43afe98927e148c6ce1e8bd5ee8b058f_JaffaCakes118

Sharing

Copy URL Twitter E-mail

General

Target

43afe98927e148c6ce1e8bd5ee8b058f_JaffaCakes118
Size

4.8MB
MD5

43afe98927e148c6ce1e8bd5ee8b058f
SHA1

7d4297f5bc32c8f6bd9a2bd1078eff2666d4e919
SHA256

6dc035e2052c26b168d940bb24c9c5cd3326bf139a978b7845786a6683e7624e
SHA512

68ec8e2521cfb7bea2424ca780953ffacf2c59bebc2b57a252e920ed9ead0b23f7b9ceab0ae9b3ab97af9b9e35a39874444c78ce9dacd6317f285a22dab54185
SSDEEP

98304:YnJV2eMwR/PV19cnzD6FUtL553BJ9AA898UHlLTOJIiKLk7zznAGBaKWM:YnJUe9R/v9cnzOWXZ7K16JIiKLYnnAGX

Score

7^/10

vmprotect

Malware Config

Signatures

VMProtect packed file 4 IoCs

Detects executables packed with VMProtect commercial packer.

vmprotect

resource	yara_rule
static1/unpack002/$WINDIR/SysWow64/kbdssvc.sys	vmprotect
static1/unpack002/$WINDIR/SysWow64/kbdssvc.x64.sys	vmprotect
static1/unpack002/$WINDIR/System32/kbdssvc.sys	vmprotect
static1/unpack002/$WINDIR/System32/kbdssvc.x64.sys	vmprotect

Unsigned PE 7 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/LangDLL.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$TEMP/ImportSMCertificateChain.CMBC.dll
unpack002/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/MessageBox.dll
unpack003/$PLUGINSDIR/System.dll
unpack003/$PLUGINSDIR/nsDialogs.dll

NSIS installer 2 IoCs

installer

resource	yara_rule
static1/unpack001/$TEMP/民生银行密码控件IE版32位静默安装版.exe	nsis_installer_1
static1/unpack001/$TEMP/民生银行密码控件IE版32位静默安装版.exe	nsis_installer_2

Files

43afe98927e148c6ce1e8bd5ee8b058f_JaffaCakes118
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:93:d3:d5:f1:79:42:ba:a4:fc:27:1c:09:f7:41:dd
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

07/04/2016, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6c:ec:e6:38:c5:36:7a:a1:34:98:24:f2:03:73:70:a1:a0:25:70:c2
Signer

Actual PE Digest

6c:ec:e6:38:c5:36:7a:a1:34:98:24:f2:03:73:70:a1:a0:25:70:c2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 868KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:5 windows x86 arch:x86

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
lstrlenW
GlobalAlloc
lstrcmpW
GetModuleHandleW
MulDiv
lstrcpyW
lstrcpynW

user32

SetWindowTextW
SetDlgItemTextW
EndDialog
SendDlgItemMessageW
DialogBoxParamW
LoadIconW
SendMessageW
ShowWindow
GetDC

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 729B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 350B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/CMBCCheck86.dll
.dll windows:4 windows x86 arch:x86

48e661ef1036eb9efac90dcd5001cc60

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01/09/1998, 12:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:ab:25:0c:db:60:32:64:57:1a:9c:bc:ca:a9:74:5e:5d
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

09/11/2012, 02:08

Not After

09/11/2015, 08:56

Subject

CN=中国民生银行股份有限公司,O=中国民生银行股份有限公司,L=北京,ST=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

9e:12:c5:1c:fc:57:c0:48:b5:9a:c1:d2:5b:1e:e3:c5:38:12:60:e2
Signer

Actual PE Digest

9e:12:c5:1c:fc:57:c0:48:b5:9a:c1:d2:5b:1e:e3:c5:38:12:60:e2

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

FormatMessageA
GetLastError
GetVersionExA
GetSystemInfo
GetModuleHandleA
WideCharToMultiByte
MultiByteToWideChar
LocalFree
FindNextFileA
FindFirstFileA
GetSystemDirectoryA
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetPrivateProfileStringA
GetModuleFileNameA
GetCurrentThreadId
GetCurrentProcessId
FreeLibrary
LoadLibraryA
FindClose
GetProcAddress
GetLocaleInfoW
GetTimeZoneInformation
RtlUnwind
HeapAlloc
GetCommandLineA
GetVersion
HeapFree
EnterCriticalSection
LeaveCriticalSection
CloseHandle
InitializeCriticalSection
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapSize
ReadFile
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
DeleteCriticalSection
FatalAppExitA
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
SetFilePointer
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetStdHandle
FlushFileBuffers
InterlockedDecrement
InterlockedIncrement
CreateFileA
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
Sleep
SetEndOfFile
SetConsoleCtrlHandler
LCMapStringA
LCMapStringW
GetStringTypeA
GetStringTypeW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
RaiseException

user32

MessageBoxA
GetActiveWindow

advapi32

RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegCloseKey

crypt32

CertGetNameStringA
CertCreateCertificateContext

shlwapi

StrStrA

Exports

Exports

CheckInitPin
CheckKeyEnv
CheckKeyLock
GetCSPName
GetCertCN
GetFileVersion
GetKeyCount
GetKeySN
GetPINRetry

Sections

.text
Size: 68KB - Virtual size: 65KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 20KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 920B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/CMBCCom86.ocx
.dll regsvr32 windows:4 windows x86 arch:x86

0ba1b26ec8093b5255b662e0c94640ee

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01/09/1998, 12:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:ab:25:0c:db:60:32:64:57:1a:9c:bc:ca:a9:74:5e:5d
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

09/11/2012, 02:08

Not After

09/11/2015, 08:56

Subject

CN=中国民生银行股份有限公司,O=中国民生银行股份有限公司,L=北京,ST=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

bd:37:d2:a6:64:3a:d7:ef:51:21:fd:55:87:86:ab:87:43:bc:28:d8
Signer

Actual PE Digest

bd:37:d2:a6:64:3a:d7:ef:51:21:fd:55:87:86:ab:87:43:bc:28:d8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mfc42

ord5300
ord5302
ord4079
ord4698
ord5307
ord5289
ord5714
ord2982
ord3147
ord3259
ord4465
ord3136
ord3262
ord2985
ord3081
ord2976
ord3401
ord3830
ord3831
ord3825
ord3079
ord4080
ord4622
ord4424
ord3670
ord561
ord825
ord3952
ord2724
ord6354
ord1216
ord1168
ord6467
ord1227
ord800
ord2915
ord539
ord823
ord1877
ord4006
ord3258
ord2727
ord2730
ord2729
ord4249
ord2486
ord2687
ord6364
ord3326
ord6365
ord4472
ord5498
ord3278
ord3353
ord3681
ord446
ord743
ord1177
ord1226
ord1210
ord2439
ord1693
ord5618
ord994
ord4342
ord4687
ord4639
ord5674
ord2156
ord4856
ord4920
ord6002
ord2137
ord1963
ord5213
ord2953
ord3868
ord5150
ord4705
ord4707
ord2876
ord2998
ord5649
ord4113
ord4661
ord4660
ord4768
ord4650
ord4903
ord4548
ord4521
ord4594
ord4988
ord4925
ord4930
ord4935
ord4659
ord4909
ord4908
ord4668
ord4667
ord4666
ord4648
ord4689
ord5023
ord4654
ord4486
ord3346
ord4780
ord4649
ord4637
ord4636
ord5060
ord4584
ord4371
ord4361
ord4356
ord4739
ord4741
ord4738
ord4409
ord4603
ord5008
ord4415
ord4992
ord4979
ord2488
ord3404
ord4539
ord2954
ord6055
ord4078
ord1776
ord4407
ord5241
ord2384
ord5163
ord6370
ord4353
ord5290
ord3798
ord4837
ord4441
ord2648
ord2055
ord6376
ord3749
ord5065
ord1727
ord5261
ord2446
ord2124
ord5277
ord2983
ord3148
ord3260
ord4466
ord2986
ord3080
ord4081
ord4624
ord5825
ord723
ord3946
ord423
ord2860
ord2541
ord4949
ord1601
ord860
ord540
ord1892
ord4252
ord1212
ord4570
ord4672
ord4843
ord5011
ord5265
ord4376
ord4853
ord4998
ord4713
ord2514
ord6052
ord1775
ord2385
ord6371
ord5286
ord4438
ord3279
ord4625
ord4425
ord449
ord746
ord2278
ord2379
ord1132
ord1116
ord1176
ord1575
ord1577
ord1182
ord342
ord1243
ord1197
ord1570
ord1253
ord1255
ord1578
ord600
ord826
ord269
ord6375
ord2396
ord5199
ord1089
ord3922
ord5731
ord2512
ord4354
ord2554
ord4643
ord815
ord1131

msvcrt

_onexit
memset
strlen
__CxxFrameHandler
memcmp
strstr
??1type_info@@UAE@XZ
_adjust_fdiv
malloc
_initterm
free
__dllonexit
strcat
memcpy
strcpy

kernel32

LocalFree
MultiByteToWideChar
WideCharToMultiByte
GetProcAddress
FreeLibrary
LoadLibraryA
LocalAlloc

user32

FillRect
EnableWindow

gdi32

Ellipse
GetStockObject

ole32

StringFromGUID2

oleaut32

LoadRegTypeLi

msvcp60

??1?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAE@XZ
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@PBDI@Z
?_Tidy@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@AAEX_N@Z
?_C@?1??_Nullstr@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@CAPBDXZ@4DB
?npos@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@2IB
?assign@?$basic_string@DU?$char_traits@D@std@@V?$allocator@D@2@@std@@QAEAAV12@ABV12@II@Z

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/CmbcCheckIEOpen86.dll
.dll windows:4 windows x86 arch:x86

fd895e9b186cb7a12e48ea0beb0477d9

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01/09/1998, 12:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:ab:25:0c:db:60:32:64:57:1a:9c:bc:ca:a9:74:5e:5d
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

09/11/2012, 02:08

Not After

09/11/2015, 08:56

Subject

CN=中国民生银行股份有限公司,O=中国民生银行股份有限公司,L=北京,ST=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

cf:65:28:5b:b4:7e:4b:e6:27:78:82:91:29:57:b2:be:b5:b7:7b:32
Signer

Actual PE Digest

cf:65:28:5b:b4:7e:4b:e6:27:78:82:91:29:57:b2:be:b5:b7:7b:32

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LocalFree
FormatMessageA
GetLastError
GetVersionExA
GetSystemInfo
GetProcAddress
GetModuleHandleA
DisconnectNamedPipe
WriteFile
ReadFile
GetOverlappedResult
WaitForSingleObject
ConnectNamedPipe
GetPrivateProfileStringA
CreateEventA
CreateNamedPipeA
SetEvent
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
OpenFileMappingA
WideCharToMultiByte
MultiByteToWideChar
SetEnvironmentVariableA
CompareStringW
CompareStringA
GetModuleFileNameA
GetCurrentThreadId
CreateThread
GetCurrentProcessId
RtlUnwind
GetCommandLineA
GetVersion
HeapFree
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
GetCurrentThread
ExitProcess
TerminateProcess
GetCurrentProcess
HeapReAlloc
HeapAlloc
HeapSize
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
FatalAppExitA
SetStdHandle
FlushFileBuffers
InterlockedDecrement
InterlockedIncrement
CreateFileA
UnhandledExceptionFilter
SetFilePointer
GetStringTypeA
GetStringTypeW
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
Sleep
SetEndOfFile
SetConsoleCtrlHandler
LCMapStringA
LCMapStringW
IsValidLocale
IsValidCodePage
GetLocaleInfoA
EnumSystemLocalesA
GetUserDefaultLCID
GetTimeZoneInformation
GetLocaleInfoW
RaiseException

user32

MessageBoxA
GetActiveWindow

advapi32

RegQueryValueExA
RegCloseKey
RegOpenKeyExA

Sections

.text
Size: 64KB - Virtual size: 62KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 32KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 960B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/CryptoKit.CMBC.U2.x86.dll
.dll regsvr32 windows:5 windows x86 arch:x86

a48264e1957bc65c45a7419af45c5fcb

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

a2:55:f1:cb:35:8e:65:dc:64:47:c7:d6:45:3f:85:24:eb:93:b8:f1
Signer

Actual PE Digest

a2:55:f1:cb:35:8e:65:dc:64:47:c7:d6:45:3f:85:24:eb:93:b8:f1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\13\Toolkits\CryptoKit_CMBC_IE\Binaries\x86\Release\CryptoKit.CMBC.U2.x86.pdb

Imports

kernel32

InterlockedCompareExchange
SetEndOfFile
SetEnvironmentVariableA
CompareStringW
CompareStringA
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
IsProcessorFeaturePresent
CompareFileTime
CreateEventW
CreateThread
WaitForMultipleObjects
FormatMessageW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
CloseHandle
lstrcmpiW
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
WideCharToMultiByte
lstrlenW
GetTickCount
ResetEvent
WaitForSingleObject
SetEvent
MultiByteToWideChar
GetLastError
SetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
LocalAlloc
LocalFree
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
CreateFileA
SetStdHandle
FlushFileBuffers
LCMapStringA
InitializeCriticalSectionAndSpinCount
SetFilePointer
LCMapStringW
GetConsoleCP
HeapFree
GetProcessHeap
FileTimeToSystemTime
FreeResource
CreateFileW
GetFileSize
ReadFile
WriteFile
GetVersionExW
GetFileSizeEx
GetFullPathNameW
GetModuleHandleA
GetVersion
GetFileAttributesW
OutputDebugStringA
GetCurrentThreadId
GetCurrentProcess
FlushInstructionCache
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
GetFileType
GetStdHandle
QueryPerformanceCounter
GetCurrentProcessId
GlobalMemoryStatus
LoadLibraryA
GetVersionExA
FlushConsoleInputBuffer
RtlUnwind
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapAlloc
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetSystemTimeAsFileTime
GetCommandLineA
HeapReAlloc
Sleep
ExitProcess
SetConsoleCtrlHandler
ReadConsoleInputA
SetConsoleMode
GetConsoleMode
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapCreate
HeapDestroy
VirtualFree
GetModuleFileNameA
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetStartupInfoA
GetTimeZoneInformation
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

user32

GetWindowRect
GetDlgItem
SetWindowPos
MapWindowPoints
GetSystemMetrics
GetParent
GetMonitorInfoW
MonitorFromWindow
GetWindowLongW
GetWindow
LoadImageW
SendMessageW
SetWindowLongW
BeginPaint
FillRect
EndPaint
EndDialog
GetCursorPos
ScreenToClient
PtInRect
TrackMouseEvent
InvalidateRect
CallWindowProcW
UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
DialogBoxParamW
BringWindowToTop
GetMessageW
TranslateMessage
DispatchMessageW
CharNextW
DefWindowProcW
GetClientRect
DrawTextW
ShowWindow
RegisterDeviceNotificationW
CreateWindowExW
RegisterClassExW
UnregisterDeviceNotification
DestroyWindow
GetForegroundWindow
SetTimer
LoadStringW
PostMessageW
UnregisterClassW
KillTimer

advapi32

CryptGetProvParam
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptSignHashW
CryptDestroyHash
CryptReleaseContext
TraceEvent
ControlTraceW
RegQueryValueExW
GetTraceEnableFlags
GetTraceEnableLevel
CryptEnumProvidersW
CryptVerifySignatureW
CryptDestroyKey
CryptGetUserKey
CryptGetKeyParam
DeregisterEventSource
ReportEventA
RegisterEventSourceA
GetTraceLoggerHandle
RegisterTraceGuidsW
UnregisterTraceGuids
RegEnumKeyExW

ole32

CreateStreamOnHGlobal
CoInitialize
CoUninitialize
CoCreateInstance
StringFromGUID2
CoTaskMemFree
CoTaskMemRealloc
CoTaskMemAlloc

oleaut32

SysAllocStringLen
SysAllocStringByteLen
SysStringByteLen
SysFreeString
VariantInit
VariantClear
LoadRegTypeLi
SysStringLen
SysAllocString
VarUI4FromStr
RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi

shlwapi

PathFileExistsW
PathRemoveFileSpecW
PathFindExtensionW
StrStrIW

crypt32

CertOpenStore
CertCreateCertificateContext
CertCloseStore
CryptAcquireCertificatePrivateKey
CertGetPublicKeyLength
CertGetCertificateContextProperty
CertAddCertificateContextToStore
CertDuplicateCertificateContext
CertGetNameStringW
CertNameToStrW
CertFindExtension
CryptDecodeObjectEx
CertVerifyTimeValidity
CertEnumCertificatesInStore
CertCreateCRLContext
CertFindCertificateInStore
CryptVerifyCertificateSignatureEx
CertVerifyCRLRevocation
CertFreeCRLContext
CertCreateCertificateChainEngine
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateChainEngine
CryptMsgOpenToDecode
CryptMsgUpdate
CryptMsgGetParam
CertGetSubjectCertificateFromStore
CryptMsgClose
CryptEncodeObject
CryptVerifyDetachedMessageSignature
CryptVerifyMessageSignature
CryptImportPublicKeyInfo
CertDeleteCertificateFromStore
CertFreeCertificateContext

gdiplus

GdipCreateFromHDC
GdipCloneImage
GdipLoadImageFromStream
GdipDisposeImage
GdipAlloc
GdipFree
GdipGetImageHeight
GdipGetImageWidth
GdipDrawImageRectRectI
GdiplusStartup
GdiplusShutdown
GdipDeleteGraphics

gdi32

DeleteObject
SetBkMode
SetTextColor
CreateFontIndirectW
GetObjectW
BitBlt
RoundRect
CreatePen
GetStockObject
SelectObject
CreateCompatibleBitmap
CreateCompatibleDC
CreateSolidBrush

shell32

SHGetSpecialFolderPathW

msimg32

GradientFill

cryptui

CryptUIDlgViewCertificateW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 854KB - Virtual size: 854KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 263KB - Virtual size: 263KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 42KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/CryptoKit.CMBC.UKeyCheck.x86.dll
.dll regsvr32 windows:5 windows x86 arch:x86

fc72a85ef302b143bd0af6e1673c9781

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

f1:99:61:df:34:4f:a2:d4:f0:e7:3d:12:53:12:f7:7b:3a:8c:cf:55
Signer

Actual PE Digest

f1:99:61:df:34:4f:a2:d4:f0:e7:3d:12:53:12:f7:7b:3a:8c:cf:55

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\9\Toolkits\CryptoKitUkeyCheck_CMBC_IE\Binaries\x86\Release\CryptoKit.CMBC.UKeyCheck.x86.pdb

Imports

kernel32

CloseHandle
InterlockedIncrement
InterlockedDecrement
EnterCriticalSection
LeaveCriticalSection
MultiByteToWideChar
SizeofResource
LoadResource
FindResourceW
LoadLibraryExW
OpenFileMappingW
GetNativeSystemInfo
GetVersionExW
SetThreadLocale
GetThreadLocale
WideCharToMultiByte
SetLastError
GetStringTypeW
CreateFileMappingW
MapViewOfFile
UnmapViewOfFile
lstrcmpiW
GetModuleHandleW
GetModuleFileNameW
GetLastError
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
LoadLibraryW
GetProcAddress
FreeLibrary
LocalAlloc
FormatMessageW
LocalFree
GetStringTypeA
FlushFileBuffers
CreateFileA
LCMapStringW
LCMapStringA
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetModuleHandleA
GetSystemTimeAsFileTime
GetLocaleInfoA
GetCurrentProcessId
GetTickCount
WriteConsoleW
GetConsoleOutputCP
WriteConsoleA
SetStdHandle
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
SetFilePointer
HeapFree
GetProcessHeap
HeapAlloc
RtlUnwind
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW

user32

CharNextW
LoadStringW
GetSystemMetrics

advapi32

RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegQueryValueExW
ControlTraceW
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
TraceEvent
UnregisterTraceGuids

ole32

CoTaskMemRealloc
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemAlloc

oleaut32

RegisterTypeLi
LoadTypeLi
LoadRegTypeLi
VarUI4FromStr
SysStringLen
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString
UnRegisterTypeLi

shlwapi

PathFileExistsW
PathRemoveFileSpecW

wintrust

WinVerifyTrustEx

setupapi

SetupDiGetClassDevsW
SetupDiEnumDeviceInterfaces
CM_Get_Parent
CM_Get_Device_IDW
SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 122KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/CryptoKit.CertEnrollment.CMBC.x86.dll
.dll regsvr32 windows:5 windows x86 arch:x86

6a8cc9bcf4a5924cbafdc56d98c8eddc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

3e:b2:67:6a:46:a9:72:b5:9f:27:5c:e7:ce:fe:0e:5d:24:1d:87:f5
Signer

Actual PE Digest

3e:b2:67:6a:46:a9:72:b5:9f:27:5c:e7:ce:fe:0e:5d:24:1d:87:f5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Builds\7\Toolkits\CertEnrollment_CMBC_IE\Binaries\x86\Release\CryptoKit.CertEnrollment.CMBC.x86.pdb

Imports

kernel32

GetThreadLocale
SetThreadLocale
lstrlenA
FormatMessageW
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
GetModuleFileNameW
LeaveCriticalSection
EnterCriticalSection
InterlockedDecrement
InterlockedIncrement
lstrcmpiW
GetModuleHandleW
DeleteCriticalSection
InitializeCriticalSection
RaiseException
lstrlenW
MultiByteToWideChar
GetLastError
SetLastError
LoadLibraryW
GetProcAddress
FreeLibrary
LocalAlloc
HeapFree
GetProcessHeap
SystemTimeToFileTime
FileTimeToLocalFileTime
FileTimeToSystemTime
FreeResource
WideCharToMultiByte
CreateFileW
ReadFile
CloseHandle
DeleteFileW
WriteFile
GetTempPathW
GetVersionExW
VerSetConditionMask
VerifyVersionInfoW
HeapAlloc
RtlUnwind
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualFree
VirtualAlloc
HeapReAlloc
HeapCreate
HeapDestroy
Sleep
ExitProcess
GetStdHandle
GetModuleFileNameA
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
HeapSize
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
SetHandleCount
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetModuleHandleA
LCMapStringW
GetConsoleCP
GetConsoleMode
InitializeCriticalSectionAndSpinCount
LoadLibraryA
GetLocaleInfoA
SetFilePointer
LCMapStringA
GetStringTypeA
GetStringTypeW
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
LocalFree

user32

LoadStringW
CharNextW

advapi32

CryptGetUserKey
CryptGetProvParam
CryptCreateHash
CryptHashData
CryptSignHashW
CryptDestroyHash
CryptDestroyKey
CryptGenKey
CryptExportKey
CryptSetKeyParam
CryptImportKey
CryptDecrypt
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegQueryValueExW
ControlTraceW
CryptAcquireContextW
CryptReleaseContext
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegOpenKeyExW
RegCreateKeyExW
CryptGenRandom
CryptGetKeyParam
TraceEvent
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
CryptEnumProvidersW

ole32

CoInitialize
CoUninitialize
CoTaskMemFree
CoCreateGuid
StringFromGUID2
CoCreateInstance
CoTaskMemAlloc
CoTaskMemRealloc

oleaut32

RegisterTypeLi
UnRegisterTypeLi
LoadTypeLi
LoadRegTypeLi
SysStringLen
VarUI4FromStr
SysStringByteLen
SysAllocStringByteLen
SysAllocString
SysFreeString

crypt32

CertNameToStrW
CertFindExtension
CryptDecodeObjectEx
CryptAcquireCertificatePrivateKey
CryptEncodeObject
CryptExportPublicKeyInfo
CertAddEncodedCertificateToStore
CertSetCertificateContextProperty
CertDeleteCertificateFromStore
CertDuplicateCertificateContext
CertAddCertificateContextToStore
CertFindCertificateInStore
CertFreeCertificateContext
CertCloseStore
CertOpenStore
CertGetCertificateContextProperty
CertEnumCertificatesInStore

shlwapi

StrStrIW
PathFileExistsW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 232KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 48KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/key.CMBC.FT2000.x86.dll
.dll windows:4 windows x86 arch:x86

bed29e98cc031e6ac40f55917909e433

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01/09/1998, 12:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:ab:25:0c:db:60:32:64:57:1a:9c:bc:ca:a9:74:5e:5d
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

09/11/2012, 02:08

Not After

09/11/2015, 08:56

Subject

CN=中国民生银行股份有限公司,O=中国民生银行股份有限公司,L=北京,ST=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:ee:d5:78:b8:96:d9:82:08:d1:80:db:db:03:9f:c5:1c:33:3e:05
Signer

Actual PE Digest

61:ee:d5:78:b8:96:d9:82:08:d1:80:db:db:03:9f:c5:1c:33:3e:05

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GetLastError
CloseHandle
CreateFileA
WideCharToMultiByte
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetProcAddress
GetCurrentProcess
GetOEMCP
GetACP
GetStringTypeW
GetStringTypeA
SetStdHandle
ReadFile
IsBadCodePtr
GetWindowsDirectoryA
EnterCriticalSection
Sleep
InitializeCriticalSection
InterlockedExchange
DeleteCriticalSection
LeaveCriticalSection
InterlockedDecrement
InterlockedIncrement
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
ExitProcess
TerminateProcess
HeapReAlloc
HeapSize
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetUnhandledExceptionFilter
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
IsBadWritePtr
WriteFile
LCMapStringA
LCMapStringW
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
SetFilePointer
FlushFileBuffers
GetCPInfo
IsBadReadPtr

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

crypt32

CertFreeCertificateContext
CertCreateCertificateContext

shlwapi

PathFileExistsA

setupapi

SetupDiDestroyDeviceInfoList
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiGetClassDevsA

hid

HidD_GetAttributes
HidD_GetHidGuid

Exports

Exports

CheckKeyDriver
CheckKeyID
GetCertSN
GetKeyCount
GetKeyID

Sections

.text
Size: 80KB - Virtual size: 76KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 21KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/key.CMBC.HengBao.x86.dll
.dll windows:4 windows x86 arch:x86

0cc4c3492bd1eb80835ee3799d414b01

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01/09/1998, 12:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:ab:25:0c:db:60:32:64:57:1a:9c:bc:ca:a9:74:5e:5d
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

09/11/2012, 02:08

Not After

09/11/2015, 08:56

Subject

CN=中国民生银行股份有限公司,O=中国民生银行股份有限公司,L=北京,ST=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

06:1e:42:02:ee:89:4c:e4:64:54:d8:0c:6b:ab:17:1c:3c:84:9e:c3
Signer

Actual PE Digest

06:1e:42:02:ee:89:4c:e4:64:54:d8:0c:6b:ab:17:1c:3c:84:9e:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcmpA
WideCharToMultiByte
CloseHandle
MultiByteToWideChar
FindClose
FindFirstFileA
MapViewOfFile
lstrcpyA
OpenFileMappingA
DeviceIoControl
Sleep
WriteFile
ReadFile
CreateFileA
lstrcatA
CreateFileMappingA
UnmapViewOfFile
LocalFree
GetCurrentThreadId
lstrlenA
GetCurrentProcessId
ReleaseMutex
SetLastError
CreateMutexA
WaitForSingleObject
GetLastError

advapi32

SetSecurityInfo
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
RegOpenKeyExA
RegQueryValueExA
RegCloseKey

setupapi

SetupDiEnumDeviceInterfaces
SetupDiGetDeviceInterfaceDetailA
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsA

hid

HidD_GetFeature
HidD_GetPreparsedData
HidP_GetCaps
HidD_SetFeature
HidD_GetAttributes

crypt32

CertOpenStore
CertCreateCertificateContext
CertFreeCertificateContext
CertCloseStore
CertGetNameStringA

msvcrt

isxdigit
strncmp
abs
rand
srand
time
_access
_purecall
_strupr
_initterm
_adjust_fdiv
__dllonexit
_onexit
__CxxFrameHandler
fopen
fprintf
vfprintf
fclose
strtol
memcmp
strcmp
strcat
strtoul
memset
memcpy
strcpy
strlen
malloc
free
??2@YAPAXI@Z
??3@YAXPAX@Z
sprintf
strrchr
strstr

Exports

Exports

CheckKeyDriver
CheckKeyID
GetCertSN
GetKeyCount
GetKeyID

Sections

.text
Size: 28KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/key.CMBC.WatchData.x86.dll
.dll windows:4 windows x86 arch:x86

3fddc90dcf9e72b25abec3d372c32509

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

01/09/1998, 12:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

13/04/2019, 10:00

Subject

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

11:21:ab:25:0c:db:60:32:64:57:1a:9c:bc:ca:a9:74:5e:5d
Certificate

Issuer

CN=GlobalSign CodeSigning CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

09/11/2012, 02:08

Not After

09/11/2015, 08:56

Subject

CN=中国民生银行股份有限公司,O=中国民生银行股份有限公司,L=北京,ST=北京,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

29:2e:0c:b1:b9:ee:2f:2f:ec:b9:59:13:17:6f:ef:3b:79:36:ac:9b
Signer

Actual PE Digest

29:2e:0c:b1:b9:ee:2f:2f:ec:b9:59:13:17:6f:ef:3b:79:36:ac:9b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WaitForSingleObject
OpenMutexA
ReleaseMutex
CreateMutexA
CloseHandle
GetWindowsDirectoryA
LoadLibraryA
FreeLibrary
GetModuleHandleA
GetLastError
GetProcAddress
FlushFileBuffers
GetStringTypeW
GetStringTypeA
RtlUnwind
InterlockedDecrement
InterlockedIncrement
HeapAlloc
HeapFree
GetCommandLineA
GetVersion
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
WideCharToMultiByte
MultiByteToWideChar
LCMapStringA
LCMapStringW
InitializeCriticalSection
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
ExitProcess
GetModuleFileNameA
GetEnvironmentVariableA
GetVersionExA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
IsBadWritePtr
TerminateProcess
GetCurrentProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
WriteFile
SetFilePointer
SetUnhandledExceptionFilter
IsBadReadPtr
IsBadCodePtr
GetCPInfo
GetACP
GetOEMCP
SetStdHandle

advapi32

RegQueryValueExA
RegOpenKeyExA
RegCloseKey

crypt32

CertFreeCertificateContext
CertCreateCertificateContext

setupapi

SetupDiGetClassDevsA
SetupDiGetDeviceInterfaceDetailA
SetupDiEnumDeviceInterfaces
SetupDiDestroyDeviceInfoList

shlwapi

PathFileExistsA

Exports

Exports

CheckKeyDriver
CheckKeyID
GetCertSN
GetKeyCount
GetKeyID

Sections

.text
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/ImportSMCertificateChain.CMBC.dll
.dll windows:5 windows x86 arch:x86

e6ef37e858341512ad1323b01f4c539e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\16\Toolkits\ImportSMCertificateChain_CMBC_DLL\Binaries\x86\Release\ImportSMCertificateChain.CMBC.pdb

Imports

kernel32

LoadResource
FreeResource
WideCharToMultiByte
CloseHandle
WriteFile
MultiByteToWideChar
GetCurrentThreadId
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapFree
SizeofResource
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
InterlockedDecrement
Sleep
ExitProcess
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
HeapDestroy
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
LCMapStringW
RaiseException
EnterCriticalSection
LeaveCriticalSection
RtlUnwind
GetConsoleCP
GetConsoleMode
VirtualAlloc
HeapReAlloc
LoadLibraryA
InitializeCriticalSectionAndSpinCount
SetFilePointer
LCMapStringA
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
HeapSize
CreateFileA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetStdHandle
FlushFileBuffers
FindResourceW
SetLastError
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
LocalFree
GetModuleHandleW
LocalAlloc

advapi32

RegSetValueExW
RegCreateKeyExW
TraceEvent
ControlTraceW
GetTraceEnableFlags
RegQueryValueExW
GetTraceLoggerHandle
UnregisterTraceGuids
RegOpenKeyExW
GetTraceEnableLevel
RegCloseKey
RegisterTraceGuidsW

oleaut32

SysFreeString

crypt32

CertOpenStore
CertAddCertificateContextToStore
CertCloseStore
CertNameToStrW
CertFreeCertificateContext
CertEnumCertificatesInStore

ole32

CoCreateInstance

shlwapi

StrStrIW

Exports

Exports

ImportSMCertificateChain

Sections

.text
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 18KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/SecEditCtlAdvCMBCAllSetup.exe
.exe windows:5 windows x86 arch:x86

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

cc:64:27:d7:62:4e:53:2e:a2:30:eb:87:a1:4a:eb:a0:51:8c:6e:df
Signer

Actual PE Digest

cc:64:27:d7:62:4e:53:2e:a2:30:eb:87:a1:4a:eb:a0:51:8c:6e:df

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
MulDiv
lstrlenA
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
FindWindowExW
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
IsWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 26KB - Virtual size: 25KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 452KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 804KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 28KB - Virtual size: 27KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:5 windows x86 arch:x86

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyW
lstrcpynW
GetProcAddress
WideCharToMultiByte
lstrcatW
lstrlenW
lstrcmpiW
LoadLibraryW
GetModuleHandleW
MultiByteToWideChar
VirtualAlloc
VirtualProtect
FreeLibrary

user32

wsprintfW

ole32

CLSIDFromString
StringFromGUID2

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 963B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 588B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/SysWow64/SecEditCtlAdv.CMBC.x86.dll
.dll regsvr32 windows:5 windows x86 arch:x86

8bda0a6e8c77369e9af345bc645cd738

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:07:6e:ec:3f:2f:3b:c2:17:23:9c:d0:a4:78:e6:b6:ff:4d:c1:e1
Signer

Actual PE Digest

21:07:6e:ec:3f:2f:3b:c2:17:23:9c:d0:a4:78:e6:b6:ff:4d:c1:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Builds\14\InformationSecurity\SecEditCtlAdv_CMBC\Binaries\x86\Release\SecEditCtlAdv.CMBC.x86.pdb

Imports

kernel32

EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
WriteFile
HeapDestroy
HeapCreate
HeapSize
IsValidCodePage
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
SetEnvironmentVariableA
GetVersion
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
SetEndOfFile
FreeLibrary
LocalAlloc
GetThreadLocale
SetThreadLocale
CreateThread
SignalObjectAndWait
MulDiv
GetSystemDefaultLangID
LoadLibraryExW
ReadFile
MultiByteToWideChar
WideCharToMultiByte
TerminateProcess
GetTickCount
WaitForSingleObject
SetLastError
CreateEventW
ResetEvent
SetEvent
Sleep
CloseHandle
GetModuleFileNameW
GetLocalTime
SystemTimeToFileTime
FindResourceW
SizeofResource
LoadResource
FreeResource
GlobalAlloc
GlobalUnlock
GlobalFree
GlobalLock
CopyFileW
GetCurrentProcess
SetFileAttributesW
GetSystemDirectoryW
DeleteFileW
GetLastError
InterlockedDecrement
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryW
GetProcAddress
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetSystemTimeAsFileTime
LocalFree
LCMapStringW
LCMapStringA
CompareStringW
GetCPInfo
CompareStringA
GetCommandLineA
ExitProcess
VirtualQuery
GetSystemInfo
VirtualProtect
HeapReAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetComputerNameW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
DeviceIoControl
WaitForMultipleObjects
IsDebuggerPresent
lstrlenA
FlushInstructionCache
lstrcmpiW
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CreateFileW

user32

SetForegroundWindow
SetFocus
UnregisterClassA
GetClientRect
UnhookWindowsHookEx
SendMessageW
GetCursorPos
ScreenToClient
PtInRect
LoadCursorW
SetCursor
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
InvalidateRect
UpdateWindow
IsWindowEnabled
MapVirtualKeyW
GetKeyState
SendMessageA
KillTimer
ShowWindow
CharNextW
CallWindowProcW
SetWindowLongW
GetWindowLongW
DestroyWindow
IsWindow
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
DrawTextW
SetRect
SetTimer
SetWindowsHookExW
CallNextHookEx
IsChild
UnionRect
CreateWindowExW
GetClassInfoExW
RegisterClassExW
GetWindowRect
PostMessageW
PostMessageA
EnableWindow
IsWindowVisible
BeginPaint
GetFocus
EndPaint
DefWindowProcW
GetDC
FillRect
ReleaseDC
GetSysColor
LoadStringW

gdi32

MoveToEx
DeleteObject
CloseMetaFile
LineTo
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
CreateDCW
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
SelectObject
DeleteMetaFile
SetTextAlign
TextOutW
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SetBkMode
BitBlt
CreateSolidBrush
CreateRoundRectRgn
FillRgn
GetStockObject
GetObjectW
CreateFontIndirectW
SetTextColor
CreateRectRgnIndirect
CreatePen
SetBkColor

advapi32

RegQueryValueExW
ReportEventA
DeregisterEventSource
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegOpenKeyExW
RegisterEventSourceA
RegCloseKey
ControlTraceW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
ControlService
StartServiceW
DeleteService
CreateServiceW
QueryServiceStatus
QueryServiceConfig2W
ChangeServiceConfigW
ChangeServiceConfig2W
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
TraceEvent

ole32

CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
CoSetProxyBlanket
CoTaskMemRealloc
CoTaskMemFree
OleLoadFromStream
OleRegGetUserType
OleRegGetMiscStatus
OleSaveToStream
WriteClassStm
CreateOleAdviseHolder
CoCreateInstance
CreateDataAdviseHolder
OleRegEnumVerbs

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
VariantChangeType
SysStringLen
LoadRegTypeLi
LoadTypeLi
OleCreatePropertyFrame
UnRegisterTypeLi
RegisterTypeLi

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent

imm32

ImmAssociateContext

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertCloseStore
CryptMsgClose

iphlpapi

GetAdaptersInfo

gdiplus

GdipFree
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipCloneImage
GdipDeleteGraphics
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDrawImageRectRectI
GdiplusShutdown
GdiplusStartup
GdipAlloc

ws2_32

inet_ntoa
WSACleanup
gethostname
gethostbyname
WSAStartup

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 695KB - Virtual size: 694KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/SysWow64/kbdssvc.sys
.sys windows:6 windows x86 arch:x86

2874cab6c4e393f229e4aca1b128b8d4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:a7:b9:5d:c8:ed:b5:9b:35:db:73:d0:f0:48:27:94:01:b1:52:2d
Signer

Actual PE Digest

9f:a7:b9:5d:c8:ed:b5:9b:35:db:73:d0:f0:48:27:94:01:b1:52:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memset
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KeGetCurrentIrql
HalMakeBeep

Sections

.text
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/SysWow64/kbdssvc.x64.sys
.sys windows:6 windows x64 arch:x64

577deaff4d6dafa53a6aa01744f1d8cd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e1:df:20:53:b5:9f:cf:0f:49:52:0c:cc:a9:2d:17:80:e6:89:46:87
Signer

Actual PE Digest

e1:df:20:53:b5:9f:cf:0f:49:52:0c:cc:a9:2d:17:80:e6:89:46:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeSetEvent
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

HalMakeBeep

Sections

.text
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/SysWow64/npSecEditCtlAdv.CMBC.x86.dll
.dll windows:5 windows x86 arch:x86

530f4a1d655c08bfbb8b53e2ae5c9b3e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:8c:de:80:6c:af:02:3f:9b:12:3c:d8:de:b7:fa:88:e1:b6:80:a1
Signer

Actual PE Digest

20:8c:de:80:6c:af:02:3f:9b:12:3c:d8:de:b7:fa:88:e1:b6:80:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\8\InformationSecurity\npSecEditCtlAdv_CMBC\Binaries\npSecEditCtlAdv.CMBC.x86.pdb

Imports

kernel32

GetCurrentProcess
TerminateProcess
CreateEventW
GetSystemDefaultLangID
CreateThread
SignalObjectAndWait
SetEvent
ResetEvent
IsDebuggerPresent
GetModuleFileNameW
DeviceIoControl
WaitForMultipleObjects
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindResourceW
SizeofResource
LoadResource
FreeResource
GetLocalTime
SystemTimeToFileTime
GetCommandLineA
HeapAlloc
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleW
ReadFile
ExitProcess
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
GetTickCount
VirtualFree
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
WriteFile
HeapSize
GetModuleHandleA
SetConsoleCtrlHandler
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileW
GetComputerNameW
GetProcessHeap
HeapFree
WaitForSingleObject
InitializeCriticalSection
GetVersion
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
HeapDestroy
CloseHandle
SetEndOfFile
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
lstrlenA
SetLastError
GetCurrentProcessId
GetCurrentThreadId
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
LocalAlloc
InterlockedDecrement
Sleep
LocalFree

user32

LoadCursorW
SetCursor
PtInRect
ScreenToClient
GetCursorPos
SetWindowsHookExW
ReleaseDC
EndPaint
DrawTextW
IsWindowVisible
FillRect
GetFocus
IsWindowEnabled
UpdateWindow
BeginPaint
InvalidateRect
EnableWindow
SetWindowPos
KillTimer
UnhookWindowsHookEx
SendMessageW
PostMessageW
SetForegroundWindow
SetFocus
GetWindowLongW
DefWindowProcW
CallWindowProcW
GetDC
GetWindowRect
DestroyWindow
IsWindow
SetTimer
ShowWindow
CreateWindowExW
GetClientRect
SetWindowLongW
SetRect
GetSysColor
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MapVirtualKeyW
PostMessageA
GetKeyState
CallNextHookEx
SendMessageA
LoadStringW

advapi32

RegisterEventSourceA
RegisterTraceGuidsW
RegCloseKey
GetTraceEnableLevel
ReportEventA
DeregisterEventSource
TraceEvent
ControlTraceW
GetTraceEnableFlags
RegQueryValueExW
GetTraceLoggerHandle
UnregisterTraceGuids
RegOpenKeyExW

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

iphlpapi

GetAdaptersInfo

ws2_32

WSAStartup
gethostbyname
gethostname
inet_ntoa
WSACleanup

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

imm32

ImmAssociateContext

gdi32

SetBkMode
FillRgn
CreateRoundRectRgn
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
LineTo
MoveToEx
CreatePen
SetTextColor
SelectObject
CreateFontIndirectW
GetObjectW
GetStockObject
DeleteObject
CreateSolidBrush

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent

crypt32

CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam

gdiplus

GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromStream
GdipDisposeImage
GdipGetImageHeight
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipAlloc
GdipFree

Exports

Exports

NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown

Sections

.text
Size: 639KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/System32/SecEditCtlAdv.CMBC.x64.dll
.dll regsvr32 windows:5 windows x64 arch:x64

4d856c4a0d815abca4fd96e5bcdc311a

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

6b:c8:41:b2:4a:8f:e0:86:e9:f4:f0:52:24:18:23:39:72:96:85:a8
Signer

Actual PE Digest

6b:c8:41:b2:4a:8f:e0:86:e9:f4:f0:52:24:18:23:39:72:96:85:a8

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Builds\14\InformationSecurity\SecEditCtlAdv_CMBC\Binaries\x64\Release\SecEditCtlAdv.CMBC.x64.pdb

Imports

kernel32

GetStringTypeW
GetStringTypeA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
LoadLibraryA
SetConsoleCtrlHandler
HeapDestroy
HeapCreate
HeapSetInformation
GetModuleFileNameA
GetStdHandle
WriteFile
HeapSize
IsValidCodePage
GetOEMCP
GetACP
FlsAlloc
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
SetEnvironmentVariableA
GetVersion
GlobalMemoryStatus
GetVersionExW
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
SetEndOfFile
FreeLibrary
LocalAlloc
GetThreadLocale
SetThreadLocale
CreateThread
SignalObjectAndWait
MulDiv
CreateFileW
ReadFile
MultiByteToWideChar
WideCharToMultiByte
TerminateProcess
GetTickCount
WaitForSingleObject
SetLastError
CreateEventW
ResetEvent
SetEvent
Sleep
CloseHandle
GetModuleFileNameW
GetLocalTime
SystemTimeToFileTime
FindResourceW
SizeofResource
LoadResource
FreeResource
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
CopyFileW
GetCurrentProcess
SetFileAttributesW
GetSystemDirectoryW
DeleteFileW
GetLastError
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryW
GetProcAddress
FlsFree
FlsGetValue
DecodePointer
EncodePointer
GetSystemTimeAsFileTime
LCMapStringW
LCMapStringA
CompareStringW
LocalFree
GetCPInfo
CompareStringA
GetCommandLineA
FlsSetValue
ExitProcess
VirtualQuery
GetSystemInfo
VirtualProtect
HeapReAlloc
RtlCaptureContext
RtlVirtualUnwind
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwindEx
RtlLookupFunctionEntry
RtlPcToFileHeader
GetComputerNameW
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
GetProcessHeap
HeapAlloc
GetSystemDefaultLangID
LoadLibraryExW
DeviceIoControl
WaitForMultipleObjects
IsDebuggerPresent
lstrlenA
FlushInstructionCache
lstrcmpiW
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
DeleteCriticalSection
HeapFree
InterlockedPushEntrySList
InitializeCriticalSection
RaiseException

user32

SetRect
EqualRect
OffsetRect
DrawTextW
GetWindowLongW
SetWindowRgn
SetWindowLongW
SetWindowPos
IsWindow
DestroyWindow
CallWindowProcW
CharNextW
ShowWindow
KillTimer
SendMessageA
SendMessageW
UnregisterClassA
UnhookWindowsHookEx
GetClientRect
IntersectRect
GetKeyState
MapVirtualKeyW
IsWindowEnabled
MessageBoxW
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
UpdateWindow
InvalidateRect
SetCursor
LoadCursorW
PtInRect
ScreenToClient
GetCursorPos
SetFocus
SetTimer
SetWindowsHookExW
CallNextHookEx
LoadStringW
IsChild
UnionRect
CreateWindowExW
GetClassInfoExW
RegisterClassExW
GetWindowRect
PostMessageW
PostMessageA
EnableWindow
IsWindowVisible
BeginPaint
GetFocus
EndPaint
GetWindowLongPtrW
SetWindowLongPtrW
DefWindowProcW
GetDC
FillRect
ReleaseDC
GetSysColor
SetForegroundWindow

gdi32

MoveToEx
DeleteObject
RestoreDC
LineTo
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
CreateDCW
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
SelectObject
CloseMetaFile
DeleteMetaFile
SetTextAlign
TextOutW
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SetBkMode
BitBlt
CreateSolidBrush
CreateRoundRectRgn
FillRgn
GetStockObject
GetObjectW
CreateFontIndirectW
SetTextColor
CreateRectRgnIndirect
CreatePen
SetBkColor

advapi32

GetTraceEnableFlags
ReportEventW
DeregisterEventSource
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
RegisterEventSourceW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
ControlTraceW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
ControlService
StartServiceW
DeleteService
CreateServiceW
QueryServiceStatus
QueryServiceConfig2W
ChangeServiceConfigW
ChangeServiceConfig2W
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
TraceEvent

ole32

CoSetProxyBlanket
CoCreateInstance
CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
CoTaskMemRealloc
CoTaskMemFree
OleLoadFromStream
OleRegEnumVerbs
OleRegGetUserType
CreateDataAdviseHolder
CreateOleAdviseHolder
WriteClassStm
OleSaveToStream
OleRegGetMiscStatus

oleaut32

SysAllocString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
VariantChangeType
SysStringLen
LoadRegTypeLi
LoadTypeLi
OleCreatePropertyFrame
UnRegisterTypeLi
RegisterTypeLi
SysFreeString

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent

imm32

ImmAssociateContext

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertCloseStore
CryptMsgClose

iphlpapi

GetAdaptersInfo

gdiplus

GdiplusStartup
GdiplusShutdown
GdipDrawImageRectRectI
GdipCreateFromHDC
GdipGetImageHeight
GdipGetImageWidth
GdipDeleteGraphics
GdipCloneImage
GdipDisposeImage
GdipLoadImageFromStreamICM
GdipLoadImageFromStream
GdipAlloc
GdipFree

ws2_32

WSAStartup
gethostname
gethostbyname
inet_ntoa
WSACleanup

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 817KB - Virtual size: 817KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 257KB - Virtual size: 257KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 219KB - Virtual size: 237KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/System32/SecEditCtlAdv.CMBC.x86.dll
.dll regsvr32 windows:5 windows x86 arch:x86

8bda0a6e8c77369e9af345bc645cd738

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

21:07:6e:ec:3f:2f:3b:c2:17:23:9c:d0:a4:78:e6:b6:ff:4d:c1:e1
Signer

Actual PE Digest

21:07:6e:ec:3f:2f:3b:c2:17:23:9c:d0:a4:78:e6:b6:ff:4d:c1:e1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

C:\Builds\14\InformationSecurity\SecEditCtlAdv_CMBC\Binaries\x86\Release\SecEditCtlAdv.CMBC.x86.pdb

Imports

kernel32

EnumSystemLocalesA
GetUserDefaultLCID
GetStringTypeW
GetStringTypeA
GetLocaleInfoA
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetEnvironmentStrings
FreeEnvironmentStringsA
GetStartupInfoA
GetFileType
SetHandleCount
InitializeCriticalSectionAndSpinCount
SetConsoleCtrlHandler
GetModuleHandleA
GetModuleFileNameA
GetStdHandle
WriteFile
HeapDestroy
HeapCreate
HeapSize
IsValidCodePage
IsValidLocale
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
SetEnvironmentVariableA
GetVersion
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
SetEndOfFile
FreeLibrary
LocalAlloc
GetThreadLocale
SetThreadLocale
CreateThread
SignalObjectAndWait
MulDiv
GetSystemDefaultLangID
LoadLibraryExW
ReadFile
MultiByteToWideChar
WideCharToMultiByte
TerminateProcess
GetTickCount
WaitForSingleObject
SetLastError
CreateEventW
ResetEvent
SetEvent
Sleep
CloseHandle
GetModuleFileNameW
GetLocalTime
SystemTimeToFileTime
FindResourceW
SizeofResource
LoadResource
FreeResource
GlobalAlloc
GlobalUnlock
GlobalFree
GlobalLock
CopyFileW
GetCurrentProcess
SetFileAttributesW
GetSystemDirectoryW
DeleteFileW
GetLastError
InterlockedDecrement
GetCurrentThreadId
GetCurrentProcessId
LoadLibraryW
GetProcAddress
GetOEMCP
GetACP
TlsFree
TlsSetValue
TlsAlloc
TlsGetValue
GetSystemTimeAsFileTime
LocalFree
LCMapStringW
LCMapStringA
CompareStringW
GetCPInfo
CompareStringA
GetCommandLineA
ExitProcess
VirtualQuery
GetSystemInfo
VirtualProtect
HeapReAlloc
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlUnwind
GetComputerNameW
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
LoadLibraryA
HeapAlloc
GetProcessHeap
HeapFree
InterlockedCompareExchange
DeviceIoControl
WaitForMultipleObjects
IsDebuggerPresent
lstrlenA
FlushInstructionCache
lstrcmpiW
GetModuleHandleW
LeaveCriticalSection
EnterCriticalSection
lstrlenW
InterlockedIncrement
DeleteCriticalSection
InitializeCriticalSection
RaiseException
CreateFileW

user32

SetForegroundWindow
SetFocus
UnregisterClassA
GetClientRect
UnhookWindowsHookEx
SendMessageW
GetCursorPos
ScreenToClient
PtInRect
LoadCursorW
SetCursor
GetUserObjectInformationW
GetProcessWindowStation
GetDesktopWindow
MessageBoxA
InvalidateRect
UpdateWindow
IsWindowEnabled
MapVirtualKeyW
GetKeyState
SendMessageA
KillTimer
ShowWindow
CharNextW
CallWindowProcW
SetWindowLongW
GetWindowLongW
DestroyWindow
IsWindow
SetWindowPos
SetWindowRgn
OffsetRect
EqualRect
IntersectRect
DrawTextW
SetRect
SetTimer
SetWindowsHookExW
CallNextHookEx
IsChild
UnionRect
CreateWindowExW
GetClassInfoExW
RegisterClassExW
GetWindowRect
PostMessageW
PostMessageA
EnableWindow
IsWindowVisible
BeginPaint
GetFocus
EndPaint
DefWindowProcW
GetDC
FillRect
ReleaseDC
GetSysColor
LoadStringW

gdi32

MoveToEx
DeleteObject
CloseMetaFile
LineTo
LPtoDP
SetMapMode
SetViewportOrgEx
DeleteDC
CreateDCW
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
SelectObject
DeleteMetaFile
SetTextAlign
TextOutW
GetDeviceCaps
CreateCompatibleDC
CreateCompatibleBitmap
SetBkMode
BitBlt
CreateSolidBrush
CreateRoundRectRgn
FillRgn
GetStockObject
GetObjectW
CreateFontIndirectW
SetTextColor
CreateRectRgnIndirect
CreatePen
SetBkColor

advapi32

RegQueryValueExW
ReportEventA
DeregisterEventSource
RegEnumKeyExW
RegQueryInfoKeyW
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegDeleteKeyW
UnregisterTraceGuids
RegisterTraceGuidsW
GetTraceLoggerHandle
GetTraceEnableLevel
GetTraceEnableFlags
RegOpenKeyExW
RegisterEventSourceA
RegCloseKey
ControlTraceW
CryptAcquireContextW
CryptCreateHash
CryptHashData
CryptGetHashParam
CryptDestroyHash
CryptReleaseContext
ControlService
StartServiceW
DeleteService
CreateServiceW
QueryServiceStatus
QueryServiceConfig2W
ChangeServiceConfigW
ChangeServiceConfig2W
OpenSCManagerW
OpenServiceW
QueryServiceConfigW
CloseServiceHandle
TraceEvent

ole32

CreateStreamOnHGlobal
StringFromGUID2
CoTaskMemAlloc
CoSetProxyBlanket
CoTaskMemRealloc
CoTaskMemFree
OleLoadFromStream
OleRegGetUserType
OleRegGetMiscStatus
OleSaveToStream
WriteClassStm
CreateOleAdviseHolder
CoCreateInstance
CreateDataAdviseHolder
OleRegEnumVerbs

oleaut32

SysAllocString
SysFreeString
VariantInit
VariantClear
SysAllocStringByteLen
SysStringByteLen
VarUI4FromStr
VariantChangeType
SysStringLen
LoadRegTypeLi
LoadTypeLi
OleCreatePropertyFrame
UnRegisterTypeLi
RegisterTypeLi

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent

imm32

ImmAssociateContext

crypt32

CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam
CertFindCertificateInStore
CertCloseStore
CryptMsgClose

iphlpapi

GetAdaptersInfo

gdiplus

GdipFree
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipDisposeImage
GdipCloneImage
GdipDeleteGraphics
GdipGetImageWidth
GdipGetImageHeight
GdipCreateFromHDC
GdipDrawImageRectRectI
GdiplusShutdown
GdiplusStartup
GdipAlloc

ws2_32

inet_ntoa
WSACleanup
gethostname
gethostbyname
WSAStartup

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 695KB - Virtual size: 694KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 230KB - Virtual size: 230KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 31KB - Virtual size: 46KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 51KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/System32/kbdssvc.sys
.sys windows:6 windows x86 arch:x86

2874cab6c4e393f229e4aca1b128b8d4

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

9f:a7:b9:5d:c8:ed:b5:9b:35:db:73:d0:f0:48:27:94:01:b1:52:2d
Signer

Actual PE Digest

9f:a7:b9:5d:c8:ed:b5:9b:35:db:73:d0:f0:48:27:94:01:b1:52:2d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

memset
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

KeGetCurrentIrql
HalMakeBeep

Sections

.text
Size: - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 688B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 99KB - Virtual size: 99KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 236B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/System32/kbdssvc.x64.sys
.sys windows:6 windows x64 arch:x64

577deaff4d6dafa53a6aa01744f1d8cd

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

e1:df:20:53:b5:9f:cf:0f:49:52:0c:cc:a9:2d:17:80:e6:89:46:87
Signer

Actual PE Digest

e1:df:20:53:b5:9f:cf:0f:49:52:0c:cc:a9:2d:17:80:e6:89:46:87

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

KeSetEvent
IoAllocateMdl
MmProbeAndLockPages
MmMapLockedPagesSpecifyCache
MmUnlockPages
IoFreeMdl
ExAllocatePool
ExFreePool
NtQuerySystemInformation

hal

HalMakeBeep

Sections

.text
Size: - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: - Virtual size: 44KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp1
Size: 123KB - Virtual size: 123KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 892B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/System32/npSecEditCtlAdv.CMBC.x86.dll
.dll windows:5 windows x86 arch:x86

530f4a1d655c08bfbb8b53e2ae5c9b3e

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

20:8c:de:80:6c:af:02:3f:9b:12:3c:d8:de:b7:fa:88:e1:b6:80:a1
Signer

Actual PE Digest

20:8c:de:80:6c:af:02:3f:9b:12:3c:d8:de:b7:fa:88:e1:b6:80:a1

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Builds\8\InformationSecurity\npSecEditCtlAdv_CMBC\Binaries\npSecEditCtlAdv.CMBC.x86.pdb

Imports

kernel32

GetCurrentProcess
TerminateProcess
CreateEventW
GetSystemDefaultLangID
CreateThread
SignalObjectAndWait
SetEvent
ResetEvent
IsDebuggerPresent
GetModuleFileNameW
DeviceIoControl
WaitForMultipleObjects
GlobalAlloc
GlobalLock
GlobalUnlock
GlobalFree
FindResourceW
SizeofResource
LoadResource
FreeResource
GetLocalTime
SystemTimeToFileTime
GetCommandLineA
HeapAlloc
RtlUnwind
RaiseException
GetSystemTimeAsFileTime
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetModuleHandleW
ReadFile
ExitProcess
HeapReAlloc
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
HeapCreate
GetTickCount
VirtualFree
QueryPerformanceCounter
LeaveCriticalSection
EnterCriticalSection
VirtualAlloc
WriteFile
HeapSize
GetModuleHandleA
SetConsoleCtrlHandler
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
LCMapStringA
LCMapStringW
SetFilePointer
GetConsoleCP
GetConsoleMode
GetLocaleInfoW
GetLocaleInfoA
GetStringTypeA
GetStringTypeW
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
CreateFileA
CompareStringA
CompareStringW
SetEnvironmentVariableA
CreateFileW
GetComputerNameW
GetProcessHeap
HeapFree
WaitForSingleObject
InitializeCriticalSection
GetVersion
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
ReadConsoleInputA
SetConsoleMode
HeapDestroy
CloseHandle
SetEndOfFile
WideCharToMultiByte
lstrlenW
MultiByteToWideChar
lstrlenA
SetLastError
GetCurrentProcessId
GetCurrentThreadId
GetLastError
FreeLibrary
GetProcAddress
LoadLibraryW
LocalAlloc
InterlockedDecrement
Sleep
LocalFree

user32

LoadCursorW
SetCursor
PtInRect
ScreenToClient
GetCursorPos
SetWindowsHookExW
ReleaseDC
EndPaint
DrawTextW
IsWindowVisible
FillRect
GetFocus
IsWindowEnabled
UpdateWindow
BeginPaint
InvalidateRect
EnableWindow
SetWindowPos
KillTimer
UnhookWindowsHookEx
SendMessageW
PostMessageW
SetForegroundWindow
SetFocus
GetWindowLongW
DefWindowProcW
CallWindowProcW
GetDC
GetWindowRect
DestroyWindow
IsWindow
SetTimer
ShowWindow
CreateWindowExW
GetClientRect
SetWindowLongW
SetRect
GetSysColor
MessageBoxA
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MapVirtualKeyW
PostMessageA
GetKeyState
CallNextHookEx
SendMessageA
LoadStringW

advapi32

RegisterEventSourceA
RegisterTraceGuidsW
RegCloseKey
GetTraceEnableLevel
ReportEventA
DeregisterEventSource
TraceEvent
ControlTraceW
GetTraceEnableFlags
RegQueryValueExW
GetTraceLoggerHandle
UnregisterTraceGuids
RegOpenKeyExW

ole32

CreateStreamOnHGlobal
CoCreateInstance
CoSetProxyBlanket

oleaut32

VariantClear
VariantInit
SysAllocString
SysFreeString

iphlpapi

GetAdaptersInfo

ws2_32

WSAStartup
gethostbyname
gethostname
inet_ntoa
WSACleanup

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

imm32

ImmAssociateContext

gdi32

SetBkMode
FillRgn
CreateRoundRectRgn
BitBlt
CreateCompatibleBitmap
CreateCompatibleDC
LineTo
MoveToEx
CreatePen
SetTextColor
SelectObject
CreateFontIndirectW
GetObjectW
GetStockObject
DeleteObject
CreateSolidBrush

shlwapi

PathFileExistsW

comctl32

_TrackMouseEvent

crypt32

CertFindCertificateInStore
CertCloseStore
CryptMsgClose
CertGetCertificateChain
CertFreeCertificateChain
CertFreeCertificateContext
CryptQueryObject
CryptMsgGetParam

gdiplus

GdipGetImageWidth
GdipCloneImage
GdipLoadImageFromStream
GdipDisposeImage
GdipGetImageHeight
GdipDrawImageRectRectI
GdipDeleteGraphics
GdipCreateFromHDC
GdiplusShutdown
GdiplusStartup
GdipAlloc
GdipFree

Exports

Exports

NP_GetEntryPoints
NP_GetMIMEDescription
NP_Initialize
NP_Shutdown

Sections

.text
Size: 639KB - Virtual size: 638KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 213KB - Virtual size: 212KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 26KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe.nsis
$TEMP/民生银行密码控件IE版32位静默安装版.exe
.exe windows:4 windows x86 arch:x86

e160ef8e55bb9d162da4e266afd9eef3

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

25:0c:e8:e0:30:61:2e:9f:2b:89:f7:05:4d:7c:f8:fd
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

07/11/2021, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageNetscapeServerGatedCrypto

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:c1:71:19:42:f3:07:78:05:5a:15:59:74:e6:45:81
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

13/01/2015, 00:00

Not After

11/02/2017, 23:59

Subject

CN=北京微通新成网络科技有限公司,O=北京微通新成网络科技有限公司,L=BeiJing,ST=BeiJing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8e:40:69:c4:48:23:0e:ad:67:e6:df:29:51:01:34:e7:3c:d0:86:93
Signer

Actual PE Digest

8e:40:69:c4:48:23:0e:ad:67:e6:df:29:51:01:34:e7:3c:d0:86:93

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetTickCount
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
SearchPathA
GetShortPathNameA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetEnvironmentVariableA
GetWindowsDirectoryA
GetTempPathA
Sleep
CloseHandle
LoadLibraryA
lstrlenA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
ReadFile
lstrcpyA
lstrcatA
GetSystemDirectoryA
GetVersion
GetProcAddress
GlobalAlloc
CompareFileTime
SetFileTime
ExpandEnvironmentStringsA
lstrcmpiA
lstrcmpA
WaitForSingleObject
GlobalFree
GetExitCodeProcess
GetModuleHandleA
SetErrorMode
GetCommandLineA
LoadLibraryExA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
WriteFile
FindClose
WritePrivateProfileStringA
MultiByteToWideChar
MulDiv
GetPrivateProfileStringA
FreeLibrary

user32

CreateWindowExA
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
GetDC
SystemParametersInfoA
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
DestroyWindow
CreateDialogParamA
SetTimer
GetDlgItem
wsprintfA
SetForegroundWindow
ShowWindow
IsWindow
LoadImageA
SetWindowLongA
SetClipboardData
EmptyClipboard
OpenClipboard
EndPaint
PostQuitMessage
FindWindowExA
SendMessageTimeoutA
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA

advapi32

RegCloseKey
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegEnumValueA
RegCreateKeyExA
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

CoCreateInstance
CoTaskMemFree
OleInitialize
OleUninitialize

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 105KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/MessageBox.dll
.dll windows:4 windows x86 arch:x86

c3f3267799760b39c4e2763e70fc3909

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrlenA
GetCurrentThreadId
lstrcpyA
GlobalAlloc
LoadLibraryA
FreeLibrary
lstrcpynA
lstrcmpA
GlobalFree

user32

FindWindowA
SetWindowPos
ReleaseDC
MapWindowPoints
GetWindowRect
GetDlgItem
ScreenToClient
SystemParametersInfoA
UnhookWindowsHookEx
GetDC
CallNextHookEx
wsprintfA
MessageBoxIndirectA
SetWindowsHookExA
GetWindowTextA
SendMessageA
CallWindowProcA
SetWindowLongA
SetWindowTextA

gdi32

GetTextExtentPointA
GetTextMetricsA
SelectObject

Exports

Exports

show

Sections

.rdata
Size: 1024B - Virtual size: 998B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 444B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 835B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 582B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

38e7b5c3ee58b43a91f9679e94aabd09

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesA
lstrcpyA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
lstrcmpiA
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
SetCurrentDirectoryA
HeapAlloc

user32

DestroyWindow
CallWindowProcA
SetCursor
GetPropA
CharPrevA
MapWindowPoints
DrawFocusRect
GetWindowLongA
GetClientRect
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapDialogRect
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
CharNextA
SendMessageA
LoadCursorA
RemovePropA
DrawTextA

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 616B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CMBCEdit.dll
.dll regsvr32 windows:5 windows x86 arch:x86

0379b2ddbace31c8cc35849f4abbfbfc

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

66:1d:cb:20:0f:bf:32:18:3b:41:6e:48:43:43:d4:d2:6e:1a:3c:4f
Signer

Actual PE Digest

66:1d:cb:20:0f:bf:32:18:3b:41:6e:48:43:43:d4:d2:6e:1a:3c:4f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\Work\passguard_oder\CMBCEdit\Release\CMBCEdit.pdb

Imports

kernel32

GetProcAddress
GetLastError
LeaveCriticalSection
EnterCriticalSection
RaiseException
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableA
CompareStringW
IsValidLocale
EnumSystemLocalesA
GetLocaleInfoA
GetUserDefaultLCID
SetFilePointer
SetStdHandle
FlushFileBuffers
GetConsoleCP
ReadFile
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
GetStartupInfoW
SetHandleCount
LCMapStringW
GetLocaleInfoW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetACP
GetCPInfo
HeapDestroy
HeapCreate
HeapSize
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
TlsFree
TlsSetValue
TlsGetValue
TlsAlloc
FlushConsoleInputBuffer
GetConsoleMode
SetConsoleMode
ReadConsoleInputA
InterlockedExchange
SetConsoleCtrlHandler
ExitProcess
GetCommandLineA
CreateThread
ExitThread
VirtualQuery
GetVersionExA
LoadLibraryA
GlobalMemoryStatus
QueryPerformanceCounter
GetStdHandle
GetFileType
GetModuleHandleA
LoadLibraryW
LocalAlloc
LocalFree
GetVersion
CreateFileW
WriteFile
GetSystemDirectoryW
GetVersionExW
SetPriorityClass
DeviceIoControl
CreateFileA
WaitForSingleObject
GlobalAlloc
GlobalLock
GlobalUnlock
MulDiv
InitializeCriticalSection
OutputDebugStringW
DebugBreak
lstrlenA
SetLastError
lstrcpyW
TerminateThread
GetCurrentProcessId
OpenProcess
CloseHandle
Sleep
InterlockedDecrement
GetCurrentThreadId
GetTickCount
GetCurrentProcess
FlushInstructionCache
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
WideCharToMultiByte
GetThreadLocale
SetThreadLocale
LoadLibraryExW
FindResourceW
LoadResource
SizeofResource
MultiByteToWideChar
FreeLibrary
GetModuleFileNameW
lstrcmpiW
GetModuleHandleW
GetSystemInfo
VirtualProtect
HeapReAlloc
GetSystemTimeAsFileTime
DecodePointer
EncodePointer
RtlUnwind
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
IsProcessorFeaturePresent
HeapAlloc
GetProcessHeap
HeapFree
InterlockedPushEntrySList
InterlockedCompareExchange
InterlockedIncrement
lstrlenW

user32

SetWindowLongW
MoveWindow
GetClientRect
GetKeyState
SetFocus
SetCursor
LoadCursorW
GetWindowRect
SetWindowLongA
IsWindowEnabled
DrawEdge
GetCapture
DrawFocusRect
InflateRect
GetMenu
SystemParametersInfoW
GetDlgItem
CreateDialogParamW
AdjustWindowRectEx
ReleaseCapture
GetSystemMetrics
CharNextW
SetCapture
GetDesktopWindow
GetProcessWindowStation
GetUserObjectInformationW
MessageBoxA
keybd_event
LoadBitmapW
GetKeyboardState
ToAscii
UpdateWindow
InvalidateRect
IsWindow
GetParent
GetFocus
CreateWindowExW
EndPaint
IntersectRect
EqualRect
SetWindowRgn
UnionRect
PtInRect
IsChild
ShowWindow
BeginPaint
GetClassInfoExW
RegisterClassExW
FillRect
GetSysColorBrush
GetWindowDC
DestroyWindow
DefWindowProcW
SetWindowsHookExW
UnhookWindowsHookEx
DrawTextW
OffsetRect
SetRectEmpty
LoadStringW
MessageBoxW
wvsprintfW
CallWindowProcW
KillTimer
SetTimer
ReleaseDC
GetDC
ClientToScreen
SetWindowPos
SendMessageW
SetWindowTextW
GetWindowLongW
GetWindowThreadProcessId
CallNextHookEx
UnregisterClassA
GetDlgCtrlID

gdi32

DeleteMetaFile
CreateCompatibleDC
BitBlt
LPtoDP
SetMapMode
SetViewportOrgEx
CreateDCW
CreateMetaFileW
SaveDC
SetWindowOrgEx
SetWindowExtEx
RestoreDC
CloseMetaFile
CombineRgn
CreateRectRgnIndirect
SetTextAlign
TextOutW
GetDeviceCaps
CreateFontIndirectW
SetTextColor
SetBkMode
SetBkColor
CreateSolidBrush
DeleteDC
SelectObject
DeleteObject
GetObjectW
GetStockObject
GetPixel
CreateRectRgn

advapi32

RegQueryInfoKeyW
RegCreateKeyExW
RegDeleteKeyW
RegDeleteValueW
RegCloseKey
RegSetValueExW
RegisterEventSourceA
ReportEventA
DeregisterEventSource
RegEnumKeyW
RegQueryValueExW
ControlService
StartServiceW
QueryServiceStatus
DeleteService
CloseServiceHandle
OpenSCManagerW
CreateServiceW
OpenServiceW
QueryServiceConfigW
ChangeServiceConfigW
RegEnumKeyExW
RegOpenKeyExW

shell32

ShellExecuteExW

ole32

WriteClassStm
CreateOleAdviseHolder
ReadClassStm
CreateDataAdviseHolder
OleRegGetMiscStatus
OleRegGetUserType
OleRegEnumVerbs
StringFromGUID2
CoCreateInstance
CoTaskMemFree
CoTaskMemRealloc
OleSaveToStream
CoTaskMemAlloc

oleaut32

LoadTypeLi
UnRegisterTypeLi
RegisterTypeLi
VarUI4FromStr
VariantInit
VariantClear
VariantCopy
OleTranslateColor
SysAllocStringByteLen
SysStringByteLen
VariantChangeType
LoadRegTypeLi
OleCreatePropertyFrame
SysAllocString
SysStringLen
SysFreeString

shlwapi

StrCmpIW
PathFileExistsW

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

iphlpapi

GetAdaptersInfo

psapi

GetModuleFileNameExW

comctl32

ImageList_Destroy
_TrackMouseEvent
ImageList_GetIconSize
ImageList_LoadImageW
ImageList_Draw

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 589KB - Virtual size: 589KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 187KB - Virtual size: 187KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 19KB - Virtual size: 39KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.SHARED
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.vmp0
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.reloc
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 109KB - Virtual size: 109KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
CMBCEditWin7ins.exe
.exe windows:5 windows x86 arch:x86

7adcf63c79cda4e5fc23046a83ef6d50

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/11/2006, 00:00

Not After

16/07/2036, 23:59

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

74:46:c6:72:67:57:8a:32:19:87:60:d0:72:28:60:f3
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

27/12/2013, 00:00

Not After

24/02/2017, 23:59

Subject

CN=China Financial Certification Authority Co.Ltd,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=IT Department,O=China Financial Certification Authority Co.Ltd,L=Beijing,ST=Bejing,C=CN

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

00:0f:00:6d:47:fb:62:81:fb:df:f2:55:53:2a:85:40:32:a6:37:7f
Signer

Actual PE Digest

00:0f:00:6d:47:fb:62:81:fb:df:f2:55:53:2a:85:40:32:a6:37:7f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\Work\PassGuard\PassGuard_IE\PassGuard_general\Release\passguardwin7ins.pdb

Imports

kernel32

GetCurrentProcess
GetModuleHandleW
WriteFile
GetSystemDirectoryW
LoadResource
GetProcAddress
LockResource
FindResourceW
FreeResource
LocalFree
GetVersion
CloseHandle
DeviceIoControl
LocalAlloc
GetLastError
CreateFileW
SizeofResource
Sleep
FlushFileBuffers
EncodePointer
DecodePointer
GetCommandLineW
HeapSetInformation
HeapFree
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
HeapSize
ExitProcess
GetStdHandle
GetModuleFileNameW
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
InterlockedDecrement
HeapCreate
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
SetFilePointer
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
EnterCriticalSection
LeaveCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
MultiByteToWideChar
RtlUnwind
HeapAlloc
HeapReAlloc
LoadLibraryW
SetStdHandle
WriteConsoleW
LCMapStringW
GetStringTypeW
IsProcessorFeaturePresent

user32

MessageBoxW

advapi32

ControlService
ChangeServiceConfigW
QueryServiceStatus
StartServiceW
OpenServiceW
OpenSCManagerW
DeleteService
CloseServiceHandle
CreateServiceW
QueryServiceConfigW

Sections

.text
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 464KB - Virtual size: 464KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
uninst.exe.nsis
uninst.exe.nsis

Sharing

General

Malware Config

Signatures

Files

bf95d1fc1d10de18b32654b123ad5e1f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate

Key Usages

6b:93:d3:d5:f1:79:42:ba:a4:fc:27:1c:09:f7:41:ddCertificate

Extended Key Usages

Key Usages

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2aCertificate

Extended Key Usages

Key Usages

6c:ec:e6:38:c5:36:7a:a1:34:98:24:f2:03:73:70:a1:a0:25:70:c2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 26KB - Virtual size: 25KB

.rdata Size: 6KB - Virtual size: 6KB

.data Size: 512B - Virtual size: 452KB

.ndata Size: - Virtual size: 868KB

.rsrc Size: 30KB - Virtual size: 30KB

e981c0ab92cb1f191bb5e23392e14796

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 2KB - Virtual size: 1KB

.rdata Size: 1024B - Virtual size: 729B

.data Size: - Virtual size: 6KB

.rsrc Size: 512B - Virtual size: 352B

.reloc Size: 512B - Virtual size: 350B

039bcbc605477e8e87ec550c2e60e748

Headers

File Characteristics

Imports

kernel32

user32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 1024B - Virtual size: 963B

.data Size: 512B - Virtual size: 64B

.reloc Size: 1024B - Virtual size: 588B

48e661ef1036eb9efac90dcd5001cc60

Code Sign

04:00:00:00:00:01:15:4b:5a:c3:94Certificate

Key Usages

04:00:00:00:00:01:2f:4e:e1:35:5cCertificate

Extended Key Usages

Key Usages

11:21:ab:25:0c:db:60:32:64:57:1a:9c:bc:ca:a9:74:5e:5dCertificate

Extended Key Usages

Key Usages

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4a
Certificate

6b:93:d3:d5:f1:79:42:ba:a4:fc:27:1c:09:f7:41:dd
Certificate

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

6c:ec:e6:38:c5:36:7a:a1:34:98:24:f2:03:73:70:a1:a0:25:70:c2
Signer

.text
Size: 26KB - Virtual size: 25KB

.rdata
Size: 6KB - Virtual size: 6KB

.data
Size: 512B - Virtual size: 452KB

.ndata
Size: - Virtual size: 868KB

.rsrc
Size: 30KB - Virtual size: 30KB

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 729B

.data
Size: - Virtual size: 6KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 350B

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 963B

.data
Size: 512B - Virtual size: 64B

.reloc
Size: 1024B - Virtual size: 588B

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:ab:25:0c:db:60:32:64:57:1a:9c:bc:ca:a9:74:5e:5d
Certificate

9e:12:c5:1c:fc:57:c0:48:b5:9a:c1:d2:5b:1e:e3:c5:38:12:60:e2
Signer

.text
Size: 68KB - Virtual size: 65KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 20KB - Virtual size: 25KB

.rsrc
Size: 4KB - Virtual size: 920B

.reloc
Size: 8KB - Virtual size: 4KB

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:ab:25:0c:db:60:32:64:57:1a:9c:bc:ca:a9:74:5e:5d
Certificate

bd:37:d2:a6:64:3a:d7:ef:51:21:fd:55:87:86:ab:87:43:bc:28:d8
Signer

.text
Size: 12KB - Virtual size: 8KB

.rdata
Size: 8KB - Virtual size: 6KB

.data
Size: 4KB - Virtual size: 6KB

.rsrc
Size: 8KB - Virtual size: 4KB

.reloc
Size: 4KB - Virtual size: 2KB

04:00:00:00:00:01:15:4b:5a:c3:94
Certificate

04:00:00:00:00:01:2f:4e:e1:35:5c
Certificate

11:21:ab:25:0c:db:60:32:64:57:1a:9c:bc:ca:a9:74:5e:5d
Certificate

cf:65:28:5b:b4:7e:4b:e6:27:78:82:91:29:57:b2:be:b5:b7:7b:32
Signer

.text
Size: 64KB - Virtual size: 62KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 16KB - Virtual size: 32KB

.rsrc
Size: 4KB - Virtual size: 960B

.reloc
Size: 8KB - Virtual size: 4KB