1b9927[.]zip | Triage

Sharing

Copy URL

Twitter E-mail

General

Target

1b9927.zip
Size

468.3MB
MD5

37706ac4b3f7d75499dfc01c74136fb5
SHA1

b1f84d58c93643ac5d42a36a9dbac033bba34b40
SHA256

8c0d64f0a9e3bea13f2c3aeafc670e62aaf396ba114c463c97e272464b4d8efb
SHA512

21c9c1872fdac008216d218d89277874bf140daf417009b4deb002700e7b8239e34f9103a623a26a7fe6f77ef669153864a16d739423ffc977b0dd7de89fca3a
SSDEEP

12582912:lVgrWP7LxOp23JyW4Z3+QZY8lUUCZ5uY/576jBRg:lVgr27LxOp2W8cPCZ5uY/578g

Score

1^/10

Malware Config

Signatures

Files

1b9927.zip
.zip
1b9922.msi
.msi
1b9927.msi
.msi
1cc2ce.msi
.msi
2c7f8ce.msi
.msi
33710a8.msi
.msi
37266.msi
.msi
4514efe.msi
.msi
5d068db.msi
.msi
747d8af.msi
.msi
747d8b8.msi
.msi
802010b.msi
.msi
96d2337.msi
.msi
9c74ce.msi
.msi
9c74d2.msi
.msi
9c74d7.msi
.msi
9c74df.msi
.msi
MSI51C3.tmp
.dll windows:6 windows x64 arch:x64

c2c80b5cacade833d9414897cc815e8b

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:01:26:e1:ba:66:6f:8e:35:e7:29:89:00:00:00:01:26:e1
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

24-06-2024 19:48

Not After

27-06-2024 19:48

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:01:26:e1:ba:66:6f:8e:35:e7:29:89:00:00:00:01:26:e1
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

24-06-2024 19:48

Not After

27-06-2024 19:48

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19-11-2020 20:32

Not After

19-11-2035 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3b:8a:69:59:be:14:05:64:71:00:00:00:00:00:3b
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15-02-2024 20:36

Not After

15-02-2025 20:36

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=nShield TSS ESN:7800-05E0-D947,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:73:4d:11:1b:4b:5c:87:9b:bd:5a:8c:49:ab:2a:90
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

07-12-2021 00:00

Not After

06-12-2024 23:59

Subject

SERIALNUMBER=0400751588,CN=Comodo Security Solutions\, Inc,O=Comodo Security Solutions\, Inc,ST=New Jersey,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a4e6577204a6572736579,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0d
Signer

Actual PE Digest

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0d

Digest Algorithm

sha256

PE Digest Matches

true

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0d
Signer

Actual PE Digest

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins\workspace\CES_UM_git\release\x64\Symbols\msica.pdb

Imports

kernel32

SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindResourceExW
FindResourceW
MoveFileExW
RemoveDirectoryW
GetNativeSystemInfo
CopyFileW
InitializeCriticalSectionEx
DecodePointer
DeleteCriticalSection
LocalFree
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
SetLastError
GetModuleHandleW
FreeLibrary
GetLastError
GetModuleHandleExW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
VerifyVersionInfoW
GetCurrentProcessId
VerSetConditionMask
GetProcAddress
LoadLibraryW
RaiseException
CloseHandle
GetCurrentThreadId
CreateFileW
GetModuleFileNameW
GetCurrentProcess
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
ExitProcess
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
GetWindowsDirectoryW
GetSystemDirectoryW
OpenProcess
TlsAlloc
TlsSetValue
TlsGetValue
GetTempPathW
GetTempFileNameW
WaitForSingleObject
MultiByteToWideChar
FileTimeToSystemTime
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
ReadFile
GetCurrentThread
GetExitCodeProcess
CreateProcessW
TerminateProcess
GetFileSize
FindClose
FindFirstFileW
FindNextFileW
GetSystemWindowsDirectoryW
GetSystemInfo
SetFilePointer
GetTickCount
QueryDosDeviceW
WriteFile
CreateMutexW
ReleaseMutex
GetLocalTime
QueryPerformanceFrequency
FormatMessageW
GetFileSizeEx
SetEvent
CreateDirectoryW
GetFileType
GetUserDefaultLCID
SetEndOfFile
GetModuleHandleA
GetStdHandle
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
FormatMessageA
GetStringTypeW
FindFirstFileExW
GetFileAttributesExW
GetFinalPathNameByHandleW
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
EncodePointer
LCMapStringEx
GetCPInfo
InterlockedFlushSList
GetThreadTimes
LoadLibraryExW
TlsFree
RtlUnwind

user32

GetSystemMetrics
GetWindowThreadProcessId
FindWindowW
GetShellWindow

advapi32

RegNotifyChangeKeyValue
ImpersonateLoggedOnUser
RevertToSelf
RegDeleteValueW
DuplicateTokenEx
CreateProcessWithTokenW
LookupAccountSidW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyW
RegFlushKey
GetAclInformation
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeAbsoluteSD
MakeSelfRelativeSD
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
ConvertStringSidToSidW
CopySid
GetLengthSid
IsValidSid
SetNamedSecurityInfoW
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
AddAce
InitializeAcl
RegQueryInfoKeyW
RegEnumKeyExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetSecurityDescriptorLength

shell32

SHCreateDirectoryExW
SHGetFolderPathW
ord680

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
StringFromGUID2
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

ntdll

RtlVirtualUnwind

msi

ord205
ord74
ord103
ord125
ord8
ord17
ord145

shlwapi

PathFileExistsW
PathAddBackslashW
SHDeleteValueW
SHDeleteKeyW

crypt32

CryptUnprotectData
CryptProtectData

netapi32

NetWkstaGetInfo
NetApiBufferFree

mpr

WNetGetUniversalNameW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

ApplyExternalXmlConfig
ApplyProxyConfig
CheckBfeService
CheckInstallPath
CleanUp
CleanUpUser
ClearDestDirectory
CopyDatabase
CreateBrowsersVkShortcuts
CreateCisTrayShortcut
CreateSharedSpace
DoInstallFwAv
DoStartDrivers
DoUninstallFwAv
DoUninstallProc
EnableWindowsScheduler
FinalizeInstallCheck
FixBfeService
InstallElamDriver
PrepareInstallation
ProxyVersionIsEqual
RegisterEventLogger
RemoveCSGToolset
RemoveRegSymlinks
RollbackInstalledFinalizeActions
RunUninstallUrl
ScheduleCisTrayAutostart
SearchForRelatedProducts
SearchForRelatedProductsDeffered
SelfProtectionDisable
SendUsageStatistics
SetProductName
StartCisApp
TelemetryInstallEnd
TelemetryInstallStart
TelemetryUninstall
TestWindowsVersion
TestWindowsVersionDeffered
UserPasswordRequest
WriteRebootFlag

Sections

.text
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSI52FC.tmp
.dll windows:6 windows x64 arch:x64

c2c80b5cacade833d9414897cc815e8b

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:01:26:e1:ba:66:6f:8e:35:e7:29:89:00:00:00:01:26:e1
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

24-06-2024 19:48

Not After

27-06-2024 19:48

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:01:26:e1:ba:66:6f:8e:35:e7:29:89:00:00:00:01:26:e1
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

24-06-2024 19:48

Not After

27-06-2024 19:48

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19-11-2020 20:32

Not After

19-11-2035 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3b:8a:69:59:be:14:05:64:71:00:00:00:00:00:3b
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15-02-2024 20:36

Not After

15-02-2025 20:36

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=nShield TSS ESN:7800-05E0-D947,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:73:4d:11:1b:4b:5c:87:9b:bd:5a:8c:49:ab:2a:90
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

07-12-2021 00:00

Not After

06-12-2024 23:59

Subject

SERIALNUMBER=0400751588,CN=Comodo Security Solutions\, Inc,O=Comodo Security Solutions\, Inc,ST=New Jersey,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a4e6577204a6572736579,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0d
Signer

Actual PE Digest

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0d

Digest Algorithm

sha256

PE Digest Matches

true

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0d
Signer

Actual PE Digest

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins\workspace\CES_UM_git\release\x64\Symbols\msica.pdb

Imports

kernel32

SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindResourceExW
FindResourceW
MoveFileExW
RemoveDirectoryW
GetNativeSystemInfo
CopyFileW
InitializeCriticalSectionEx
DecodePointer
DeleteCriticalSection
LocalFree
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
SetLastError
GetModuleHandleW
FreeLibrary
GetLastError
GetModuleHandleExW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
VerifyVersionInfoW
GetCurrentProcessId
VerSetConditionMask
GetProcAddress
LoadLibraryW
RaiseException
CloseHandle
GetCurrentThreadId
CreateFileW
GetModuleFileNameW
GetCurrentProcess
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
ExitProcess
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
GetWindowsDirectoryW
GetSystemDirectoryW
OpenProcess
TlsAlloc
TlsSetValue
TlsGetValue
GetTempPathW
GetTempFileNameW
WaitForSingleObject
MultiByteToWideChar
FileTimeToSystemTime
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
ReadFile
GetCurrentThread
GetExitCodeProcess
CreateProcessW
TerminateProcess
GetFileSize
FindClose
FindFirstFileW
FindNextFileW
GetSystemWindowsDirectoryW
GetSystemInfo
SetFilePointer
GetTickCount
QueryDosDeviceW
WriteFile
CreateMutexW
ReleaseMutex
GetLocalTime
QueryPerformanceFrequency
FormatMessageW
GetFileSizeEx
SetEvent
CreateDirectoryW
GetFileType
GetUserDefaultLCID
SetEndOfFile
GetModuleHandleA
GetStdHandle
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
FormatMessageA
GetStringTypeW
FindFirstFileExW
GetFileAttributesExW
GetFinalPathNameByHandleW
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
EncodePointer
LCMapStringEx
GetCPInfo
InterlockedFlushSList
GetThreadTimes
LoadLibraryExW
TlsFree
RtlUnwind

user32

GetSystemMetrics
GetWindowThreadProcessId
FindWindowW
GetShellWindow

advapi32

RegNotifyChangeKeyValue
ImpersonateLoggedOnUser
RevertToSelf
RegDeleteValueW
DuplicateTokenEx
CreateProcessWithTokenW
LookupAccountSidW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyW
RegFlushKey
GetAclInformation
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeAbsoluteSD
MakeSelfRelativeSD
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
ConvertStringSidToSidW
CopySid
GetLengthSid
IsValidSid
SetNamedSecurityInfoW
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
AddAce
InitializeAcl
RegQueryInfoKeyW
RegEnumKeyExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetSecurityDescriptorLength

shell32

SHCreateDirectoryExW
SHGetFolderPathW
ord680

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
StringFromGUID2
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

ntdll

RtlVirtualUnwind

msi

ord205
ord74
ord103
ord125
ord8
ord17
ord145

shlwapi

PathFileExistsW
PathAddBackslashW
SHDeleteValueW
SHDeleteKeyW

crypt32

CryptUnprotectData
CryptProtectData

netapi32

NetWkstaGetInfo
NetApiBufferFree

mpr

WNetGetUniversalNameW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

ApplyExternalXmlConfig
ApplyProxyConfig
CheckBfeService
CheckInstallPath
CleanUp
CleanUpUser
ClearDestDirectory
CopyDatabase
CreateBrowsersVkShortcuts
CreateCisTrayShortcut
CreateSharedSpace
DoInstallFwAv
DoStartDrivers
DoUninstallFwAv
DoUninstallProc
EnableWindowsScheduler
FinalizeInstallCheck
FixBfeService
InstallElamDriver
PrepareInstallation
ProxyVersionIsEqual
RegisterEventLogger
RemoveCSGToolset
RemoveRegSymlinks
RollbackInstalledFinalizeActions
RunUninstallUrl
ScheduleCisTrayAutostart
SearchForRelatedProducts
SearchForRelatedProductsDeffered
SelfProtectionDisable
SendUsageStatistics
SetProductName
StartCisApp
TelemetryInstallEnd
TelemetryInstallStart
TelemetryUninstall
TestWindowsVersion
TestWindowsVersionDeffered
UserPasswordRequest
WriteRebootFlag

Sections

.text
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSI539A.tmp
.dll windows:6 windows x64 arch:x64

c2c80b5cacade833d9414897cc815e8b

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:01:26:e1:ba:66:6f:8e:35:e7:29:89:00:00:00:01:26:e1
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

24-06-2024 19:48

Not After

27-06-2024 19:48

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:01:26:e1:ba:66:6f:8e:35:e7:29:89:00:00:00:01:26:e1
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

24-06-2024 19:48

Not After

27-06-2024 19:48

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19-11-2020 20:32

Not After

19-11-2035 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:3b:8a:69:59:be:14:05:64:71:00:00:00:00:00:3b
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15-02-2024 20:36

Not After

15-02-2025 20:36

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft America Operations+OU=nShield TSS ESN:7800-05E0-D947,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:73:4d:11:1b:4b:5c:87:9b:bd:5a:8c:49:ab:2a:90
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

07-12-2021 00:00

Not After

06-12-2024 23:59

Subject

SERIALNUMBER=0400751588,CN=Comodo Security Solutions\, Inc,O=Comodo Security Solutions\, Inc,ST=New Jersey,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a4e6577204a6572736579,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0d
Signer

Actual PE Digest

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0d

Digest Algorithm

sha256

PE Digest Matches

true

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0d
Signer

Actual PE Digest

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0d

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins\workspace\CES_UM_git\release\x64\Symbols\msica.pdb

Imports

kernel32

SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindResourceExW
FindResourceW
MoveFileExW
RemoveDirectoryW
GetNativeSystemInfo
CopyFileW
InitializeCriticalSectionEx
DecodePointer
DeleteCriticalSection
LocalFree
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
SetLastError
GetModuleHandleW
FreeLibrary
GetLastError
GetModuleHandleExW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
VerifyVersionInfoW
GetCurrentProcessId
VerSetConditionMask
GetProcAddress
LoadLibraryW
RaiseException
CloseHandle
GetCurrentThreadId
CreateFileW
GetModuleFileNameW
GetCurrentProcess
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
ExitProcess
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
GetWindowsDirectoryW
GetSystemDirectoryW
OpenProcess
TlsAlloc
TlsSetValue
TlsGetValue
GetTempPathW
GetTempFileNameW
WaitForSingleObject
MultiByteToWideChar
FileTimeToSystemTime
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
ReadFile
GetCurrentThread
GetExitCodeProcess
CreateProcessW
TerminateProcess
GetFileSize
FindClose
FindFirstFileW
FindNextFileW
GetSystemWindowsDirectoryW
GetSystemInfo
SetFilePointer
GetTickCount
QueryDosDeviceW
WriteFile
CreateMutexW
ReleaseMutex
GetLocalTime
QueryPerformanceFrequency
FormatMessageW
GetFileSizeEx
SetEvent
CreateDirectoryW
GetFileType
GetUserDefaultLCID
SetEndOfFile
GetModuleHandleA
GetStdHandle
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
FormatMessageA
GetStringTypeW
FindFirstFileExW
GetFileAttributesExW
GetFinalPathNameByHandleW
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
EncodePointer
LCMapStringEx
GetCPInfo
InterlockedFlushSList
GetThreadTimes
LoadLibraryExW
TlsFree
RtlUnwind

user32

GetSystemMetrics
GetWindowThreadProcessId
FindWindowW
GetShellWindow

advapi32

RegNotifyChangeKeyValue
ImpersonateLoggedOnUser
RevertToSelf
RegDeleteValueW
DuplicateTokenEx
CreateProcessWithTokenW
LookupAccountSidW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyW
RegFlushKey
GetAclInformation
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeAbsoluteSD
MakeSelfRelativeSD
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
ConvertStringSidToSidW
CopySid
GetLengthSid
IsValidSid
SetNamedSecurityInfoW
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
AddAce
InitializeAcl
RegQueryInfoKeyW
RegEnumKeyExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetSecurityDescriptorLength

shell32

SHCreateDirectoryExW
SHGetFolderPathW
ord680

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
StringFromGUID2
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

ntdll

RtlVirtualUnwind

msi

ord205
ord74
ord103
ord125
ord8
ord17
ord145

shlwapi

PathFileExistsW
PathAddBackslashW
SHDeleteValueW
SHDeleteKeyW

crypt32

CryptUnprotectData
CryptProtectData

netapi32

NetWkstaGetInfo
NetApiBufferFree

mpr

WNetGetUniversalNameW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

ApplyExternalXmlConfig
ApplyProxyConfig
CheckBfeService
CheckInstallPath
CleanUp
CleanUpUser
ClearDestDirectory
CopyDatabase
CreateBrowsersVkShortcuts
CreateCisTrayShortcut
CreateSharedSpace
DoInstallFwAv
DoStartDrivers
DoUninstallFwAv
DoUninstallProc
EnableWindowsScheduler
FinalizeInstallCheck
FixBfeService
InstallElamDriver
PrepareInstallation
ProxyVersionIsEqual
RegisterEventLogger
RemoveCSGToolset
RemoveRegSymlinks
RollbackInstalledFinalizeActions
RunUninstallUrl
ScheduleCisTrayAutostart
SearchForRelatedProducts
SearchForRelatedProductsDeffered
SelfProtectionDisable
SendUsageStatistics
SetProductName
StartCisApp
TelemetryInstallEnd
TelemetryInstallStart
TelemetryUninstall
TestWindowsVersion
TestWindowsVersionDeffered
UserPasswordRequest
WriteRebootFlag

Sections

.text
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSI7485.tmp
.exe windows:6 windows x86 arch:x86

fa42d6e2b27242c8f9d13fd46b639a38

Code Sign

02:88:0a:4d:20:fb:28:5b:34:d8:07:76:c8:36:41:d8
Certificate

Issuer

CN=GoGetSSL G4 CS RSA4096 SHA256 2022 CA-1,O=EnVers Group SIA,C=LV

Not Before

02-02-2024 00:00

Not After

04-02-2027 23:59

Subject

CN=Mailbird\, Inc.,O=Mailbird\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:84:3d:ad:01:c1:15:c2:74:ee:41:a7:28:22:46:79
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-06-2022 00:00

Not After

22-06-2032 23:59

Subject

CN=GoGetSSL G4 CS RSA4096 SHA256 2022 CA-1,O=EnVers Group SIA,C=LV

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:3f:c3:54:f4:c6:d3:ff:08:2c:fe:c8:e3:b9:86:d4:38:4c:f1:07:de:08:5e:14:b8:89:4c:22:b6:bc:6f:84
Signer

Actual PE Digest

52:3f:c3:54:f4:c6:d3:ff:08:2c:fe:c8:e3:b9:86:d4:38:4c:f1:07:de:08:5e:14:b8:89:4c:22:b6:bc:6f:84

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ReleaseAI\win\Release\custact\x86\viewer.pdb

Imports

msi

ord224

crypt32

CertFreeCertificateContext
CertGetNameStringW

kernel32

LoadResource
FindResourceW
FindResourceExW
CreateFileW
CloseHandle
FindClose
DeleteFileW
FindNextFileW
GetFileAttributesW
WriteFile
SetFilePointer
GetTempPathW
GetTempFileNameW
MoveFileW
GetModuleHandleW
GetSystemDirectoryW
LoadLibraryExW
CreateToolhelp32Snapshot
Process32FirstW
HeapSize
Process32NextW
GetProcessTimes
GetCurrentProcessId
GetCurrentProcess
GetExitCodeProcess
SizeofResource
TerminateProcess
ReadProcessMemory
GetWindowsDirectoryW
Sleep
SetLastError
ExitProcess
lstrcmpiW
GetModuleFileNameW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
GetCurrentThreadId
FlushFileBuffers
GetStringTypeW
InitializeCriticalSectionEx
DecodePointer
GetCommandLineW
GetSystemTimeAsFileTime
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
QueryPerformanceCounter
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
LocalAlloc
GetLastError
LocalFree
LockResource
GetProcessHeap
HeapAlloc
HeapFree
WaitForSingleObject
HeapReAlloc
InitializeSListHead
RtlUnwind
OpenProcess
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileType
GetStdHandle
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
RaiseException
FormatMessageA
GetLocaleInfoEx
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW

user32

EnumWindows
BringWindowToTop
GetForegroundWindow
GetWindowThreadProcessId
GetWindowLongW
AllowSetForegroundWindow

advapi32

RegQueryValueExW
RegOpenKeyExW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken

shell32

ShellExecuteExW
ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CoAllowSetForegroundWindow
CoUninitialize

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

shlwapi

PathIsUNCW
ord176

Sections

.text
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSIA56D.tmp
.dll windows:6 windows x64 arch:x64

c2c80b5cacade833d9414897cc815e8b

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:dd:34:e0:57:2c:c3:49:5e:76:84:00:00:00:00:dd:34
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

03-04-2024 00:17

Not After

06-04-2024 00:17

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:dd:34:e0:57:2c:c3:49:5e:76:84:00:00:00:00:dd:34
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

03-04-2024 00:17

Not After

06-04-2024 00:17

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19-11-2020 20:32

Not After

19-11-2035 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:2d:be:3c:b7:0a:b1:90:80:be:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15-06-2023 19:38

Not After

14-06-2024 19:38

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:91A2-966C-63FB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:73:4d:11:1b:4b:5c:87:9b:bd:5a:8c:49:ab:2a:90
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

07-12-2021 00:00

Not After

06-12-2024 23:59

Subject

SERIALNUMBER=0400751588,CN=Comodo Security Solutions\, Inc,O=Comodo Security Solutions\, Inc,ST=New Jersey,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a4e6577204a6572736579,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:f6:b0:c6:8c:85:67:66:c9:e1:4d:81:34:ad:aa:93:91:95:c2:67:80:38:2d:2f:6e:41:29:1a:a9:97:6a:71
Signer

Actual PE Digest

ed:f6:b0:c6:8c:85:67:66:c9:e1:4d:81:34:ad:aa:93:91:95:c2:67:80:38:2d:2f:6e:41:29:1a:a9:97:6a:71

Digest Algorithm

sha256

PE Digest Matches

true

ed:f6:b0:c6:8c:85:67:66:c9:e1:4d:81:34:ad:aa:93:91:95:c2:67:80:38:2d:2f:6e:41:29:1a:a9:97:6a:71
Signer

Actual PE Digest

ed:f6:b0:c6:8c:85:67:66:c9:e1:4d:81:34:ad:aa:93:91:95:c2:67:80:38:2d:2f:6e:41:29:1a:a9:97:6a:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins\workspace\CES_UM_git\release\x64\Symbols\msica.pdb

Imports

kernel32

SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindResourceExW
FindResourceW
MoveFileExW
RemoveDirectoryW
GetNativeSystemInfo
CopyFileW
InitializeCriticalSectionEx
DecodePointer
DeleteCriticalSection
LocalFree
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
SetLastError
GetModuleHandleW
FreeLibrary
GetLastError
GetModuleHandleExW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
VerifyVersionInfoW
GetCurrentProcessId
VerSetConditionMask
GetProcAddress
LoadLibraryW
RaiseException
CloseHandle
GetCurrentThreadId
CreateFileW
GetModuleFileNameW
GetCurrentProcess
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
ExitProcess
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
GetWindowsDirectoryW
GetSystemDirectoryW
OpenProcess
TlsAlloc
TlsSetValue
TlsGetValue
GetTempPathW
GetTempFileNameW
WaitForSingleObject
MultiByteToWideChar
FileTimeToSystemTime
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
ReadFile
GetCurrentThread
GetExitCodeProcess
CreateProcessW
TerminateProcess
GetFileSize
FindClose
FindFirstFileW
FindNextFileW
GetSystemWindowsDirectoryW
GetSystemInfo
SetFilePointer
GetTickCount
QueryDosDeviceW
WriteFile
CreateMutexW
ReleaseMutex
GetLocalTime
QueryPerformanceFrequency
FormatMessageW
GetFileSizeEx
SetEvent
CreateDirectoryW
GetFileType
GetUserDefaultLCID
SetEndOfFile
GetModuleHandleA
GetStdHandle
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
FormatMessageA
GetStringTypeW
FindFirstFileExW
GetFileAttributesExW
GetFinalPathNameByHandleW
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
EncodePointer
LCMapStringEx
GetCPInfo
InterlockedFlushSList
GetThreadTimes
LoadLibraryExW
TlsFree
RtlUnwind

user32

GetSystemMetrics
GetWindowThreadProcessId
FindWindowW
GetShellWindow

advapi32

RegNotifyChangeKeyValue
ImpersonateLoggedOnUser
RevertToSelf
RegDeleteValueW
DuplicateTokenEx
CreateProcessWithTokenW
LookupAccountSidW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyW
RegFlushKey
GetAclInformation
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeAbsoluteSD
MakeSelfRelativeSD
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
ConvertStringSidToSidW
CopySid
GetLengthSid
IsValidSid
SetNamedSecurityInfoW
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
AddAce
InitializeAcl
RegQueryInfoKeyW
RegEnumKeyExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetSecurityDescriptorLength

shell32

SHCreateDirectoryExW
SHGetFolderPathW
ord680

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
StringFromGUID2
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

ntdll

RtlVirtualUnwind

msi

ord205
ord74
ord103
ord125
ord8
ord17
ord145

shlwapi

PathFileExistsW
PathAddBackslashW
SHDeleteValueW
SHDeleteKeyW

crypt32

CryptUnprotectData
CryptProtectData

netapi32

NetWkstaGetInfo
NetApiBufferFree

mpr

WNetGetUniversalNameW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

ApplyExternalXmlConfig
ApplyProxyConfig
CheckBfeService
CheckInstallPath
CleanUp
CleanUpUser
ClearDestDirectory
CopyDatabase
CreateBrowsersVkShortcuts
CreateCisTrayShortcut
CreateSharedSpace
DoInstallFwAv
DoStartDrivers
DoUninstallFwAv
DoUninstallProc
EnableWindowsScheduler
FinalizeInstallCheck
FixBfeService
InstallElamDriver
PrepareInstallation
ProxyVersionIsEqual
RegisterEventLogger
RemoveCSGToolset
RemoveRegSymlinks
RollbackInstalledFinalizeActions
RunUninstallUrl
ScheduleCisTrayAutostart
SearchForRelatedProducts
SearchForRelatedProductsDeffered
SelfProtectionDisable
SendUsageStatistics
SetProductName
StartCisApp
TelemetryInstallEnd
TelemetryInstallStart
TelemetryUninstall
TestWindowsVersion
TestWindowsVersionDeffered
UserPasswordRequest
WriteRebootFlag

Sections

.text
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSIA89B.tmp
.dll windows:6 windows x64 arch:x64

c2c80b5cacade833d9414897cc815e8b

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:dd:34:e0:57:2c:c3:49:5e:76:84:00:00:00:00:dd:34
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

03-04-2024 00:17

Not After

06-04-2024 00:17

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:dd:34:e0:57:2c:c3:49:5e:76:84:00:00:00:00:dd:34
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

03-04-2024 00:17

Not After

06-04-2024 00:17

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19-11-2020 20:32

Not After

19-11-2035 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:2d:be:3c:b7:0a:b1:90:80:be:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15-06-2023 19:38

Not After

14-06-2024 19:38

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:91A2-966C-63FB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:73:4d:11:1b:4b:5c:87:9b:bd:5a:8c:49:ab:2a:90
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

07-12-2021 00:00

Not After

06-12-2024 23:59

Subject

SERIALNUMBER=0400751588,CN=Comodo Security Solutions\, Inc,O=Comodo Security Solutions\, Inc,ST=New Jersey,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a4e6577204a6572736579,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:f6:b0:c6:8c:85:67:66:c9:e1:4d:81:34:ad:aa:93:91:95:c2:67:80:38:2d:2f:6e:41:29:1a:a9:97:6a:71
Signer

Actual PE Digest

ed:f6:b0:c6:8c:85:67:66:c9:e1:4d:81:34:ad:aa:93:91:95:c2:67:80:38:2d:2f:6e:41:29:1a:a9:97:6a:71

Digest Algorithm

sha256

PE Digest Matches

true

ed:f6:b0:c6:8c:85:67:66:c9:e1:4d:81:34:ad:aa:93:91:95:c2:67:80:38:2d:2f:6e:41:29:1a:a9:97:6a:71
Signer

Actual PE Digest

ed:f6:b0:c6:8c:85:67:66:c9:e1:4d:81:34:ad:aa:93:91:95:c2:67:80:38:2d:2f:6e:41:29:1a:a9:97:6a:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins\workspace\CES_UM_git\release\x64\Symbols\msica.pdb

Imports

kernel32

SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindResourceExW
FindResourceW
MoveFileExW
RemoveDirectoryW
GetNativeSystemInfo
CopyFileW
InitializeCriticalSectionEx
DecodePointer
DeleteCriticalSection
LocalFree
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
SetLastError
GetModuleHandleW
FreeLibrary
GetLastError
GetModuleHandleExW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
VerifyVersionInfoW
GetCurrentProcessId
VerSetConditionMask
GetProcAddress
LoadLibraryW
RaiseException
CloseHandle
GetCurrentThreadId
CreateFileW
GetModuleFileNameW
GetCurrentProcess
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
ExitProcess
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
GetWindowsDirectoryW
GetSystemDirectoryW
OpenProcess
TlsAlloc
TlsSetValue
TlsGetValue
GetTempPathW
GetTempFileNameW
WaitForSingleObject
MultiByteToWideChar
FileTimeToSystemTime
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
ReadFile
GetCurrentThread
GetExitCodeProcess
CreateProcessW
TerminateProcess
GetFileSize
FindClose
FindFirstFileW
FindNextFileW
GetSystemWindowsDirectoryW
GetSystemInfo
SetFilePointer
GetTickCount
QueryDosDeviceW
WriteFile
CreateMutexW
ReleaseMutex
GetLocalTime
QueryPerformanceFrequency
FormatMessageW
GetFileSizeEx
SetEvent
CreateDirectoryW
GetFileType
GetUserDefaultLCID
SetEndOfFile
GetModuleHandleA
GetStdHandle
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
FormatMessageA
GetStringTypeW
FindFirstFileExW
GetFileAttributesExW
GetFinalPathNameByHandleW
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
EncodePointer
LCMapStringEx
GetCPInfo
InterlockedFlushSList
GetThreadTimes
LoadLibraryExW
TlsFree
RtlUnwind

user32

GetSystemMetrics
GetWindowThreadProcessId
FindWindowW
GetShellWindow

advapi32

RegNotifyChangeKeyValue
ImpersonateLoggedOnUser
RevertToSelf
RegDeleteValueW
DuplicateTokenEx
CreateProcessWithTokenW
LookupAccountSidW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyW
RegFlushKey
GetAclInformation
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeAbsoluteSD
MakeSelfRelativeSD
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
ConvertStringSidToSidW
CopySid
GetLengthSid
IsValidSid
SetNamedSecurityInfoW
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
AddAce
InitializeAcl
RegQueryInfoKeyW
RegEnumKeyExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetSecurityDescriptorLength

shell32

SHCreateDirectoryExW
SHGetFolderPathW
ord680

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
StringFromGUID2
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

ntdll

RtlVirtualUnwind

msi

ord205
ord74
ord103
ord125
ord8
ord17
ord145

shlwapi

PathFileExistsW
PathAddBackslashW
SHDeleteValueW
SHDeleteKeyW

crypt32

CryptUnprotectData
CryptProtectData

netapi32

NetWkstaGetInfo
NetApiBufferFree

mpr

WNetGetUniversalNameW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

ApplyExternalXmlConfig
ApplyProxyConfig
CheckBfeService
CheckInstallPath
CleanUp
CleanUpUser
ClearDestDirectory
CopyDatabase
CreateBrowsersVkShortcuts
CreateCisTrayShortcut
CreateSharedSpace
DoInstallFwAv
DoStartDrivers
DoUninstallFwAv
DoUninstallProc
EnableWindowsScheduler
FinalizeInstallCheck
FixBfeService
InstallElamDriver
PrepareInstallation
ProxyVersionIsEqual
RegisterEventLogger
RemoveCSGToolset
RemoveRegSymlinks
RollbackInstalledFinalizeActions
RunUninstallUrl
ScheduleCisTrayAutostart
SearchForRelatedProducts
SearchForRelatedProductsDeffered
SelfProtectionDisable
SendUsageStatistics
SetProductName
StartCisApp
TelemetryInstallEnd
TelemetryInstallStart
TelemetryUninstall
TestWindowsVersion
TestWindowsVersionDeffered
UserPasswordRequest
WriteRebootFlag

Sections

.text
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSIBF41.tmp
.exe windows:6 windows x86 arch:x86

fa42d6e2b27242c8f9d13fd46b639a38

Code Sign

02:88:0a:4d:20:fb:28:5b:34:d8:07:76:c8:36:41:d8
Certificate

Issuer

CN=GoGetSSL G4 CS RSA4096 SHA256 2022 CA-1,O=EnVers Group SIA,C=LV

Not Before

02-02-2024 00:00

Not After

04-02-2027 23:59

Subject

CN=Mailbird\, Inc.,O=Mailbird\, Inc.,L=Palo Alto,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

07:84:3d:ad:01:c1:15:c2:74:ee:41:a7:28:22:46:79
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-06-2022 00:00

Not After

22-06-2032 23:59

Subject

CN=GoGetSSL G4 CS RSA4096 SHA256 2022 CA-1,O=EnVers Group SIA,C=LV

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

52:3f:c3:54:f4:c6:d3:ff:08:2c:fe:c8:e3:b9:86:d4:38:4c:f1:07:de:08:5e:14:b8:89:4c:22:b6:bc:6f:84
Signer

Actual PE Digest

52:3f:c3:54:f4:c6:d3:ff:08:2c:fe:c8:e3:b9:86:d4:38:4c:f1:07:de:08:5e:14:b8:89:4c:22:b6:bc:6f:84

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\ReleaseAI\win\Release\custact\x86\viewer.pdb

Imports

msi

ord224

crypt32

CertFreeCertificateContext
CertGetNameStringW

kernel32

LoadResource
FindResourceW
FindResourceExW
CreateFileW
CloseHandle
FindClose
DeleteFileW
FindNextFileW
GetFileAttributesW
WriteFile
SetFilePointer
GetTempPathW
GetTempFileNameW
MoveFileW
GetModuleHandleW
GetSystemDirectoryW
LoadLibraryExW
CreateToolhelp32Snapshot
Process32FirstW
HeapSize
Process32NextW
GetProcessTimes
GetCurrentProcessId
GetCurrentProcess
GetExitCodeProcess
SizeofResource
TerminateProcess
ReadProcessMemory
GetWindowsDirectoryW
Sleep
SetLastError
ExitProcess
lstrcmpiW
GetModuleFileNameW
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
OutputDebugStringW
GetCurrentThreadId
FlushFileBuffers
GetStringTypeW
InitializeCriticalSectionEx
DecodePointer
GetCommandLineW
GetSystemTimeAsFileTime
WriteConsoleW
GetConsoleMode
GetConsoleOutputCP
SetFilePointerEx
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapDestroy
QueryPerformanceCounter
MultiByteToWideChar
WideCharToMultiByte
FreeLibrary
GetProcAddress
LocalAlloc
GetLastError
LocalFree
LockResource
GetProcessHeap
HeapAlloc
HeapFree
WaitForSingleObject
HeapReAlloc
InitializeSListHead
RtlUnwind
OpenProcess
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
FindFirstFileExW
GetTimeZoneInformation
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetStartupInfoW
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetFileType
GetStdHandle
GetModuleHandleExW
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
IsDebuggerPresent
RaiseException
FormatMessageA
GetLocaleInfoEx
EncodePointer
LCMapStringEx
CompareStringEx
GetCPInfo
InitializeCriticalSectionAndSpinCount
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW

user32

EnumWindows
BringWindowToTop
GetForegroundWindow
GetWindowThreadProcessId
GetWindowLongW
AllowSetForegroundWindow

advapi32

RegQueryValueExW
RegOpenKeyExW
ConvertSidToStringSidW
GetTokenInformation
OpenProcessToken

shell32

ShellExecuteExW
ShellExecuteW

ole32

CoCreateInstance
CoInitialize
CoAllowSetForegroundWindow
CoUninitialize

oleaut32

VariantInit
SysAllocString
SysFreeString
VariantClear

shlwapi

PathIsUNCW
ord176

Sections

.text
Size: 300KB - Virtual size: 300KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 84KB - Virtual size: 83KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSIC3C5.tmp
.dll windows:6 windows x64 arch:x64

c2c80b5cacade833d9414897cc815e8b

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:dd:34:e0:57:2c:c3:49:5e:76:84:00:00:00:00:dd:34
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

03-04-2024 00:17

Not After

06-04-2024 00:17

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:dd:34:e0:57:2c:c3:49:5e:76:84:00:00:00:00:dd:34
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

03-04-2024 00:17

Not After

06-04-2024 00:17

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19-11-2020 20:32

Not After

19-11-2035 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:2d:be:3c:b7:0a:b1:90:80:be:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15-06-2023 19:38

Not After

14-06-2024 19:38

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:91A2-966C-63FB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:73:4d:11:1b:4b:5c:87:9b:bd:5a:8c:49:ab:2a:90
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

07-12-2021 00:00

Not After

06-12-2024 23:59

Subject

SERIALNUMBER=0400751588,CN=Comodo Security Solutions\, Inc,O=Comodo Security Solutions\, Inc,ST=New Jersey,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a4e6577204a6572736579,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:f6:b0:c6:8c:85:67:66:c9:e1:4d:81:34:ad:aa:93:91:95:c2:67:80:38:2d:2f:6e:41:29:1a:a9:97:6a:71
Signer

Actual PE Digest

ed:f6:b0:c6:8c:85:67:66:c9:e1:4d:81:34:ad:aa:93:91:95:c2:67:80:38:2d:2f:6e:41:29:1a:a9:97:6a:71

Digest Algorithm

sha256

PE Digest Matches

true

ed:f6:b0:c6:8c:85:67:66:c9:e1:4d:81:34:ad:aa:93:91:95:c2:67:80:38:2d:2f:6e:41:29:1a:a9:97:6a:71
Signer

Actual PE Digest

ed:f6:b0:c6:8c:85:67:66:c9:e1:4d:81:34:ad:aa:93:91:95:c2:67:80:38:2d:2f:6e:41:29:1a:a9:97:6a:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins\workspace\CES_UM_git\release\x64\Symbols\msica.pdb

Imports

kernel32

SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindResourceExW
FindResourceW
MoveFileExW
RemoveDirectoryW
GetNativeSystemInfo
CopyFileW
InitializeCriticalSectionEx
DecodePointer
DeleteCriticalSection
LocalFree
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
SetLastError
GetModuleHandleW
FreeLibrary
GetLastError
GetModuleHandleExW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
VerifyVersionInfoW
GetCurrentProcessId
VerSetConditionMask
GetProcAddress
LoadLibraryW
RaiseException
CloseHandle
GetCurrentThreadId
CreateFileW
GetModuleFileNameW
GetCurrentProcess
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
ExitProcess
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
GetWindowsDirectoryW
GetSystemDirectoryW
OpenProcess
TlsAlloc
TlsSetValue
TlsGetValue
GetTempPathW
GetTempFileNameW
WaitForSingleObject
MultiByteToWideChar
FileTimeToSystemTime
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
ReadFile
GetCurrentThread
GetExitCodeProcess
CreateProcessW
TerminateProcess
GetFileSize
FindClose
FindFirstFileW
FindNextFileW
GetSystemWindowsDirectoryW
GetSystemInfo
SetFilePointer
GetTickCount
QueryDosDeviceW
WriteFile
CreateMutexW
ReleaseMutex
GetLocalTime
QueryPerformanceFrequency
FormatMessageW
GetFileSizeEx
SetEvent
CreateDirectoryW
GetFileType
GetUserDefaultLCID
SetEndOfFile
GetModuleHandleA
GetStdHandle
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
FormatMessageA
GetStringTypeW
FindFirstFileExW
GetFileAttributesExW
GetFinalPathNameByHandleW
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
EncodePointer
LCMapStringEx
GetCPInfo
InterlockedFlushSList
GetThreadTimes
LoadLibraryExW
TlsFree
RtlUnwind

user32

GetSystemMetrics
GetWindowThreadProcessId
FindWindowW
GetShellWindow

advapi32

RegNotifyChangeKeyValue
ImpersonateLoggedOnUser
RevertToSelf
RegDeleteValueW
DuplicateTokenEx
CreateProcessWithTokenW
LookupAccountSidW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyW
RegFlushKey
GetAclInformation
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeAbsoluteSD
MakeSelfRelativeSD
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
ConvertStringSidToSidW
CopySid
GetLengthSid
IsValidSid
SetNamedSecurityInfoW
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
AddAce
InitializeAcl
RegQueryInfoKeyW
RegEnumKeyExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetSecurityDescriptorLength

shell32

SHCreateDirectoryExW
SHGetFolderPathW
ord680

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
StringFromGUID2
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

ntdll

RtlVirtualUnwind

msi

ord205
ord74
ord103
ord125
ord8
ord17
ord145

shlwapi

PathFileExistsW
PathAddBackslashW
SHDeleteValueW
SHDeleteKeyW

crypt32

CryptUnprotectData
CryptProtectData

netapi32

NetWkstaGetInfo
NetApiBufferFree

mpr

WNetGetUniversalNameW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

ApplyExternalXmlConfig
ApplyProxyConfig
CheckBfeService
CheckInstallPath
CleanUp
CleanUpUser
ClearDestDirectory
CopyDatabase
CreateBrowsersVkShortcuts
CreateCisTrayShortcut
CreateSharedSpace
DoInstallFwAv
DoStartDrivers
DoUninstallFwAv
DoUninstallProc
EnableWindowsScheduler
FinalizeInstallCheck
FixBfeService
InstallElamDriver
PrepareInstallation
ProxyVersionIsEqual
RegisterEventLogger
RemoveCSGToolset
RemoveRegSymlinks
RollbackInstalledFinalizeActions
RunUninstallUrl
ScheduleCisTrayAutostart
SearchForRelatedProducts
SearchForRelatedProductsDeffered
SelfProtectionDisable
SendUsageStatistics
SetProductName
StartCisApp
TelemetryInstallEnd
TelemetryInstallStart
TelemetryUninstall
TestWindowsVersion
TestWindowsVersionDeffered
UserPasswordRequest
WriteRebootFlag

Sections

.text
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
MSIC905.tmp
.dll windows:6 windows x64 arch:x64

c2c80b5cacade833d9414897cc815e8b

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

16-04-2020 18:36

Not After

16-04-2045 18:44

Subject

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:dd:34:e0:57:2c:c3:49:5e:76:84:00:00:00:00:dd:34
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

03-04-2024 00:17

Not After

06-04-2024 00:17

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:dd:34:e0:57:2c:c3:49:5e:76:84:00:00:00:00:dd:34
Certificate

Issuer

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Not Before

03-04-2024 00:17

Not After

06-04-2024 00:17

Subject

CN=Comodo Security Solutions Inc.,O=Comodo Security Solutions Inc.,L=Bloomfield,ST=New Jersey,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Not Before

13-04-2021 17:31

Not After

13-04-2026 17:31

Subject

CN=Microsoft ID Verified CS AOC CA 02,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

01-04-2021 20:05

Not After

01-04-2036 20:15

Subject

CN=Microsoft ID Verified Code Signing PCA 2021,O=Microsoft Corporation,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

Issuer

CN=Microsoft Identity Verification Root Certificate Authority 2020,O=Microsoft Corporation,C=US

Not Before

19-11-2020 20:32

Not After

19-11-2035 20:42

Subject

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:00:2d:be:3c:b7:0a:b1:90:80:be:00:00:00:00:00:2d
Certificate

Issuer

CN=Microsoft Public RSA Timestamping CA 2020,O=Microsoft Corporation,C=US

Not Before

15-06-2023 19:38

Not After

14-06-2024 19:38

Subject

CN=Microsoft Public RSA Time Stamping Authority,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:91A2-966C-63FB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

Issuer

CN=AAA Certificate Services,O=Comodo CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25-05-2021 00:00

Not After

31-12-2028 23:59

Subject

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

Issuer

CN=Sectigo Public Code Signing Root R46,O=Sectigo Limited,C=GB

Not Before

22-03-2021 00:00

Not After

21-03-2036 23:59

Subject

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

1f:73:4d:11:1b:4b:5c:87:9b:bd:5a:8c:49:ab:2a:90
Certificate

Issuer

CN=Sectigo Public Code Signing CA EV R36,O=Sectigo Limited,C=GB

Not Before

07-12-2021 00:00

Not After

06-12-2024 23:59

Subject

SERIALNUMBER=0400751588,CN=Comodo Security Solutions\, Inc,O=Comodo Security Solutions\, Inc,ST=New Jersey,C=US,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.2=#130a4e6577204a6572736579,1.3.6.1.4.1.311.60.2.1.3=#13025553

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

Issuer

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

03-05-2023 00:00

Not After

02-08-2034 23:59

Subject

CN=Sectigo RSA Time Stamping Signer #4,O=Sectigo Limited,ST=Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

Issuer

CN=USERTrust RSA Certification Authority,O=The USERTRUST Network,L=Jersey City,ST=New Jersey,C=US

Not Before

02-05-2019 00:00

Not After

18-01-2038 23:59

Subject

CN=Sectigo RSA Time Stamping CA,O=Sectigo Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:f6:b0:c6:8c:85:67:66:c9:e1:4d:81:34:ad:aa:93:91:95:c2:67:80:38:2d:2f:6e:41:29:1a:a9:97:6a:71
Signer

Actual PE Digest

ed:f6:b0:c6:8c:85:67:66:c9:e1:4d:81:34:ad:aa:93:91:95:c2:67:80:38:2d:2f:6e:41:29:1a:a9:97:6a:71

Digest Algorithm

sha256

PE Digest Matches

true

ed:f6:b0:c6:8c:85:67:66:c9:e1:4d:81:34:ad:aa:93:91:95:c2:67:80:38:2d:2f:6e:41:29:1a:a9:97:6a:71
Signer

Actual PE Digest

ed:f6:b0:c6:8c:85:67:66:c9:e1:4d:81:34:ad:aa:93:91:95:c2:67:80:38:2d:2f:6e:41:29:1a:a9:97:6a:71

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\jenkins\workspace\CES_UM_git\release\x64\Symbols\msica.pdb

Imports

kernel32

SetFileAttributesW
GetFileAttributesW
DeleteFileW
FindResourceExW
FindResourceW
MoveFileExW
RemoveDirectoryW
GetNativeSystemInfo
CopyFileW
InitializeCriticalSectionEx
DecodePointer
DeleteCriticalSection
LocalFree
LoadResource
LockResource
SizeofResource
GetProcessHeap
HeapAlloc
HeapFree
HeapReAlloc
HeapSize
HeapDestroy
SetLastError
GetModuleHandleW
FreeLibrary
GetLastError
GetModuleHandleExW
SetUnhandledExceptionFilter
GetSystemTimeAsFileTime
VerifyVersionInfoW
GetCurrentProcessId
VerSetConditionMask
GetProcAddress
LoadLibraryW
RaiseException
CloseHandle
GetCurrentThreadId
CreateFileW
GetModuleFileNameW
GetCurrentProcess
WriteConsoleW
SetStdHandle
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
GetCommandLineA
GetOEMCP
GetACP
IsValidCodePage
ReadConsoleW
GetConsoleMode
GetConsoleOutputCP
FlushFileBuffers
EnumSystemLocalesW
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
ExitProcess
GetTimeZoneInformation
InitializeCriticalSectionAndSpinCount
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
GetWindowsDirectoryW
GetSystemDirectoryW
OpenProcess
TlsAlloc
TlsSetValue
TlsGetValue
GetTempPathW
GetTempFileNameW
WaitForSingleObject
MultiByteToWideChar
FileTimeToSystemTime
WideCharToMultiByte
SystemTimeToTzSpecificLocalTime
ReadFile
GetCurrentThread
GetExitCodeProcess
CreateProcessW
TerminateProcess
GetFileSize
FindClose
FindFirstFileW
FindNextFileW
GetSystemWindowsDirectoryW
GetSystemInfo
SetFilePointer
GetTickCount
QueryDosDeviceW
WriteFile
CreateMutexW
ReleaseMutex
GetLocalTime
QueryPerformanceFrequency
FormatMessageW
GetFileSizeEx
SetEvent
CreateDirectoryW
GetFileType
GetUserDefaultLCID
SetEndOfFile
GetModuleHandleA
GetStdHandle
RtlCaptureContext
RtlLookupFunctionEntry
UnhandledExceptionFilter
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
InitializeSListHead
FormatMessageA
GetStringTypeW
FindFirstFileExW
GetFileAttributesExW
GetFinalPathNameByHandleW
SetFileInformationByHandle
SetFilePointerEx
AreFileApisANSI
GetFileInformationByHandleEx
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
InitializeSRWLock
EnterCriticalSection
LeaveCriticalSection
TryEnterCriticalSection
EncodePointer
LCMapStringEx
GetCPInfo
InterlockedFlushSList
GetThreadTimes
LoadLibraryExW
TlsFree
RtlUnwind

user32

GetSystemMetrics
GetWindowThreadProcessId
FindWindowW
GetShellWindow

advapi32

RegNotifyChangeKeyValue
ImpersonateLoggedOnUser
RevertToSelf
RegDeleteValueW
DuplicateTokenEx
CreateProcessWithTokenW
LookupAccountSidW
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegDeleteKeyW
RegFlushKey
GetAclInformation
GetSecurityDescriptorSacl
GetSecurityDescriptorDacl
GetSecurityDescriptorGroup
GetSecurityDescriptorOwner
GetSecurityDescriptorControl
MakeAbsoluteSD
MakeSelfRelativeSD
OpenProcessToken
LookupPrivilegeValueW
AdjustTokenPrivileges
RegCreateKeyExW
RegOpenKeyExW
RegSetValueExW
RegQueryValueExW
RegCloseKey
ConvertStringSidToSidW
CopySid
GetLengthSid
IsValidSid
SetNamedSecurityInfoW
GetSidSubAuthority
InitializeSid
GetSidLengthRequired
AddAce
InitializeAcl
RegQueryInfoKeyW
RegEnumKeyExW
ReportEventW
RegisterEventSourceW
DeregisterEventSource
GetSecurityDescriptorLength

shell32

SHCreateDirectoryExW
SHGetFolderPathW
ord680

ole32

CoInitializeSecurity
CoUninitialize
CoCreateInstance
StringFromGUID2
CoInitialize

oleaut32

SysFreeString
SysAllocString
VariantInit
VariantClear

ntdll

RtlVirtualUnwind

msi

ord205
ord74
ord103
ord125
ord8
ord17
ord145

shlwapi

PathFileExistsW
PathAddBackslashW
SHDeleteValueW
SHDeleteKeyW

crypt32

CryptUnprotectData
CryptProtectData

netapi32

NetWkstaGetInfo
NetApiBufferFree

mpr

WNetGetUniversalNameW

wtsapi32

WTSEnumerateSessionsW
WTSQueryUserToken
WTSFreeMemory

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

Exports

Exports

ApplyExternalXmlConfig
ApplyProxyConfig
CheckBfeService
CheckInstallPath
CleanUp
CleanUpUser
ClearDestDirectory
CopyDatabase
CreateBrowsersVkShortcuts
CreateCisTrayShortcut
CreateSharedSpace
DoInstallFwAv
DoStartDrivers
DoUninstallFwAv
DoUninstallProc
EnableWindowsScheduler
FinalizeInstallCheck
FixBfeService
InstallElamDriver
PrepareInstallation
ProxyVersionIsEqual
RegisterEventLogger
RemoveCSGToolset
RemoveRegSymlinks
RollbackInstalledFinalizeActions
RunUninstallUrl
ScheduleCisTrayAutostart
SearchForRelatedProducts
SearchForRelatedProductsDeffered
SelfProtectionDisable
SendUsageStatistics
SetProductName
StartCisApp
TelemetryInstallEnd
TelemetryInstallStart
TelemetryUninstall
TestWindowsVersion
TestWindowsVersionDeffered
UserPasswordRequest
WriteRebootFlag

Sections

.text
Size: 397KB - Virtual size: 397KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 169KB - Virtual size: 169KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

_RDATA
Size: 512B - Virtual size: 252B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SourceHash{0950F07D-F1C4-47A5-AC88-C5FAA5DC564D}
.msi
SourceHash{0B482A33-FF58-4C08-A612-499534E98073}
.msi
SourceHash{1EC1BE12-7F79-4002-99F8-CF951EE9D8EE}
.msi
SourceHash{3407B900-37F5-4CC2-B612-5CD5D580A163}
.msi
SourceHash{373FFE70-5FF7-492D-A2F4-0C6A15D8D503}
.msi
SourceHash{46E11E7F-01E1-44D0-BB86-C67342D253DD}
.msi
SourceHash{59ED1DC1-E3E4-4BC0-B43F-143CCC38FF17}
.msi
SourceHash{71F8FE9D-E13B-42F1-B9CF-DC6E91B88596}
.msi
SourceHash{7431991E-0534-4E1E-89C8-2AF6968C017C}
.msi
SourceHash{877F46EF-614F-4B05-A09D-E15E5B424710}
.msi
SourceHash{90160000-007E-0000-1000-0000000FF1CE}
.msi
SourceHash{90160000-008C-0000-1000-0000000FF1CE}
.msi
SourceHash{9992D04E-553E-4BC2-B0EC-4A394DD19986}
.msi
SourceHash{A250E750-DB3F-40C1-8460-8EF77C7582DA}
.msi
SourceHash{A7163FDD-C032-4D5B-9027-3C1C2D5CFAF9}
.msi
SourceHash{C6FD611E-7EFE-488C-A0E0-974C09EF6473}
.msi
SourceHash{EFE53353-800E-4987-B965-1C968D0F23A4}
.msi
SourceHash{F4499EE3-A166-496C-81BB-51D1BCDC70A9}
.msi
SourceHash{F8474A47-8B5D-4466-ACE3-78EAB3BF21A8}
.msi
ae2659.msi
.msi
c5f5f3a.msi
.msi
c5f5f50.msi
.msi
{0B482A33-FF58-4C08-A612-499534E98073}/MailIcon.exe
{0B482A33-FF58-4C08-A612-499534E98073}/SystemFoldermsiexec.exe
{1EC1BE12-7F79-4002-99F8-CF951EE9D8EE}/cis.ico
{373FFE70-5FF7-492D-A2F4-0C6A15D8D503}/icon.ico
{373FFE70-5FF7-492D-A2F4-0C6A15D8D503}/itsm_offline.mst
{71F8FE9D-E13B-42F1-B9CF-DC6E91B88596}/icon.exe
{7431991E-0534-4E1E-89C8-2AF6968C017C}/IconVirtualBox
{877F46EF-614F-4B05-A09D-E15E5B424710}/wsl.ico
{A7163FDD-C032-4D5B-9027-3C1C2D5CFAF9}/icon.exe
{BE73BB15-3601-4732-AD45-45314C6F1F37}/SystemFoldermsiexec.exe

Sharing

General

Malware Config

Signatures

Files

c2c80b5cacade833d9414897cc815e8b

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99Certificate

Key Usages

33:00:01:26:e1:ba:66:6f:8e:35:e7:29:89:00:00:00:01:26:e1Certificate

Extended Key Usages

Key Usages

33:00:01:26:e1:ba:66:6f:8e:35:e7:29:89:00:00:00:01:26:e1Certificate

Extended Key Usages

Key Usages

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04Certificate

Key Usages

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07Certificate

Key Usages

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05Certificate

Extended Key Usages

Key Usages

33:00:00:00:3b:8a:69:59:be:14:05:64:71:00:00:00:00:00:3bCertificate

Extended Key Usages

Key Usages

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16Certificate

Extended Key Usages

Key Usages

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6eCertificate

Extended Key Usages

Key Usages

1f:73:4d:11:1b:4b:5c:87:9b:bd:5a:8c:49:ab:2a:90Certificate

Extended Key Usages

Key Usages

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4Certificate

Extended Key Usages

Key Usages

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9Certificate

Extended Key Usages

Key Usages

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0dSigner

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0dSigner

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

kernel32

user32

advapi32

shell32

ole32

oleaut32

ntdll

msi

shlwapi

crypt32

netapi32

mpr

wtsapi32

version

Exports

Exports

Sections

.text Size: 397KB - Virtual size: 397KB

.rdata Size: 169KB - Virtual size: 169KB

.data Size: 8KB - Virtual size: 18KB

.pdata Size: 20KB - Virtual size: 20KB

_RDATA Size: 512B - Virtual size: 252B

.rsrc Size: 2KB - Virtual size: 1KB

.reloc Size: 4KB - Virtual size: 4KB

c2c80b5cacade833d9414897cc815e8b

Code Sign

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99Certificate

Key Usages

33:00:01:26:e1:ba:66:6f:8e:35:e7:29:89:00:00:00:01:26:e1Certificate

Extended Key Usages

Key Usages

33:00:01:26:e1:ba:66:6f:8e:35:e7:29:89:00:00:00:01:26:e1Certificate

Extended Key Usages

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

33:00:01:26:e1:ba:66:6f:8e:35:e7:29:89:00:00:00:01:26:e1
Certificate

33:00:01:26:e1:ba:66:6f:8e:35:e7:29:89:00:00:00:01:26:e1
Certificate

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

33:00:00:00:3b:8a:69:59:be:14:05:64:71:00:00:00:00:00:3b
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

1f:73:4d:11:1b:4b:5c:87:9b:bd:5a:8c:49:ab:2a:90
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0d
Signer

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0d
Signer

.text
Size: 397KB - Virtual size: 397KB

.rdata
Size: 169KB - Virtual size: 169KB

.data
Size: 8KB - Virtual size: 18KB

.pdata
Size: 20KB - Virtual size: 20KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

33:00:01:26:e1:ba:66:6f:8e:35:e7:29:89:00:00:00:01:26:e1
Certificate

33:00:01:26:e1:ba:66:6f:8e:35:e7:29:89:00:00:00:01:26:e1
Certificate

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate

33:00:00:00:05:e5:cf:0f:ff:66:2e:c9:87:00:00:00:00:00:05
Certificate

33:00:00:00:3b:8a:69:59:be:14:05:64:71:00:00:00:00:00:3b
Certificate

48:fc:93:b4:60:55:94:8d:36:a7:c9:8a:89:d6:94:16
Certificate

33:d7:08:a8:91:40:53:19:e2:a5:bb:d3:39:b9:ad:6e
Certificate

1f:73:4d:11:1b:4b:5c:87:9b:bd:5a:8c:49:ab:2a:90
Certificate

39:4c:25:e1:7c:a0:6d:27:a8:65:e2:3b:d9:1d:22:d4
Certificate

30:0f:6f:ac:dd:66:98:74:7c:a9:46:36:a7:78:2d:b9
Certificate

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0d
Signer

a1:3d:18:eb:7f:57:2b:d5:a7:3c:dd:f1:4b:27:8a:8b:fc:c7:1e:5a:69:af:33:19:45:7e:b0:1e:a5:79:f0:0d
Signer

.text
Size: 397KB - Virtual size: 397KB

.rdata
Size: 169KB - Virtual size: 169KB

.data
Size: 8KB - Virtual size: 18KB

.pdata
Size: 20KB - Virtual size: 20KB

_RDATA
Size: 512B - Virtual size: 252B

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 4KB - Virtual size: 4KB

54:98:d2:d1:d4:5b:19:95:48:13:79:c8:11:c0:87:99
Certificate

33:00:01:26:e1:ba:66:6f:8e:35:e7:29:89:00:00:00:01:26:e1
Certificate

33:00:01:26:e1:ba:66:6f:8e:35:e7:29:89:00:00:00:01:26:e1
Certificate

33:00:00:00:04:96:50:4b:d2:db:ee:cb:88:00:00:00:00:00:04
Certificate

33:00:00:00:07:87:a3:34:a3:7b:a5:8e:1c:00:00:00:00:00:07
Certificate