILES/supportdotcom/rang/uninst.exe.nsis
-
ssranghk.dll.dll windows:5 windows x86 arch:x86
c2377f538bc52f5952f778901a3684bc
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
w:\p4\sprt\project\rang\trunk\output\Release\Win32\ssranghk.pdb
Imports
kernel32
GetLastError
GetCurrentThreadId
GlobalAddAtomA
HeapSize
GetStringTypeW
MultiByteToWideChar
LCMapStringW
RtlUnwind
GetModuleFileNameW
WriteFile
LoadLibraryW
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
IsProcessorFeaturePresent
user32
RegisterWindowMessageA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
IsWindowVisible
GetWindowRect
GetPropA
SetPropA
GetCursor
PostThreadMessageA
Exports
Exports
WM_Hooks_CursorChanged
WM_Hooks_EnableCursorShape
WM_Hooks_EnableRealInputs
WM_Hooks_EnableRealInputs1
WM_Hooks_EnableSynthInputs
WM_Hooks_Install
WM_Hooks_RectangleChanged
WM_Hooks_Remove
WM_Hooks_WindowBorderChanged
WM_Hooks_WindowChanged
WM_Hooks_WindowClientAreaChanged
Sections
.text Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.WM_Hook Size: 512B - Virtual size: 47B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
support.ico