29ebff265764cb26a5f64013cc84d95c_JaffaCakes118

Sharing

Copy URL

Twitter E-mail

General

Target

29ebff265764cb26a5f64013cc84d95c_JaffaCakes118
Size

4.8MB
MD5

29ebff265764cb26a5f64013cc84d95c
SHA1

311b454595affa1bfa4ea29daea50d8d2c578b05
SHA256

d6ad6c76cfc477babaa6ee582ed7b6cb54ef50e652313272b02194da9bcbddf8
SHA512

7bcd8ede909cd3aefe8ffb55f953d8e8e51e210f831916ee058b54e113372686c929ddaba3773b8e42c65b631a3120f18a8479c379a608694a55114740754307
SSDEEP

98304:FKGBAcGhgkGNWZYtMTrmW+jWjG9qlo+cwSwtL1JSsjJOYG47H8AMiRDZoCMxq:FKUFkLZYtMeW+j25mARJIYQmFo10

Score

7^/10

upx

Malware Config

Signatures

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/Box/4399Core.dll	upx

Unsigned PE 19 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/KillProcDLL.dll
unpack001/$PLUGINSDIR/NSISdl.dll
unpack001/$PLUGINSDIR/System.dll
unpack002/out.upx
unpack001/Box/4399LiveUpdate.exe
unpack001/Box/4399LiveUpdateEx.exe
unpack001/Box/4399LiveUpdateUI.dll
unpack001/Box/7za.exe
unpack001/Box/DSGame.exe
unpack001/Box/SafeMode/4399Safe.exe
unpack003/$PLUGINSDIR/InstallOptions.dll
unpack003/$PLUGINSDIR/LangDLL.dll
unpack003/$PLUGINSDIR/System.dll
unpack004/$PLUGINSDIR/InstallOptions.dll
unpack004/$PLUGINSDIR/LangDLL.dll
unpack004/$PLUGINSDIR/System.dll
unpack001/Box/SafeMode/Reg32.dat
unpack001/Box/zlib.dll

NSIS installer 6 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/Box/SafeMode/Install/4399sandbox.exe	nsis_installer_1
static1/unpack001/Box/SafeMode/Install/4399sandbox.exe	nsis_installer_2
static1/unpack001/Box/SafeMode/Install/4399sandbox_win7.exe	nsis_installer_1
static1/unpack001/Box/SafeMode/Install/4399sandbox_win7.exe	nsis_installer_2

Files

29ebff265764cb26a5f64013cc84d95c_JaffaCakes118
.exe windows:4 windows x86 arch:x86

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

80:49:82:3c:c8:c9:5b:30:f4:ee:d1:82:66:93:9b:8d
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/05/2010, 00:00

Not After

19/05/2011, 23:59

Subject

CN=厦门游家网络有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=厦门游家网络有限公司,L=厦门市,ST=福建省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

3e:0b:f4:99:dc:c9:f1:36:75:b7:90:6d:6d:22:e8:2c:36:8e:98:41
Signer

Actual PE Digest

3e:0b:f4:99:dc:c9:f1:36:75:b7:90:6d:6d:22:e8:2c:36:8e:98:41

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 21KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Dir.ini
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

295fc8c35dee88b924b0f6bafc807c6c

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
GetTickCount
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

LoadCursorA
PtInRect
MapWindowPoints
GetDlgCtrlID
CloseClipboard
SetCursor
OpenClipboard
GetClientRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
DrawTextA
GetWindowLongA
DrawFocusRect
MessageBoxA
CallWindowProcA
PostMessageA
SetTimer
KillTimer
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClipboardData

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/KillProcDLL.dll
.dll windows:4 windows x86 arch:x86

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetVersionExA
TerminateProcess
OpenProcess
LoadLibraryA
CloseHandle
GetProcAddress
FreeLibrary
GlobalFree
lstrcpyA
DisableThreadLibraryCalls

msvcrt

strcmp
_strupr
toupper
strlen
free
_initterm
malloc
_adjust_fdiv
strcpy
_itoa

Exports

Exports

KillProc

Sections

.text
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 172B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/NSISdl.dll
.dll windows:4 windows x86 arch:x86

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
lstrcpynA
lstrlenA
lstrcatA
GlobalAlloc
GlobalFree
CloseHandle
GetTickCount
DeleteFileA
Sleep
WriteFile
CreateFileA
lstrcmpiA
lstrcpyA
MulDiv
CreateThread

user32

CharPrevA
SetWindowLongA
RegisterWindowMessageA
CallWindowProcA
DestroyWindow
EnableWindow
GetWindowLongA
CreateWindowExA
GetWindowRect
GetClientRect
ShowWindow
IsWindowVisible
GetFocus
GetDlgItem
FindWindowExA
SetWindowTextA
SendMessageA
wsprintfA
SetDlgItemTextA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

ws2_32

gethostbyname
inet_addr
ioctlsocket
htons
socket
closesocket
shutdown
connect
__WSAFDIsSet
select
recv
WSAGetLastError
send
WSACleanup
WSAStartup

Exports

Exports

download
download_quiet

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 838B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 470B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/introduce.bmp
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/meituWel.ini
$PLUGINSDIR/modern-wizard.bmp
$PROGRAMFILES/Icoapp/ɫ.ico
Box/4399Box.exe
.exe windows:4 windows x86 arch:x86

29dd5f191ef251889f313d1efc9fc386

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

80:49:82:3c:c8:c9:5b:30:f4:ee:d1:82:66:93:9b:8d
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/05/2010, 00:00

Not After

19/05/2011, 23:59

Subject

CN=厦门游家网络有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=厦门游家网络有限公司,L=厦门市,ST=福建省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

c4:f9:4f:ed:44:61:da:e5:cb:96:86:a0:08:d4:9f:fb:f5:d5:5a:0d
Signer

Actual PE Digest

c4:f9:4f:ed:44:61:da:e5:cb:96:86:a0:08:d4:9f:fb:f5:d5:5a:0d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

wsock32

gethostbyname
gethostname
WSAStartup
WSACleanup

winmm

mixerClose
mixerSetControlDetails
mixerGetControlDetailsW
mixerGetLineInfoW
mixerGetLineControlsW
mixerOpen
PlaySoundW

wininet

HttpOpenRequestA
InternetConnectA
InternetOpenA
HttpAddRequestHeadersA
HttpSendRequestA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestW
HttpQueryInfoA
InternetSetOptionA
HttpSendRequestExW
InternetOpenUrlW
InternetQueryOptionW
InternetSetOptionW
InternetGetCookieW
InternetSetCookieW
InternetOpenW
HttpOpenRequestW
HttpSendRequestW
InternetReadFile
InternetCloseHandle
InternetSetStatusCallbackW
HttpQueryInfoW
InternetGetConnectedState
GetUrlCacheEntryInfoW
InternetConnectW

mfc42u

ord1197
ord6919
ord2857
ord6004
ord3282
ord3292
ord3298
ord2755
ord5857
ord2644
ord1662
ord3909
ord6266
ord860
ord5031
ord4450
ord1833
ord4583
ord4582
ord4893
ord4364
ord4886
ord5070
ord4334
ord4341
ord4714
ord4883
ord4525
ord4539
ord4537
ord4520
ord4523
ord4518
ord4957
ord4954
ord4103
ord6050
ord5236
ord5277
ord3743
ord1718
ord4426
ord1235
ord365
ord784
ord4236
ord2680
ord465
ord466
ord2233
ord610
ord841
ord6285
ord6135
ord968
ord287
ord857
ord856
ord850
ord1565
ord3465
ord455
ord3000
ord2127
ord5256
ord4875
ord2842
ord6139
ord4198
ord6770
ord4199
ord6451
ord4219
ord1971
ord5438
ord665
ord3313
ord5180
ord354
ord6381
ord2776
ord6654
ord1196
ord3993
ord5852
ord941
ord668
ord1972
ord3173
ord3176
ord2773
ord2762
ord356
ord4606
ord4604
ord4269
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord5303
ord5285
ord5710
ord3733
ord815
ord561
ord4041
ord2137
ord2136
ord6221
ord5227
ord5243
ord2124
ord4595
ord1131
ord824
ord2613
ord1215
ord617
ord5208
ord296
ord5431
ord1676
ord1666
ord2620
ord5976
ord2633
ord4117
ord6210
ord6192
ord4293
ord5944
ord3083
ord3866
ord3869
ord3868
ord6194
ord4281
ord4278
ord3132
ord3791
ord5715
ord6088
ord3519
ord4027
ord6091
ord4030
ord2541
ord2425
ord426
ord726
ord826
ord2717
ord6193
ord6375
ord1105
ord1563
ord1194
ord3025
ord2812
ord3806
ord5641
ord353
ord271
ord6330
ord2350
ord2290
ord3792
ord4718
ord4532
ord4768
ord397
ord699
ord1851
ord4241
ord3864
ord2119
ord2383
ord5096
ord5099
ord3345
ord975
ord2875
ord2375
ord4431
ord700
ord802
ord398
ord542
ord4462
ord4148
ord5251
ord3368
ord4422
ord3646
ord5597
ord2225
ord4451
ord1202
ord4282
ord4279
ord6238
ord536
ord6565
ord2757
ord656
ord693
ord6279
ord6278
ord6374
ord5480
ord6865
ord1085
ord5026
ord4767
ord5280
ord5618
ord1229
ord4331
ord2813
ord912
ord5589
ord6867
ord4584
ord6563
ord798
ord1989
ord6403
ord924
ord5188
ord533
ord3494
ord609
ord616
ord2507
ord355
ord5461
ord4183
ord551
ord3332
ord547
ord4078
ord2862
ord3614
ord2836
ord2769
ord2099
ord3785
ord3716
ord3393
ord3728
ord772
ord810
ord795
ord6138
ord500
ord5274
ord3808
ord5856
ord2078
ord2637
ord1808
ord326
ord2403
ord2015
ord4213
ord2570
ord4392
ord3577
ord2567
ord4390
ord3569
ord2291
ord2634
ord3605
ord2574
ord4396
ord3365
ord3635
ord686
ord6896
ord6898
ord2445
ord2088
ord384
ord3991
ord3296
ord2140
ord3905
ord1941
ord2115
ord4238
ord3281
ord6003
ord4524
ord5681
ord3269
ord729
ord809
ord439
ord430
ord556
ord3211
ord736
ord5491
ord1088
ord2114
ord2496
ord1699
ord2423
ord4029
ord2854
ord539
ord2822
ord823
ord6567
ord5456
ord4215
ord2576
ord3649
ord3658
ord6051
ord4073
ord1768
ord4401
ord5237
ord2377
ord6370
ord4347
ord5286
ord3793
ord4831
ord4435
ord2640
ord2047
ord3747
ord6190
ord3879
ord4221
ord783
ord3706
ord1158
ord4015
ord1191
ord956
ord293
ord2505
ord2112
ord5879
ord2916
ord5880
ord2108
ord554
ord3725
ord5058
ord1708
ord1703
ord5080
ord4360
ord3290
ord4263
ord1921
ord3170
ord1657
ord3443
ord6237
ord5886
ord2932
ord4055
ord1712
ord3572
ord3347
ord4212
ord4638
ord4391
ord2568
ord4253
ord692
ord489
ord768
ord4829
ord5283
ord4848
ord4371
ord4352
ord4942
ord4970
ord4736
ord4899
ord5154
ord5156
ord5155
ord541
ord801
ord922
ord6771
ord927
ord940
ord803
ord348
ord543
ord663
ord3579
ord925
ord2294
ord683
ord3626
ord3397
ord2721
ord2722
ord6466
ord2719
ord6445
ord2373
ord4292
ord4128
ord6153
ord2855
ord3701
ord6871
ord562
ord268
ord1258
ord1560
ord6868
ord2756
ord6655
ord4273
ord2746
ord3871
ord4155
ord3574
ord1594
ord2810
ord5679
ord4272
ord6218
ord2914
ord2606
ord1225
ord4197
ord4124
ord5706
ord6874
ord942
ord2910
ord5568
ord6211
ord4788
ord5149
ord5025
ord5048
ord4766
ord6195
ord537
ord5977
ord4421
ord4407
ord4494
ord1230
ord5250
ord4211
ord674
ord401
ord2437
ord4430
ord1658
ord2641
ord5279
ord2374
ord5233
ord4072
ord4147
ord2873
ord2874
ord3398
ord5468
ord976
ord5006
ord3346
ord4298
ord5098
ord5094
ord3054
ord2382
ord2715
ord2093
ord5095
ord4240
ord1850
ord2559

msvcrt

_wfopen
_wmkdir
_wcsdup
free
wcsncpy
wcslen
wcsrchr
wcstol
_wtol
malloc
realloc
_wtoi
wcsstr
wcscpy
fwrite
swprintf
_strrev
_stricmp
strtod
_iob
fprintf
longjmp
_setjmp3
abort
wcstod
swscanf
iswalpha
vswprintf
_wcslwr
fclose
wcscmp
_wcsicmp
__CxxFrameHandler
_wtoi64
strrchr
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__wgetmainargs
_wcmdln
exit
_XcptFilter
_exit
qsort
_CIpow
_controlfp
_strdup
_splitpath
_makepath
memmove
strstr
sprintf
_wstat
wcschr
_itow
wcscat
_vsnwprintf
_wcsnicmp
_snwprintf
_beginthreadex
_except_handler3
wcsncmp
rand
srand
time
_ftol
_waccess
fread
ftell
fseek
strncpy
_mbsnbcpy
_vsnprintf
??0exception@@QAE@XZ
??1exception@@UAE@XZ
??0exception@@QAE@ABV0@@Z
_CxxThrowException
strtoul
_strnicmp
calloc
wcstoul
_purecall
_snprintf
strchr
wcstok
__dllonexit
_onexit
??1type_info@@UAE@XZ
?terminate@@YAXXZ

kernel32

MulDiv
InterlockedIncrement
LockResource
LoadResource
FindResourceW
GetModuleHandleA
GetTimeFormatW
GetDateFormatW
GetLocaleInfoW
SizeofResource
EnumResourceTypesW
EnumResourceNamesW
EnumResourceLanguagesW
lstrcmpA
GetTempFileNameW
GetTempPathW
SetThreadPriority
GetExitCodeThread
CompareStringW
LoadLibraryExW
VirtualProtect
VirtualQuery
LoadLibraryExA
GetModuleFileNameA
GetModuleHandleW
GetStartupInfoW
RaiseException
InterlockedExchange
GetCurrentThread
GetThreadContext
GetEnvironmentVariableA
LoadLibraryA
DeviceIoControl
GetCurrentDirectoryW
HeapAlloc
SetLastError
IsDBCSLeadByteEx
SetFilePointer
GetProcessHeap
HeapFree
FormatMessageA
FormatMessageW
GetPrivateProfileSectionW
lstrcpynW
lstrcmpiW
GetPrivateProfileSectionNamesW
GetFileSize
LocalAlloc
LocalFree
GetVersion
lstrcmpiA
InterlockedDecrement
ExpandEnvironmentStringsW
GetLocalTime
GlobalMemoryStatus
WritePrivateProfileSectionW
WritePrivateProfileStringW
GetWindowsDirectoryW
OpenEventW
QueryPerformanceCounter
QueryPerformanceFrequency
OutputDebugStringW
MoveFileW
SetFileAttributesW
GetCommandLineW
CreateSemaphoreW
CreateMutexW
ReleaseMutex
CreateEventW
WaitForMultipleObjects
GlobalMemoryStatusEx
LocalSize
RemoveDirectoryW
GlobalFree
GlobalSize
GlobalAlloc
GlobalLock
GlobalUnlock
OutputDebugStringA
lstrcmpW
FindNextFileW
LeaveCriticalSection
EnterCriticalSection
GetDiskFreeSpaceExW
lstrlenA
CreateFileA
WriteFile
GetFileAttributesW
CreateDirectoryW
GetExitCodeProcess
GetLastError
ResetEvent
TerminateThread
CopyFileW
CreateThread
ResumeThread
DeleteCriticalSection
InitializeCriticalSection
SetEvent
WaitForSingleObject
UnmapViewOfFile
OpenFileMappingW
CreateFileMappingW
MapViewOfFile
OpenProcess
TerminateProcess
CreateProcessW
GetPrivateProfileStringW
MultiByteToWideChar
FileTimeToSystemTime
GetVersionExW
GetSystemInfo
GetTickCount
GetCurrentThreadId
LoadLibraryW
GetProcAddress
GetCurrentProcessId
FreeLibrary
FindFirstFileW
FileTimeToLocalFileTime
FindClose
CreateFileW
FileTimeToDosDateTime
ReadFile
CloseHandle
lstrlenW
WideCharToMultiByte
DeleteFileW
SetUnhandledExceptionFilter
GetModuleFileNameW
GetCurrentProcess
SetProcessWorkingSetSize
Sleep

user32

DrawFocusRect
SetWindowRgn
GetWindowRect
GetWindowLongW
SetWindowLongW
LoadImageW
DrawFrameControl
OffsetRect
InflateRect
SetRect
GetMenuStringW
GetCursorPos
GetWindow
IsWindowVisible
SendMessageW
IsWindow
GetSystemMetrics
LoadCursorW
RegisterClassW
DefWindowProcW
GetParent
DrawIconEx
LoadIconW
ScreenToClient
GetClientRect
IntersectRect
EnableWindow
PtInRect
PostMessageW
ClientToScreen
GetSubMenu
IsZoomed
DestroyIcon
LoadMenuW
ModifyMenuW
GetMenuState
GetMenuItemCount
UpdateWindow
SetMenu
SetForegroundWindow
GetLastActivePopup
GetFocus
GetKeyState
UnhookWindowsHookEx
EnumChildWindows
FindWindowExW
WindowFromPoint
ReleaseCapture
MessageBoxW
SetPropW
OpenClipboard
EnumWindows
UnregisterHotKey
CheckMenuItem
GetClassInfoW
GetWindowTextW
GetClassNameW
RegisterHotKey
keybd_event
MapVirtualKeyW
MoveWindow
GetMonitorInfoW
MonitorFromRect
GetKeyNameTextW
MapVirtualKeyExW
GetKeyboardLayout
GetSystemMenu
SetFocus
IsChild
LoadBitmapW
GetSysColor
SetCapture
GetDesktopWindow
SetRectEmpty
SetClassLongW
GetClassLongW
CopyRect
wsprintfW
FindWindowW
SetTimer
GetMenuItemID
InvalidateRect
KillTimer
DispatchMessageW
MsgWaitForMultipleObjects
TranslateMessage
PeekMessageW
RedrawWindow
AppendMenuW
CreatePopupMenu
CharUpperW
CharLowerW
GetNextDlgGroupItem
GetScrollInfo
GetClipboardFormatNameW
DefMDIChildProcW
DefMDIChildProcA
DefFrameProcW
DefFrameProcA
DefWindowProcA
CallWindowProcA
LoadStringW
IsWindowUnicode
GetWindowLongA
SetWindowLongA
EndPaint
BeginPaint
AdjustWindowRectEx
IsWindowEnabled
DeleteMenu
EnableMenuItem
SendMessageTimeoutW
IsIconic
SystemParametersInfoW
SetCursor
CloseClipboard
SetClipboardData
RegisterWindowMessageW
EmptyClipboard
DrawEdge
GetDlgItem
GetDoubleClickTime
UnionRect
GetWindowThreadProcessId
GetClipboardData
DeferWindowPos
GetCursor
SetWindowPos
GetActiveWindow
BringWindowToTop
DestroyMenu
GetMenuDefaultItem
IsMenu
DrawStateW
GetMenu
GetMenuItemInfoW
IsRectEmpty
MessageBeep
GetNextDlgTabItem
ShowCaret
HideCaret
GetDlgCtrlID
GetWindowRgn
SetParent
GetForegroundWindow
ReleaseDC
GetDC
EqualRect
GetMessageW
GetCapture
InvertRect
GetDCEx
LockWindowUpdate
SetWindowsHookExW
CallNextHookEx
TabbedTextOutW
DrawTextW
GrayStringW
RegisterClipboardFormatW
CreateIconFromResourceEx
CopyIcon
GetIconInfo
CreateIconIndirect
MapWindowPoints
ShowWindow
EndDeferWindowPos
BeginDeferWindowPos
IsClipboardFormatAvailable
IsDialogMessageW
TrackPopupMenu
CallWindowProcW
GetMessagePos
InsertMenuW
FillRect
SetCursorPos
LookupIconIdFromDirectoryEx
LoadMenuIndirectW
DestroyAcceleratorTable
LoadAcceleratorsW
TranslateAcceleratorW
CopyAcceleratorTableW
IsCharLowerW
ToUnicodeEx
GetKeyboardState
GetKeyboardLayoutList
CreateAcceleratorTableW
SetActiveWindow

gdi32

GetTextColor
GetTextMetricsW
SelectObject
PatBlt
CreateFontIndirectW
CreateDIBitmap
SelectPalette
GetMapMode
GetTextCharsetInfo
OffsetRgn
ExtFloodFill
Ellipse
SetBrushOrgEx
SetBkMode
SetPixel
CreateRoundRectRgn
CreateRectRgn
BitBlt
PtInRegion
GetPixel
CreatePen
PtVisible
RectVisible
CreateSolidBrush
TextOutW
ExtTextOutW
Escape
EnumFontFamiliesExW
Polygon
DeleteDC
StretchBlt
CreateBitmap
SetTextColor
SetBkColor
SetStretchBltMode
SetDIBits
CombineRgn
GetRgnBox
GetDIBits
CreateDIBSection
GetObjectW
DeleteObject
GetTextExtentPoint32W
CreatePatternBrush
CreatePolygonRgn
CreateRectRgnIndirect
RoundRect
ExtCreateRegion
CreateFontW
GetObjectType
GetBitmapBits
Rectangle
GetViewportOrgEx
StretchDIBits
GetClipBox
CreatePalette
GetStockObject
CreateCompatibleBitmap
CreateCompatibleDC
GetCurrentObject
GetDeviceCaps

advapi32

DeleteService
ControlService
QueryServiceStatus
RegEnumValueW
CloseServiceHandle
OpenServiceW
OpenSCManagerW
RegSetValueExA
RegDeleteValueW
RegOpenKeyExW
RegEnumKeyW
RegCreateKeyExW
QueryServiceConfigW
RegCreateKeyW
RegSetValueExW
RegOpenKeyW
RegQueryValueExW
RegCloseKey
RegDeleteKeyW

shell32

SHBrowseForFolderW
Shell_NotifyIconW
DragQueryFileW
DragFinish
SHGetSpecialFolderLocation
SHChangeNotify
ShellExecuteExW
ShellExecuteW
SHGetPathFromIDListW
SHGetMalloc
SHGetDesktopFolder
SHGetFileInfoW
SHGetSpecialFolderPathW
SHGetFolderPathW

comctl32

ImageList_GetImageCount
ImageList_GetBkColor
FlatSB_GetScrollProp
ImageList_Remove
ImageList_Draw
PropertySheetW
ImageList_GetImageInfo
ImageList_Add
ImageList_ReplaceIcon
ImageList_DrawEx
ImageList_GetIconSize
_TrackMouseEvent
ImageList_AddMasked
ImageList_BeginDrag
ImageList_EndDrag
ImageList_DragLeave
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragEnter
ImageList_DrawIndirect
ImageList_Destroy
ImageList_GetIcon

ole32

CoCreateInstance
CoInitialize
CoGetObject
StringFromGUID2
CoTaskMemFree
CoCreateGuid
OleRun
OleUninitialize
OleInitialize
DoDragDrop
CoUninitialize

oleaut32

SysFreeString
SysAllocString
VariantClear
VariantInit
VariantCopy
SysAllocStringLen
SysStringLen
GetErrorInfo
SetErrorInfo
CreateErrorInfo
VariantChangeType
OleLoadPicturePath
VariantChangeTypeEx

urlmon

UrlMkSetSessionOption
URLDownloadToFileW
FindMimeFromData
ObtainUserAgentString

msvcp60

??1_Lockit@std@@QAE@XZ
??0Init@ios_base@std@@QAE@XZ
??1Init@ios_base@std@@QAE@XZ
??0_Winit@std@@QAE@XZ
??1_Winit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

zlib

ord82
ord81
ord80
ord65
ord63
ord61
ord68
ord84
ord72
ord66
ord62
ord67
ord64
ord83

4399liveupdateui

ord103
ord101
ord104
ord102

dbghelp

SymSetOptions
SymGetOptions
UnDecorateSymbolName
SymInitialize
SymFunctionTableAccess
SymGetModuleBase
StackWalk
SymCleanup
ImageDirectoryEntryToData
SymGetSymFromAddr

shlwapi

StrFormatByteSizeW

setupapi

SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW

version

GetFileVersionInfoW
GetFileVersionInfoSizeW
VerQueryValueW

4399down

UninitDownTaskCtrl

psapi

GetProcessImageFileNameW

iphlpapi

GetAdaptersInfo
GetIfTable

Exports

Exports

?interfaceMap@CCustomControlSite@@1UAFX_INTERFACEMAP@@B

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 295KB - Virtual size: 295KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 105KB - Virtual size: 122KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/4399Core.dll
.exe windows:4 windows x86 arch:x86

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

80:49:82:3c:c8:c9:5b:30:f4:ee:d1:82:66:93:9b:8d
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/05/2010, 00:00

Not After

19/05/2011, 23:59

Subject

CN=厦门游家网络有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=厦门游家网络有限公司,L=厦门市,ST=福建省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

4c:4c:ad:25:85:dc:86:5f:22:35:70:05:bb:ad:c6:9f:f8:bd:0e:50
Signer

Actual PE Digest

4c:4c:ad:25:85:dc:86:5f:22:35:70:05:bb:ad:c6:9f:f8:bd:0e:50

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

UPX0
Size: - Virtual size: 3.0MB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 51KB - Virtual size: 52KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.exe windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Sections

.text
Size: 2.5MB - Virtual size: 2.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 496KB - Virtual size: 492KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 191KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/4399Down.dll
.dll windows:4 windows x86 arch:x86

e27caee0b4bbff4650e5a95f15fb14bd

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

80:49:82:3c:c8:c9:5b:30:f4:ee:d1:82:66:93:9b:8d
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/05/2010, 00:00

Not After

19/05/2011, 23:59

Subject

CN=厦门游家网络有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=厦门游家网络有限公司,L=厦门市,ST=福建省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

ef:ef:c9:68:56:c0:97:93:f3:d0:68:5b:97:49:0c:59:f7:51:a4:53
Signer

Actual PE Digest

ef:ef:c9:68:56:c0:97:93:f3:d0:68:5b:97:49:0c:59:f7:51:a4:53

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetErrorMode
GlobalFlags
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
GetCurrentDirectoryA
GetProcessVersion
GlobalSize
CopyFileA
LocalUnlock
LocalLock
GetCPInfo
GetOEMCP
GetTempFileNameA
GetDiskFreeSpaceA
SizeofResource
RtlUnwind
ExitProcess
TerminateProcess
CreateDirectoryA
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetCommandLineA
HeapFree
ExitThread
HeapAlloc
RaiseException
GetACP
HeapSize
HeapReAlloc
FatalAppExitA
LCMapStringA
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
GetStringTypeA
GetStringTypeW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
Sleep
IsBadReadPtr
IsBadCodePtr
SetStdHandle
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
SetConsoleCtrlHandler
CompareStringA
CompareStringW
SetEnvironmentVariableA
GetLocaleInfoW
LocalReAlloc
TlsSetValue
GlobalReAlloc
TlsFree
GlobalHandle
TlsAlloc
LocalAlloc
MulDiv
FindResourceA
LoadResource
LockResource
GetVersion
lstrcatA
GlobalGetAtomNameA
GlobalAddAtomA
GlobalFindAtomA
GetModuleHandleA
FreeLibrary
GetShortPathNameA
GetThreadLocale
GetStringTypeExA
GetFullPathNameA
GetVolumeInformationA
lstrcpyA
LoadLibraryA
GetProcAddress
SetEndOfFile
UnlockFile
LockFile
FlushFileBuffers
SetFilePointer
WriteFile
ReadFile
DuplicateHandle
SetLastError
CreateFileA
SetFileTime
SystemTimeToFileTime
LocalFileTimeToFileTime
lstrcpynA
GetFileTime
GetFileSize
FileTimeToLocalFileTime
FileTimeToSystemTime
lstrlenW
GlobalUnlock
SuspendThread
SetThreadPriority
ResumeThread
GetModuleFileNameA
GlobalLock
GlobalDeleteAtom
lstrcmpA
lstrcmpiA
GetCurrentThreadId
WideCharToMultiByte
InterlockedDecrement
InterlockedIncrement
TerminateThread
SetFileAttributesA
RemoveDirectoryA
GetFileAttributesExA
FormatMessageA
LocalFree
FindFirstFileA
FindNextFileA
FindClose
GetFileAttributesA
lstrlenA
CloseHandle
WaitForMultipleObjects
DeleteFileA
GetDiskFreeSpaceExA
CreateThread
MoveFileA
GetLastError
SetEvent
OutputDebugStringA
CreateEventA
GetTickCount
WaitForSingleObject
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
GetCurrentThread
GetThreadContext
GlobalAlloc
GlobalFree
GetCurrentProcess
GetEnvironmentVariableA
LCMapStringW
MultiByteToWideChar

user32

AppendMenuA
RemoveMenu
wvsprintfA
InvalidateRect
GetTabbedTextExtentA
SetRect
IsClipboardFormatAvailable
MessageBeep
DestroyMenu
SetRectEmpty
LoadAcceleratorsA
TranslateAcceleratorA
ReleaseCapture
LoadMenuA
SetMenu
ReuseDDElParam
UnpackDDElParam
BringWindowToTop
CreateDialogIndirectParamA
EndDialog
GetDialogBaseUnits
GetSysColorBrush
LoadCursorA
GetMenuStringA
DeleteMenu
InsertMenuA
GetDesktopWindow
PtInRect
GetClassNameA
LoadStringA
UnregisterClassA
GrayStringA
DrawTextA
TabbedTextOutA
EndPaint
BeginPaint
GetWindowDC
ReleaseDC
GetDC
ClientToScreen
ShowWindow
MoveWindow
SetWindowTextA
IsDialogMessageA
ScrollWindowEx
IsDlgButtonChecked
SetDlgItemTextA
SetDlgItemInt
GetDlgItemTextA
GetDlgItemInt
CheckRadioButton
CheckDlgButton
LoadIconA
UpdateWindow
SendDlgItemMessageA
MapWindowPoints
GetSysColor
SetActiveWindow
AdjustWindowRectEx
ScreenToClient
EqualRect
DeferWindowPos
GetClientRect
BeginDeferWindowPos
CopyRect
EndDeferWindowPos
ScrollWindow
GetScrollInfo
SetScrollInfo
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
GetTopWindow
IsChild
GetCapture
WinHelpA
GetClassInfoA
RegisterClassA
GetMenu
GetMenuItemCount
GetSubMenu
GetMenuItemID
TrackPopupMenu
SetWindowPlacement
GetDlgItem
GetDlgCtrlID
DestroyWindow
CreateWindowExA
GetClassLongA
SetPropA
GetPropA
CallWindowProcA
RemovePropA
DefWindowProcA
GetMessageTime
GetMessagePos
GetForegroundWindow
SetForegroundWindow
FindWindowA
SendMessageA
IsWindow
PostMessageA
MessageBoxA
KillTimer
PeekMessageA
SetTimer
SetFocus
CharToOemA
OemToCharA
UnhookWindowsHookEx
PostQuitMessage
GetWindow
SetWindowLongA
SetWindowPos
RegisterWindowMessageA
OffsetRect
IntersectRect
SystemParametersInfoA
IsIconic
GetWindowPlacement
GetWindowRect
WaitMessage
GetSystemMetrics
CharUpperA
wsprintfA
GetWindowTextLengthA
GetWindowTextA
GetMenuCheckMarkDimensions
LoadBitmapA
GetMenuState
ModifyMenuA
SetMenuItemBitmaps
CheckMenuItem
ShowOwnedPopups
SetCursor
EnableWindow
GetWindowLongA
IsWindowEnabled
GetLastActivePopup
GetParent
SetWindowsHookExA
GetCursorPos
IsWindowVisible
ValidateRect
CallNextHookEx
GetKeyState
GetActiveWindow
DispatchMessageA
TranslateMessage
EnableMenuItem
GetFocus
GetNextDlgTabItem
GetMessageA

gdi32

CreatePen
ExtCreatePen
CreateSolidBrush
CreateHatchBrush
CreatePatternBrush
CreateDIBPatternBrushPt
PtVisible
RectVisible
TextOutA
ExtTextOutA
Escape
CopyMetaFileA
CreateDCA
GetTextMetricsA
CreateFontIndirectA
GetWindowExtEx
GetCharWidthA
AbortDoc
EndDoc
EndPage
StartPage
SetAbortProc
GetTextExtentPoint32A
GetViewportExtEx
GetDeviceCaps
PlayMetaFile
EnumMetaFile
GetObjectType
PlayMetaFileRecord
ExtSelectClipRgn
SelectClipPath
CreateRectRgn
GetClipRgn
DeleteObject
PolyBezierTo
PolylineTo
PolyDraw
SetArcDirection
ArcTo
GetCurrentPositionEx
SetMapperFlags
SetTextCharacterExtra
SetTextJustification
DPtoLP
CreateBitmap
SetTextAlign
LineTo
MoveToEx
OffsetClipRgn
IntersectClipRect
ExcludeClipRect
SelectClipRgn
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
SetMapMode
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
SelectPalette
GetStockObject
SelectObject
RestoreDC
SaveDC
StartDocA
DeleteDC
GetObjectA
SetBkColor
SetTextColor
GetClipBox
GetDCOrgEx
SetColorAdjustment

comdlg32

FindTextA
PageSetupDlgA
PrintDlgA
CommDlgExtendedError
GetSaveFileNameA
GetOpenFileNameA
GetFileTitleA
ReplaceTextA

winspool.drv

DocumentPropertiesA
OpenPrinterA
ClosePrinter

advapi32

RegDeleteValueA
GetFileSecurityA
SetFileSecurityA
RegSetValueA
RegDeleteKeyA
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCreateKeyExA
RegOpenKeyA
RegCloseKey

shell32

DragQueryFileA
DragFinish
DragAcceptFiles
SHBrowseForFolderA
SHGetFileInfoA
SHGetMalloc
SHGetPathFromIDListA

comctl32

ord17

ole32

ReadClassStg
ReadFmtUserTypeStg
CoTreatAsClass
ReleaseStgMedium
OleRegGetUserType
WriteClassStg
WriteFmtUserTypeStg
SetConvertStg
CoTaskMemFree
CreateBindCtx
CoTaskMemAlloc
OleDuplicateData
StringFromCLSID
CoCreateInstance
CoDisconnectObject

oleaut32

SysStringLen
SafeArrayDestroyDescriptor
SafeArrayDestroyData
SafeArrayDestroy
SafeArrayUnlock
SafeArrayLock
SafeArrayPutElement
SafeArrayUnaccessData
SafeArrayAccessData
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayGetElemsize
SafeArrayGetDim
SafeArrayCreate
VariantClear
SafeArrayRedim
VariantCopy
SysAllocString
SysAllocStringByteLen
VariantChangeType
SysStringByteLen
VarCyFromStr
VarBstrFromCy
VarDateFromStr
VarBstrFromDate
SafeArrayCopy
SafeArrayAllocData
SafeArrayAllocDescriptor
SafeArrayGetElement
SafeArrayPtrOfIndex

wsock32

sendto
recvfrom
socket
inet_ntoa
WSAAsyncSelect
send
connect
gethostbyname
closesocket
htonl
htons
bind
accept
inet_addr
recv
getsockname
getpeername
ntohs
WSAStartup
WSACleanup
WSASetLastError
WSAGetLastError
ioctlsocket

imagehlp

SymGetModuleBase
SymFunctionTableAccess
StackWalk
SymGetSymFromAddr
UnDecorateSymbolName
SymGetOptions
SymSetOptions
SymInitialize
SymCleanup

shlwapi

StrTrimA

Exports

Exports

AddTask
InitDownTaskCtrl
RemoveTask
UninitDownTaskCtrl

Sections

.text
Size: 264KB - Virtual size: 260KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 56KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 24KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 24KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Box/4399Live.dll
.exe windows:4 windows x86 arch:x86

5cbf1bae3a5c6cb679d1861bea7fc5c2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

80:49:82:3c:c8:c9:5b:30:f4:ee:d1:82:66:93:9b:8d
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/05/2010, 00:00

Not After

19/05/2011, 23:59

Subject

CN=厦门游家网络有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=厦门游家网络有限公司,L=厦门市,ST=福建省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

40:4a:36:62:35:f6:82:c4:67:51:5a:be:62:22:ff:a0:66:54:b8:a0
Signer

Actual PE Digest

40:4a:36:62:35:f6:82:c4:67:51:5a:be:62:22:ff:a0:66:54:b8:a0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord5186
ord354
ord860
ord4274
ord6375
ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord5302
ord2725
ord4698
ord5714
ord3738
ord815
ord561
ord1168
ord2614
ord4277
ord2763
ord2092
ord5484
ord2621
ord1134
ord1842
ord4242
ord2723
ord2390
ord3059
ord5100
ord5103
ord4467
ord4303
ord3350
ord5012
ord975
ord5472
ord3403
ord6385
ord2878
ord4151
ord6055
ord4077
ord1776
ord4407
ord5237
ord2385
ord5163
ord6374
ord4353
ord5282
ord2649
ord1665
ord3798
ord4837
ord4436
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord2446
ord2124
ord5277
ord4627
ord4427
ord366
ord674
ord5572
ord1106
ord4457
ord5252
ord4413
ord2379
ord1270
ord1232
ord5442
ord1979
ord665
ord2726
ord2818
ord537
ord6877
ord924
ord922
ord858
ord535
ord2915
ord5683
ord4129
ord825
ord565
ord540
ord817
ord800
ord4424
ord4622
ord4080
ord3079
ord1576
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5715
ord5289
ord5307
ord4699
ord4079
ord5303
ord5300
ord3346
ord2396
ord4226
ord1948
ord2879
ord823

msvcrt

_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
fclose
fseek
ftell
fwrite
fread
fopen
_strnicmp
strncpy
strtoul
__getmainargs
??0exception@@QAE@ABV0@@Z
wcscpy
??1exception@@UAE@XZ
??0exception@@QAE@XZ
wcslen
sprintf
_ftol
realloc
_except_handler3
_mbsrchr
malloc
atoi
_mbsstr
_stat
_mbschr
_mbsnbcpy
_mkdir
_makepath
_splitpath
_setmbcp
_stricmp
_acmdln
exit
_vsnprintf
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
_CxxThrowException
_mbscmp
_strdup
strrchr
free
_mbsicmp
__CxxFrameHandler

kernel32

CloseHandle
WriteFile
CreateFileA
lstrlenA
WaitForSingleObject
GetVersionExA
OpenProcess
GetPrivateProfileStringA
GetModuleFileNameA
GetCommandLineA
CreateSemaphoreA
FreeLibrary
GetProcAddress
GetFileAttributesA
ResumeThread
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
GetFileSize
ReadFile
IsDBCSLeadByteEx
GetStartupInfoA
CreateDirectoryA
GetLastError
CopyFileA
Sleep
LoadLibraryA
DeleteFileA

user32

PostThreadMessageA
GetClassInfoA
DefWindowProcA
LoadCursorA
KillTimer
SetTimer
PostMessageA

advapi32

RegOpenKeyA
RegCreateKeyA
RegSetValueExA
RegCloseKey
RegQueryValueExA

shell32

SHGetSpecialFolderPathA
ShellExecuteExA

ole32

CoCreateGuid

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?_Eos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEXI@Z
?_Grow@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAE_NI_N@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ
?find@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QBEIPBDII@Z

psapi

EnumProcessModules
GetModuleBaseNameA
EnumProcesses

wininet

InternetGetConnectedState
InternetOpenA
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetWriteFile
HttpEndRequestA
HttpQueryInfoA
InternetSetOptionA
InternetReadFile

Sections

.text
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 24KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/4399LiveUpdate.exe
.exe windows:4 windows x86 arch:x86

aff54c520d5737555cf9d801684705c8

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3573
ord491
ord1907
ord768
ord1641
ord489
ord3626
ord2414
ord4258
ord6197
ord4710
ord4976
ord2864
ord2379
ord2754
ord5875
ord4478
ord6055
ord1776
ord5290
ord4837
ord3610
ord656
ord567
ord4275
ord3402
ord3721
ord795
ord1146
ord1168
ord2614
ord926
ord536
ord1771
ord6366
ord2413
ord2024
ord4219
ord2581
ord4401
ord3639
ord699
ord686
ord692
ord397
ord384
ord2860
ord2096
ord6453
ord3803
ord2859
ord3619
ord4123
ord4188
ord2753
ord4124
ord2639
ord4284
ord955
ord640
ord6654
ord283
ord1640
ord323
ord3797
ord613
ord5789
ord289
ord3089
ord5981
ord5710
ord5593
ord3438
ord912
ord3742
ord3571
ord818
ord755
ord5785
ord470
ord4400
ord3630
ord682
ord6242
ord3706
ord4133
ord4297
ord5788
ord472
ord5786
ord2405
ord2567
ord2862
ord4774
ord2582
ord4402
ord3370
ord3640
ord693
ord4243
ord6007
ord3286
ord3998
ord6696
ord3996
ord3301
ord3293
ord6905
ord6888
ord3910
ord6907
ord6883
ord541
ord4396
ord6376
ord609
ord6877
ord5781
ord3874
ord1908
ord1690
ord2528
ord5288
ord4439
ord2054
ord4431
ord771
ord1008
ord496
ord4259
ord4287
ord5850
ord6241
ord6176
ord4160
ord1768
ord6215
ord4715
ord3092
ord2642
ord2882
ord2646
ord6380
ord2302
ord6199
ord2452
ord3698
ord765
ord4224
ord4083
ord2575
ord3093
ord1783
ord3584
ord3643
ord696
ord543
ord394
ord803
ord6662
ord6418
ord2393
ord1263
ord6307
ord909
ord4167
ord521
ord5628
ord2820
ord548
ord538
ord4185
ord1166
ord4278
ord2763
ord4202
ord6223
ord1871
ord2919
ord3258
ord1265
ord2233
ord6442
ord1233
ord5590
ord2448
ord5834
ord2044
ord296
ord617
ord5214
ord5222
ord5221
ord5219
ord2827
ord665
ord1979
ord5442
ord5186
ord354
ord1799
ord654
ord772
ord610
ord801
ord614
ord341
ord500
ord287
ord290
ord2729
ord6467
ord2727
ord2730
ord4226
ord4003
ord5603
ord5606
ord5602
ord5608
ord5858
ord5860
ord5857
ord6140
ord6142
ord6139
ord6143
ord3353
ord446
ord743
ord3127
ord3616
ord5651
ord3126
ord3613
ord350
ord3579
ord2055
ord2648
ord4441
ord4835
ord3798
ord5287
ord4353
ord6374
ord5163
ord2385
ord5241
ord4407
ord1775
ord4078
ord6052
ord2514
ord4998
ord4854
ord4377
ord5265
ord4358
ord4948
ord4742
ord4905
ord5160
ord5162
ord5161
ord5683
ord6383
ord5440
ord2107
ord6394
ord5450
ord2841
ord2915
ord5572
ord6876
ord4204
ord6282
ord6283
ord2764
ord4129
ord922
ord1187
ord537
ord941
ord939
ord3663
ord858
ord2818
ord535
ord2725
ord1134
ord2621
ord924
ord561
ord540
ord823
ord860
ord815
ord800
ord825
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord3574
ord4673
ord1576

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
_onexit
__dllonexit
??1type_info@@UAE@XZ
__CxxFrameHandler
_purecall
memset
_mbscmp
_setmbcp
_mkdir
memcmp
memcpy
_ftol
abs
strchr
strlen
memmove
__RTDynamicCast
atoi
_splitpath
strtoul
atol
free
_errno
strcpy
malloc
fclose
fwrite
fopen
sprintf
strrchr
_strdup
_makepath
_mbsicmp
_mbsstr
time
rand
srand
_beginthreadex
_controlfp

kernel32

CreateEventA
lstrcpyA
lstrcpynA
GetFileAttributesA
GetModuleFileNameA
GetLastError
GetComputerNameA
CloseHandle
CreateMutexA
OpenMutexA
GetWindowsDirectoryA
QueryPerformanceCounter
QueryPerformanceFrequency
DeleteFileA
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateDirectoryA
Sleep
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
lstrcatA
GetShortPathNameA
MoveFileExA
ReleaseMutex
WaitForSingleObject
SetThreadPriority
TerminateThread
WaitForMultipleObjects
GetTempFileNameA
WideCharToMultiByte
lstrlenW
GetModuleHandleA
GetStartupInfoA
CreateFileA
SetEvent
ResetEvent
HeapFree
GetProcessHeap
WriteFile
HeapAlloc
GetVersionExA
GetFileSize
SetEndOfFile
SetFilePointer
GlobalFree
LoadLibraryA
GetProcAddress
FreeLibrary
GetVolumeInformationA
GetDriveTypeA
GetLogicalDrives
SetFileTime
LocalFileTimeToFileTime
DosDateTimeToFileTime
GetFileTime
CopyFileA
lstrcmpiA
lstrlenA
MultiByteToWideChar
CreateProcessA
InitializeCriticalSection
SetFileAttributesA
LocalAlloc
InterlockedExchange
RaiseException
LocalFree
GetTempPathA

user32

AdjustWindowRectEx
LoadIconA
GetKeyState
LoadBitmapA
PostMessageA
ClientToScreen
IsWindow
GetCursorPos
GetWindowLongA
InvalidateRect
DrawStateA
DestroyIcon
SendMessageA
CopyRect
SetRect
OffsetRect
GetDesktopWindow
RedrawWindow
FillRect
GetDC
ReleaseDC
LoadImageA
GetSysColor
SetCursor
ShowCursor
GetMessagePos
ScreenToClient
PtInRect
GetWindowRect
wsprintfA
GetParent
GetClientRect
EnableWindow
LoadCursorA
KillTimer
DrawFocusRect

gdi32

CreatePatternBrush
CreateCompatibleBitmap
CreateRectRgnIndirect
GetTextExtentPoint32A
BitBlt
GetTextMetricsA
CreateCompatibleDC
GetCurrentObject
CreateFontIndirectA
GetObjectA
DeleteObject
GetStockObject
CreateSolidBrush
CreateRoundRectRgn

advapi32

GetUserNameA
RegQueryValueExA
RegOpenKeyExA
RegCloseKey

shell32

ShellExecuteA

comctl32

ImageList_Draw
ImageList_AddMasked
ImageList_GetImageInfo
_TrackMouseEvent
ImageList_GetImageCount
ImageList_GetIcon
ImageList_GetIconSize
ImageList_Remove

ole32

CoCreateGuid
StgOpenStorage
StgCreateDocfile
CoTaskMemFree
CoTaskMemAlloc

wininet

HttpSendRequestA
HttpAddRequestHeadersA
InternetReadFileExA
InternetErrorDlg
HttpOpenRequestA
InternetCloseHandle
InternetOpenA
InternetConnectA
InternetSetOptionA
InternetQueryOptionA
HttpQueryInfoA
InternetSetStatusCallback

netapi32

Netbios

version

GetFileVersionInfoA
GetFileVersionInfoSizeA
VerQueryValueA

wsock32

htonl
ntohl

Sections

.text
Size: 200KB - Virtual size: 199KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 64KB - Virtual size: 61KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 116KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/4399LiveUpdateEx.exe
.exe windows:4 windows x86 arch:x86

c0c620a432650db7297756a034629efd

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord6383
ord860
ord617
ord5214
ord296
ord3584
ord3643
ord696
ord543
ord394
ord803
ord5710
ord4129
ord6662
ord6418
ord2614
ord2393
ord1263
ord6307
ord909
ord4167
ord521
ord5628
ord2820
ord548
ord538
ord4185
ord1166
ord4278
ord5683
ord2763
ord4204
ord939
ord6223
ord6055
ord4078
ord1776
ord4407
ord2385
ord5163
ord6374
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord5440
ord3742
ord567
ord818
ord4275
ord2554
ord1233
ord5241
ord1871
ord1187
ord2919
ord3258
ord1265
ord2233
ord699
ord397
ord5593
ord3438
ord5590
ord912
ord4188
ord6199
ord2827
ord665
ord1979
ord5442
ord5186
ord354
ord536
ord1576
ord2107
ord6394
ord5450
ord2841
ord4202
ord3579
ord350
ord3613
ord3126
ord5651
ord3616
ord3127
ord743
ord446
ord1168
ord3353
ord6143
ord6139
ord6142
ord6140
ord6883
ord5857
ord5860
ord5858
ord5608
ord5602
ord5606
ord5603
ord4003
ord4226
ord2730
ord2727
ord2764
ord6282
ord6283
ord2915
ord5572
ord941
ord3663
ord858
ord924
ord800
ord823
ord535
ord540
ord2818
ord537
ord825
ord561
ord3738
ord4424
ord4622
ord4080
ord3079
ord3825
ord3831
ord3830
ord3401
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord4627
ord2512
ord6467
ord2729
ord290
ord541
ord287
ord500
ord341
ord614
ord801
ord610
ord4486
ord6375
ord6442
ord815
ord772
ord654
ord1799

msvcrt

__set_app_type
_purecall
_mbscmp
__CxxFrameHandler
memcpy
memset
atoi
_setmbcp
memmove
sprintf
rand
_splitpath
strtoul
__RTDynamicCast
atol
memcmp
strlen
_mbsicmp
_mbsstr
time
__dllonexit
_onexit
??1type_info@@UAE@XZ
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
_beginthreadex
_controlfp
_except_handler3

kernel32

GetModuleHandleA
WaitForMultipleObjects
TerminateThread
SetThreadPriority
WaitForSingleObject
GetLogicalDrives
GetDriveTypeA
GetVolumeInformationA
MoveFileExA
GetShortPathNameA
GetWindowsDirectoryA
lstrcatA
CreateFileMappingA
MapViewOfFile
lstrcpyA
UnmapViewOfFile
CopyFileA
SetFileAttributesA
GetModuleFileNameA
GetTempPathA
CreateProcessA
GetProcAddress
FreeLibrary
LoadLibraryA
GlobalFree
SetFilePointer
SetEndOfFile
GetVersionExA
HeapAlloc
WriteFile
GetProcessHeap
HeapFree
ResetEvent
SetEvent
CreateDirectoryA
GetFileAttributesA
CreateEventA
LeaveCriticalSection
EnterCriticalSection
DeleteCriticalSection
InitializeCriticalSection
CreateFileA
GetFileSize
CloseHandle
GetComputerNameA
DeleteFileA
CreateMutexA
GetLastError
lstrlenA
MultiByteToWideChar
GetTempFileNameA
WideCharToMultiByte
lstrlenW
GetStartupInfoA

user32

GetMessageA
PostThreadMessageA
GetDesktopWindow
TranslateMessage
EnableWindow
PostMessageA
wsprintfA
PeekMessageA
DispatchMessageA

advapi32

RegQueryValueExA
GetUserNameA
RegOpenKeyExA

ole32

StgCreateDocfile
StgOpenStorage
CoCreateGuid
CoTaskMemAlloc
CoTaskMemFree

wininet

HttpSendRequestA
InternetCloseHandle
InternetSetOptionA
InternetSetStatusCallback
InternetQueryOptionA
InternetConnectA
HttpQueryInfoA
InternetErrorDlg
InternetReadFileExA
HttpAddRequestHeadersA
InternetOpenA
HttpOpenRequestA

netapi32

Netbios

version

VerQueryValueA
GetFileVersionInfoA
GetFileVersionInfoSizeA

wsock32

ntohl
htonl

Sections

.text
Size: 92KB - Virtual size: 89KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/4399LiveUpdateUI.dll
.dll windows:4 windows x86 arch:x86

1cb8c36f9dbb0357ca6d2034a3b4828a

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord6223
ord4204
ord535
ord6662
ord6199
ord2827
ord665
ord1979
ord5442
ord5186
ord354
ord823
ord3663
ord3258
ord1265
ord2233
ord2393
ord5450
ord6394
ord2841
ord2107
ord5440
ord6383
ord1799
ord2982
ord3147
ord3259
ord4465
ord3136
ord2985
ord3081
ord2915
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord654
ord772
ord610
ord801
ord614
ord341
ord500
ord287
ord541
ord290
ord2729
ord6467
ord2727
ord2730
ord4226
ord4003
ord538
ord5603
ord5606
ord5602
ord5608
ord5858
ord5860
ord5857
ord6883
ord939
ord6140
ord6142
ord6139
ord6143
ord3353
ord446
ord743
ord3127
ord3616
ord5651
ord3126
ord3613
ord350
ord3579
ord5572
ord825
ord5683
ord4129
ord858
ord800
ord540
ord2818
ord860
ord2976
ord537

msvcrt

??1type_info@@UAE@XZ
memmove
sprintf
rand
strlen
time
_mbsstr
memcpy
memcmp
_mbsicmp
memset
_mbscmp
__CxxFrameHandler
_adjust_fdiv
__dllonexit
free
_onexit
malloc
_initterm

ole32

CoTaskMemFree
CoTaskMemAlloc
StgCreateDocfile
StgOpenStorage
CoCreateGuid

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

wsock32

ntohl
htonl

kernel32

DeleteFileA
CloseHandle
lstrlenW
WideCharToMultiByte
GetTempFileNameA
MultiByteToWideChar
lstrlenA
MoveFileExA
GetShortPathNameA
GetWindowsDirectoryA
lstrcatA
CreateFileMappingA
MapViewOfFile
lstrcpyA
UnmapViewOfFile
SetFilePointer
SetEndOfFile
CreateProcessA
GetTempPathA
CreateDirectoryA
GetFileAttributesA
GetModuleFileNameA
SetFileAttributesA
CopyFileA
GetFileSize
CreateFileA
GetLastError

user32

wsprintfA

Exports

Exports

CPPDebug
GetFileLocalVersion
ManualUpdate
PushCheck
PushUpdate
ScheduledUpdate

Sections

.text
Size: 64KB - Virtual size: 60KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Box/4399Update.exe
.exe windows:4 windows x86 arch:x86

19acf308ab9587362243b200c41b6baa

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

80:49:82:3c:c8:c9:5b:30:f4:ee:d1:82:66:93:9b:8d
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/05/2010, 00:00

Not After

19/05/2011, 23:59

Subject

CN=厦门游家网络有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=厦门游家网络有限公司,L=厦门市,ST=福建省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

eb:e1:f5:7f:9b:af:57:ec:ee:2a:e4:e5:aa:20:b0:c4:06:6d:04:3c
Signer

Actual PE Digest

eb:e1:f5:7f:9b:af:57:ec:ee:2a:e4:e5:aa:20:b0:c4:06:6d:04:3c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord5714
ord2614
ord665
ord2764
ord1979
ord6010
ord6385
ord5442
ord3318
ord353
ord6283
ord6282
ord6877
ord4277
ord941
ord4129
ord5683
ord1168
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord1576
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord4673
ord2818
ord535
ord924
ord858
ord540
ord823
ord860
ord800
ord537
ord815
ord825

msvcrt

__set_app_type
_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
?terminate@@YAXXZ
_onexit
__dllonexit
sprintf
strcat
malloc
free
atoi
strstr
strncmp
strncpy
atol
_except_handler3
_snprintf
strlen
_beginthreadex
__CxxFrameHandler
memset
_setmbcp
strcmp

kernel32

WaitForSingleObject
Sleep
WaitForMultipleObjects
ResetEvent
CreateEventA
GetPrivateProfileStringA
DeleteFileA
CreateFileA
GetCommandLineA
GetFileAttributesA
CreateDirectoryA
GetModuleFileNameA
ReleaseMutex
GetLastError
CreateMutexA
GetModuleHandleA
GetStartupInfoA
GetTickCount
WriteFile
CreateThread
CloseHandle
SetEvent

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyA

shell32

ShellExecuteA

ole32

CoInitialize

urlmon

URLDownloadToFileA

wininet

HttpSendRequestA
HttpQueryInfoA
InternetSetStatusCallback
InternetCloseHandle
InternetOpenA
InternetReadFile
HttpOpenRequestA
InternetConnectA

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 732B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/7za.exe
.exe windows:4 windows x86 arch:x86

4bc4f0ac8210a0db29007697d2491b44

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysAllocString
SysAllocStringByteLen
VariantClear
VariantCopy
SysFreeString

user32

CharLowerA
CharUpperA
CharLowerW
CharPrevExA
CharNextA
CharUpperW

kernel32

GetProcAddress
GetStringTypeW
GetStringTypeA
LCMapStringW
LCMapStringA
SetConsoleCtrlHandler
FileTimeToLocalFileTime
GetCommandLineW
SetFileApisToOEM
GetVersionExA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
MultiByteToWideChar
WideCharToMultiByte
GetLastError
FreeLibrary
LoadLibraryA
AreFileApisANSI
GetModuleFileNameA
LocalFree
FormatMessageA
FormatMessageW
GetWindowsDirectoryA
GetWindowsDirectoryW
CloseHandle
SetFileTime
CreateFileW
SetLastError
SetFileAttributesA
RemoveDirectoryA
MoveFileA
SetFileAttributesW
RemoveDirectoryW
MoveFileW
CreateDirectoryA
CreateDirectoryW
DeleteFileA
DeleteFileW
lstrlenA
GetFullPathNameA
GetFullPathNameW
GetCurrentDirectoryA
SetCurrentDirectoryA
SetCurrentDirectoryW
GetCurrentDirectoryW
SearchPathA
SearchPathW
GetTempPathA
GetTempPathW
GetTempFileNameA
GetTempFileNameW
FindClose
FindFirstFileA
FindFirstFileW
FindNextFileA
FindNextFileW
CreateFileA
GetFileSize
SetFilePointer
DeviceIoControl
ReadFile
WriteFile
SetEndOfFile
GetCurrentProcess
CompareFileTime
FileTimeToSystemTime
GetSystemInfo
GlobalMemoryStatus
GetModuleHandleA
DosDateTimeToFileTime
FileTimeToDosDateTime
SystemTimeToFileTime
GetSystemTime
GetStdHandle
WaitForMultipleObjects
OpenEventA
UnmapViewOfFile
MapViewOfFile
OpenFileMappingA
GetTickCount
GetProcessTimes
LocalFileTimeToFileTime
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
VirtualAlloc
VirtualFree
WaitForSingleObject
CreateEventA
SetEvent
ResetEvent
CreateSemaphoreA
ReleaseSemaphore
InitializeCriticalSection
RtlUnwind
RaiseException
HeapAlloc
HeapFree
CreateThread
TlsSetValue
TlsGetValue
ExitThread
GetCommandLineA
GetVersion
ExitProcess
TlsAlloc
SetUnhandledExceptionFilter
TerminateProcess
HeapReAlloc
HeapSize
GetEnvironmentVariableA
HeapDestroy
HeapCreate
IsBadWritePtr
SetHandleCount
GetFileType
GetStartupInfoA
FlushFileBuffers
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
IsBadReadPtr
IsBadCodePtr
SetStdHandle
GetCPInfo
GetACP
GetOEMCP

Sections

.text
Size: 476KB - Virtual size: 476KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 59KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 28KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 824B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/BugCollector.exe
.exe windows:4 windows x86 arch:x86

0a0d803c7e6a0ad7234a8958a98cbf81

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

25/04/2007, 00:00

Not After

09/07/2019, 18:40

Subject

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning
ExtKeyUsageClientAuth

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

80:49:82:3c:c8:c9:5b:30:f4:ee:d1:82:66:93:9b:8d
Certificate

Issuer

CN=WoSign Code Signing Authority,O=WoSign\, Inc.,C=US

Not Before

19/05/2010, 00:00

Not After

19/05/2011, 23:59

Subject

CN=厦门游家网络有限公司,OU=Class 3 - for Microsoft Authenticode Signing,O=厦门游家网络有限公司,L=厦门市,ST=福建省,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning
ExtKeyUsageMicrosoftCommercialCodeSigning

Key Usages

KeyUsageDigitalSignature

b4:36:5a:8a:fe:66:c2:c0:8c:77:4d:19:90:db:55:18:f0:02:dd:1f
Signer

Actual PE Digest

b4:36:5a:8a:fe:66:c2:c0:8c:77:4d:19:90:db:55:18:f0:02:dd:1f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4424
ord3738
ord800
ord815
ord540
ord561
ord825
ord641
ord609
ord2514
ord2621
ord1134
ord858
ord4278
ord4277
ord2614
ord860
ord617
ord2764
ord537
ord2818
ord2915
ord5214
ord296
ord5265
ord4853
ord4998
ord4710
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord4622
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord4234
ord2575
ord6055
ord1776
ord4396
ord5290
ord3402
ord3574
ord1146
ord1168
ord567
ord2302
ord6199
ord5953
ord4160
ord2863
ord2379
ord3571
ord3626
ord3663
ord2414
ord686
ord2096
ord384
ord1641
ord755
ord470
ord2642
ord3092
ord941
ord939
ord535
ord3089
ord4476
ord823
ord4080
ord1576
ord3079
ord3825
ord3831
ord3830
ord2976
ord3081
ord2985
ord3262
ord3136
ord4465
ord3259
ord3147
ord2982
ord5714
ord5289
ord5307
ord4698
ord4079
ord2725
ord5302
ord5300
ord3346
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord2554
ord4486
ord6375
ord4274
ord5065
ord4673

msvcrt

__set_app_type
_except_handler3
_controlfp
__setusermatherr
_initterm
__getmainargs
_acmdln
exit
_XcptFilter
_exit
??1type_info@@UAE@XZ
_onexit
__dllonexit
__p__fmode
calloc
_strnicmp
strncpy
strtoul
sprintf
_CxxThrowException
??0exception@@QAE@ABV0@@Z
wcscpy
??1exception@@UAE@XZ
??0exception@@QAE@XZ
_setmbcp
_stricmp
__p__commode
_adjust_fdiv
__CxxFrameHandler
_beginthreadex
_mbsnicmp
_vsnprintf
wcslen
malloc
free
_vsnwprintf
_mbscmp

kernel32

GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
CreateFileA
GetFileSize
SetFilePointer
ReadFile
IsDBCSLeadByteEx
GetStartupInfoA
GetLastError
WaitForSingleObject
CloseHandle
OutputDebugStringA
GetModuleFileNameA
GetCommandLineA
TerminateProcess
OpenProcess

user32

SendMessageA
AppendMenuA
GetSystemMetrics
IsIconic
GetClientRect
PostMessageA
EnableWindow
LoadIconA
GetSystemMenu
DrawIcon
LoadBitmapA

gdi32

GetObjectA

advapi32

RegQueryValueExA
RegOpenKeyA
RegCloseKey

shell32

ShellExecuteA

comctl32

ImageList_Draw
ImageList_AddMasked

ole32

CoTaskMemFree
CoCreateGuid

urlmon

FindMimeFromData

msvcp60

??1_Lockit@std@@QAE@XZ
??0_Lockit@std@@QAE@XZ

wininet

InternetSetOptionA
InternetGetConnectedState
InternetCloseHandle
InternetConnectA
HttpOpenRequestA
HttpAddRequestHeadersA
HttpSendRequestExA
InternetWriteFile
HttpEndRequestA
HttpQueryInfoA
InternetOpenA
InternetReadFile

Sections

.text
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 12KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 20KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/DSGame.exe
.exe windows:4 windows x86 arch:x86

16215183eac29438f1a2fd4ddb2e02ef

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42u

ord3142
ord3254
ord4459
ord3131
ord3257
ord2980
ord3076
ord2971
ord3825
ord3826
ord3820
ord3074
ord4075
ord4616
ord4418
ord3733
ord561
ord825
ord815
ord3579
ord641
ord693
ord800
ord803
ord2506
ord2613
ord1131
ord2810
ord540
ord823
ord5261
ord4370
ord4847
ord4992
ord4704
ord6048
ord4073
ord1767
ord4401
ord5237
ord2377
ord5157
ord6370
ord4347
ord5276
ord3793
ord4831
ord4435
ord2640
ord2047
ord6372
ord3744
ord5059
ord2977
ord5257
ord2438
ord2116
ord5273
ord4621
ord4419
ord3592
ord324
ord4229
ord2574
ord6051
ord1768
ord4396
ord5286
ord3365
ord3635
ord1143
ord1165
ord543
ord567
ord2294
ord861
ord535
ord2606
ord3991
ord940
ord537
ord1197
ord858
ord4124
ord5679
ord4155
ord2858
ord2371
ord755
ord470
ord3296
ord3281
ord6451
ord6003
ord2910
ord925
ord6898
ord3993
ord4273
ord5706
ord6654
ord538
ord5568
ord539
ord922
ord927
ord942
ord5710
ord5285
ord5303
ord4692
ord4074
ord2717
ord5298
ord5296
ord3341
ord2388
ord5193
ord1089
ord3917
ord5727
ord2504
ord2546
ord4480
ord6371
ord4269
ord1720
ord4667
ord1569

msvcrt

_except_handler3
?terminate@@YAXXZ
_exit
_XcptFilter
exit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
__dllonexit
memmove
_wcsnicmp
wcsstr
strncpy
wcstol
wcsncmp
wcslen
wcschr
wcsncpy
wcscpy
fwrite
__CxxFrameHandler
wcscmp
_wcsicmp
fclose
swprintf
fread
ftell
fseek
_wfopen
_onexit

kernel32

GetModuleHandleW
GetLastError
WideCharToMultiByte
FormatMessageW
GetModuleFileNameW
InitializeCriticalSection
MultiByteToWideChar
LeaveCriticalSection
GetStartupInfoW
DeleteCriticalSection
EnterCriticalSection

user32

EnableWindow
IsIconic
GetSystemMetrics
GetClientRect
DrawIcon
GetSystemMenu
AppendMenuW
SendMessageW
LoadIconW
PostMessageW
FindWindowW

advapi32

RegQueryValueExW
RegOpenKeyW
RegCloseKey

4399down

RemoveTask
UninitDownTaskCtrl
InitDownTaskCtrl
AddTask

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/LocalPage/catalog/catalogess.html
.html .js polyglot
Box/LocalPage/catalog/catalogflash.html
.js
Box/LocalPage/catalog/catalogmygame.html
.js
Box/LocalPage/catalog/catalogselected.gif
.gif
Box/LocalPage/catalog/gamefavorites.xml
.xml
Box/LocalPage/catalog/gamelocal.xml
.xml
Box/LocalPage/catalog/jquery.query-2.1.7.js
.js
Box/LocalPage/catalog/menu_arrow.gif
.gif
Box/LocalPage/catalog/menu_scroll.gif
.gif
Box/LocalPage/catalog/playflash.html
.js
Box/LocalPage/check/ad.xml
Box/LocalPage/check/check_img_bd.jpg
.jpg
Box/LocalPage/check/index.html
.html .js polyglot
Box/LocalPage/common/images/check.gif
.gif
Box/LocalPage/common/images/check.swf
Box/LocalPage/common/images/g_ico.gif
.gif
Box/LocalPage/common/images/game_loading.gif
.gif
Box/LocalPage/common/images/head_bg.gif
.gif
Box/LocalPage/common/images/ico_check.gif
.gif
Box/LocalPage/common/images/ico_del.gif
.gif
Box/LocalPage/common/images/ico_dot.gif
.gif
Box/LocalPage/common/images/ico_flash.gif
.gif
Box/LocalPage/common/images/ico_prompt.gif
.gif
Box/LocalPage/common/images/ico_star.gif
.gif
Box/LocalPage/common/images/mygame.gif
.gif
Box/LocalPage/common/images/mygame_bg.gif
.gif
Box/LocalPage/common/images/nocheck.swf
Box/LocalPage/common/images/option_btn.gif
.gif
Box/LocalPage/common/images/option_set.gif
.gif
Box/LocalPage/common/images/option_txt.gif
.gif
Box/LocalPage/common/js/common.js
.js
Box/LocalPage/common/js/jquery-1.2.6.pack.js
.js
Box/LocalPage/common/js/jquery.query-2.1.7.js
.js
Box/LocalPage/common/js/page.js
Box/LocalPage/management/localflash.html
.html .js polyglot
Box/LocalPage/management/mygame.html
.js
Box/LocalPage/management/network.html
.js
Box/LocalPage/option/index.html
.js
Box/SafeMode/4399Safe.exe
.exe windows:4 windows x86 arch:x86

a788aefd6f52aeeded2454fa55aac752

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

mfc42

ord4486
ord2554
ord2512
ord5731
ord3922
ord1089
ord5199
ord2396
ord3346
ord5300
ord5302
ord2725
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3738
ord561
ord825
ord815
ord5265
ord4376
ord4853
ord6375
ord4710
ord2514
ord6052
ord4078
ord1775
ord4407
ord5241
ord2385
ord5163
ord6374
ord4353
ord5280
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord4627
ord4425
ord3597
ord324
ord641
ord4234
ord1168
ord2379
ord755
ord470
ord4274
ord4998
ord4673
ord1576

msvcrt

_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
_controlfp
_onexit
__dllonexit
__CxxFrameHandler
_setmbcp
_exit

kernel32

GetModuleHandleA
GetStartupInfoA

user32

DrawIcon
GetClientRect
GetSystemMetrics
IsIconic
EnableWindow
SendMessageA

Sections

.text
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 276B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/SafeMode/Install/4399sandbox.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

95:34:a5:2d:63:be:57:62:9a:f6:e7:30:ac:28:87:e9:cc:67:ed:5d
Signer

Actual PE Digest

95:34:a5:2d:63:be:57:62:9a:f6:e7:30:ac:28:87:e9:cc:67:ed:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 40KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallType.ini
$PLUGINSDIR/KmdUtil.exe
.exe windows:5 windows x86 arch:x86

312f0dc2e58fdfdb86d144b0679baa25

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ac:80:46:36:f3:4f:8c:bf:91:8b:20:14:99:b9:f2:95:42:b4:12:2a
Signer

Actual PE Digest

ac:80:46:36:f3:4f:8c:bf:91:8b:20:14:99:b9:f2:95:42:b4:12:2a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\kmdutil\obj\i386\KmdUtil.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
exit
_cexit
_XcptFilter
_exit
_c_exit
memset
wcslen
_wcsicmp
_wcsnicmp
wcscpy
_acmdln
wcscat
swprintf

advapi32

StartServiceW
RegSetValueExW
CreateServiceW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
OpenServiceW
DeleteService
ControlService
OpenSCManagerW
AdjustTokenPrivileges
OpenProcessToken
LookupPrivilegeValueW
RegCreateKeyExW

kernel32

GetCommandLineW
Sleep
FormatMessageW
CloseHandle
GetCurrentProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetLastError
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA

user32

MessageBoxW

ntdll

NtClose
NtUnloadDriver
NtDeviceIoControlFile
RtlInitUnicodeString
NtOpenFile

shell32

CommandLineToArgvW

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 852B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Warning.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
LICENSE.TXT
SandboxieBITS.exe
.exe windows:5 windows x86 arch:x86

4a0846323fde3c7a4fcf9b9218bf0c8c

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

99:56:dc:01:29:e9:13:20:42:29:1d:58:37:13:43:ef:e5:5b:e7:8f
Signer

Actual PE Digest

99:56:dc:01:29:e9:13:20:42:29:1d:58:37:13:43:ef:e5:5b:e7:8f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\bits\obj\i386\SandboxieBITS.pdb

Imports

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
_except_handler3
_cexit
_XcptFilter
_exit
_c_exit
_controlfp
_wcsicmp
swprintf
wcscpy
wcslen
exit

advapi32

AccessCheckByType
DuplicateTokenEx
SetThreadToken
StartServiceCtrlDispatcherW

kernel32

ExitProcess
LoadLibraryW
TerminateProcess
CreateThread
SetLastError
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
HeapAlloc
GetProcessHeap
GetCurrentProcess
SetEvent
OpenEventW
GetProcAddress
CloseHandle
OpenProcess
Sleep

user32

wsprintfW
MessageBoxW

ole32

CoImpersonateClient

wtsapi32

WTSQueryUserToken

sbiedll

_SbieApi_EnumProcessEx@16
_SbieDll_Hook@12
_SbieApi_QueryConf@20
_SbieApi_QueryProcess@20

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieCrypto.exe
.exe windows:5 windows x86 arch:x86

4b8c9b37f6da2ffd863704179986d92f

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:39:9b:85:f1:1c:56:95:72:b8:15:20:a3:29:86:f3:40:f3:42:d9
Signer

Actual PE Digest

00:39:9b:85:f1:1c:56:95:72:b8:15:20:a3:29:86:f3:40:f3:42:d9

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\crypto\obj\i386\SandboxieCrypto.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_initterm
_wcsicmp
swprintf
wcslen
wcscpy

advapi32

AccessCheckByType
StartServiceCtrlDispatcherW

kernel32

TerminateProcess
ExitProcess
GetProcAddress
CreateThread
SetLastError
QueryPerformanceCounter
CloseHandle
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
HeapAlloc
GetProcessHeap
GetCurrentProcess
SetEvent
OpenEventW
LoadLibraryW
OpenProcess
Sleep

user32

MessageBoxW
wsprintfW

sbiedll

_SbieApi_EnumProcessEx@16
_SbieDll_Hook@12
_SbieApi_QueryConf@20
_SbieApi_QueryProcess@20

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieDcomLaunch.exe
.exe windows:5 windows x86 arch:x86

d14e09a640f15cbab22fa9a80c180352

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

1e:cb:c7:51:6e:d3:b1:fa:4e:a6:4b:82:f8:f4:c6:d2:65:bd:1c:04
Signer

Actual PE Digest

1e:cb:c7:51:6e:d3:b1:fa:4e:a6:4b:82:f8:f4:c6:d2:65:bd:1c:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\dcomlaunch\obj\i386\SandboxieDcomLaunch.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_initterm
_wcsicmp
swprintf
wcslen
wcscpy
wcscmp

advapi32

GetTokenInformation
SetServiceStatus
RegisterServiceCtrlHandlerW
RegisterServiceCtrlHandlerExW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
StartServiceW
ControlService
StartServiceCtrlDispatcherW
QueryServiceStatusEx
OpenProcessToken
ConvertSidToStringSidW

kernel32

SuspendThread
GetCurrentThread
TerminateProcess
ExitProcess
CreateFileMappingW
GetProcAddress
CreateThread
SetLastError
QueryPerformanceCounter
CloseHandle
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
HeapAlloc
GetProcessHeap
GetCurrentProcess
SetEvent
OpenEventW
LoadLibraryW
OpenProcess
LocalFree
HeapFree
GetLastError
Sleep

user32

MessageBoxW
wsprintfW

ntdll

NtSetInformationProcess
RtlAdjustPrivilege

sbiedll

_SbieApi_EnumProcessEx@16
_SbieDll_IsBoxedService@4
_SbieDll_Hook@12
_SbieApi_QueryConf@20
_SbieApi_QueryProcess@20

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieEventSys.exe
.exe windows:5 windows x86 arch:x86

4b8c9b37f6da2ffd863704179986d92f

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

86:ac:4e:31:0f:4f:3d:0d:ac:17:39:7b:dd:3d:b6:a8:0f:f2:db:27
Signer

Actual PE Digest

86:ac:4e:31:0f:4f:3d:0d:ac:17:39:7b:dd:3d:b6:a8:0f:f2:db:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\eventsys\obj\i386\SandboxieEventSys.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_initterm
_wcsicmp
swprintf
wcslen
wcscpy

advapi32

AccessCheckByType
StartServiceCtrlDispatcherW

kernel32

TerminateProcess
ExitProcess
GetProcAddress
CreateThread
SetLastError
QueryPerformanceCounter
CloseHandle
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
HeapAlloc
GetProcessHeap
GetCurrentProcess
SetEvent
OpenEventW
LoadLibraryW
OpenProcess
Sleep

user32

MessageBoxW
wsprintfW

sbiedll

_SbieApi_EnumProcessEx@16
_SbieDll_Hook@12
_SbieApi_QueryConf@20
_SbieApi_QueryProcess@20

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieRpcSs.exe
.exe windows:5 windows x86 arch:x86

be520d1f80f3efb9dd14c287f83e5eef

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ec:c0:70:bc:72:6f:de:16:f4:56:62:a4:3f:6b:31:fa:fe:48:7e:ab
Signer

Actual PE Digest

ec:c0:70:bc:72:6f:de:16:f4:56:62:a4:3f:6b:31:fa:fe:48:7e:ab

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\rpcss\obj\i386\SandboxieRpcSs.pdb

Imports

msvcrt

__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_acmdln
__p__fmode
_cexit
_XcptFilter
_exit
_c_exit
__set_app_type
_except_handler3
_controlfp
_wcsicmp
swprintf
exit
wcslen
wcscpy
wcscmp

advapi32

GetTokenInformation
SetServiceStatus
RegisterServiceCtrlHandlerW
RegisterServiceCtrlHandlerExW
OpenServiceW
CloseServiceHandle
QueryServiceStatus
StartServiceW
ControlService
StartServiceCtrlDispatcherW
QueryServiceStatusEx
OpenProcessToken
ConvertSidToStringSidW

kernel32

SuspendThread
GetCurrentThread
TerminateProcess
ExitProcess
CreateFileMappingW
GetProcAddress
CreateThread
SetLastError
QueryPerformanceCounter
HeapFree
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
HeapAlloc
GetProcessHeap
GetCurrentProcess
SetEvent
OpenEventW
LoadLibraryW
CloseHandle
LocalFree
OpenProcess
GetLastError
Sleep

user32

wsprintfW
MessageBoxW

ntdll

NtSetInformationProcess
RtlAdjustPrivilege

ws2_32

listen
bind
WSAStartup

sbiedll

_SbieApi_EnumProcessEx@16
_SbieDll_IsBoxedService@4
_SbieDll_Hook@12
_SbieApi_QueryConf@20
_SbieApi_QueryProcess@20

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieWUAU.exe
.exe windows:5 windows x86 arch:x86

8d791d3feb0c687c8d8698d0c7aac411

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

29:5d:5a:22:ec:64:d8:08:1c:af:d4:98:f6:1e:4d:97:f2:b3:cd:ff
Signer

Actual PE Digest

29:5d:5a:22:ec:64:d8:08:1c:af:d4:98:f6:1e:4d:97:f2:b3:cd:ff

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\wuau\obj\i386\SandboxieWUAU.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_initterm
_wcsicmp
swprintf
wcslen
wcscpy

advapi32

AccessCheckByType
StartServiceCtrlDispatcherW

kernel32

TerminateProcess
GetVersionExW
LoadLibraryW
GetProcAddress
CreateThread
QueryPerformanceCounter
CloseHandle
GetTickCount
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
GetProcessHeap
GetCurrentProcess
SetEvent
OpenEventW
Sleep
ExitProcess
HeapAlloc
OpenProcess
SetLastError

user32

MessageBoxW
wsprintfW

sbiedll

_SbieApi_EnumProcessEx@16
_SbieDll_Hook@12
_SbieApi_QueryConf@20
_SbieApi_QueryProcess@20

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SbieCtrl.exe
.exe windows:5 windows x86 arch:x86

54c96abb3789325a7397e9bfcf30a97a

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9d:cf:6d:82:65:8d:3f:9f:60:6a:b3:75:f9:d2:b7:e0:50:68:d9:32
Signer

Actual PE Digest

9d:cf:6d:82:65:8d:3f:9f:60:6a:b3:75:f9:d2:b7:e0:50:68:d9:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\control\obj\i386\SbieCtrl.pdb

Imports

mfc42u

ord6024
ord2756
ord926
ord2634
ord3312
ord5426
ord4704
ord5977
ord1165
ord1662
ord2644
ord5949
ord6563
ord5945
ord6193
ord3356
ord5947
ord3090
ord3658
ord3621
ord2406
ord3566
ord1634
ord1633
ord5781
ord4215
ord2576
ord3649
ord2430
ord2858
ord1637
ord1143
ord2854
ord2371
ord6051
ord1768
ord5286
ord3393
ord4418
ord3728
ord567
ord810
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6168
ord5869
ord5785
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord640
ord6190
ord6017
ord323
ord4266
ord4532
ord2115
ord3282
ord3291
ord6266
ord3909
ord1084
ord4688
ord3749
ord5142
ord3016
ord4847
ord6376
ord2078
ord326
ord4270
ord3737
ord818
ord2144
ord5856
ord773
ord772
ord5603
ord5602
ord500
ord5677
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord3396
ord4616
ord3733
ord561
ord815
ord2613
ord5568
ord2910
ord4237
ord4718
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5278
ord2641
ord1658
ord4430
ord5248
ord4421
ord3618
ord674
ord3865
ord2455
ord538
ord4219
ord2447
ord2550
ord366
ord1105
ord291
ord910
ord2574
ord4396
ord3635
ord693
ord2857
ord4238
ord697
ord395
ord4181
ord6896
ord3281
ord3905
ord6688
ord686
ord3991
ord2445
ord2088
ord384
ord491
ord5625
ord3431
ord2855
ord3397
ord3716
ord795
ord2567
ord4390
ord3569
ord609
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord6316
ord2769
ord3084
ord5639
ord2070
ord2091
ord2108
ord4282
ord4279
ord1644
ord6238
ord913
ord700
ord398
ord6279
ord6278
ord3434
ord2776
ord909
ord3638
ord696
ord3930
ord394
ord5586
ord3430
ord4180
ord1172
ord5706
ord860
ord283
ord5871
ord4128
ord4292
ord2746
ord2836
ord2099
ord4199
ord5446
ord6390
ord5436
ord6379
ord613
ord3490
ord4078
ord1834
ord289
ord3688
ord3568
ord3614
ord2705
ord3995
ord6004
ord2579
ord4400
ord3389
ord3724
ord804
ord6777
ord4254
ord1900
ord1683
ord2520
ord5284
ord4433
ord2046
ord4425
ord771
ord497
ord2400
ord6868
ord2606
ord6655
ord4120
ord3470
ord3285
ord3298
ord5845
ord2876
ord6451
ord2877
ord6437
ord2111
ord1761
ord1258
ord4709
ord2629
ord1230
ord5784
ord472
ord755
ord470
ord2036
ord2440
ord1569
ord537
ord800
ord942
ord861
ord858
ord641
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4370
ord5261
ord4229
ord2859
ord3133
ord768
ord4253
ord414
ord3979
ord713
ord3657
ord5817
ord5600
ord5855
ord924
ord5617
ord4124
ord6654
ord539
ord501
ord1083
ord536
ord4273
ord941
ord715
ord415
ord5597
ord5616
ord1081
ord1008
ord925
ord1085
ord2757
ord6565
ord5605
ord2010
ord3694
ord4829
ord5283
ord4371
ord4352
ord4942
ord4970
ord4899
ord5154
ord5156
ord5155
ord823
ord3798
ord5679
ord4272
ord2755
ord4197
ord542
ord5618
ord802
ord3087
ord927
ord6195
ord540
ord2810
ord535
ord6211
ord3871
ord922
ord940
ord825
ord2637
ord2092
ord324
ord1135
ord4294
ord5830

msvcrt

wcscmp
__CxxFrameHandler
_wcsnicmp
_wcsicmp
wcschr
free
malloc
wcsrchr
_wtoi64
wcscat
wcslen
time
wcscpy
_controlfp
?terminate@@YAXXZ
_onexit
__dllonexit
exit
_wtoi
wcsstr
wcsncpy
towlower
memmove
atof
strchr
toupper
_purecall
__RTDynamicCast
_c_exit
_exit
_XcptFilter
_cexit
_wcmdln
__wgetmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ

advapi32

RegEnumValueW
RegDeleteKeyW
RegCreateKeyExW
RegSetValueExW
RegDeleteValueW
RegOpenKeyW
RegCloseKey
OpenEventLogW
ReadEventLogW
CloseEventLog
RegOpenKeyExW
RegQueryValueExW

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
GetSystemTimeAsFileTime
GetTickCount
QueryPerformanceCounter
FreeLibrary
LoadLibraryW
GetProcessTimes
GetProcAddress
CreateProcessW
GetTempPathW
WriteFile
CreateDirectoryW
RemoveDirectoryW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
CopyFileW
DeleteFileW
GetModuleFileNameW
GetDriveTypeW
GetSystemWindowsDirectoryW
ExpandEnvironmentStringsW
FindFirstFileW
FindNextFileW
FindClose
GetFileAttributesW
OpenProcess
TerminateProcess
WaitForSingleObject
GetCommandLineW
OpenMutexW
CreateMutexW
GetVersionExW
HeapAlloc
ProcessIdToSessionId
CreateThread
GetCurrentProcessId
CreateFileW
GetLastError
GetFileTime
CloseHandle
GetProcessHeap
HeapFree
LocalFree
LocalAlloc
InitializeCriticalSection
EnterCriticalSection
GetCurrentThreadId
LeaveCriticalSection
FindResourceW
SizeofResource
LoadResource
LockResource
GlobalAlloc
GlobalLock
GlobalFree
GlobalUnlock
InterlockedIncrement
InterlockedDecrement
GetModuleHandleW
Sleep
GetStartupInfoW

gdi32

LPtoDP
PatBlt
PtVisible
RectVisible
TextOutW
DPtoLP
Escape
BitBlt
Ellipse
GetStockObject
CreatePatternBrush
Rectangle
GetPixel
SetPixel
GetTextMetricsW
CreatePen
GetObjectW
CreateSolidBrush
CreateFontIndirectW
GetClipBox
SetTextColor
GetCurrentObject
GetTextColor
GetWindowExtEx
GetViewportExtEx
GetMapMode
CreateCompatibleDC
CreateCompatibleBitmap
SelectObject
ExtTextOutW
GetTextExtentPoint32W
DeleteObject

user32

SendMessageW
UnhookWindowsHookEx
SetCursor
ReleaseCapture
GetParent
PostMessageW
CallNextHookEx
IsWindowVisible
PtInRect
EnumChildWindows
WindowFromPoint
SetWindowsHookExW
SetCapture
CallWindowProcW
SetWindowLongW
SetWindowPos
MoveWindow
GetDC
CreateWindowExW
SetFocus
ScreenToClient
GetDlgItem
SetWindowTextW
ShowWindow
GetDlgCtrlID
GetWindow
SendDlgItemMessageW
GetWindowLongW
EnableWindow
SetTimer
CopyRect
EnableMenuItem
GetSubMenu
LoadMenuW
DestroyCursor
EndPaint
UpdateWindow
InvalidateRect
TabbedTextOutW
DrawTextW
GrayStringW
GetMessagePos
GetWindowThreadProcessId
KillTimer
SetForegroundWindow
DispatchMessageW
GetMessageW
TranslateMessage
LoadIconW
MsgWaitForMultipleObjects
PeekMessageW
RegisterWindowMessageW
RegisterClassExW
DefWindowProcW
SystemParametersInfoW
FindWindowW
CreatePopupMenu
DeleteMenu
AppendMenuW
SetMenuDefaultItem
GetMenuItemCount
GetMenuItemID
GetMenuStringW
InsertMenuW
ModifyMenuW
GetMenu
PostQuitMessage
GetCursorPos
wsprintfW
GetSystemMetrics
GetKeyState
FindWindowExW
DestroyIcon
EnumWindows
DrawStateW
GetSysColor
GetMenuItemInfoW
GetMenuItemRect
GetClassNameW
SetMenuItemInfoW
IsMenu
IsRectEmpty
GetDesktopWindow
IsWindow
GetSysColorBrush
GetIconInfo
LoadBitmapW
LoadCursorW
GetWindowRect
GetClientRect
ClientToScreen
OffsetRect
GetWindowDC
SetRect
InvertRect
ReleaseDC
BeginPaint
MessageBoxW

ntdll

NtCreateFile
NtQueryDirectoryFile

psapi

GetModuleFileNameExW

shell32

DragQueryFileW
SHBrowseForFolderW
SHGetPathFromIDListW
ShellExecuteExW
Shell_NotifyIconW
ShellExecuteW
ord165
SHGetFolderPathW
ExtractIconExW
SHFileOperationW

comctl32

ImageList_GetImageCount
ImageList_GetIcon
ImageList_Draw
ImageList_SetBkColor
ImageList_ReplaceIcon
ImageList_Remove
ImageList_GetImageInfo

comdlg32

GetOpenFileNameW

gdiplus

GdipDisposeImage
GdipCreateBitmapFromStream
GdipCreateHBITMAPFromBitmap
GdiplusStartup

wininet

InternetOpenW
InternetOpenUrlW
InternetReadFile
InternetCloseHandle

ole32

CreateStreamOnHGlobal
CoTaskMemFree
CoInitialize
CoCreateInstance

sbiedll

_SbieApi_FreeReply@4
_SbieApi_GetVersion@4
_SbieDll_StartSbieDrv@4
_SbieDll_FormatMessage0@4
_SbieDll_FormatMessage1@8
_SbieApi_KillProcess@4
_SbieApi_EnumBoxes@8
_SbieApi_ReloadConf@4
_SbieApi_QueryBoxPath@28
_SbieApi_QueryConf@20
_SbieDll_TranslateNtToDosPath@4
_SbieDll_GetAllUsersPath@0
_SbieDll_GetUserPath@0
_SbieDll_GetDrivePath@4
_SbieApi_EnumProcessEx@16
_SbieApi_QueryProcess@20
_SbieDll_GetBoxFilePath@8
_SbieApi_CallServer@4
_SbieApi_SetLicense@8
_SbieApi_GetLicense@4
_SbieDll_FormatMessage@8
_SbieDll_FormatMessage2@12
_SbieDll_CanElevateOnVista@0
_SbieDll_DeviceChange@8
_SbieApi_DisableForceProcess@8
_SbieDll_RunFromHome@16
_SbieDll_GetLanguage@4
_SbieApi_GetWork@12
_SbieDll_StartSbieSvc@4

Sections

.text
Size: 218KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 500KB - Virtual size: 500KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SbieDll.dll
.dll windows:5 windows x86 arch:x86

3af8894d3b1faeb3fb96435d79712bc0

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:76:f1:20:45:ac:d7:34:43:5e:bd:ac:56:b4:92:8c:68:da:e0:a3
Signer

Actual PE Digest

3a:76:f1:20:45:ac:d7:34:43:5e:bd:ac:56:b4:92:8c:68:da:e0:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\core\dll\obj\i386\SbieDll.pdb

Imports

ntdll

RtlFreeAnsiString
NtAssignProcessToJobObject
LdrGetProcedureAddress
RtlCreateProcessParameters
NtDeviceIoControlFile
_vsnprintf
NtRegisterThreadTerminatePort
NtRequestWaitReplyPort
NtAdjustPrivilegesToken
LdrLoadDll
NtQuerySecurityObject
NtDuplicateObject
NtOpenThread
NtOpenProcess
NtQuerySystemInformation
RtlUnwind
NtQueryVirtualMemory
NtLoadDriver
LdrUnloadDll
NtDeleteKey
NtEnumerateKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtNotifyChangeKey
NtNotifyChangeMultipleKeys
NtSaveKey
NtSetInformationKey
NtCreatePort
NtConnectPort
NtCreateEvent
NtOpenEvent
NtCreateMutant
NtOpenMutant
NtCreateSemaphore
NtOpenSemaphore
NtCreateSection
NtOpenSection
RtlInitString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
strchr
sprintf
_stricmp
RtlUnicodeStringToAnsiString
strncmp
wcsncmp
_wtoi
NtQueryAttributesFile
NtSetInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
RtlGetCurrentDirectory_U
RtlGetFullPathName_U
NtDeleteFile
towlower
NtReadFile
NtWriteFile
NtQueryInformationToken
RtlConvertSidToUnicodeString
NtQueryObject
RtlCompareUnicodeString
NtQueryInformationFile
NtCreateFile
NtQueryFullAttributesFile
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
memmove
RtlQueryRegistryValues
NtOpenDirectoryObject
NtSetInformationProcess
NtOpenFile
_wcsicmp
NtQueryDirectoryFile
wcscmp
wcsncpy
RtlCompareMemory
wcschr
_wcslwr
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtProtectVirtualMemory
wcsrchr
wcsstr
NtDeleteValueKey
NtQueryValueKey
NtQueryKey
NtOpenKey
wcscpy
wcscat
RtlInitUnicodeString
NtCreateKey
swprintf
NtSetValueKey
wcslen
NtOpenProcessToken
NtPrivilegeCheck
NtClose
NtSetSecurityObject
_wcsnicmp

kernel32

CreateMutexW
CreateFileMappingW
ReleaseMutex
GetWindowsDirectoryW
HeapDestroy
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
OpenProcess
CreateFileA
FindResourceExW
FormatMessageW
QueueUserWorkItem
GetLongPathNameW
GetFullPathNameW
OpenFileMappingW
MapViewOfFile
CreateThread
GetSystemWindowsDirectoryW
WinExec
CreateProcessA
GetCurrentDirectoryW
GetEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
GetTickCount
Sleep
CreateEventW
OpenEventW
HeapFree
GetProcessHeap
HeapAlloc
OutputDebugStringW
VirtualFree
RaiseException
SleepEx
GetCommandLineW
LoadLibraryW
FreeLibrary
FindResourceW
FindResourceA
LoadResource
LockResource
OpenThread
GetThreadTimes
GlobalAddAtomW
WideCharToMultiByte
GetModuleFileNameW
SetConsoleTitleA
SetConsoleTitleW
GetCurrentThread
QueueUserAPC
CreateFileW
GetSystemTimeAsFileTime
GetCurrentThreadId
InterlockedExchange
SetEvent
InterlockedCompareExchange
TlsGetValue
TlsSetValue
TlsAlloc
InitializeCriticalSection
DisableThreadLibraryCalls
GetCurrentProcessId
GetCurrentProcess
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
VirtualProtect
ExitProcess
GetModuleHandleW
ExpandEnvironmentStringsW
CreateProcessW
WaitForSingleObject
CloseHandle
SetLastError
LocalAlloc
LocalFree
GetProcAddress
GetLastError
HeapCreate

Exports

Exports

SbieApi_Log
SbieApi_LogEx
_SbieApi_CallServer@4
_SbieApi_CallZero@4
_SbieApi_CreateDirOrLink@8
_SbieApi_DisableForceProcess@8
_SbieApi_DuplicateObject@20
_SbieApi_EnumBoxes@8
_SbieApi_EnumProcessEx@16
_SbieApi_FreeReply@4
_SbieApi_GetInjectSaveArea@12
_SbieApi_GetLicense@4
_SbieApi_GetSetDeviceMap@4
_SbieApi_GetVersion@4
_SbieApi_GetWork@12
_SbieApi_HookTramp@8
_SbieApi_KillProcess@4
_SbieApi_PortName@0
_SbieApi_QueryBoxPath@28
_SbieApi_QueryConf@20
_SbieApi_QueryPathList@12
_SbieApi_QueryProcess@20
_SbieApi_QueryProcessPath@28
_SbieApi_ReloadConf@4
_SbieApi_RenameFile@16
_SbieApi_SetLicense@8
_SbieApi_SetUserName@8
_SbieApi_StartProcess@16
_SbieDll_AssocQueryCommand@4
_SbieDll_AssocQueryProgram@4
_SbieDll_CanElevateOnVista@0
_SbieDll_DeviceChange@8
_SbieDll_FormatMessage0@4
_SbieDll_FormatMessage1@8
_SbieDll_FormatMessage2@12
_SbieDll_FormatMessage@8
_SbieDll_GetAllUsersPath@0
_SbieDll_GetBoxFilePath@8
_SbieDll_GetDrivePath@4
_SbieDll_GetHandlePath@12
_SbieDll_GetLanguage@4
_SbieDll_GetUserPath@0
_SbieDll_Hook@12
_SbieDll_InitPStore@0
_SbieDll_InitProcess@0
_SbieDll_IsBoxedService@4
_SbieDll_IsDirectory@4
_SbieDll_IsWow64@0
_SbieDll_RunFromHome@16
_SbieDll_StartCOM@0
_SbieDll_StartSbieDrv@4
_SbieDll_StartSbieSvc@4
_SbieDll_TranslateNtToDosPath@4

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieDllX.dll
.dll windows:5 windows x86 arch:x86

3af8894d3b1faeb3fb96435d79712bc0

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3a:76:f1:20:45:ac:d7:34:43:5e:bd:ac:56:b4:92:8c:68:da:e0:a3
Signer

Actual PE Digest

3a:76:f1:20:45:ac:d7:34:43:5e:bd:ac:56:b4:92:8c:68:da:e0:a3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\core\dll\obj\i386\SbieDll.pdb

Imports

ntdll

RtlFreeAnsiString
NtAssignProcessToJobObject
LdrGetProcedureAddress
RtlCreateProcessParameters
NtDeviceIoControlFile
_vsnprintf
NtRegisterThreadTerminatePort
NtRequestWaitReplyPort
NtAdjustPrivilegesToken
LdrLoadDll
NtQuerySecurityObject
NtDuplicateObject
NtOpenThread
NtOpenProcess
NtQuerySystemInformation
RtlUnwind
NtQueryVirtualMemory
NtLoadDriver
LdrUnloadDll
NtDeleteKey
NtEnumerateKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtNotifyChangeKey
NtNotifyChangeMultipleKeys
NtSaveKey
NtSetInformationKey
NtCreatePort
NtConnectPort
NtCreateEvent
NtOpenEvent
NtCreateMutant
NtOpenMutant
NtCreateSemaphore
NtOpenSemaphore
NtCreateSection
NtOpenSection
RtlInitString
RtlAnsiStringToUnicodeString
RtlFreeUnicodeString
strchr
sprintf
_stricmp
RtlUnicodeStringToAnsiString
strncmp
wcsncmp
_wtoi
NtQueryAttributesFile
NtSetInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
RtlGetCurrentDirectory_U
RtlGetFullPathName_U
NtDeleteFile
towlower
NtReadFile
NtWriteFile
NtQueryInformationToken
RtlConvertSidToUnicodeString
NtQueryObject
RtlCompareUnicodeString
NtQueryInformationFile
NtCreateFile
NtQueryFullAttributesFile
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
memmove
RtlQueryRegistryValues
NtOpenDirectoryObject
NtSetInformationProcess
NtOpenFile
_wcsicmp
NtQueryDirectoryFile
wcscmp
wcsncpy
RtlCompareMemory
wcschr
_wcslwr
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtProtectVirtualMemory
wcsrchr
wcsstr
NtDeleteValueKey
NtQueryValueKey
NtQueryKey
NtOpenKey
wcscpy
wcscat
RtlInitUnicodeString
NtCreateKey
swprintf
NtSetValueKey
wcslen
NtOpenProcessToken
NtPrivilegeCheck
NtClose
NtSetSecurityObject
_wcsnicmp

kernel32

CreateMutexW
CreateFileMappingW
ReleaseMutex
GetWindowsDirectoryW
HeapDestroy
GlobalFree
GlobalAlloc
GlobalLock
GlobalUnlock
OpenProcess
CreateFileA
FindResourceExW
FormatMessageW
QueueUserWorkItem
GetLongPathNameW
GetFullPathNameW
OpenFileMappingW
MapViewOfFile
CreateThread
GetSystemWindowsDirectoryW
WinExec
CreateProcessA
GetCurrentDirectoryW
GetEnvironmentStringsW
InterlockedIncrement
InterlockedDecrement
GetTickCount
Sleep
CreateEventW
OpenEventW
HeapFree
GetProcessHeap
HeapAlloc
OutputDebugStringW
VirtualFree
RaiseException
SleepEx
GetCommandLineW
LoadLibraryW
FreeLibrary
FindResourceW
FindResourceA
LoadResource
LockResource
OpenThread
GetThreadTimes
GlobalAddAtomW
WideCharToMultiByte
GetModuleFileNameW
SetConsoleTitleA
SetConsoleTitleW
GetCurrentThread
QueueUserAPC
CreateFileW
GetSystemTimeAsFileTime
GetCurrentThreadId
InterlockedExchange
SetEvent
InterlockedCompareExchange
TlsGetValue
TlsSetValue
TlsAlloc
InitializeCriticalSection
DisableThreadLibraryCalls
GetCurrentProcessId
GetCurrentProcess
EnterCriticalSection
VirtualAlloc
LeaveCriticalSection
VirtualProtect
ExitProcess
GetModuleHandleW
ExpandEnvironmentStringsW
CreateProcessW
WaitForSingleObject
CloseHandle
SetLastError
LocalAlloc
LocalFree
GetProcAddress
GetLastError
HeapCreate

Exports

Exports

SbieApi_Log
SbieApi_LogEx
_SbieApi_CallServer@4
_SbieApi_CallZero@4
_SbieApi_CreateDirOrLink@8
_SbieApi_DisableForceProcess@8
_SbieApi_DuplicateObject@20
_SbieApi_EnumBoxes@8
_SbieApi_EnumProcessEx@16
_SbieApi_FreeReply@4
_SbieApi_GetInjectSaveArea@12
_SbieApi_GetLicense@4
_SbieApi_GetSetDeviceMap@4
_SbieApi_GetVersion@4
_SbieApi_GetWork@12
_SbieApi_HookTramp@8
_SbieApi_KillProcess@4
_SbieApi_PortName@0
_SbieApi_QueryBoxPath@28
_SbieApi_QueryConf@20
_SbieApi_QueryPathList@12
_SbieApi_QueryProcess@20
_SbieApi_QueryProcessPath@28
_SbieApi_ReloadConf@4
_SbieApi_RenameFile@16
_SbieApi_SetLicense@8
_SbieApi_SetUserName@8
_SbieApi_StartProcess@16
_SbieDll_AssocQueryCommand@4
_SbieDll_AssocQueryProgram@4
_SbieDll_CanElevateOnVista@0
_SbieDll_DeviceChange@8
_SbieDll_FormatMessage0@4
_SbieDll_FormatMessage1@8
_SbieDll_FormatMessage2@12
_SbieDll_FormatMessage@8
_SbieDll_GetAllUsersPath@0
_SbieDll_GetBoxFilePath@8
_SbieDll_GetDrivePath@4
_SbieDll_GetHandlePath@12
_SbieDll_GetLanguage@4
_SbieDll_GetUserPath@0
_SbieDll_Hook@12
_SbieDll_InitPStore@0
_SbieDll_InitProcess@0
_SbieDll_IsBoxedService@4
_SbieDll_IsDirectory@4
_SbieDll_IsWow64@0
_SbieDll_RunFromHome@16
_SbieDll_StartCOM@0
_SbieDll_StartSbieDrv@4
_SbieDll_StartSbieSvc@4
_SbieDll_TranslateNtToDosPath@4

Sections

.text
Size: 171KB - Virtual size: 170KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieDrv.sys
.sys windows:5 windows x86 arch:x86

941583abe4e5e1c967bb33cb486b15b3

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:1f:c0:31:b8:d7:2f:6a:79:a2:38:49:68:e0:28:a4:fa:45:19:cf
Signer

Actual PE Digest

6b:1f:c0:31:b8:d7:2f:6a:79:a2:38:49:68:e0:28:a4:fa:45:19:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\core\drv\obj\i386\SbieDrv.pdb

Imports

ntoskrnl.exe

_except_handler3
ProbeForWrite
wcslen
ZwClose
ZwSetEvent
ZwOpenEvent
RtlInitUnicodeString
wcsncpy
ExRaiseStatus
IoCreateDevice
IoDeleteDevice
wcscpy
RtlFreeUnicodeString
memmove
wcschr
wcscat
_wcsicmp
KeDelayExecutionThread
RtlQueryRegistryValues
_itow
_wcsnicmp
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlUnicodeStringToInteger
swprintf
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
PsGetVersion
ObfDereferenceObject
ObReferenceObjectByHandle
wcsrchr
ZwQueryValueKey
ZwOpenKey
ZwAdjustPrivilegesToken
ZwDuplicateToken
ZwOpenProcessToken
ZwOpenProcess
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
ZwSetInformationFile
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
MmGetSystemRoutineAddress
KeGetCurrentThread
PsLookupThreadByThreadId
ZwQuerySystemInformation
ZwOpenThread
ZwAllocateVirtualMemory
PsGetCurrentProcessId
ExGetPreviousMode
KeSetTargetProcessorDpc
KeSetImportanceDpc
KeInitializeDpc
KeQueryActiveProcessors
PsGetCurrentThreadId
MmMapLockedPagesSpecifyCache
MmProbeAndLockPages
MmBuildMdlForNonPagedPool
KeServiceDescriptorTable
ZwYieldExecution
ZwAccessCheckAndAuditAlarm
RtlCompareMemory
wcstombs
IoCreateFile
ZwReadFile
wcsstr
_wcslwr
ZwCreateDirectoryObject
ZwQueryInformationProcess
ZwCreateSymbolicLinkObject
wcscmp
ZwLoadKey
ZwUnloadKey
ZwSetValueKey
KeQuerySystemTime
ZwCreateKey
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
DbgPrint
ObOpenObjectByName
ObQueryNameString
RtlCaptureStackBackTrace
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
RtlIntegerToUnicodeString
PsLookupProcessByProcessId
_alldiv
SeTokenIsAdmin
PsReferencePrimaryToken
IoGetCurrentProcess
wcsncmp
ZwQueryInformationToken
ZwFreeVirtualMemory
IoGetRequestorProcessId
ZwSetInformationProcess
NtDuplicateObject
SeSinglePrivilegeCheck
IoThreadToProcess
RtlConvertSidToUnicodeString
ZwOpenThreadToken
ProbeForRead
KeBugCheckEx
KeInsertQueueDpc
IofCompleteRequest

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

.text
Size: 71KB - Virtual size: 70KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 13KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieMsg.dll
.dll windows:5 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8d:23:b2:8f:1d:77:93:ea:28:4b:19:19:9b:aa:a0:58:ed:2f:15:9a
Signer

Actual PE Digest

8d:23:b2:8f:1d:77:93:ea:28:4b:19:19:9b:aa:a0:58:ed:2f:15:9a

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\core\msg\obj\i386\SbieMsg.pdb

Sections

.text
Size: 512B - Virtual size: 151B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieSvc.exe
.exe windows:5 windows x86 arch:x86

0c6b81b6daa1551cb48cbee2821bf7a2

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

67:cd:62:ce:36:35:3a:56:79:ca:65:99:03:af:1b:bb:bf:0c:65:1d
Signer

Actual PE Digest

67:cd:62:ce:36:35:3a:56:79:ca:65:99:03:af:1b:bb:bf:0c:65:1d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\core\svc\obj\i386\SbieSvc.pdb

Imports

msvcrt

memset
wcslen
??2@YAPAXI@Z
??3@YAXPAX@Z
wcscpy
_except_handler3
wcscmp
towlower
_wcsnicmp
_wcslwr
_wcsicmp
wcschr
wcscat
wcsrchr
memcmp
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
__getmainargs
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
memcpy

advapi32

CreateProcessAsUserW
EnumServicesStatusW
QueryServiceConfigW
QueryServiceConfig2W
QueryServiceStatusEx
StartServiceW
CloseServiceHandle
CheckTokenMembership
FreeSid
OpenThreadToken
ConvertStringSidToSidW
LookupAccountSidW
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetEntriesInAclW
SetSecurityDescriptorDacl
OpenSCManagerW
OpenServiceW
ControlService
ReportEventW
OpenEventLogW
RegisterServiceCtrlHandlerExW
SetServiceStatus
StartServiceCtrlDispatcherW

kernel32

GetFileTime
LeaveCriticalSection
FlushFileBuffers
EnterCriticalSection
TerminateProcess
OpenProcess
GetSystemTimeAsFileTime
LocalFree
ProcessIdToSessionId
HeapReAlloc
DeleteFileW
SetEndOfFile
GetStartupInfoA
GetVersionExW
WriteFile
CopyFileW
SetFileAttributesW
GetFileAttributesW
GetTickCount
GetWindowsDirectoryW
GetSystemWindowsDirectoryW
CancelIo
GetProcAddress
LoadLibraryW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
GetCurrentThread
SetUnhandledExceptionFilter
SleepEx
InterlockedCompareExchange
VirtualAlloc
ExitProcess
RaiseException
VirtualFree
OutputDebugStringW
GetLastError
QueueUserWorkItem
Sleep
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
GetCurrentProcess
HeapDestroy
HeapCreate
SetLastError
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
CreateEventW
WaitForMultipleObjects
TerminateThread
WaitForSingleObject
SetEvent
InterlockedExchange
CreateThread
InterlockedIncrement
SetThreadPriority
GetTempPathW
InitializeCriticalSection
CreateFileW
UnhandledExceptionFilter

user32

wsprintfW

ntdll

NtOpenThreadToken
NtOpenProcessToken
NtQueryInformationToken
NtFilterToken
NtDuplicateToken
NtSetInformationThread
NtQueryDirectoryFile
NtQueryInformationFile
NtReadFile
NtWriteFile
NtClose
NtCreatePort
NtQueryFullAttributesFile
NtCreateFile
NtSetInformationFile
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtLoadDriver
NtImpersonateClientOfPort
NtAcceptConnectPort
NtCompleteConnectPort
NtReplyWaitReceivePort
RtlInitUnicodeString

setupapi

SetupDiClassNameFromGuidExW
SetupDiBuildClassInfoList
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList
CM_Get_Device_Interface_ListA
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeA
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_Alias_ExW

crypt32

CryptProtectData
CryptUnprotectData

wintrust

CryptCATAdminCalcHashFromFileHandle

ole32

CoTaskMemFree

sbiedll

_SbieApi_PortName@0
SbieApi_Log
_SbieApi_CallZero@4
_SbieApi_GetVersion@4
_SbieApi_GetWork@12
SbieApi_LogEx
_SbieApi_EnumProcessEx@16
_SbieApi_SetUserName@8
_SbieApi_QueryProcess@20
_SbieApi_QueryConf@20
_SbieApi_ReloadConf@4
_SbieDll_RunFromHome@16
_SbieApi_QueryProcessPath@28

Sections

.text
Size: 46KB - Virtual size: 45KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Start.exe
.exe windows:5 windows x86 arch:x86

c607003a46e17e5ab247ad5b9ac6460a

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f9:16:65:a8:72:99:f8:51:81:de:22:0e:f2:c2:25:5a:eb:7d:eb:cf
Signer

Actual PE Digest

f9:16:65:a8:72:99:f8:51:81:de:22:0e:f2:c2:25:5a:eb:7d:eb:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\start\obj\i386\Start.pdb

Imports

advapi32

SetThreadToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CreateProcessAsUserW

kernel32

ExpandEnvironmentStringsW
HeapAlloc
GetProcessHeap
ExitProcess
GetCommandLineW
MapViewOfFile
FindClose
FindNextFileW
FindFirstFileW
HeapDestroy
HeapCreate
HeapFree
GetSystemWindowsDirectoryW
GetFullPathNameW
GetSystemTimeAsFileTime
GetExitCodeProcess
WaitForSingleObject
GetModuleFileNameW
RemoveDirectoryW
CreateProcessW
GetModuleHandleW
OpenMutexW
CloseHandle
Sleep
GetStdHandle
WriteFile
SetLastError
GetLastError
LocalFree
FormatMessageW

gdi32

SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
GetObjectW
CreateFontIndirectW
SetBkColor
SetTextColor

user32

SetMenuInfo
EndDialog
SetFocus
KillTimer
ShowWindow
SendDlgItemMessageW
SetTimer
EnableWindow
GetDlgItem
SendMessageW
SetWindowPos
DialogBoxParamW
LoadImageW
CreateWindowExW
GetWindowInfo
GetWindowRect
SetWindowTextW
GetWindowTextW
GetClientRect
GetDesktopWindow
DestroyIcon
DrawIconEx
GetDC
CreateMenu
InsertMenuItemW
GetSysColorBrush
wsprintfW
MessageBoxW
GetMenuItemCount
CreatePopupMenu
TrackPopupMenu
DestroyWindow
DestroyMenu
GetSysColor

ntdll

RtlUnwind
NtQueryVirtualMemory
NtTerminateProcess
NtQueryInformationFile
NtCreateFile
NtSetInformationFile
RtlNtStatusToDosError
wcscmp
wcscat
iswctype
_wcsicmp
wcsncmp
_wtoi
wcsrchr
memmove
wcslen
wcsncpy
RtlInitUnicodeString
NtOpenDirectoryObject
NtQueryObject
NtClose
towlower
sprintf
_wcsnicmp
_chkstk
wcscpy
NtTerminateThread

shlwapi

SHAutoComplete
AssocQueryStringW

shell32

SHGetFolderPathW
ExtractIconExW
ShellExecuteExW

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize

comdlg32

GetOpenFileNameW

comctl32

InitCommonControlsEx

sbiedll

_SbieDll_StartCOM@0
SbieApi_Log
_SbieApi_GetSetDeviceMap@4
_SbieApi_StartProcess@16
_SbieDll_InitProcess@0
_SbieApi_QueryProcess@20
_SbieDll_RunFromHome@16
_SbieDll_FormatMessage0@4
_SbieApi_CallServer@4
_SbieDll_StartSbieSvc@4
_SbieDll_StartSbieDrv@4
_SbieApi_QueryConf@20
_SbieApi_FreeReply@4
_SbieApi_EnumProcessEx@16
_SbieApi_SetLicense@8
_SbieDll_FormatMessage@8
_SbieDll_GetLanguage@4
_SbieDll_CanElevateOnVista@0
_SbieApi_KillProcess@4
_SbieApi_ReloadConf@4
_SbieDll_FormatMessage1@8
_SbieDll_InitPStore@0
_SbieDll_IsDirectory@4
_SbieDll_GetBoxFilePath@8
_SbieApi_EnumBoxes@8

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/SafeMode/Install/4399sandbox_win7.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

98:96:df:b4:60:1c:f1:d8:57:b4:bb:be:3b:e5:c2:19:20:6e:6f:c4
Signer

Actual PE Digest

98:96:df:b4:60:1c:f1:d8:57:b4:bb:be:3b:e5:c2:19:20:6e:6f:c4

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 24KB - Virtual size: 23KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

b1cd0d78f652ce5fc63f0879371af012

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

SetCurrentDirectoryA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileIntA
GlobalLock
GetModuleHandleA
lstrcmpiA
GetPrivateProfileStringA
lstrcatA
lstrcpynA
WritePrivateProfileStringA
lstrlenA
lstrcpyA
GlobalFree
GlobalUnlock
GlobalAlloc

user32

MapWindowPoints
GetDlgCtrlID
CloseClipboard
GetClipboardData
OpenClipboard
PtInRect
SetWindowRgn
LoadIconA
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
EnableMenuItem
GetSystemMenu
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
LoadCursorA
SetCursor
DrawTextA
GetWindowLongA
DrawFocusRect
CallWindowProcA
PostMessageA
MessageBoxA
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetClientRect

gdi32

SetTextColor
CreateCompatibleDC
GetObjectA
GetDIBits
CreateRectRgn
CombineRgn
DeleteObject
SelectObject

shell32

SHBrowseForFolderA
SHGetDesktopFolder
SHGetPathFromIDListA
ShellExecuteA

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallType.ini
$PLUGINSDIR/KmdUtil.exe
.exe windows:5 windows x86 arch:x86

611d917a938d9ceec280707166252976

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

45:49:ef:1b:0c:c4:cf:e2:b3:ff:7d:f5:8b:86:d5:5c:bb:b9:9f:39
Signer

Actual PE Digest

45:49:ef:1b:0c:c4:cf:e2:b3:ff:7d:f5:8b:86:d5:5c:bb:b9:9f:39

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\install\kmdutil\obj\i386\KmdUtil.pdb

Imports

msvcrt

_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
_controlfp
exit
_XcptFilter
_exit
_c_exit
wcscat
_wtoi
_wcsicmp
_wcsnicmp
_acmdln
swprintf
wcscpy
wcsrchr
_cexit
wcslen

advapi32

OpenProcessToken
AdjustTokenPrivileges
OpenSCManagerW
ControlService
StartServiceW
RegCreateKeyExW
RegSetValueExW
CreateServiceW
RegCloseKey
RegDeleteKeyW
OpenServiceW
DeleteService
RegOpenKeyExW
LookupPrivilegeValueW

kernel32

GetProcessHeap
HeapAlloc
OpenProcess
ProcessIdToSessionId
HeapFree
GetCurrentProcessId
CloseHandle
Sleep
GetCommandLineW
GetLastError
GetModuleFileNameW
ExitProcess
QueryPerformanceCounter
GetTickCount
GetCurrentThreadId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
SetLastError
LocalAlloc
FormatMessageW
GetCurrentProcess
LoadLibraryW

user32

MessageBoxW

ntdll

NtClose
RtlInitUnicodeString
NtOpenFile
NtDeviceIoControlFile
NtUnloadDriver

shell32

CommandLineToArgvW

psapi

EnumProcessModules
EnumProcesses
GetModuleBaseNameW

Sections

.text
Size: 10KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 860B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/SbieMsg.dll
.dll windows:5 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:42:46:d5:87:52:22:8c:e4:e1:f9:8b:7b:8f:77:0a:80:52:c0:93
Signer

Actual PE Digest

7c:42:46:d5:87:52:22:8c:e4:e1:f9:8b:7b:8f:77:0a:80:52:c0:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\msgs\obj\i386\SbieMsg.pdb

Sections

.text
Size: 512B - Virtual size: 147B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/Warning.ini
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
LICENSE.TXT
SandboxieBITS.exe
.exe windows:5 windows x86 arch:x86

fc5c6a259e801b01205c65961ee7657a

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bb:22:5b:7c:6d:0e:e6:b8:93:44:1c:36:c6:6c:9d:ed:a3:5c:a3:e2
Signer

Actual PE Digest

bb:22:5b:7c:6d:0e:e6:b8:93:44:1c:36:c6:6c:9d:ed:a3:5c:a3:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\bits\obj\i386\SandboxieBITS.pdb

Imports

msvcrt

__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
_except_handler3
_acmdln
exit
_cexit
_XcptFilter
_controlfp
swprintf
__getmainargs
_exit
_c_exit
wcscpy
wcscat

advapi32

StartServiceCtrlDispatcherW
AccessCheckByType
LogonUserW
DuplicateTokenEx
SetThreadToken
OpenProcessToken

kernel32

QueryPerformanceCounter
SuspendThread
GetTickCount
GetCurrentProcess
GetModuleHandleW
GetProcAddress
GetCurrentThreadId
GetCurrentProcessId
GetSystemTimeAsFileTime
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
GetProcessHeap
SetEvent
CreateEventW
OpenEventW
Sleep
SetLastError
GetCurrentThread
LoadLibraryW
CloseHandle
HeapAlloc
CreateThread

user32

wsprintfW
MessageBoxW

ole32

CoImpersonateClient

wtsapi32

WTSQueryUserToken

sbiedll

SbieApi_Log
_SbieDll_Hook@12

Sections

.text
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 928B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieCrypto.exe
.exe windows:5 windows x86 arch:x86

efa0a04887011a5d8a2dee30998b3df9

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

10:59:5f:b5:17:66:86:4d:26:12:e2:72:09:dc:72:62:ab:91:1f:c0
Signer

Actual PE Digest

10:59:5f:b5:17:66:86:4d:26:12:e2:72:09:dc:72:62:ab:91:1f:c0

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\crypto\obj\i386\SandboxieCrypto.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
__setusermatherr
_exit
_c_exit
wcscpy
wcscat
swprintf

advapi32

DuplicateToken
AccessCheckByType
SetThreadToken
StartServiceCtrlDispatcherW
OpenProcessToken
GetTokenInformation

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetCurrentProcessId
SuspendThread
GetCurrentThread
TlsAlloc
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
Sleep
SetLastError
CreateThread
GetProcAddress
GetModuleHandleW
TlsSetValue
DuplicateHandle
LoadLibraryW
CloseHandle
OpenEventW
GetLastError
HeapAlloc
GetProcessHeap
SetEvent
CreateEventW
TlsGetValue

user32

MessageBoxW
wsprintfW

sbiedll

SbieApi_Log
_SbieDll_Hook@12

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieDcomLaunch.exe
.exe windows:5 windows x86 arch:x86

d6b96f8a15114c1f38edc9f081763301

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8c:66:85:dc:5b:f4:67:8f:bf:0a:a1:10:9f:ed:60:89:e1:0c:39:60
Signer

Actual PE Digest

8c:66:85:dc:5b:f4:67:8f:bf:0a:a1:10:9f:ed:60:89:e1:0c:39:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\dcomlaunch\obj\i386\SandboxieDcomLaunch.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
_initterm
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
__setusermatherr
_wcsicmp
swprintf
wcscat
_exit
_c_exit
wcscpy
wcscmp

advapi32

DuplicateToken
SetServiceStatus
OpenServiceW
CloseServiceHandle
QueryServiceStatus
StartServiceW
ControlService
AccessCheckByType
SetThreadToken
StartServiceCtrlDispatcherW
QueryServiceStatusEx
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
SuspendThread
GetCurrentProcessId
CreateFileMappingW
TlsAlloc
TlsGetValue
GetSystemTimeAsFileTime
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
HeapFree
GetStartupInfoA
OpenEventW
Sleep
SetLastError
CreateThread
GetProcAddress
GetModuleHandleW
GetCurrentThread
LoadLibraryW
GetVersionExW
CloseHandle
LocalFree
CreateEventW
GetLastError
OpenProcess
HeapAlloc
GetProcessHeap
SetEvent
TlsSetValue

user32

MessageBoxW
wsprintfW

ntdll

NtSetInformationProcess
RtlAdjustPrivilege

sbiedll

_SbieApi_EnumProcessEx@16
_SbieDll_IsBoxedService@4
_SbieDll_StartBoxedService@8
SbieApi_Log
_SbieDll_Hook@12
_SbieApi_QueryProcess@20

Sections

.text
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 944B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieRpcSs.exe
.exe windows:5 windows x86 arch:x86

b0a7a7dd5407869426a7a8266044c280

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

c4:cf:eb:ed:52:e6:31:3d:67:6f:e9:9a:b5:f2:50:04:2b:8b:0f:48
Signer

Actual PE Digest

c4:cf:eb:ed:52:e6:31:3d:67:6f:e9:9a:b5:f2:50:04:2b:8b:0f:48

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\rpcss\obj\i386\SandboxieRpcSs.pdb

Imports

msvcrt

__setusermatherr
_initterm
__getmainargs
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_wcsicmp
swprintf
wcscmp
_except_handler3
_controlfp
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
wcslen
wcscpy
wcscat

advapi32

OpenThreadToken
SetServiceStatus
OpenServiceW
CloseServiceHandle
QueryServiceStatus
StartServiceW
ControlService
RegOpenKeyExW
RegQueryValueExW
AccessCheckByType
SetThreadToken
DuplicateToken
StartServiceCtrlDispatcherW
QueryServiceStatusEx
OpenProcessToken
GetTokenInformation
ConvertSidToStringSidW

kernel32

GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
GetSystemTimeAsFileTime
ExitProcess
CreateFileMappingW
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
Sleep
SetLastError
GetProcessHeap
CreateThread
GetProcAddress
GetModuleHandleW
TlsSetValue
TlsGetValue
TlsAlloc
WaitForSingleObject
CreateMutexW
GetCurrentProcessId
LoadLibraryW
GetVersionExW
CloseHandle
LocalFree
HeapFree
GetLastError
OpenProcess
HeapAlloc
OpenEventW
SetEvent
CreateEventW
OpenMutexW

user32

wsprintfW
MessageBoxW

ntdll

NtSetInformationProcess
RtlAdjustPrivilege

ws2_32

WSASetLastError
WSASocketW
listen
bind
WSAStartup

sbiedll

_SbieApi_QueryProcess@20
_SbieApi_EnumProcessEx@16
_SbieDll_IsBoxedService@4
_SbieDll_StartBoxedService@8
SbieApi_Log
_SbieDll_Hook@12
_SbieDll_IsOpenCOM@0
_SbieDll_KillOne@4
_SbieDll_ExpandAndRunProgram@4
_SbieApi_QueryConf@20

Sections

.text
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SandboxieWUAU.exe
.exe windows:5 windows x86 arch:x86

5592dfcfc9f7d9b79b28c03dbd5f5412

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

bf:75:20:b4:52:4a:0a:56:ed:e7:5c:33:b7:25:93:7f:58:1a:62:95
Signer

Actual PE Digest

bf:75:20:b4:52:4a:0a:56:ed:e7:5c:33:b7:25:93:7f:58:1a:62:95

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\com\wuau\obj\i386\SandboxieWUAU.pdb

Imports

msvcrt

_controlfp
_except_handler3
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
__getmainargs
_acmdln
exit
_cexit
_XcptFilter
_exit
_c_exit
_initterm
wcschr
_wcsnicmp
wcscpy
wcscat
swprintf
_wcsicmp
wcscmp

advapi32

GetTokenInformation
AccessCheckByType
StartServiceCtrlDispatcherW
OpenProcessToken
ConvertSidToStringSidW

kernel32

GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
TerminateProcess
SuspendThread
GetCurrentThread
GetModuleHandleW
GetProcAddress
CreateThread
GetCurrentProcess
CloseHandle
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
HeapAlloc
GetProcessHeap
SetEvent
CreateEventW
OpenEventW
Sleep
CreateProcessW
LoadLibraryW
GetVersionExW
OpenProcess
LocalFree
HeapFree
GetLastError
SetLastError

user32

MessageBoxW
wsprintfW

sbiedll

_SbieApi_EnumProcessEx@16
SbieApi_Log
_SbieDll_Hook@12
_SbieApi_QueryProcess@20

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SbieCtrl.exe
.exe windows:5 windows x86 arch:x86

ef4d19b91d885ebf5ab257f2e4098b67

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

44:43:d1:e1:3d:af:d3:85:f3:d8:b5:51:08:20:01:8e:a0:58:86:6d
Signer

Actual PE Digest

44:43:d1:e1:3d:af:d3:85:f3:d8:b5:51:08:20:01:8e:a0:58:86:6d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\control\obj\i386\SbieCtrl.pdb

Imports

mfc42u

ord491
ord5426
ord6193
ord5856
ord1165
ord772
ord5602
ord500
ord5977
ord1662
ord2644
ord5949
ord6563
ord5945
ord3356
ord3090
ord5947
ord3658
ord3621
ord2406
ord3566
ord1634
ord1633
ord5781
ord2858
ord2371
ord6051
ord1768
ord5286
ord3393
ord4418
ord3728
ord567
ord810
ord2966
ord5755
ord6188
ord5752
ord6182
ord4324
ord6185
ord6168
ord5869
ord5785
ord5790
ord5674
ord5732
ord5575
ord5567
ord6057
ord5860
ord3591
ord640
ord6190
ord6017
ord323
ord4266
ord4532
ord2115
ord3282
ord3291
ord6266
ord3909
ord1084
ord4688
ord3749
ord5142
ord3016
ord4847
ord6376
ord2078
ord326
ord4270
ord3737
ord818
ord2144
ord773
ord6373
ord5603
ord3614
ord4215
ord2576
ord3649
ord1637
ord1143
ord5677
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord3396
ord4616
ord3733
ord561
ord815
ord2430
ord2613
ord5568
ord2910
ord4237
ord4718
ord2715
ord2382
ord3054
ord5094
ord5097
ord4461
ord4298
ord3345
ord5006
ord975
ord5468
ord3398
ord2874
ord2873
ord4146
ord4072
ord5278
ord2641
ord1658
ord4430
ord5248
ord4421
ord3618
ord674
ord3865
ord2455
ord1135
ord2447
ord2550
ord366
ord1105
ord6278
ord291
ord2757
ord910
ord2574
ord4396
ord3635
ord693
ord2857
ord4238
ord697
ord395
ord4181
ord6896
ord3281
ord3905
ord6688
ord686
ord3991
ord2445
ord2088
ord384
ord2092
ord5625
ord3431
ord4118
ord2855
ord3397
ord3716
ord795
ord2567
ord4390
ord3569
ord609
ord1764
ord6362
ord2405
ord2016
ord4214
ord2573
ord4395
ord3634
ord692
ord6316
ord3084
ord5639
ord2070
ord2091
ord2108
ord4282
ord4279
ord6867
ord6865
ord6238
ord1644
ord5597
ord913
ord1172
ord700
ord398
ord3434
ord2776
ord912
ord699
ord397
ord3433
ord5589
ord4192
ord909
ord3638
ord696
ord3930
ord394
ord5586
ord3430
ord4180
ord3568
ord5706
ord283
ord5871
ord4128
ord4292
ord2746
ord2836
ord2099
ord4199
ord5446
ord6390
ord5436
ord6379
ord613
ord3490
ord4078
ord1834
ord289
ord3688
ord2705
ord3995
ord6004
ord2579
ord4400
ord3389
ord3724
ord804
ord6777
ord4254
ord1900
ord1683
ord2520
ord5284
ord4433
ord2046
ord4425
ord771
ord497
ord2400
ord6868
ord2606
ord6655
ord4120
ord3470
ord3285
ord3298
ord5845
ord2876
ord6451
ord2877
ord6437
ord1258
ord2111
ord1761
ord4709
ord2629
ord1230
ord5784
ord472
ord755
ord470
ord2036
ord2440
ord1569
ord6279
ord2634
ord926
ord860
ord6024
ord768
ord4253
ord2854
ord414
ord3979
ord713
ord3657
ord5817
ord5600
ord5855
ord5617
ord859
ord927
ord6654
ord539
ord501
ord1083
ord536
ord4273
ord941
ord715
ord415
ord1085
ord1081
ord1008
ord3312
ord6565
ord4124
ord5616
ord924
ord6211
ord3871
ord2756
ord5605
ord2769
ord2010
ord3694
ord4829
ord5283
ord4371
ord4352
ord4942
ord4970
ord4899
ord5154
ord5156
ord5155
ord823
ord5618
ord542
ord3798
ord802
ord5679
ord4272
ord2755
ord942
ord4197
ord3087
ord6195
ord535
ord540
ord2810
ord537
ord922
ord940
ord925
ord825
ord2637
ord324
ord538
ord861
ord858
ord800
ord641
ord3592
ord4419
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5276
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1767
ord4073
ord6048
ord2506
ord4992
ord4370
ord5261
ord4229
ord2859
ord3133
ord4219
ord4294
ord5830

msvcrt

towupper
memcmp
_wcsicmp
_wcsnicmp
wcscmp
wcscpy
wcscat
wcstol
towlower
free
malloc
__setusermatherr
_adjust_fdiv
__p__fmode
__p__commode
__set_app_type
_except_handler3
??1type_info@@UAE@XZ
__CxxFrameHandler
memset
memcpy
wcslen
_controlfp
?terminate@@YAXXZ
_onexit
_initterm
swprintf
wcsrchr
_wtoi64
wcsncpy
exit
_wtoi
wcsncmp
wcschr
time
wcsstr
memmove
_wcslwr
atof
strchr
toupper
_purecall
__RTDynamicCast
_c_exit
_exit
_XcptFilter
_cexit
_wcmdln
__wgetmainargs
__dllonexit

advapi32

LsaClose
LsaOpenPolicy
LsaQueryInformationPolicy
LsaFreeMemory
OpenSCManagerW
EnumServicesStatusW
CloseServiceHandle
RegDeleteKeyW
CloseEventLog
ReadEventLogW
OpenEventLogW
RegCloseKey
RegEnumValueW
RegOpenKeyW
RegDeleteValueW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegCreateKeyExW

kernel32

GetLastError
RemoveDirectoryW
MoveFileW
CreateDirectoryW
FindClose
FindNextFileW
FindFirstFileW
ExpandEnvironmentStringsW
GetProcAddress
LoadLibraryW
CreateFileW
GetDriveTypeW
GetModuleFileNameW
DeleteFileW
CopyFileW
UnmapViewOfFile
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetTickCount
GetSystemTimeAsFileTime
OpenEventW
Sleep
GetModuleHandleW
InterlockedDecrement
InterlockedIncrement
GlobalUnlock
GlobalFree
GlobalLock
GlobalAlloc
LockResource
LoadResource
SizeofResource
FindResourceW
LocalAlloc
GetCurrentThreadId
LocalFree
GetFileAttributesW
HeapFree
HeapAlloc
GetProcessHeap
CloseHandle
GetFileTime
GetWindowsDirectoryW
GetCurrentProcessId
CreateThread
GetShortPathNameW
ProcessIdToSessionId
GetVersionExW
CreateMutexW
OpenMutexW
GetCommandLineW
GetSystemWindowsDirectoryW
WaitForSingleObject
MapViewOfFile
CreateFileMappingW
WriteFile
GetTempPathW
GetProcessTimes
OpenProcess
FreeLibrary
TerminateProcess
QueryPerformanceCounter

gdi32

GetCurrentObject
SetTextColor
GetClipBox
CreateFontIndirectW
GetObjectW
CreatePen
GetTextMetricsW
GetPixel
Rectangle
CreatePatternBrush
GetStockObject
Ellipse
BitBlt
Escape
ExtTextOutW
TextOutW
RectVisible
PtVisible
PatBlt
LPtoDP
DPtoLP
GetWindowExtEx
GetViewportExtEx
GetMapMode
CreateSolidBrush
CreatePolygonRgn
CreateCompatibleDC
CreateCompatibleBitmap
SetPixel
DeleteDC
SelectObject
GetTextExtentPoint32W
DeleteObject
GetTextColor

user32

LoadBitmapW
DestroyCursor
GetWindowLongW
SendMessageW
UnhookWindowsHookEx
SetCursor
ReleaseCapture
GetParent
CallNextHookEx
PostMessageW
IsWindowVisible
PtInRect
EnumChildWindows
WindowFromPoint
CallWindowProcW
SetWindowsHookExW
SetCapture
SetWindowLongW
SetWindowPos
MoveWindow
GetDC
CreateWindowExW
SetFocus
ScreenToClient
GetDlgItem
SetWindowTextW
ShowWindow
GetDlgCtrlID
GetWindow
SendDlgItemMessageW
MessageBoxW
LoadCursorW
GetWindowRect
SetWindowRgn
SetClassLongW
GetMonitorInfoW
MonitorFromWindow
GetCursorPos
GetAsyncKeyState
GetWindowThreadProcessId
GetForegroundWindow
KillTimer
SetTimer
SetLayeredWindowAttributes
RegisterClassExW
LoadIconW
DefWindowProcW
CopyRect
EnableMenuItem
GetSubMenu
BeginPaint
EndPaint
UpdateWindow
InvalidateRect
TabbedTextOutW
DrawTextW
GrayStringW
GetMessagePos
SetForegroundWindow
DispatchMessageW
TranslateMessage
GetMessageW
OpenClipboard
CloseClipboard
SetClipboardData
EmptyClipboard
GetMenuItemCount
LoadMenuW
MsgWaitForMultipleObjects
PeekMessageW
SetMenuItemInfoW
GetMenuItemInfoW
RegisterWindowMessageW
SystemParametersInfoW
FindWindowW
CreatePopupMenu
DeleteMenu
AppendMenuW
SetMenuDefaultItem
GetMenuItemID
GetMenuStringW
InsertMenuW
ModifyMenuW
GetMenu
SetMenu
PostQuitMessage
wsprintfW
GetSystemMetrics
GetKeyState
FindWindowExW
GetClassNameW
EnumWindows
DestroyIcon
DrawStateW
GetSysColor
GetMenuItemRect
IsMenu
IsRectEmpty
GetDesktopWindow
IsWindow
GetSysColorBrush
GetIconInfo
GetClientRect
ClientToScreen
OffsetRect
GetWindowDC
SetRect
InvertRect
ReleaseDC
DestroyWindow
EnableWindow

ntdll

NtQueryDirectoryFile
NtCreateFile
NtClose
NtQueryDirectoryObject
NtOpenDirectoryObject
RtlInitUnicodeString
NtOpenKey

psapi

GetModuleFileNameExW

shell32

SHFileOperationW
ShellExecuteExW
DragQueryFileW
Shell_NotifyIconW
SHBrowseForFolderW
SHGetPathFromIDListW
ord165
SHGetFolderPathW
ExtractIconExW
ShellExecuteW

comctl32

ImageList_ReplaceIcon
ImageList_SetBkColor
ImageList_Draw
ImageList_GetIcon
ImageList_GetImageCount
ImageList_GetImageInfo
ImageList_Remove

comdlg32

ChooseColorW
GetOpenFileNameW

gdiplus

GdiplusStartup
GdipDisposeImage
GdipCreateHBITMAPFromBitmap
GdipCreateBitmapFromStream

wininet

InternetOpenUrlW
InternetReadFile
InternetCloseHandle
InternetOpenW

ole32

CoInitialize
CreateClassMoniker
GetRunningObjectTable
CoTaskMemFree
CreateStreamOnHGlobal
CoCreateInstance

sbiedll

_SbieApi_GetWork@12
_SbieDll_GetStartError@0
_SbieDll_StartSbieSvc@4
_SbieApi_CallServer@4
_SbieApi_FreeReply@4
_SbieApi_GetVersion@4
_SbieDll_StartSbieDrv@4
_SbieDll_FormatMessage0@4
_SbieDll_FormatMessage1@8
_SbieApi_EnumBoxes@8
_SbieApi_MonitorControl@8
_SbieDll_KillAll@8
_SbieApi_QueryConf@20
_SbieApi_QueryBoxPath@28
_SbieDll_TranslateNtToDosPath@4
_SbieDll_GetAllUsersPath@0
_SbieDll_GetUserPath@0
_SbieDll_GetDrivePath@4
_SbieApi_EnumProcessEx@16
_SbieApi_QueryProcess@20
_SbieApi_DisableForceProcess@8
SbieApi_Log
_SbieApi_MonitorGet@8
_SbieDll_GetLanguage@4
_SbieDll_RunFromHome@16
_SbieApi_CallZero@4
_SbieDll_DeviceChange@8
_SbieDll_GetTokenElevationType@0
_SbieDll_KillOne@4
_SbieDll_FormatMessage2@12
_SbieDll_FormatMessage@8
_SbieApi_ReloadConf@4
_SbieApi_GetLicense@4
_SbieApi_SetLicense@8

Sections

.text
Size: 262KB - Virtual size: 261KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 113KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
SbieDll.dll
.dll windows:5 windows x86 arch:x86

229356de0d1de4c184c5815a36180332

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7a:19:4e:a3:a0:f4:76:48:64:6b:da:cd:51:b7:6c:03:80:e7:88:98
Signer

Actual PE Digest

7a:19:4e:a3:a0:f4:76:48:64:6b:da:cd:51:b7:6c:03:80:e7:88:98

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\core\dll\obj\i386\SbieDll.pdb

Imports

ntdll

NtQueryInformationProcess
RtlConvertSidToUnicodeString
NtSetInformationProcess
_strnicmp
NtOpenProcess
wcscmp
RtlUnwind
NtQueryVirtualMemory
NtOpenThread
NtDuplicateObject
NtQuerySecurityObject
NtSetSecurityObject
NtSetInformationToken
NtAdjustPrivilegesToken
NtRequestWaitReplyPort
NtRegisterThreadTerminatePort
sprintf
_vsnprintf
RtlCreateProcessParameters
LdrGetProcedureAddress
RtlFreeAnsiString
LdrLoadDll
LdrUnloadDll
NtLoadDriver
NtMapViewOfSection
NtFlushInstructionCache
LdrQueryProcessModuleInformation
NtRaiseHardError
NtProtectVirtualMemory
NtDeleteKey
NtEnumerateValueKey
NtQueryMultipleValueKey
NtNotifyChangeKey
NtNotifyChangeMultipleKeys
NtSaveKey
NtLoadKey
NtSetInformationKey
NtCreatePort
NtConnectPort
NtImpersonateClientOfPort
NtCreateEvent
NtOpenEvent
NtCreateMutant
NtOpenMutant
NtCreateSemaphore
NtOpenSemaphore
NtCreateSection
NtOpenSection
NtOpenThreadToken
NtSetInformationThread
NtOpenProcessToken
NtDuplicateToken
NtQueryInformationToken
NtOpenDirectoryObject
RtlUnicodeStringToAnsiString
RtlInitString
RtlAnsiStringToUnicodeString
strncmp
strchr
NtQueryAttributesFile
NtQueryInformationFile
NtSetInformationFile
NtCreateNamedPipeFile
NtCreateMailslotFile
NtFsControlFile
RtlGetCurrentDirectory_U
RtlSetCurrentDirectory_U
RtlGetFullPathName_U
NtQueryVolumeInformationFile
NtDeleteFile
NtQuerySystemInformation
NtReadFile
NtWriteFile
RtlQueryRegistryValues
NtDeviceIoControlFile
NtCreateFile
NtQueryFullAttributesFile
NtQueryObject
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
_wtoi
NtOpenFile
NtQueryDirectoryFile
RtlCompareUnicodeString
wcsncpy
_wcslwr
RtlFreeUnicodeString
RtlCreateAcl
RtlAddAccessAllowedAceEx
RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
_wcsicmp
wcsstr
wcsrchr
iswctype
NtEnumerateKey
NtDeleteValueKey
NtQueryKey
NtOpenKey
NtCreateKey
NtClose
NtSetValueKey
towlower
wcsncmp
wcscat
wcschr
swprintf
_itow
wcscpy
wcslen
memmove
RtlInitUnicodeString
NtQueryValueKey
isspace
_wcsnicmp

kernel32

CreateMutexW
ReleaseMutex
GetWindowsDirectoryW
HeapDestroy
GlobalSize
GetTempPathW
CreateDirectoryW
GlobalFree
WriteFile
GlobalAlloc
GlobalLock
GlobalUnlock
SearchPathW
CreateFileA
CreateFileMappingW
MapViewOfFileEx
UnmapViewOfFile
ReadFile
GetVersionExW
FormatMessageW
SetLocaleInfoW
SetLocaleInfoA
OpenProcess
GetLongPathNameW
GetFileAttributesW
MapViewOfFile
OpenFileMappingW
WinExec
CreateProcessA
GetCurrentDirectoryW
GetEnvironmentStringsW
LoadLibraryA
InterlockedExchange
GetSystemInfo
SetThreadPriority
ResumeThread
OpenEventW
HeapFree
GetProcessHeap
HeapAlloc
VirtualFree
VirtualAlloc
GetConsoleWindow
SetConsoleTitleA
SetConsoleTitleW
GetConsoleTitleA
GetConsoleTitleW
CreateEventW
CreateThread
WaitForMultipleObjects
FindResourceW
FindResourceA
LoadResource
LockResource
GetCurrentThreadId
OpenThread
GetThreadTimes
GlobalAddAtomW
WideCharToMultiByte
WaitNamedPipeW
MoveFileWithProgressW
TryEnterCriticalSection
CreateFileW
GetCurrentThread
QueueUserAPC
GetSystemTimeAsFileTime
GetSystemWindowsDirectoryW
InitializeCriticalSection
GetTickCount
GetEnvironmentVariableW
SetEnvironmentVariableW
SetEvent
InterlockedCompareExchange
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
TlsGetValue
TlsSetValue
TlsAlloc
GetCurrentProcessId
VirtualProtect
GetCurrentProcess
GetCommandLineW
Sleep
ExitProcess
GetModuleFileNameW
SetCurrentDirectoryW
GetFullPathNameW
GetPrivateProfileStringW
CreateProcessW
WaitForSingleObject
CloseHandle
LocalAlloc
LocalFree
InterlockedDecrement
InterlockedIncrement
ExpandEnvironmentStringsW
RaiseException
FreeLibrary
OutputDebugStringW
GetModuleHandleW
GetProcAddress
LoadLibraryW
SetLastError
GetLastError
HeapCreate

Exports

Exports

SbieApi_CheckInternetAccess
SbieApi_DisableForceProcess
SbieApi_EnumBoxes
SbieApi_EnumProcessEx
SbieApi_GetFileName
SbieApi_GetVersion
SbieApi_Log
SbieApi_LogEx
SbieApi_QueryBoxPath
SbieApi_QueryConf
SbieApi_QueryPathList
SbieApi_QueryProcess
SbieApi_QueryProcessPath
SbieApi_ReloadConf
SbieDll_Hook
SbieDll_KillAll
SbieDll_KillOne
SbieDll_RegisterDllCallback
SbieDll_StartBoxedService
_SbieApi_CallServer@4
_SbieApi_CallZero@4
_SbieApi_CheckInternetAccess@12
_SbieApi_DisableForceProcess@8
_SbieApi_EnumBoxes@8
_SbieApi_EnumProcessEx@16
_SbieApi_FreeReply@4
_SbieApi_GetFileName@12
_SbieApi_GetLicense@4
_SbieApi_GetUnmountHive@4
_SbieApi_GetVersion@4
_SbieApi_GetWork@12
_SbieApi_HookTramp@8
_SbieApi_MonitorControl@8
_SbieApi_MonitorGet@8
_SbieApi_MonitorPut@8
_SbieApi_PortName@0
_SbieApi_QueryBoxPath@28
_SbieApi_QueryConf@20
_SbieApi_QueryPathList@12
_SbieApi_QueryProcess@20
_SbieApi_QueryProcessPath@28
_SbieApi_ReloadConf@4
_SbieApi_SetLicense@8
_SbieApi_SetLsaAuthPkg@8
_SbieApi_SetUserName@8
_SbieApi_StartProcess@8
_SbieDll_AssocQueryCommand@4
_SbieDll_AssocQueryProgram@4
_SbieDll_ComCreateProxy@16
_SbieDll_ComCreateStub@16
_SbieDll_DeviceChange@8
_SbieDll_DisableElevationHook@0
_SbieDll_ExpandAndRunProgram@4
_SbieDll_FormatMessage0@4
_SbieDll_FormatMessage1@8
_SbieDll_FormatMessage2@12
_SbieDll_FormatMessage@8
_SbieDll_GetAllUsersPath@0
_SbieDll_GetDrivePath@4
_SbieDll_GetHandlePath@12
_SbieDll_GetLanguage@4
_SbieDll_GetServiceRegistryValue@12
_SbieDll_GetSetDeviceMap@4
_SbieDll_GetStartError@0
_SbieDll_GetTokenElevationType@0
_SbieDll_GetUserPath@0
_SbieDll_Hook@12
_SbieDll_InitPStore@0
_SbieDll_InitProcess@0
_SbieDll_IsBoxedService@4
_SbieDll_IsDirectory@4
_SbieDll_IsOpenCOM@0
_SbieDll_IsOpenClsid@12
_SbieDll_KillAll@8
_SbieDll_KillOne@4
_SbieDll_RegisterDllCallback@4
_SbieDll_RunFromHome@16
_SbieDll_StartBoxedService@8
_SbieDll_StartCOM@4
_SbieDll_StartSbieDrv@4
_SbieDll_StartSbieSvc@4
_SbieDll_TranslateNtToDosPath@4

Sections

.text
Size: 206KB - Virtual size: 205KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieDrv.sys
.sys windows:5 windows x86 arch:x86

ff025646436c8f969c9f4531229f5615

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9b:5f:32:69:5b:55:a5:18:e0:dc:86:12:f7:4f:14:e6:ba:9d:d2:a6
Signer

Actual PE Digest

9b:5f:32:69:5b:55:a5:18:e0:dc:86:12:f7:4f:14:e6:ba:9d:d2:a6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\core\drv\obj\i386\SbieDrv.pdb

Imports

ntoskrnl.exe

_except_handler3
ProbeForWrite
wcslen
ZwClose
ZwSetEvent
ZwOpenEvent
RtlInitUnicodeString
ExReleaseResourceLite
ExAcquireResourceExclusiveLite
wcsncpy
ExRaiseStatus
IoCreateDevice
IoDeleteDevice
wcsncmp
wcscpy
RtlFreeUnicodeString
memmove
RtlCompareUnicodeString
wcschr
wcscat
_wcsicmp
_wcsnicmp
ExAcquireResourceSharedLite
KeDelayExecutionThread
RtlQueryRegistryValues
swprintf
_itow
ExFreePoolWithTag
ExAllocatePoolWithTag
RtlUnicodeStringToInteger
ZwUnmapViewOfSection
ZwMapViewOfSection
ZwCreateSection
ZwQueryInformationFile
ZwCreateFile
PsGetVersion
RtlSetDaclSecurityDescriptor
RtlCreateSecurityDescriptor
RtlCreateAcl
ObfDereferenceObject
ObReferenceObjectByHandle
RtlFreeAnsiString
RtlUnicodeStringToAnsiString
wcsrchr
ZwQueryValueKey
ZwOpenKey
MmGetSystemRoutineAddress
ZwWriteFile
ZwSetInformationFile
sprintf
IoFileObjectType
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
KeGetCurrentThread
PsLookupThreadByThreadId
ZwQuerySystemInformation
PsGetCurrentProcessId
ZwOpenThread
ZwAllocateVirtualMemory
KeInsertQueueDpc
ExGetPreviousMode
KeSetImportanceDpc
KeInitializeDpc
KeQueryActiveProcessors
PsGetCurrentThreadId
MmUnlockPages
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
MmMapLockedPagesSpecifyCache
KeServiceDescriptorTable
ZwYieldExecution
ZwAlertThread
ZwAccessCheckAndAuditAlarm
RtlCompareMemory
wcstombs
ExInitializeResourceLite
ExDeleteResourceLite
IoCreateFile
ZwReadFile
wcsstr
_wcslwr
wcscmp
ZwCreateDirectoryObject
ZwOpenProcess
ZwQueryInformationProcess
ZwCreateSymbolicLinkObject
LpcPortObjectType
KeWaitForSingleObject
ZwLoadKey
RtlTimeToTimeFields
KeQuerySystemTime
ZwSetValueKey
ZwCreateKey
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
DbgPrint
ObQueryNameString
ObOpenObjectByName
PsSetLoadImageNotifyRoutine
PsSetCreateProcessNotifyRoutine
RtlIntegerToUnicodeString
PsLookupProcessByProcessId
strncmp
IoGetRequestorProcessId
ZwSetSecurityObject
ZwQueryInformationToken
SeQueryInformationToken
RtlAddAccessAllowedAce
ZwSetInformationProcess
IoGetCurrentProcess
ZwOpenProcessToken
IoThreadToProcess
NtDuplicateObject
SeSinglePrivilegeCheck
SeTokenIsAdmin
PsReferencePrimaryToken
_alldiv
ZwOpenThreadToken
RtlConvertSidToUnicodeString
ProbeForRead
KeBugCheckEx
KeSetTargetProcessorDpc
IofCompleteRequest

hal

KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql

Sections

.text
Size: 81KB - Virtual size: 80KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 13KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieMsg.dll
.dll windows:5 windows x86 arch:x86

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7c:42:46:d5:87:52:22:8c:e4:e1:f9:8b:7b:8f:77:0a:80:52:c0:93
Signer

Actual PE Digest

7c:42:46:d5:87:52:22:8c:e4:e1:f9:8b:7b:8f:77:0a:80:52:c0:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

c:\work\sbie\msgs\obj\i386\SbieMsg.pdb

Sections

.text
Size: 512B - Virtual size: 147B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SbieSvc.exe
.exe windows:5 windows x86 arch:x86

acdc9b52c9735bf46877c7e42a2b5a4a

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

57:12:a2:1c:e2:37:6e:1e:a1:16:52:f6:32:e2:e3:6b:84:f9:a0:58
Signer

Actual PE Digest

57:12:a2:1c:e2:37:6e:1e:a1:16:52:f6:32:e2:e3:6b:84:f9:a0:58

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\core\svc\obj\i386\SbieSvc.pdb

Imports

msvcrt

_except_handler3
wcscmp
_wcsicmp
wcschr
_wcslwr
towlower
_wcsnicmp
wcscpy
strtol
wcstol
isspace
_strnicmp
strchr
_stricmp
memmove
sprintf
_itow
_c_exit
_exit
_XcptFilter
_cexit
exit
_acmdln
wcscat
wcsstr
wcslen
??3@YAXPAX@Z
wcsrchr
_controlfp
__set_app_type
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
__getmainargs
??2@YAPAXI@Z

advapi32

ReportEventW
SetThreadToken
DuplicateToken
DuplicateTokenEx
CreateProcessAsUserW
GetLengthSid
AddAccessAllowedAce
SetTokenInformation
EnumServicesStatusW
QueryServiceConfigW
QueryServiceConfig2W
QueryServiceStatusEx
CloseServiceHandle
StartServiceW
OpenThreadToken
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
CheckTokenMembership
FreeSid
ConvertStringSidToSidW
LookupAccountSidW
LookupPrivilegeValueW
AdjustTokenPrivileges
RevertToSelf
InitializeSecurityDescriptor
SetSecurityDescriptorOwner
SetEntriesInAclW
SetSecurityDescriptorDacl
OpenProcessToken
GetTokenInformation
AllocateAndInitializeSid
StartServiceCtrlDispatcherW
RegisterServiceCtrlHandlerExW
SetServiceStatus
OpenSCManagerW
OpenServiceW
OpenEventLogW
ControlService

kernel32

GlobalFree
GlobalUnlock
GlobalLock
GlobalAlloc
GetModuleFileNameW
ReadProcessMemory
WriteProcessMemory
DeleteCriticalSection
DuplicateHandle
TryEnterCriticalSection
CreateMutexW
OpenEventW
OpenMutexW
QueryPerformanceCounter
GetCurrentThreadId
GetCurrentProcessId
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoA
CreateProcessW
MulDiv
LoadLibraryW
CancelIo
GetSystemWindowsDirectoryW
GetSystemTimeAsFileTime
UnmapViewOfFile
HeapReAlloc
SetEndOfFile
VirtualAlloc
ExitProcess
RaiseException
VirtualFree
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
OutputDebugStringW
EnterCriticalSection
GetLastError
QueueUserWorkItem
Sleep
ProcessIdToSessionId
GetCommandLineW
CloseHandle
HeapAlloc
GetProcessHeap
GetCurrentProcess
HeapFree
SetLastError
MapViewOfFile
CreateFileMappingW
OpenFileMappingW
HeapDestroy
HeapCreate
WaitForMultipleObjects
TerminateThread
WaitForSingleObject
SetEvent
InterlockedExchange
GetProcessTimes
OpenProcess
OpenThread
GetProcAddress
GetModuleHandleW
CreateEventW
SetThreadPriority
GetCurrentThread
InterlockedIncrement
CreateThread
GetVersionExW
LocalFree
WriteFile
SetFilePointer
CreateFileW
GetLocalTime
LocalAlloc
TerminateProcess
InitializeCriticalSection
GetTickCount
GetWindowsDirectoryW
DeleteFileW
GetFileAttributesW
CopyFileW
SetFileAttributesW

gdi32

SetBkColor
CreateFontW
TextOutW
CreateSolidBrush
GetDeviceCaps
SetTextColor
SelectObject

user32

ShowWindow
DispatchMessageW
RegisterClassW
DefWindowProcW
BeginPaint
CreateWindowExW
GetMessageW
EndPaint
wsprintfW

ntdll

RtlCreateSecurityDescriptor
RtlSetDaclSecurityDescriptor
NtQueryFullAttributesFile
NtSetInformationFile
NtQueryDirectoryFile
NtQueryInformationFile
NtClose
NtSetInformationThread
NtDuplicateToken
NtFilterToken
NtQueryInformationToken
NtOpenProcessToken
NtOpenThreadToken
NtCompleteConnectPort
NtAcceptConnectPort
NtImpersonateClientOfPort
NtReplyWaitReceivePort
NtCreatePort
NtReadFile
NtWriteFile
NtCreateFile
NtLoadKey
NtUnloadKey
NtOpenKey
NtLoadDriver
RtlInitString
RtlInitUnicodeString

secur32

LsaDeregisterLogonProcess
LsaConnectUntrusted
LsaLookupAuthenticationPackage

setupapi

SetupDiClassNameFromGuidExW
SetupDiBuildClassInfoList
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Get_Device_Interface_ListA
CM_Get_Device_Interface_ListW
CM_Get_Device_Interface_List_SizeA
CM_Get_Device_Interface_List_SizeW
CM_Get_Device_Interface_Alias_ExW
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoList
SetupDiOpenDeviceInterfaceW
CM_Get_DevNode_Status
CM_Locate_DevNodeW

crypt32

CryptUnprotectData
CryptProtectData

ole32

CoInitializeEx
CoInitializeSecurity
CoUninitialize
CoMarshalInterface
CoCopyProxy
CoSetProxyBlanket
CoQueryProxyBlanket
CreateStreamOnHGlobal
CoUnmarshalInterface
CoGetClassObject
CoTaskMemFree

sbiedll

SbieApi_Log
_SbieApi_PortName@0
_SbieApi_SetLsaAuthPkg@8
_SbieApi_CallZero@4
_SbieApi_GetVersion@4
SbieApi_LogEx
_SbieApi_GetUnmountHive@4
_SbieApi_EnumProcessEx@16
_SbieApi_SetUserName@8
_SbieDll_FormatMessage2@12
_SbieDll_GetServiceRegistryValue@12
_SbieApi_QueryProcess@20
_SbieApi_GetWork@12
_SbieApi_QueryConf@20
_SbieDll_RunFromHome@16
_SbieApi_ReloadConf@4
_SbieApi_QueryProcessPath@28
_SbieDll_FormatMessage0@4
_SbieDll_ComCreateStub@16
_SbieDll_IsOpenClsid@12
_SbieApi_CheckInternetAccess@12

Sections

.text
Size: 63KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Start.exe
.exe windows:5 windows x86 arch:x86

93da542db79851c169c2e8f3eef4bd3c

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a7:f9:a6:81:d1:9b:c8:d4:18:90:97:35:30:de:0c:fc:fd:3c:d8:79
Signer

Actual PE Digest

a7:f9:a6:81:d1:9b:c8:d4:18:90:97:35:30:de:0c:fc:fd:3c:d8:79

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\start\obj\i386\Start.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW

kernel32

OpenMutexW
GetModuleHandleW
CreateProcessW
ExpandEnvironmentStringsW
GetModuleFileNameW
ExitProcess
GetCommandLineW
GetCurrentProcessId
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapReAlloc
HeapDestroy
HeapCreate
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetFullPathNameW
GetExitCodeProcess
WaitForSingleObject
GetSystemTimeAsFileTime
RemoveDirectoryW
CreateEventW
ProcessIdToSessionId
CloseHandle
Sleep
GetStdHandle
WriteFile
SetLastError
GetProcessHeap
HeapAlloc
GetSystemWindowsDirectoryW
GetLastError
LocalFree
FormatMessageW

gdi32

SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
SetBkColor
SetTextColor
GetObjectW
CreateFontIndirectW

user32

RegisterClassW
CreatePopupMenu
MessageBoxW
wsprintfW
GetAsyncKeyState
SetTimer
SendMessageW
SetWindowPos
EndDialog
SetFocus
ShowWindow
SendDlgItemMessageW
KillTimer
EnableWindow
GetSysColorBrush
GetSysColor
GetDlgItem
DialogBoxParamW
LoadImageW
CreateWindowExW
GetWindowInfo
GetWindowRect
SetWindowTextW
ScreenToClient
MoveWindow
SetDlgItemTextW
GetWindowTextW
GetClientRect
GetDesktopWindow
DestroyIcon
DrawIconEx
GetDC
CreateMenu
GetMenuItemCount
TrackPopupMenu
DestroyWindow
DestroyMenu
DefWindowProcW
GetMenuInfo
SetMenuInfo
InsertMenuItemW

ntdll

wcscpy
_chkstk
NtTerminateProcess
NtTerminateThread
RtlUnwind
NtQueryInformationFile
NtSetInformationFile
NtCreateFile
RtlNtStatusToDosError
RtlInitUnicodeString
NtOpenKey
NtClose
memmove
wcscmp
wcsncmp
iswctype
_wtoi
wcschr
wcslen
memcpy
wcsncpy
strcmp
towlower
sprintf
strlen
_wcsnicmp
wcsrchr
_wcsicmp
memset
wcscat
NtQueryVirtualMemory

shlwapi

AssocQueryStringW
SHAutoComplete

shell32

SHGetFolderPathW
ShellExecuteExW
ShellExecuteW
ExtractIconExW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance

comdlg32

GetOpenFileNameW

comctl32

InitCommonControlsEx

sbiedll

_SbieApi_DisableForceProcess@8
_SbieDll_StartCOM@4
_SbieDll_FormatMessage1@8
_SbieApi_StartProcess@8
_SbieDll_GetSetDeviceMap@4
_SbieDll_InitProcess@0
_SbieApi_QueryProcess@20
_SbieDll_RunFromHome@16
_SbieApi_CallServer@4
_SbieDll_StartSbieSvc@4
_SbieDll_StartSbieDrv@4
_SbieApi_QueryConf@20
_SbieApi_FreeReply@4
_SbieApi_EnumProcessEx@16
_SbieApi_SetLicense@8
_SbieDll_FormatMessage@8
_SbieDll_FormatMessage0@4
_SbieDll_GetLanguage@4
_SbieDll_KillAll@8
_SbieApi_ReloadConf@4
_SbieDll_DisableElevationHook@0
_SbieDll_InitPStore@0
_SbieDll_GetTokenElevationType@0
_SbieApi_EnumBoxes@8
_SbieApi_QueryBoxPath@28
_SbieDll_IsDirectory@4
_SbieDll_TranslateNtToDosPath@4

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 72KB - Virtual size: 71KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Templates.ini
Box/SafeMode/Reg32.dat
.exe windows:5 windows x86 arch:x86

c607003a46e17e5ab247ad5b9ac6460a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\start\obj\i386\Start.pdb

Imports

advapi32

SetThreadToken
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
CreateProcessAsUserW

kernel32

ExpandEnvironmentStringsW
HeapAlloc
GetProcessHeap
ExitProcess
GetCommandLineW
MapViewOfFile
FindClose
FindNextFileW
FindFirstFileW
HeapDestroy
HeapCreate
HeapFree
GetSystemWindowsDirectoryW
GetFullPathNameW
GetSystemTimeAsFileTime
GetExitCodeProcess
WaitForSingleObject
GetModuleFileNameW
RemoveDirectoryW
CreateProcessW
GetModuleHandleW
OpenMutexW
CloseHandle
Sleep
GetStdHandle
WriteFile
SetLastError
GetLastError
LocalFree
FormatMessageW

gdi32

SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
GetObjectW
CreateFontIndirectW
SetBkColor
SetTextColor

user32

SetMenuInfo
EndDialog
SetFocus
KillTimer
ShowWindow
SendDlgItemMessageW
SetTimer
EnableWindow
GetDlgItem
SendMessageW
SetWindowPos
DialogBoxParamW
LoadImageW
CreateWindowExW
GetWindowInfo
GetWindowRect
SetWindowTextW
GetWindowTextW
GetClientRect
GetDesktopWindow
DestroyIcon
DrawIconEx
GetDC
CreateMenu
InsertMenuItemW
GetSysColorBrush
wsprintfW
MessageBoxW
GetMenuItemCount
CreatePopupMenu
TrackPopupMenu
DestroyWindow
DestroyMenu
GetSysColor

ntdll

RtlUnwind
NtQueryVirtualMemory
NtTerminateProcess
NtQueryInformationFile
NtCreateFile
NtSetInformationFile
RtlNtStatusToDosError
wcscmp
wcscat
iswctype
_wcsicmp
wcsncmp
_wtoi
wcsrchr
memmove
wcslen
wcsncpy
RtlInitUnicodeString
NtOpenDirectoryObject
NtQueryObject
NtClose
towlower
sprintf
_wcsnicmp
_chkstk
wcscpy
NtTerminateThread

shlwapi

SHAutoComplete
AssocQueryStringW

shell32

SHGetFolderPathW
ExtractIconExW
ShellExecuteExW

ole32

CoCreateInstance
CoTaskMemFree
CoInitialize

comdlg32

GetOpenFileNameW

comctl32

InitCommonControlsEx

sbiedll

_SbieDll_StartCOM@0
SbieApi_Log
_SbieApi_GetSetDeviceMap@4
_SbieApi_StartProcess@16
_SbieDll_InitProcess@0
_SbieApi_QueryProcess@20
_SbieDll_RunFromHome@16
_SbieDll_FormatMessage0@4
_SbieApi_CallServer@4
_SbieDll_StartSbieSvc@4
_SbieDll_StartSbieDrv@4
_SbieApi_QueryConf@20
_SbieApi_FreeReply@4
_SbieApi_EnumProcessEx@16
_SbieApi_SetLicense@8
_SbieDll_FormatMessage@8
_SbieDll_GetLanguage@4
_SbieDll_CanElevateOnVista@0
_SbieApi_KillProcess@4
_SbieApi_ReloadConf@4
_SbieDll_FormatMessage1@8
_SbieDll_InitPStore@0
_SbieDll_IsDirectory@4
_SbieDll_GetBoxFilePath@8
_SbieApi_EnumBoxes@8

Sections

.text
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 50KB - Virtual size: 49KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/SafeMode/Reg32_win7.dat
.exe windows:5 windows x86 arch:x86

93da542db79851c169c2e8f3eef4bd3c

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

ac:62:8c:0b:04:f4:af:a5:9a:bb:55:92:a9:26:86:8f:e8:ff:63:06
Signer

Actual PE Digest

ac:62:8c:0b:04:f4:af:a5:9a:bb:55:92:a9:26:86:8f:e8:ff:63:06

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

c:\work\sbie\apps\start\obj\i386\Start.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW

kernel32

OpenMutexW
GetModuleHandleW
CreateProcessW
ExpandEnvironmentStringsW
GetModuleFileNameW
ExitProcess
GetCommandLineW
GetCurrentProcessId
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapReAlloc
HeapDestroy
HeapCreate
UnmapViewOfFile
MapViewOfFile
OpenFileMappingW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetFullPathNameW
GetExitCodeProcess
WaitForSingleObject
GetSystemTimeAsFileTime
RemoveDirectoryW
CreateEventW
ProcessIdToSessionId
CloseHandle
Sleep
GetStdHandle
WriteFile
SetLastError
GetProcessHeap
HeapAlloc
GetSystemWindowsDirectoryW
GetLastError
LocalFree
FormatMessageW

gdi32

SelectObject
CreateCompatibleDC
CreateCompatibleBitmap
PatBlt
SetBkColor
SetTextColor
GetObjectW
CreateFontIndirectW

user32

RegisterClassW
CreatePopupMenu
MessageBoxW
wsprintfW
GetAsyncKeyState
SetTimer
SendMessageW
SetWindowPos
EndDialog
SetFocus
ShowWindow
SendDlgItemMessageW
KillTimer
EnableWindow
GetSysColorBrush
GetSysColor
GetDlgItem
DialogBoxParamW
LoadImageW
CreateWindowExW
GetWindowInfo
GetWindowRect
SetWindowTextW
ScreenToClient
MoveWindow
SetDlgItemTextW
GetWindowTextW
GetClientRect
GetDesktopWindow
DestroyIcon
DrawIconEx
GetDC
CreateMenu
GetMenuItemCount
TrackPopupMenu
DestroyWindow
DestroyMenu
DefWindowProcW
GetMenuInfo
SetMenuInfo
InsertMenuItemW

ntdll

wcscpy
_chkstk
NtTerminateProcess
NtTerminateThread
RtlUnwind
NtQueryInformationFile
NtSetInformationFile
NtCreateFile
RtlNtStatusToDosError
RtlInitUnicodeString
NtOpenKey
NtClose
memmove
wcscmp
wcsncmp
iswctype
_wtoi
wcschr
wcslen
memcpy
wcsncpy
strcmp
towlower
sprintf
strlen
_wcsnicmp
wcsrchr
_wcsicmp
memset
wcscat
NtQueryVirtualMemory

shlwapi

AssocQueryStringW
SHAutoComplete

shell32

SHGetFolderPathW
ShellExecuteExW
ShellExecuteW
ExtractIconExW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance

comdlg32

GetOpenFileNameW

comctl32

InitCommonControlsEx

sbiedll

_SbieApi_DisableForceProcess@8
_SbieDll_StartCOM@4
_SbieDll_FormatMessage1@8
_SbieApi_StartProcess@8
_SbieDll_GetSetDeviceMap@4
_SbieDll_InitProcess@0
_SbieApi_QueryProcess@20
_SbieDll_RunFromHome@16
_SbieApi_CallServer@4
_SbieDll_StartSbieSvc@4
_SbieDll_StartSbieDrv@4
_SbieApi_QueryConf@20
_SbieApi_FreeReply@4
_SbieApi_EnumProcessEx@16
_SbieApi_SetLicense@8
_SbieDll_FormatMessage@8
_SbieDll_FormatMessage0@4
_SbieDll_GetLanguage@4
_SbieDll_KillAll@8
_SbieApi_ReloadConf@4
_SbieDll_DisableElevationHook@0
_SbieDll_InitPStore@0
_SbieDll_GetTokenElevationType@0
_SbieApi_EnumBoxes@8
_SbieApi_QueryBoxPath@28
_SbieDll_IsDirectory@4
_SbieDll_TranslateNtToDosPath@4

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/SafeMode/Reg64.dat
.exe windows:5 windows x64 arch:x64

df23a9bc7e5d4481e47b214e6b4c8754

Code Sign

04:00:00:00:00:01:1e:44:a5:e2:4e
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

28/01/1999, 13:00

Not After

27/01/2017, 12:00

Subject

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:20:19:c1:90:66
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

18/03/2009, 11:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

01:00:00:00:00:01:25:b0:b4:cc:01
Certificate

Issuer

CN=GlobalSign Timestamping CA,OU=Timestamping CA,O=GlobalSign

Not Before

21/12/2009, 09:32

Not After

22/12/2020, 09:32

Subject

CN=GlobalSign Time Stamping Authority,O=GlobalSign NV,C=BE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

01:00:00:00:00:01:25:fa:0e:5f:a5
Certificate

Issuer

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Not Before

04/01/2010, 15:10

Not After

05/01/2011, 15:10

Subject

CN=SANDBOXIE L.T.D,O=SANDBOXIE L.T.D,L=Holon,ST=Israel,C=IL

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

04:00:00:00:00:01:1e:44:a5:ec:be
Certificate

Issuer

CN=GlobalSign Primary Object Publishing CA,OU=Primary Object Publishing CA,O=GlobalSign nv-sa,C=BE

Not Before

22/01/2004, 10:00

Not After

27/01/2017, 11:00

Subject

CN=GlobalSign ObjectSign CA,OU=ObjectSign CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

12:fb:80:88:70:5f:9f:f4:12:e3:76:53:85:cc:bc:e5:c2:30:e0:35
Signer

Actual PE Digest

12:fb:80:88:70:5f:9f:f4:12:e3:76:53:85:cc:bc:e5:c2:30:e0:35

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

c:\work\sbie\apps\start\obj\amd64\Start.pdb

Imports

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegEnumValueW

kernel32

CloseHandle
OpenMutexW
GetModuleHandleW
CreateProcessW
ExpandEnvironmentStringsW
ExitProcess
GetCommandLineW
GetCurrentProcessId
FindClose
FindNextFileW
FindFirstFileW
HeapFree
HeapReAlloc
HeapDestroy
HeapCreate
Sleep
LocalFree
OpenFileMappingW
GetEnvironmentVariableW
SetEnvironmentVariableW
GetFullPathNameW
GetExitCodeProcess
WaitForSingleObject
GetModuleFileNameW
GetSystemTimeAsFileTime
RemoveDirectoryW
CreateEventW
ProcessIdToSessionId
__C_specific_handler
GetStdHandle
WriteFile
SetLastError
GetProcessHeap
HeapAlloc
GetSystemWindowsDirectoryW
GetLastError
UnmapViewOfFile
FormatMessageW
MapViewOfFile

ntdll

__chkstk
wcscpy
NtTerminateProcess
NtTerminateThread
NtQueryInformationFile
NtSetInformationFile
NtCreateFile
RtlNtStatusToDosError
RtlInitUnicodeString
NtOpenKey
NtClose
memmove
wcscmp
iswctype
_wtoi
wcschr
wcsncmp
wcslen
memcpy
wcsncpy
strcmp
towlower
sprintf
strlen
_wcsnicmp
wcsrchr
_wcsicmp
memset
wcscat

gdi32

SelectObject
CreateCompatibleBitmap
PatBlt
SetBkColor
SetTextColor
GetObjectW
CreateFontIndirectW
CreateCompatibleDC

user32

ShowWindow
SendDlgItemMessageW
KillTimer
EnableWindow
GetSysColorBrush
GetSysColor
GetDlgItem
DialogBoxParamW
LoadImageW
CreateWindowExW
GetWindowInfo
GetWindowRect
SetWindowTextW
ScreenToClient
MoveWindow
SetDlgItemTextW
GetWindowTextW
GetClientRect
GetDesktopWindow
DestroyIcon
DrawIconEx
GetDC
CreateMenu
InsertMenuItemW
GetMenuItemCount
SetMenuInfo
DefWindowProcW
GetMenuInfo
DestroyMenu
DestroyWindow
TrackPopupMenu
RegisterClassW
CreatePopupMenu
SetFocus
EndDialog
SetWindowPos
SendMessageW
SetTimer
GetAsyncKeyState
wsprintfW
MessageBoxW

shlwapi

AssocQueryStringW
SHAutoComplete

shell32

ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
ExtractIconExW

ole32

CoTaskMemFree
CoInitialize
CoCreateInstance

comdlg32

GetOpenFileNameW

comctl32

InitCommonControlsEx

sbiedll

SbieDll_StartSbieDrv
SbieApi_QueryConf
SbieApi_FreeReply
SbieApi_EnumProcessEx
SbieApi_SetLicense
SbieDll_FormatMessage
SbieDll_FormatMessage0
SbieDll_GetLanguage
SbieDll_StartSbieSvc
SbieApi_CallServer
SbieDll_RunFromHome
SbieApi_QueryProcess
SbieDll_InitProcess
SbieApi_StartProcess
SbieDll_GetSetDeviceMap
SbieDll_FormatMessage1
SbieApi_DisableForceProcess
SbieDll_KillAll
SbieApi_ReloadConf
SbieDll_DisableElevationHook
SbieDll_InitPStore
SbieDll_GetTokenElevationType
SbieApi_EnumBoxes
SbieApi_QueryBoxPath
SbieDll_IsDirectory
SbieDll_TranslateNtToDosPath

Sections

.text
Size: 33KB - Virtual size: 32KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1024B - Virtual size: 600B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
Box/skins/Default/DLFinish.wav
Box/skins/Default/TipBG.png
.png
Box/skins/Default/TipClose.png
.png
Box/skins/Default/TipLogo.png
.png
Box/skins/Default/about.png
.png
Box/skins/Default/ask.png
.png
Box/skins/Default/askbtn.png
.png
Box/skins/Default/askcheckbox.png
.png
Box/skins/Default/askradio.png
.png
Box/skins/Default/bicon.png
.png
Box/skins/Default/button2.png
.png
Box/skins/Default/caption.ico
Box/skins/Default/close.png
.png
Box/skins/Default/download_game.png
.png
Box/skins/Default/download_manager.png
.png
Box/skins/Default/favorites_game.png
.png
Box/skins/Default/feedback.png
.png
Box/skins/Default/flashgame_bg.png
.png
Box/skins/Default/line.png
.png
Box/skins/Default/max.png
.png
Box/skins/Default/menubtn.png
.png
Box/skins/Default/menuitem.png
.png
Box/skins/Default/min.png
.png
Box/skins/Default/pgbg.png
.png
Box/skins/Default/pgface.png
.png
Box/skins/Default/refresh.png
.png
Box/skins/Default/restore.png
.png
Box/skins/Default/sandbox.png
.png
Box/skins/Default/skins.ini
Box/skins/Default/sound_close.png
.png
Box/skins/Default/sound_open.png
.png
Box/skins/Default/statusbg.png
.png
Box/skins/Default/titlebg.png
.png
Box/skins/Default/trayicon.png
.png
Box/skins/Default/ym_button.png
.png
Box/skins/Default/ym_toolbarbg.png
.png
Box/uninst.exe.nsis
Box/zlib.dll
.dll windows:4 windows x86 arch:x86

e5c5650f0b0c0414d7e983aacdedc6c6

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

crtdll

fwrite
fread
_errno
fclose
free
vsprintf
fflush
fseek
rewind
fputc
malloc
ftell
fprintf
_fdopen
fopen
sprintf
calloc
_initterm

kernel32

GlobalAlloc
GetVersion
GlobalFree

Exports

Exports

adler32
compress
compress2
crc32
deflate
deflateCopy
deflateEnd
deflateInit2_
deflateInit_
deflateParams
deflateReset
deflateSetDictionary
get_crc_table
gzclose
gzdopen
gzeof
gzerror
gzflush
gzgetc
gzgets
gzopen
gzprintf
gzputc
gzputs
gzread
gzrewind
gzseek
gzsetparams
gztell
gzwrite
inflate
inflateEnd
inflateInit2_
inflateInit_
inflateReset
inflateSetDictionary
inflateSync
inflateSyncPoint
uncompress
unzClose
unzCloseCurrentFile
unzGetCurrentFileInfo
unzGetGlobalComment
unzGetGlobalInfo
unzGetLocalExtrafield
unzGoToFirstFile
unzGoToNextFile
unzLocateFile
unzOpen
unzOpen2
unzOpenCurrentFile
unzOpenCurrentFile2
unzReadCurrentFile
unzStringFileNameCompare
unzeof
unztell
zError
zipClose
zipCloseFileInZip
zipCloseFileInZipRaw
zipOpen
zipOpenNewFileInZip
zipOpenNewFileInZip2
zipWriteInFileInZip
zlibVersion

Sections

.text
Size: 38KB - Virtual size: 37KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 880B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

7fa974366048f9c551ef45714595665e

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

Extended Key Usages

Key Usages

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04Certificate

Extended Key Usages

Key Usages

80:49:82:3c:c8:c9:5b:30:f4:ee:d1:82:66:93:9b:8dCertificate

Extended Key Usages

Key Usages

3e:0b:f4:99:dc:c9:f1:36:75:b7:90:6d:6d:22:e8:2c:36:8e:98:41Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 44KB

.rsrc Size: 21KB - Virtual size: 20KB

295fc8c35dee88b924b0f6bafc807c6c

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

153027ec3b10bcea606b777657dd3402

Headers

File Characteristics

Imports

kernel32

msvcrt

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 2KB

.reloc Size: 512B - Virtual size: 172B

9cce555dd3ff1b6c7dc92d64c794c51a

Headers

File Characteristics

Imports

kernel32

user32

advapi32

ws2_32

Exports

Exports

Sections

.text Size: 9KB - Virtual size: 9KB

.rdata Size: 1KB - Virtual size: 1KB

.data Size: 1KB - Virtual size: 25KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

80:49:82:3c:c8:c9:5b:30:f4:ee:d1:82:66:93:9b:8d
Certificate

3e:0b:f4:99:dc:c9:f1:36:75:b7:90:6d:6d:22:e8:2c:36:8e:98:41
Signer

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 44KB

.rsrc
Size: 21KB - Virtual size: 20KB

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 2KB - Virtual size: 2KB

.reloc
Size: 512B - Virtual size: 172B

.text
Size: 9KB - Virtual size: 9KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 1KB - Virtual size: 25KB

.reloc
Size: 1024B - Virtual size: 838B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 512B - Virtual size: 470B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

42:ce:8a:30:d3:56:02:f8:41:18:6c:6e:20:53:19:04
Certificate

80:49:82:3c:c8:c9:5b:30:f4:ee:d1:82:66:93:9b:8d
Certificate

c4:f9:4f:ed:44:61:da:e5:cb:96:86:a0:08:d4:9f:fb:f5:d5:5a:0d
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

.rdata
Size: 295KB - Virtual size: 295KB

.data
Size: 105KB - Virtual size: 122KB

.rsrc
Size: 33KB - Virtual size: 33KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate