HWID_Reset_Tools_1[.]zip

Sharing

Copy URL Twitter E-mail

General

Target

HWID_Reset_Tools_1.zip
Size

13.7MB
MD5

1069f31d376d657e1cdc16bd5222082b
SHA1

6213c2a30c313780aa4bfdc7dece3a4f9a551f38
SHA256

eb5c1c606800a50e2bf0204b92c7fccc47e42ab140d817e3d9938171aebc3b12
SHA512

869da0c395198133cbb24b03ffa583fc77bd3af7c8d302c61df4c2886538fb662b0efada2ba0dfbdf3defbe3c1e0a3df42f9dd4310bb88e568e4a0663a134de0
SSDEEP

393216:sTCMs7ow+8YFQbTfCDaKg955uK4mcU4moDWjtKg6E:gCMs7S9Ob7Rv5LUUHR

Score

4^/10

pdf link

Malware Config

Signatures

HTTP links in PDF interactive object 1 IoCs

Detects HTTP links in interactive objects within PDF files.

pdf link

resource	yara_rule
static1/unpack001/HWID_Reset_Tools_1/RevoUninstall/Revo Uninstaller Help.pdf	pdf_with_link_action

One or more HTTP URLs in PDF identified
Detects presence of HTTP links in PDF files.
pdf link

Unsigned PE 6 IoCs

Checks for missing Authenticode signature.

resource
unpack001/HWID_Reset_Tools_1/GRINX64v2/AMIDEWIN.EXE
unpack001/HWID_Reset_Tools_1/GRINX64v2/AMIDEWINx64.EXE
unpack001/HWID_Reset_Tools_1/GRINX64v2/DMIEDIT.EXE
unpack001/HWID_Reset_Tools_1/GRINX64v2/UCOREDLL.DLL
unpack001/HWID_Reset_Tools_1/HardDisk.exe
unpack001/HWID_Reset_Tools_1/MacSetup.exe

Files

HWID_Reset_Tools_1.zip
.zip
HWID_Reset_Tools_1/GRINX64v2/AMIDEWIN.EXE
.exe windows:4 windows x86 arch:x86

e4bef79f59242df9daf28c2c8193c40e

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

GetCurrentDirectoryA
SetFileAttributesA
GetFileAttributesA
GetSystemDirectoryA
CopyFileA
GetCurrentProcess
GetTimeZoneInformation
CreateProcessA
WaitForSingleObject
Sleep
GetVersionExA
DeviceIoControl
GetLastError
SetFilePointer
WriteFile
ReadFile
CreateFileA
SetProcessAffinityMask
CloseHandle
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
ExitProcess
TerminateProcess
DeleteFileA
GetCommandLineA
GetVersion
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
GetModuleHandleA
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
FlushFileBuffers
GetProcAddress
GetFullPathNameA
UnhandledExceptionFilter
FreeEnvironmentStringsA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStrings
GetEnvironmentStringsW
RtlUnwind
SetStdHandle
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetDriveTypeA
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
SetEndOfFile
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA
ReadConsoleInputA
SetConsoleMode
GetConsoleMode

user32

wsprintfA

advapi32

StartServiceA
OpenServiceA
DeleteService
CreateServiceA
OpenSCManagerA
CloseServiceHandle
ControlService

Sections

.text
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 40KB - Virtual size: 45KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HWID_Reset_Tools_1/GRINX64v2/AMIDEWINx64.EXE
.exe windows:6 windows x64 arch:x64

ed928bd060b03bab412d37a11b9d26a0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

kernel32

ReadConsoleInputA
SetConsoleMode
GetCommandLineA
QueryPerformanceCounter
GetCurrentProcessId
GetFullPathNameA
CloseHandle
Sleep
GetCurrentProcess
GetSystemDirectoryA
GetWindowsDirectoryA
CreateFileA
DeviceIoControl
GetModuleFileNameA
GetModuleHandleA
GetCurrentDirectoryA
DeleteFileA
GetLastError
CreateMutexA
SetThreadExecutionState
SetConsoleCtrlHandler
ReadFile
WriteFile
CreateNamedPipeA
CreateThread
LocalFree
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
GetSystemTimeAsFileTime
GetTimeZoneInformation
ExitProcess
GetModuleHandleExW
AreFileApisANSI
MultiByteToWideChar
WideCharToMultiByte
HeapFree
RtlLookupFunctionEntry
RtlUnwindEx
HeapAlloc
RtlPcToFileHeader
RaiseException
GetEnvironmentStringsW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
SetLastError
GetCurrentThreadId
DeleteCriticalSection
FlushFileBuffers
GetConsoleCP
GetConsoleMode
IsDebuggerPresent
IsProcessorFeaturePresent
GetStdHandle
GetFileType
GetStartupInfoW
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
InitializeCriticalSectionAndSpinCount
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetModuleHandleW
GetModuleFileNameW
LoadLibraryExW
GetProcessHeap
ReadConsoleW
SetFilePointerEx
HeapReAlloc
GetStringTypeW
CompareStringW
LCMapStringW
SetStdHandle
WriteConsoleW
OutputDebugStringW
CreateFileW
SetEnvironmentVariableA
SetEndOfFile
GetVersionExA
LoadLibraryA
GetProcAddress
HeapSize
FreeLibrary
FreeEnvironmentStringsW

shell32

ShellExecuteA

user32

DefWindowProcA
DispatchMessageA
TranslateMessage
GetMessageA
RegisterClassExA
MessageBoxA
BlockInput
SystemParametersInfoA
ExitWindowsEx
CreateWindowExA
wsprintfA

advapi32

ControlService
RegOpenKeyExA
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
CloseServiceHandle
CreateServiceA
DeleteService
OpenSCManagerA
OpenServiceA
StartServiceA

Sections

.text
Size: 240KB - Virtual size: 239KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 114KB - Virtual size: 114KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 78KB - Virtual size: 116KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HWID_Reset_Tools_1/GRINX64v2/DMI16.EXE
HWID_Reset_Tools_1/GRINX64v2/DMIEDIT.EXE
.exe windows:6 windows x64 arch:x64

9bbd972bee7030506f62236dff565e85

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

user32

LoadCursorW
LoadCursorA
MapVirtualKeyA
GetKeyNameTextA
IsDialogMessageA
SetWindowTextA
CheckDlgButton
SetDlgItemTextA
MoveWindow
GetMonitorInfoA
MonitorFromWindow
GetScrollInfo
SetScrollInfo
LoadIconA
GetTopWindow
GetClassLongPtrA
GetClassLongA
SetWindowLongPtrA
GetWindowLongPtrA
MapWindowPoints
AdjustWindowRectEx
GetWindowTextLengthA
GetWindowTextA
RemovePropA
GetPropA
SetPropA
ShowScrollBar
GetScrollRange
SetScrollRange
GetScrollPos
SetScrollPos
ScrollWindow
SetForegroundWindow
GetForegroundWindow
TrackPopupMenu
SetWindowPlacement
GetWindowPlacement
IsChild
CreateWindowExA
GetClassInfoExA
RegisterClassA
CallWindowProcA
DefWindowProcA
GetMessageTime
GetMessagePos
RegisterWindowMessageA
UnhookWindowsHookEx
DestroyCursor
EndDialog
CreateDialogIndirectParamA
DestroyWindow
CallNextHookEx
SetWindowsHookExA
ValidateRect
DispatchMessageA
TranslateMessage
GetMessageA
ClientToScreen
EndPaint
BeginPaint
GetWindowDC
ReuseDDElParam
UnpackDDElParam
WinHelpA
LoadImageA
LoadIconW
GetWindow
IntersectRect
SetRectEmpty
SetActiveWindow
InsertMenuItemA
DestroyMenu
SetMenu
GetMenu
LoadMenuA
TranslateAcceleratorA
LoadAcceleratorsA
GetCapture
GetActiveWindow
SetFocus
GetDlgCtrlID
LockWindowUpdate
IsIconic
IsWindowVisible
GetNextDlgGroupItem
DrawFocusRect
GetIconInfo
ShowWindow
GetClassInfoA
EnableWindow
UpdateWindow
ReleaseCapture
IsWindow
GetSysColor
SetCursorPos
SetTimer
KillTimer
DrawIcon
SetWindowRgn
IsRectEmpty
GetSystemMenu
SetParent
IsZoomed
RealChildWindowFromPoint
LoadAcceleratorsW
GetDCEx
LoadMenuW
CopyImage
SendDlgItemMessageA
ShowOwnedPopups
WindowFromPoint
ScreenToClient
GetCursorPos
SetWindowPos
SetMenuItemInfoA
UnionRect
GetTabbedTextExtentW
PostThreadMessageA
CopyAcceleratorTableA
GetNextDlgTabItem
RedrawWindow
ReleaseDC
PeekMessageA
InvalidateRect
SetWindowLongA
InflateRect
GetDC
PtInRect
SendMessageA
GetClientRect
MessageBeep
GetParent
SetCapture
PostQuitMessage
GetWindowRect
SetCursor
IsMenu
CopyRect
ModifyMenuA
DestroyIcon
InsertMenuA
UnregisterClassA
GetSystemMetrics
SystemParametersInfoA
RemoveMenu
GetMenuItemCount
AppendMenuA
LoadBitmapW
GetSysColorBrush
CreatePopupMenu
GetMenuItemInfoA
GetDesktopWindow
TabbedTextOutA
GetMenuState
SetRect
DrawTextExA
DrawEdge
GrayStringA
CreateMenu
DeleteMenu
DrawIconEx
GetSubMenu
DrawTextA
GetMenuItemID
FillRect
GetWindowLongA
OffsetRect
CharUpperA
GetFocus
GetKeyState
EndDeferWindowPos
BeginDeferWindowPos
DeferWindowPos
EqualRect
GetDlgItem
GetClassNameA
OpenClipboard
PostMessageA
CloseClipboard
IsWindowEnabled
MessageBoxA
GetWindowThreadProcessId
GetLastActivePopup
GetMenuStringA
wsprintfA
RegisterClassExA
BlockInput
ExitWindowsEx
CheckMenuItem
EnableMenuItem
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetAsyncKeyState
EnableScrollBar
HideCaret
InvertRect
NotifyWinEvent
GetMenuDefaultItem
WaitMessage
IsClipboardFormatAvailable
SetLayeredWindowAttributes
EnumDisplayMonitors
SetClipboardData
EmptyClipboard
DrawStateA
LoadImageW
DrawFrameControl
UpdateLayeredWindow
MonitorFromPoint
TrackMouseEvent
GetComboBoxInfo
GetKeyboardLayout
IsCharLowerA
MapVirtualKeyExA
RegisterClipboardFormatA
GetKeyboardState
ToAsciiEx
CreateAcceleratorTableA
DestroyAcceleratorTable
SetClassLongPtrA
GetDoubleClickTime
CopyIcon
SetMenuDefaultItem
CharUpperBuffA
FrameRect
DrawMenuBar
DefFrameProcA
DefMDIChildProcA
TranslateMDISysAccel
GetUpdateRect
SubtractRect
MapDialogRect
GetWindowRgn
BringWindowToTop

kernel32

SetThreadExecutionState
SetConsoleCtrlHandler
DeviceIoControl
CreateNamedPipeA
CreateThread
GetSystemTimeAsFileTime
GetTimeZoneInformation
ExitProcess
AreFileApisANSI
GetCommandLineA
RtlLookupFunctionEntry
RtlUnwindEx
RtlPcToFileHeader
GetSystemInfo
VirtualAlloc
VirtualQuery
ExitThread
IsDebuggerPresent
IsProcessorFeaturePresent
HeapQueryInformation
SetStdHandle
GetFileType
IsValidCodePage
GetConsoleCP
GetConsoleMode
GetStdHandle
GetSystemDirectoryA
RtlCaptureContext
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
SetConsoleMode
SetFilePointerEx
QueryPerformanceCounter
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetStringTypeW
ReadConsoleW
LCMapStringW
IsValidLocale
EnumSystemLocalesW
WriteConsoleW
OutputDebugStringW
CreateFileW
SetEnvironmentVariableA
ReadConsoleInputA
GetStartupInfoW
FindResourceExW
FreeLibrary
GetProcAddress
LoadLibraryA
GetVersionExA
HeapReAlloc
HeapAlloc
HeapFree
GetProcessHeap
InitializeCriticalSectionEx
RaiseException
GetLastError
HeapSize
DecodePointer
GetModuleHandleA
DeleteCriticalSection
lstrlenA
FindResourceW
LoadResource
WideCharToMultiByte
SizeofResource
lstrcatA
LockResource
CreateMutexA
WinExec
lstrcpyA
WaitForSingleObject
CloseHandle
GetCurrentDirectoryA
FindResourceA
GetCPInfo
MultiByteToWideChar
lstrcmpiA
GetVersion
FreeResource
GlobalLock
GlobalUnlock
GetCurrentProcessId
GetModuleFileNameA
SetLastError
GlobalAlloc
GlobalSize
GlobalFree
LocalFree
MulDiv
FormatMessageA
CopyFileA
GetCurrentThread
GetCurrentThreadId
LoadLibraryExW
GlobalDeleteAtom
lstrcmpA
CompareStringA
GetModuleHandleW
GetPrivateProfileIntA
GetPrivateProfileStringA
WritePrivateProfileStringA
OutputDebugStringA
GetModuleFileNameW
GetModuleHandleExW
LoadLibraryW
CreateActCtxW
ActivateActCtx
DeactivateActCtx
FindActCtxSectionStringW
QueryActCtxW
GlobalAddAtomA
GlobalGetAtomNameA
SetEvent
CreateEventA
SetThreadPriority
SuspendThread
ResumeThread
EncodePointer
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSectionAndSpinCount
GetSystemDirectoryW
lstrcmpW
GlobalFindAtomA
GetDiskFreeSpaceA
GetFileAttributesA
GetFileTime
GetFullPathNameA
SetFileTime
GetTempFileNameA
ReplaceFileA
SystemTimeToFileTime
GetUserDefaultLCID
CreateFileA
DeleteFileA
FindClose
FindFirstFileA
FlushFileBuffers
GetFileSize
LockFile
ReadFile
SetEndOfFile
SetFilePointer
UnlockFile
WriteFile
DuplicateHandle
GetCurrentProcess
LoadLibraryExA
GetShortPathNameA
MoveFileA
GetVolumeInformationA
GetThreadLocale
GetStringTypeExA
SetErrorMode
FileTimeToSystemTime
InitializeCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GlobalReAlloc
GlobalHandle
LocalAlloc
LocalReAlloc
GlobalFlags
CompareStringW
GetLocaleInfoW
GetSystemDefaultUILanguage
GetUserDefaultUILanguage
GetACP
GetOEMCP
FileTimeToLocalFileTime
GetFileAttributesExA
GetFileSizeEx
LocalFileTimeToFileTime
GetWindowsDirectoryA
VerSetConditionMask
VerifyVersionInfoA
GetTickCount
GetProfileIntA
GetTempPathA
Sleep
SearchPathA
VirtualProtect

advapi32

RegOpenKeyExA
RegQueryValueA
RegCloseKey
RegQueryValueExA
StartServiceA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
ControlService
CloseServiceHandle
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
RegSetValueA
RegCreateKeyExA
RegDeleteKeyA
RegDeleteValueA
RegSetValueExA
RegEnumKeyA
SetFileSecurityA
GetFileSecurityA
RegOpenKeyExW
RegEnumValueA
RegEnumKeyExA

gdi32

CreatePen
Escape
PtVisible
Ellipse
Rectangle
CreateCompatibleBitmap
GetPixel
SelectObject
DeleteObject
SetPixel
GetDeviceCaps
CreateDIBSection
DeleteDC
GetBkMode
CreateHatchBrush
PatBlt
GetTextExtentPoint32W
BitBlt
GetCurrentObject
CopyMetaFileA
CreateDCA
CreateBitmap
CreatePatternBrush
CreateRectRgn
ExcludeClipRect
GetClipBox
GetCurrentPositionEx
GetObjectType
GetViewportExtEx
GetWindowExtEx
IntersectClipRect
LineTo
RestoreDC
SaveDC
SelectClipRgn
ExtTextOutA
CreateSolidBrush
TextOutA
GetTextExtentPoint32A
CreateFontA
CreateFontIndirectA
GetObjectA
GetStockObject
CreateCompatibleDC
GetBoundsRect
FillRgn
SetPaletteEntries
ExtFloodFill
SetPixelV
PtInRegion
FrameRgn
RoundRect
CreateRoundRectRgn
OffsetRgn
GetRgnBox
EnumFontFamiliesExA
Polyline
Polygon
CreatePolygonRgn
SetDIBColorTable
StretchBlt
GetTextCharsetInfo
EnumFontFamiliesA
CreateDIBitmap
RealizePalette
GetSystemPaletteEntries
GetPaletteEntries
GetNearestPaletteIndex
CreatePalette
GetTextFaceA
GetWindowOrgEx
GetTextExtentPointA
GetTextColor
GetTextAlign
GetStretchBltMode
GetPolyFillMode
GetNearestColor
GetROP2
GetBkColor
SetRectRgn
CombineRgn
StretchDIBits
GetCharWidthA
GetTextMetricsA
LPtoDP
CreateEllipticRgn
SetAbortProc
AbortDoc
EndPage
StartPage
EndDoc
DPtoLP
GetViewportOrgEx
CreateRectRgnIndirect
ScaleWindowExtEx
ScaleViewportExtEx
OffsetWindowOrgEx
OffsetViewportOrgEx
SetWindowOrgEx
SetWindowExtEx
SetViewportOrgEx
SetViewportExtEx
MoveToEx
StartDocA
SetTextAlign
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
GetLayout
SetLayout
SetMapMode
SetBkMode
SetBkColor
SelectPalette
ExtSelectClipRgn
RectVisible

msimg32

AlphaBlend
TransparentBlt

comdlg32

GetSaveFileNameA

winspool.drv

OpenPrinterA
GetJobA
ClosePrinter
DocumentPropertiesA

shell32

SHAppBarMessage
DragQueryFileA
DragFinish
SHGetFileInfoA
ExtractIconA
SHGetPathFromIDListA
SHGetSpecialFolderLocation
SHBrowseForFolderA
SHGetDesktopFolder
ShellExecuteA

comctl32

ImageList_Draw
ImageList_GetIcon
ImageList_GetImageCount

shlwapi

PathIsUNCA
PathStripToRootA
PathRemoveFileSpecW
StrFormatKBSizeA
PathFindFileNameA
PathFindExtensionA

uxtheme

GetThemeColor
GetWindowTheme
DrawThemeBackground
IsThemeBackgroundPartiallyTransparent
DrawThemeParentBackground
DrawThemeText
OpenThemeData
CloseThemeData
GetThemePartSize
IsAppThemed
GetThemeSysColor
GetCurrentThemeName

ole32

OleGetClipboard
CoLockObjectExternal
OleLockRunning
CreateStreamOnHGlobal
CoInitializeEx
IsAccelerator
OleTranslateAccelerator
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CoDisconnectObject
CoInitialize
CoCreateInstance
CoCreateGuid
CoUninitialize
ReleaseStgMedium
OleDuplicateData
CoTaskMemFree
CoTaskMemAlloc
StringFromCLSID
DoDragDrop
RegisterDragDrop
RevokeDragDrop

oleaut32

VariantTimeToSystemTime
SystemTimeToVariantTime
SysStringLen
VariantChangeType
VariantClear
VariantInit
SysAllocStringByteLen
SysFreeString
VariantCopy
VarBstrFromDate
LoadTypeLi
SysAllocString
SysAllocStringLen

oleacc

AccessibleObjectFromWindow
LresultFromObject
CreateStdAccessibleObject

gdiplus

GdiplusShutdown
GdipAlloc
GdipFree
GdiplusStartup
GdipCloneImage
GdipDisposeImage
GdipGetImageGraphicsContext
GdipGetImageWidth
GdipGetImageHeight
GdipGetImagePixelFormat
GdipGetImagePalette
GdipGetImagePaletteSize
GdipCreateBitmapFromStream
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdipDeleteGraphics
GdipDrawImageI
GdipCreateBitmapFromHBITMAP
GdipCreateFromHDC
GdipSetInterpolationMode
GdipDrawImageRectI

imm32

ImmReleaseContext
ImmGetOpenStatus
ImmGetContext

winmm

PlaySoundA

Sections

.text
Size: 2.2MB - Virtual size: 2.2MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 775KB - Virtual size: 774KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 107KB - Virtual size: 2.4MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 98KB - Virtual size: 97KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 31KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 70KB - Virtual size: 69KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HWID_Reset_Tools_1/GRINX64v2/README.txt
HWID_Reset_Tools_1/GRINX64v2/UCOREDLL.DLL
.dll windows:4 windows x86 arch:x86

6b893ca0388ae7a60f134fafc899b16d

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetCurrentDirectoryA
Sleep
DeviceIoControl
GetVersionExA
GetCurrentProcess
SetProcessAffinityMask
GetLastError
SetFilePointer
WriteFile
ReadFile
CreateFileA
GetFileSize
CloseHandle
GetTimeZoneInformation
GetSystemTime
GetLocalTime
GetSystemTimeAsFileTime
HeapFree
HeapAlloc
GetCommandLineA
GetVersion
EnterCriticalSection
LeaveCriticalSection
GetProcAddress
GetModuleHandleA
WideCharToMultiByte
GetModuleFileNameA
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
VirtualAlloc
HeapReAlloc
InitializeCriticalSection
DeleteCriticalSection
ExitProcess
RtlUnwind
TerminateProcess
GetCurrentThreadId
TlsSetValue
TlsAlloc
TlsFree
SetLastError
TlsGetValue
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
FreeEnvironmentStringsW
GetEnvironmentStrings
GetEnvironmentStringsW
InterlockedDecrement
InterlockedIncrement
MultiByteToWideChar
GetStringTypeA
GetStringTypeW
GetCPInfo
GetACP
GetOEMCP
LoadLibraryA
FlushFileBuffers
SetStdHandle
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
SetEnvironmentVariableA

advapi32

StartServiceA
OpenServiceA
DeleteService
CreateServiceA
OpenSCManagerA
CloseServiceHandle
ControlService

Exports

Exports

fnUCAPI_Compress
fnUCAPI_Decompress
fnUCAPI_DeleteModuleByID
fnUCAPI_DeleteModuleByIndex
fnUCAPI_DeleteNCB
fnUCAPI_DeleteROMHole
fnUCAPI_FreeDRVBy16Bit
fnUCAPI_GETDMIDATA
fnUCAPI_GetBiosCoreVersion
fnUCAPI_GetBiosGroupInfo
fnUCAPI_GetDRVVersion
fnUCAPI_GetDllVersion
fnUCAPI_GetInitGroupInfo
fnUCAPI_GetModuleInfoByID
fnUCAPI_GetModuleInfoByIndex
fnUCAPI_GetNCBInfo
fnUCAPI_GetNumberOfModules
fnUCAPI_GetNumberOfNCBs
fnUCAPI_GetNumberOfROMHoles
fnUCAPI_GetROMHoleInfo
fnUCAPI_GetRomImageGroupInfo
fnUCAPI_InsertModule
fnUCAPI_InsertNCB
fnUCAPI_InsertROMHole
fnUCAPI_LoadDRVBy16Bit
fnUCAPI_LoadROMFile
fnUCAPI_LoadSYSDriver
fnUCAPI_LoadVxDDriver
fnUCAPI_RebuildROM
fnUCAPI_RegisterBiosGroup
fnUCAPI_RegisterInitGroup
fnUCAPI_RegisterRomImageGroup
fnUCAPI_ReplaceModule
fnUCAPI_ReplaceNCB
fnUCAPI_ReplaceROMHole
fnUCAPI_SETDMIDATA
fnUCAPI_SetCallGate32
fnUCAPI_SetSelector32
fnUCAPI_SetSelectorPhy32
fnUCAPI_UnloadROMFile
fnUCAPI_UnloadSYSDriver
fnUCAPI_UnloadVxDDriver

Sections

.text
Size: 76KB - Virtual size: 73KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 16KB - Virtual size: 231KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 8KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HWID_Reset_Tools_1/GRINX64v2/UCORESYS.SYS
.sys windows:4 windows x86 arch:x86

072f277c4d89044b84c482307008a355

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:df:d8:0b:28:26:71:65:54:b1:fb:8c:fa:50:43:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/09/2006, 00:00

Not After

16/11/2009, 23:59

Subject

CN=American Megatrends\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarters,O=American Megatrends\, Inc.,L=Norcross,ST=Georgia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

58:5d:db:1d:04:c7:4b:32:3b:2e:01:b5:59:b7:19:db:74:e5:e6:da
Signer

Actual PE Digest

58:5d:db:1d:04:c7:4b:32:3b:2e:01:b5:59:b7:19:db:74:e5:e6:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

ntoskrnl.exe

MmMapIoSpace
MmUnmapIoSpace
READ_REGISTER_UCHAR
READ_REGISTER_USHORT
READ_REGISTER_ULONG
WRITE_REGISTER_UCHAR
WRITE_REGISTER_USHORT
WRITE_REGISTER_ULONG
ZwClose
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
MmUnmapLockedPages
ZwUnmapViewOfSection
IoDeleteDevice
IoDeleteSymbolicLink
MmAllocateNonCachedMemory
MmFreeNonCachedMemory
Ke386SetIoAccessMap
Ke386IoSetAccessProcess
IoGetCurrentProcess
memmove
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
DbgPrint
MmAllocateContiguousMemory
MmIsAddressValid
MmGetPhysicalAddress
IoAllocateMdl
MmFreeContiguousMemory
MmBuildMdlForNonPagedPool
MmMapLockedPages
RtlInitUnicodeString
IoFreeMdl

hal

KfLowerIrql
WRITE_PORT_ULONG
WRITE_PORT_USHORT
WRITE_PORT_UCHAR
READ_PORT_ULONG
READ_PORT_USHORT
READ_PORT_UCHAR
HalTranslateBusAddress
KfRaiseIrql

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 32B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

INIT
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 384B - Virtual size: 378B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
HWID_Reset_Tools_1/GRINX64v2/UCOREVXD.VXD
HWID_Reset_Tools_1/GRINX64v2/UCOREW64.SYS
.sys windows:4 windows x64 arch:x64

0dcd262801389f839ce909cb173448e2

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

Issuer

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Not Before

15/06/2007, 00:00

Not After

14/06/2012, 23:59

Subject

CN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

04/12/2003, 00:00

Not After

03/12/2013, 23:59

Subject

CN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

Issuer

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Not Before

16/07/2004, 00:00

Not After

15/07/2014, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:0c:12:06:00:00:00:00:00:1b
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/05/2006, 17:01

Not After

23/05/2016, 17:11

Subject

OU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:df:d8:0b:28:26:71:65:54:b1:fb:8c:fa:50:43:d7
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2004 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)04,O=VeriSign\, Inc.,C=US

Not Before

30/09/2006, 00:00

Not After

16/11/2009, 23:59

Subject

CN=American Megatrends\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=Headquarters,O=American Megatrends\, Inc.,L=Norcross,ST=Georgia,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

c5:51:73:b9:26:23:5b:86:78:bd:db:9b:49:a1:a8:b9:a9:2a:1a:da
Signer

Actual PE Digest

c5:51:73:b9:26:23:5b:86:78:bd:db:9b:49:a1:a8:b9:a9:2a:1a:da

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

ntoskrnl.exe

MmMapLockedPages
MmBuildMdlForNonPagedPool
IoAllocateMdl
MmGetPhysicalAddress
MmIsAddressValid
MmAllocateContiguousMemory
DbgPrint
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IoFreeMdl
ZwMapViewOfSection
ObReferenceObjectByHandle
ZwOpenSection
RtlInitUnicodeString
ZwUnmapViewOfSection
IoDeleteDevice
IoDeleteSymbolicLink
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
ZwClose
MmFreeContiguousMemory

hal

HalTranslateBusAddress

Sections

.text
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.pdata
Size: 160B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 800B - Virtual size: 794B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HWID_Reset_Tools_1/GRINX64v2/amifldrv64.sys
.sys windows:6 windows x64 arch:x64

363922cc73591e60f2af113182414230

Code Sign

61:20:4d:b4:00:00:00:00:00:27
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/04/2011, 19:45

Not After

15/04/2021, 19:55

Subject

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:f4:3c:81:c1:eb:27:87:6e:e1:ae:fe:aa:5a:0f:5d
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

24/06/2014, 00:00

Not After

30/08/2017, 12:00

Subject

SERIALNUMBER=780491,CN=American Megatrends\, Inc.,O=American Megatrends\, Inc.,POSTALCODE=30093,STREET=5555 Oakbrook Parkway Suite 200,L=Norcross,ST=Georgia,C=US,1.3.6.1.4.1.311.60.2.1.2=#130747656f72676961,1.3.6.1.4.1.311.60.2.1.3=#13025553,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6a:eb:58:7e:dc:d0:12:89:ab:c8:43:16:ae:88:95:9c:23:56:63:fe
Signer

Actual PE Digest

6a:eb:58:7e:dc:d0:12:89:ab:c8:43:16:ae:88:95:9c:23:56:63:fe

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

d:\amibios\utility\amiflashdriver\flashdriverwin64\Release\amd64\amifldrv64.pdb

Imports

ntoskrnl.exe

ZwMapViewOfSection
RtlInitUnicodeString
ZwUnmapViewOfSection
ZwClose
ObReferenceObjectByHandle
ZwOpenSection
MmUnmapLockedPages
MmMapLockedPages
MmFreeContiguousMemory
MmBuildMdlForNonPagedPool
IoFreeMdl
MmGetPhysicalAddress
MmMapIoSpace
PsGetVersion
MmIsAddressValid
IoAllocateMdl
MmAllocateContiguousMemory
DbgPrint
IoDeleteSymbolicLink
IoDeleteDevice
IofCompleteRequest
IoCreateSymbolicLink
IoCreateDevice
KeBugCheckEx
MmMapLockedPagesSpecifyCache
MmUnmapIoSpace

hal

HalTranslateBusAddress

Sections

.text
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 272B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 1010B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
HWID_Reset_Tools_1/HardDisk.exe
.exe windows:5 windows x86 arch:x86

6b71a51c953ff20af290e7286a7dad23

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_BYTES_REVERSED_LO
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_BYTES_REVERSED_HI

Imports

oleaut32

SysFreeString
SysReAllocStringLen
SysAllocStringLen
SafeArrayPtrOfIndex
SafeArrayGetUBound
SafeArrayGetLBound
SafeArrayCreate
VariantChangeType
VariantCopy
VariantClear
VariantInit

advapi32

RegQueryValueExW
RegOpenKeyExW
RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegFlushKey
RegCloseKey

user32

GetKeyboardType
LoadStringW
MessageBoxA
CharNextW
CreateWindowExW
WindowFromPoint
WaitMessage
UpdateWindow
UnregisterClassW
UnhookWindowsHookEx
TranslateMessage
TranslateMDISysAccel
TrackPopupMenu
SystemParametersInfoW
ShowWindow
ShowScrollBar
ShowOwnedPopups
SetWindowsHookExW
SetWindowTextW
SetWindowPos
SetWindowPlacement
SetWindowLongW
SetTimer
SetScrollRange
SetScrollPos
SetScrollInfo
SetRect
SetPropW
SetParent
SetMenuItemInfoW
SetMenu
SetForegroundWindow
SetFocus
SetCursor
SetClipboardData
SetClassLongW
SetCapture
SetActiveWindow
SendMessageA
SendMessageW
ScrollWindow
ScreenToClient
RemovePropW
RemoveMenu
ReleaseDC
ReleaseCapture
RegisterWindowMessageW
RegisterClipboardFormatW
RegisterClassW
RedrawWindow
PostQuitMessage
PostMessageW
PeekMessageA
PeekMessageW
OpenClipboard
OffsetRect
MsgWaitForMultipleObjectsEx
MsgWaitForMultipleObjects
MessageBoxW
MessageBeep
MapWindowPoints
MapVirtualKeyW
LoadStringW
LoadKeyboardLayoutW
LoadIconW
LoadCursorW
LoadBitmapW
KillTimer
IsZoomed
IsWindowVisible
IsWindowUnicode
IsWindowEnabled
IsWindow
IsIconic
IsDialogMessageA
IsDialogMessageW
IsChild
InvalidateRect
IntersectRect
InsertMenuItemW
InsertMenuW
InflateRect
GetWindowThreadProcessId
GetWindowTextW
GetWindowRect
GetWindowPlacement
GetWindowLongW
GetWindowDC
GetTopWindow
GetSystemMetrics
GetSystemMenu
GetSysColorBrush
GetSysColor
GetSubMenu
GetScrollRange
GetScrollPos
GetScrollInfo
GetPropW
GetParent
GetWindow
GetMessagePos
GetMenuStringW
GetMenuState
GetMenuItemInfoW
GetMenuItemID
GetMenuItemCount
GetMenu
GetLastActivePopup
GetKeyboardState
GetKeyboardLayoutNameW
GetKeyboardLayoutList
GetKeyboardLayout
GetKeyState
GetKeyNameTextW
GetIconInfo
GetForegroundWindow
GetFocus
GetDesktopWindow
GetDCEx
GetDC
GetCursorPos
GetCursor
GetClipboardData
GetClientRect
GetClassLongW
GetClassInfoW
GetCapture
GetActiveWindow
FrameRect
FindWindowExW
FindWindowW
FillRect
EnumWindows
EnumThreadWindows
EnumChildWindows
EndPaint
EnableWindow
EnableScrollBar
EnableMenuItem
EmptyClipboard
DrawTextExW
DrawTextW
DrawMenuBar
DrawIconEx
DrawIcon
DrawFrameControl
DrawFocusRect
DrawEdge
DispatchMessageA
DispatchMessageW
DestroyWindow
DestroyMenu
DestroyIcon
DestroyCursor
DeleteMenu
DefWindowProcW
DefMDIChildProcW
DefFrameProcW
CreatePopupMenu
CreateMenu
CreateIcon
CloseClipboard
ClientToScreen
CheckMenuItem
CharUpperBuffW
CharToOemW
CharNextW
CharLowerBuffW
CharLowerW
CallWindowProcW
CallNextHookEx
BeginPaint
AdjustWindowRectEx
ActivateKeyboardLayout

kernel32

GetACP
Sleep
VirtualFree
VirtualAlloc
GetSystemInfo
GetVersion
GetCurrentThreadId
VirtualQuery
WideCharToMultiByte
MultiByteToWideChar
lstrlenW
lstrcpynW
LoadLibraryExW
GetThreadLocale
GetStartupInfoA
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetCommandLineW
FreeLibrary
FindFirstFileW
FindClose
ExitProcess
ExitThread
CreateThread
CompareStringW
WriteFile
UnhandledExceptionFilter
RtlUnwind
RaiseException
GetStdHandle
CloseHandle
TlsSetValue
TlsGetValue
LocalAlloc
GetModuleHandleW
lstrcpyW
WriteFile
WideCharToMultiByte
WaitForSingleObject
WaitForMultipleObjectsEx
VirtualQueryEx
VirtualQuery
VirtualAlloc
SwitchToThread
SizeofResource
SignalObjectAndWait
SetThreadLocale
SetLastError
SetFilePointer
SetEvent
SetErrorMode
SetEndOfFile
ResumeThread
ResetEvent
ReadFile
MultiByteToWideChar
MulDiv
LockResource
LoadResource
LoadLibraryW
LeaveCriticalSection
InitializeCriticalSection
GlobalUnlock
GlobalLock
GlobalFree
GlobalFindAtomW
GlobalDeleteAtom
GlobalAlloc
GlobalAddAtomW
GetVolumeInformationW
GetVersionExA
GetVersionExW
GetVersion
GetTickCount
GetThreadLocale
GetStdHandle
GetProcAddress
GetModuleHandleW
GetModuleFileNameW
GetLocaleInfoW
GetLocalTime
GetLastError
GetFullPathNameW
GetExitCodeThread
GetDriveTypeW
GetDiskFreeSpaceW
GetDateFormatW
GetCurrentThreadId
GetCurrentThread
GetCurrentProcessId
GetCurrentProcess
GetCPInfo
FreeResource
InterlockedIncrement
InterlockedExchangeAdd
InterlockedExchange
InterlockedDecrement
InterlockedCompareExchange
FreeLibrary
FormatMessageW
FindResourceW
EnumCalendarInfoA
EnterCriticalSection
DeviceIoControl
DeleteCriticalSection
CreateThread
CreateFileW
CreateEventW
CompareStringW
CloseHandle
Sleep

msimg32

AlphaBlend

gdi32

UnrealizeObject
StretchBlt
SetWindowOrgEx
SetWinMetaFileBits
SetViewportOrgEx
SetTextColor
SetStretchBltMode
SetROP2
SetPixel
SetEnhMetaFileBits
SetDIBColorTable
SetBrushOrgEx
SetBkMode
SetBkColor
SelectPalette
SelectObject
SelectClipRgn
SaveDC
RestoreDC
Rectangle
RectVisible
RealizePalette
Polyline
PlayEnhMetaFile
PatBlt
MoveToEx
MaskBlt
LineTo
IntersectClipRect
GetWindowOrgEx
GetWinMetaFileBits
GetTextMetricsW
GetTextExtentPointW
GetTextExtentPoint32W
GetSystemPaletteEntries
GetStockObject
GetRgnBox
GetPixel
GetPaletteEntries
GetObjectW
GetEnhMetaFilePaletteEntries
GetEnhMetaFileHeader
GetEnhMetaFileBits
GetDeviceCaps
GetDIBits
GetDIBColorTable
GetDCOrgEx
GetCurrentPositionEx
GetClipBox
GetBrushOrgEx
GetBitmapBits
FrameRgn
ExtTextOutW
ExcludeClipRect
DeleteObject
DeleteEnhMetaFile
DeleteDC
CreateSolidBrush
CreateRectRgn
CreatePenIndirect
CreatePalette
CreateHalftonePalette
CreateFontIndirectW
CreateDIBitmap
CreateDIBSection
CreateCompatibleDC
CreateCompatibleBitmap
CreateBrushIndirect
CreateBitmap
CopyEnhMetaFileW
BitBlt

version

VerQueryValueW
GetFileVersionInfoSizeW
GetFileVersionInfoW

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoTaskMemAlloc

comctl32

InitializeFlatSB
FlatSB_SetScrollProp
FlatSB_SetScrollPos
FlatSB_SetScrollInfo
FlatSB_GetScrollPos
FlatSB_GetScrollInfo
_TrackMouseEvent
ImageList_SetIconSize
ImageList_GetIconSize
ImageList_Write
ImageList_Read
ImageList_GetDragImage
ImageList_DragShowNolock
ImageList_DragMove
ImageList_DragLeave
ImageList_DragEnter
ImageList_EndDrag
ImageList_BeginDrag
ImageList_Remove
ImageList_DrawEx
ImageList_Draw
ImageList_GetBkColor
ImageList_SetBkColor
ImageList_Add
ImageList_SetImageCount
ImageList_GetImageCount
ImageList_Destroy
ImageList_Create

shell32

ShellExecuteW

Sections

.text
Size: 467KB - Virtual size: 467KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.itext
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.bss
Size: - Virtual size: 20KB

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: - Virtual size: 60B

IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rdata
Size: 512B - Virtual size: 24B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 33KB - Virtual size: 33KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.rsrc
Size: 112KB - Virtual size: 112KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HWID_Reset_Tools_1/MacSetup.exe
.exe windows:4 windows x86 arch:x86

a8fd72e864d14b8484dd49e800fd3a36

Headers

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

msvbvm60

__vbaStrI2
_CIcos
_adj_fptan
__vbaStrI4
__vbaAryMove
__vbaFreeVar
__vbaLenBstr
__vbaStrVarMove
__vbaPut3
__vbaFreeVarList
__vbaEnd
_adj_fdiv_m64
__vbaFreeObjList
_adj_fprem1
__vbaRecAnsiToUni
ord519
__vbaCopyBytes
__vbaStrCat
__vbaLsetFixstr
__vbaRecDestruct
__vbaSetSystemError
__vbaHresultCheckObj
_adj_fdiv_m32
__vbaAryVar
__vbaAryDestruct
ord669
__vbaExitProc
ord593
ord594
__vbaObjSet
__vbaOnError
ord595
ord596
_adj_fdiv_m16i
__vbaObjSetAddref
_adj_fdivr_m16i
ord598
ord305
__vbaStrTextCmp
__vbaEraseKeepData
_CIsin
ord631
__vbaErase
ord709
ord525
__vbaChkstk
__vbaFileClose
EVENT_SINK_AddRef
__vbaGenerateBoundsError
ord529
__vbaStrCmp
__vbaAryConstruct2
__vbaGet4
__vbaPutOwner3
__vbaI2I4
DllFunctionCall
__vbaFpUI1
__vbaCastObjVar
__vbaRedimPreserve
_adj_fpatan
__vbaFixstrConstruct
__vbaLateIdCallLd
__vbaRedim
__vbaStrR8
__vbaRecUniToAnsi
EVENT_SINK_Release
ord600
__vbaUI1I2
_CIsqrt
__vbaObjIs
ord311
EVENT_SINK_QueryInterface
__vbaStr2Vec
__vbaUI1I4
__vbaStrUI1
__vbaExceptHandler
ord711
ord313
ord712
__vbaPrintFile
__vbaStrToUnicode
ord606
_adj_fprem
_adj_fdivr_m64
ord714
ord531
__vbaFPException
ord717
ord532
__vbaUbound
__vbaGetOwner3
__vbaStrVarVal
__vbaVarCat
ord537
__vbaFileSeek
ord645
_CIlog
__vbaErrorOverflow
__vbaFileOpen
__vbaInStr
__vbaVar2Vec
ord570
__vbaNew2
ord648
_adj_fdiv_m32i
_adj_fdivr_m32i
__vbaStrCopy
__vbaFreeStrList
ord576
_adj_fdivr_m32
__vbaPowerR8
_adj_fdiv_r
ord685
ord100
ord579
__vbaAryLock
__vbaVarAdd
__vbaVarDup
__vbaStrToAnsi
ord613
__vbaFpI2
ord616
_CIatan
__vbaCastObj
ord618
__vbaAryCopy
__vbaStrMove
_allmul
__vbaLateIdSt
_CItan
__vbaAryUnlock
__vbaUI1Var
_CIexp
ord580
__vbaRecAssign
__vbaFreeObj
__vbaFreeStr

Sections

.text
Size: 164KB - Virtual size: 163KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 12KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HWID_Reset_Tools_1/RevoUninstall/LicenseAgreement.txt
HWID_Reset_Tools_1/RevoUninstall/Revo Uninstaller Help.pdf
.pdf
- http://www.revouninstaller.com
- http://www.revouninstaller.com/
HWID_Reset_Tools_1/RevoUninstall/RevoUPort.exe
.exe windows:5 windows x86 arch:x86

f1701f0b31fe827683fdfb65eb40b138

Code Sign

0d:7a:ae:3b:36:08:69:a3:ba:28:bd:7d:1f:d0:b8:f6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/08/2018, 00:00

Not After

06/08/2021, 12:00

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024247

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

Issuer

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

22/10/2014, 00:00

Not After

22/10/2024, 00:00

Subject

CN=DigiCert Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

10/11/2006, 00:00

Not After

10/11/2021, 00:00

Subject

CN=DigiCert Assured ID CA-1,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageServerAuth
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
ExtKeyUsageEmailProtection
ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0d:7a:ae:3b:36:08:69:a3:ba:28:bd:7d:1f:d0:b8:f6
Certificate

Issuer

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

02/08/2018, 00:00

Not After

06/08/2021, 12:00

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e,1.3.6.1.4.1.311.60.2.1.3=#13024247

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

Issuer

CN=DigiCert High Assurance EV Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

18/04/2012, 12:00

Not After

18/04/2027, 12:00

Subject

CN=DigiCert EV Code Signing CA (SHA2),OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

09:c0:fc:46:c8:04:42:13:b5:59:8b:af:28:4f:4e:41
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

04/01/2017, 00:00

Not After

18/01/2028, 00:00

Subject

CN=DigiCert SHA2 Timestamp Responder,O=DigiCert,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

94:78:65:fa:a2:e2:37:2d:53:8a:82:5c:0a:2a:06:f8:90:32:c9:2a:57:7a:dd:ce:2b:d7:45:21:ab:76:17:35
Signer

Actual PE Digest

94:78:65:fa:a2:e2:37:2d:53:8a:82:5c:0a:2a:06:f8:90:32:c9:2a:57:7a:dd:ce:2b:d7:45:21:ab:76:17:35

Digest Algorithm

sha256

PE Digest Matches

true

ff:19:79:9e:b8:b7:b7:df:ff:53:a2:05:81:19:47:f3:8b:f5:91:11
Signer

Actual PE Digest

ff:19:79:9e:b8:b7:b7:df:ff:53:a2:05:81:19:47:f3:8b:f5:91:11

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

I:\Projects\RevoUninFreePort\Release\RevoUPort.pdb

Imports

shlwapi

PathQuoteSpacesW
PathRemoveFileSpecW

kernel32

VirtualFree
GetModuleFileNameW
IsWow64Process
GetCurrentProcess
CreateProcessW
CloseHandle
GetStartupInfoW
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
SetHandleCount
GetFileType
GetStartupInfoA
DeleteCriticalSection
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
GetCurrentThreadId
GetLastError
InterlockedDecrement
HeapCreate
HeapFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
LoadLibraryA
InitializeCriticalSectionAndSpinCount
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
VirtualAlloc
HeapReAlloc
RtlUnwind
HeapSize
GetLocaleInfoA
WideCharToMultiByte
GetStringTypeA
MultiByteToWideChar
GetStringTypeW
LCMapStringA
LCMapStringW

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 149KB - Virtual size: 148KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HWID_Reset_Tools_1/RevoUninstall/ctrlbars.dat
HWID_Reset_Tools_1/RevoUninstall/lang/Estonian.ini
HWID_Reset_Tools_1/RevoUninstall/lang/albanian.ini
HWID_Reset_Tools_1/RevoUninstall/lang/arabic.ini
HWID_Reset_Tools_1/RevoUninstall/lang/armenian.ini
HWID_Reset_Tools_1/RevoUninstall/lang/azerbaijani.ini
HWID_Reset_Tools_1/RevoUninstall/lang/bengali.ini
HWID_Reset_Tools_1/RevoUninstall/lang/bulgarian.ini
HWID_Reset_Tools_1/RevoUninstall/lang/czech.ini
HWID_Reset_Tools_1/RevoUninstall/lang/danish.ini
HWID_Reset_Tools_1/RevoUninstall/lang/dutch.ini
HWID_Reset_Tools_1/RevoUninstall/lang/english.ini
HWID_Reset_Tools_1/RevoUninstall/lang/finnish.ini
HWID_Reset_Tools_1/RevoUninstall/lang/french.ini
HWID_Reset_Tools_1/RevoUninstall/lang/german.ini
HWID_Reset_Tools_1/RevoUninstall/lang/gujarati.ini
HWID_Reset_Tools_1/RevoUninstall/lang/hebrew.ini
HWID_Reset_Tools_1/RevoUninstall/lang/hellenic.ini
HWID_Reset_Tools_1/RevoUninstall/lang/hindi.ini
HWID_Reset_Tools_1/RevoUninstall/lang/hrvatski.ini
HWID_Reset_Tools_1/RevoUninstall/lang/hungarian.ini
HWID_Reset_Tools_1/RevoUninstall/lang/indonesian.ini
HWID_Reset_Tools_1/RevoUninstall/lang/italiano.ini
HWID_Reset_Tools_1/RevoUninstall/lang/japanese.ini
HWID_Reset_Tools_1/RevoUninstall/lang/korean.ini
HWID_Reset_Tools_1/RevoUninstall/lang/kurdish.ini
HWID_Reset_Tools_1/RevoUninstall/lang/macedonian.ini
HWID_Reset_Tools_1/RevoUninstall/lang/norwegian.ini
HWID_Reset_Tools_1/RevoUninstall/lang/persian.ini
HWID_Reset_Tools_1/RevoUninstall/lang/polish.ini
HWID_Reset_Tools_1/RevoUninstall/lang/portuguese.ini
HWID_Reset_Tools_1/RevoUninstall/lang/portuguese_standard.ini
HWID_Reset_Tools_1/RevoUninstall/lang/portuguesebrazil.ini
HWID_Reset_Tools_1/RevoUninstall/lang/romanian.ini
HWID_Reset_Tools_1/RevoUninstall/lang/russian.ini
HWID_Reset_Tools_1/RevoUninstall/lang/serbian.ini
HWID_Reset_Tools_1/RevoUninstall/lang/serbianLatin.ini
HWID_Reset_Tools_1/RevoUninstall/lang/simplifiedchinese.ini
HWID_Reset_Tools_1/RevoUninstall/lang/slovak.ini
HWID_Reset_Tools_1/RevoUninstall/lang/slovenian.ini
HWID_Reset_Tools_1/RevoUninstall/lang/spanish.ini
HWID_Reset_Tools_1/RevoUninstall/lang/swedish.ini
HWID_Reset_Tools_1/RevoUninstall/lang/thai.ini
HWID_Reset_Tools_1/RevoUninstall/lang/traditionalchinese.ini
HWID_Reset_Tools_1/RevoUninstall/lang/turkish.ini
HWID_Reset_Tools_1/RevoUninstall/lang/ukrainian.ini
HWID_Reset_Tools_1/RevoUninstall/lang/vietnamese.ini
HWID_Reset_Tools_1/RevoUninstall/settings.ini
HWID_Reset_Tools_1/RevoUninstall/un_report.dat
HWID_Reset_Tools_1/RevoUninstall/x64/RevoUn.exe
.exe windows:5 windows x64 arch:x64

72613d58ff01c71481a9886b75af69e9

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6e:57:14:01:12:9a:28:67:15:34:59:e1:b2:80:21:6a:5c:cc:32:77:7d:b9:d3:f4:a0:e8:2e:a1:4e:0f:b3:2a
Signer

Actual PE Digest

6e:57:14:01:12:9a:28:67:15:34:59:e1:b2:80:21:6a:5c:cc:32:77:7d:b9:d3:f4:a0:e8:2e:a1:4e:0f:b3:2a

Digest Algorithm

sha256

PE Digest Matches

true

a0:81:1b:51:da:8f:8e:96:bb:21:bd:e7:dc:61:c0:6e:9e:77:63:ba
Signer

Actual PE Digest

a0:81:1b:51:da:8f:8e:96:bb:21:bd:e7:dc:61:c0:6e:9e:77:63:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

C:\Work\VSRevo\Windows\Projects\VSProjectII\x64\Release Portable Portable\RevoUn.pdb

Imports

comctl32

ord17
_TrackMouseEvent
ImageList_Duplicate

shlwapi

StrCatW
PathFileExistsW
PathFindExtensionW
PathAppendW
PathFindFileNameW
StrFormatByteSizeW
PathRemoveBackslashW
PathIsDirectoryW
StrStrIW
PathIsDirectoryEmptyW
StrCmpW
StrFormatKBSizeW
PathRemoveArgsW
SHDeleteValueW
SHDeleteKeyW
PathStripToRootW
StrToIntW
PathQuoteSpacesW
PathAddBackslashW
PathMatchSpecW
PathRemoveExtensionW
StrStrW
ord487
PathIsRootW
PathUnExpandEnvStringsW
SHQueryValueExW
PathUnquoteSpacesW
PathRemoveFileSpecW
StrCpyW
PathIsUNCW
PathGetArgsW
StrCmpIW

psapi

EnumProcesses
GetProcessImageFileNameW
GetModuleFileNameExW

msi

ord217
ord173

advapi32

RegNotifyChangeKeyValue
GetTokenInformation
RegQueryValueW
AdjustTokenPrivileges
LookupPrivilegeValueW
SetSecurityInfo
SetEntriesInAclW
OpenProcessToken
RegDeleteKeyExW
FreeSid
SetNamedSecurityInfoW
AllocateAndInitializeSid
ConvertSidToStringSidW
LookupAccountNameW
RegUnLoadKeyW
RegSetValueExW
RegSetKeySecurity
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegLoadKeyW
RegGetKeySecurity
RegFlushKey
RegEnumKeyExW
RegCreateKeyExW
RegConnectRegistryW
RegDeleteKeyW
RegEnumKeyW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
DeleteService
RegOpenKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegEnumValueW
GetUserNameW

wininet

FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindCloseUrlCache

kernel32

GetCurrentProcessId
GetTempPathA
AreFileApisANSI
DeleteFileA
TlsAlloc
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
DeviceIoControl
VirtualAlloc
VirtualFree
GetVersion
SystemTimeToTzSpecificLocalTime
GetUserDefaultLCID
GetLocaleInfoW
GetLongPathNameW
GetLogicalDriveStringsW
QueryDosDeviceW
VerSetConditionMask
VerifyVersionInfoW
GetUserDefaultLangID
GetCommandLineW
GetShortPathNameW
GlobalSize
CopyFileW
GlobalFree
SetThreadPriority
SuspendThread
GetModuleHandleA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
lstrcmpA
lstrlenA
GlobalGetAtomNameW
GetThreadLocale
GetVolumeInformationW
CompareStringA
LoadLibraryExW
EnumResourceLanguagesW
ConvertDefaultLocale
GetCurrentThread
GetPrivateProfileIntW
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
GetVersionExA
LocalReAlloc
TlsFree
GlobalFlags
SetErrorMode
GetFileSizeEx
GetFileTime
GetSystemDirectoryW
GetCurrentDirectoryW
GetProfileIntW
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
VirtualProtect
VirtualQuery
GetCPInfo
ExitThread
CreateThread
RtlUnwindEx
RaiseException
RtlPcToFileHeader
ExitProcess
HeapQueryInformation
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
EncodePointer
DecodePointer
FlsGetValue
FlsSetValue
FlsFree
FlsAlloc
HeapSetInformation
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
LCMapStringW
LCMapStringA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetDriveTypeA
SetEnvironmentVariableA
OutputDebugStringA
GetCurrentThreadId
GetFileAttributesExW
GetSystemInfo
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapSize
FlushFileBuffers
ReadFile
GetFileAttributesW
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageW
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
SetPriorityClass
GetPriorityClass
GetThreadPriority
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
GetCurrencyFormatW
FindResourceExW
WinExec
IsBadWritePtr
IsBadReadPtr
GetTickCount
OutputDebugStringW
WaitForSingleObjectEx
LockFile
FlushViewOfFile
UnlockFile
HeapFree
QueryPerformanceCounter
HeapAlloc
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
FreeLibrary
FileTimeToLocalFileTime
FileTimeToSystemTime
GetComputerNameW
WaitForMultipleObjects
CreateEventW
GetModuleFileNameW
GetTempFileNameW
WideCharToMultiByte
TerminateProcess
DuplicateHandle
LocalFree
GetCurrentProcess
GetEnvironmentVariableW
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetVersionExW
CompareFileTime
GetTempPathW
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceExW
lstrcmpiW
lstrlenW
GetBinaryTypeW
GetProcAddress
GetModuleHandleW
LoadLibraryW
SetLastError
GetDriveTypeW
GetLogicalDrives
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
SetEvent
ResumeThread
ResetEvent
SetFileAttributesW
RemoveDirectoryW
OpenProcess
WriteFile
CreateFileW
GlobalUnlock
GlobalLock
GlobalAlloc
CloseHandle
CreateProcessW
MoveFileW
lstrcatW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
lstrcmpW
lstrcpyW
GetFullPathNameW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
GetLastError
CreateDirectoryW
Sleep
MoveFileExW
WaitForSingleObject
FindResourceW
LoadResource
LockResource
SizeofResource
MulDiv
TlsSetValue

user32

MessageBeep
GetNextDlgGroupItem
PostThreadMessageW
GetDCEx
CopyAcceleratorTableW
UnionRect
CreateMenu
InvalidateRgn
GetTabbedTextExtentA
UnregisterClassW
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
PostQuitMessage
DeleteMenu
IsRectEmpty
CharNextW
MapVirtualKeyW
GetKeyNameTextW
IsZoomed
CharUpperW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
BringWindowToTop
SetParent
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
ModifyMenuW
EnableMenuItem
CheckMenuItem
CreateDialogIndirectParamW
GetNextDlgTabItem
IsWindowEnabled
GetMenuItemInfoW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongPtrW
SetPropW
GetPropW
RemovePropW
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
SetWindowLongPtrW
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
ScrollWindow
SetMenu
ShowScrollBar
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CallWindowProcW
GetMenu
SystemParametersInfoA
GetWindowPlacement
GetWindowTextLengthW
GetWindowTextW
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetWindow
EndPaint
BeginPaint
IntersectRect
SetWindowsHookExW
CallNextHookEx
GetKeyState
ValidateRect
GetMenuState
GetMenuStringW
AppendMenuW
RemoveMenu
GetActiveWindow
GetDoubleClickTime
IsCharAlphaW
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
MsgWaitForMultipleObjects
GetSubMenu
GetMenuItemID
GetMenuItemCount
IsWindowVisible
TrackPopupMenu
InsertMenuW
CreatePopupMenu
PeekMessageW
GetWindowThreadProcessId
WindowFromPoint
ReleaseCapture
SetCapture
DrawIcon
IsIconic
PtInRect
SetLayeredWindowAttributes
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
DrawStateW
FrameRect
MapVirtualKeyExW
EnableScrollBar
IsClipboardFormatAvailable
EnumChildWindows
FindWindowW
GetWindowDC
SetForegroundWindow
GetForegroundWindow
SystemParametersInfoW
SetWindowRgn
LoadBitmapW
GetSysColorBrush
SetRect
GetMessagePos
DrawFrameControl
FillRect
SetWindowLongW
GetWindowLongW
LockWindowUpdate
GetClassNameW
EqualRect
SetScrollRange
GetScrollPos
GetScrollRange
GetDesktopWindow
GetMonitorInfoW
MonitorFromWindow
LoadMenuW
DestroyMenu
LoadIconW
LoadStringW
InflateRect
OffsetRect
GetCursorPos
ReleaseDC
GetDC
SetScrollPos
ShowWindow
SetWindowPos
RedrawWindow
SetFocus
SetRectEmpty
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
KillTimer
wsprintfW
TranslateAcceleratorW
CloseClipboard
GetClipboardData
IsCharAlphaNumericW
GetIconInfo
DrawIconEx
DrawFocusRect
DestroyCursor
GetWindowRgn
GetCursor
DestroyAcceleratorTable
CreateIconIndirect
IsMenu
CreateAcceleratorTableW
LoadMenuIndirectW
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
WindowFromDC
GetAsyncKeyState
WaitMessage
SetClipboardData
EmptyClipboard
OpenClipboard
CreateWindowExW
PostMessageW
SetCursor
CopyRect
LoadAcceleratorsW
ClientToScreen
SendMessageW
GetParent
UpdateWindow
DestroyIcon
LoadImageW
GetSysColor
GetDlgItem
EnableWindow
InvalidateRect
GetSystemMenu
GetSystemMetrics
GetFocus
SetTimer
GetClassInfoW
DefWindowProcW
LoadCursorW
GetWindowLongPtrW
IsChild
BeginDeferWindowPos
ScreenToClient
DeferWindowPos
EndDeferWindowPos
IsWindow
GetClientRect
GetWindowRect
MessageBoxW
EndDialog

gdi32

PatBlt
SetRectRgn
CreateRectRgnIndirect
SetBkColor
CreateDCW
CopyMetaFileW
StretchBlt
GetDIBits
CombineRgn
CreateRectRgn
Rectangle
Ellipse
CreatePatternBrush
CreateFontW
SetDIBColorTable
SelectObject
DeleteDC
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateCompatibleDC
LPtoDP
CreateBitmap
GetWindowOrgEx
GetStockObject
SaveDC
GetRgnBox
GetViewportOrgEx
OffsetRgn
GetTextAlign
StretchDIBits
GetTextFaceW
GetROP2
GetPolyFillMode
Polygon
CreateEllipticRgn
CreateEllipticRgnIndirect
GetTextCharset
EnumFontFamiliesW
CreatePalette
GetCharWidthW
PlayEnhMetaFile
GetEnhMetaFileW
GetMetaFileW
DeleteEnhMetaFile
CloseEnhMetaFile
CreateEnhMetaFileW
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
CreateDIBitmap
EnumFontFamiliesExW
GetBkMode
RoundRect
FrameRgn
FillRgn
RealizePalette
CreateRoundRectRgn
CreatePolygonRgn
GetStretchBltMode
SetPixelV
SetPixel
GetNearestColor
PtInRegion
GetTextColor
DeleteMetaFile
CloseMetaFile
CreateMetaFileW
GetDCOrgEx
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
SelectPalette
ExtSelectClipRgn
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
StartDocW
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
SetBkMode
RestoreDC
GetTextMetricsW
GetDeviceCaps
GetTextExtentPoint32W
CreateFontIndirectW
DeleteObject
GetObjectW
GetBkColor
BitBlt
DPtoLP
GetMapMode
CreateCompatibleBitmap
CreateDIBSection
GetTextExtentPoint32A

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder
CommandLineToArgvW
ShellExecuteW
DragQueryFileW
SHBrowseForFolderW
ShellExecuteExW
ord92
SHFileOperationW
SHGetFolderPathW
DragFinish
ExtractIconW
SHEmptyRecycleBinW
SHAddToRecentDocs
SHAppBarMessage
SHGetFileInfoW
Shell_NotifyIconW

oledlg

OleUIBusyW

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleLoadFromStream
CreateStreamOnHGlobal
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleSaveToStream
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
WriteClassStm
DoDragDrop
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
OleTranslateAccelerator
IsAccelerator
ReleaseStgMedium

oleaut32

VarMul
VarR8FromStr
VarDiv
VarBstrFromR8
OleCreatePictureIndirect
VarI4FromStr
SysAllocString
VarCyFromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
SysFreeString
VarDateFromStr
VariantClear
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantChangeType
VariantInit
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy

urlmon

URLDownloadToFileW

gdiplus

GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipCloneImage
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

PlaySoundW

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1.6MB - Virtual size: 1.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 112KB - Virtual size: 156KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 304KB - Virtual size: 303KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE

data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
HWID_Reset_Tools_1/RevoUninstall/x64/button.bmp
HWID_Reset_Tools_1/RevoUninstall/x86/RevoUn.exe
.exe windows:5 windows x86 arch:x86

43ce8d0d2a52cb5b5ed6a38a9ddc4c6c

Code Sign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0f:b8:a7:40:b9:15:8d:03:51:43:bc:59:d9:f0:40:29
Certificate

Issuer

CN=DigiCert Global Root G3,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:ed:13:4b:1e:cf:56:1a:9e:b5:b0:53:88:bf:f0:47
Certificate

Issuer

CN=DigiCert Global G3 Code Signing ECC SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

27/07/2021, 00:00

Not After

06/08/2024, 23:59

Subject

SERIALNUMBER=200204019,CN=VS Revo Group Ltd.,O=VS Revo Group Ltd.,L=Ruse,C=BG,1.3.6.1.4.1.311.60.2.1.3=#13024247,2.5.4.15=#131450726976617465204f7267616e697a6174696f6e

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

0d:42:4a:e0:be:3a:88:ff:60:40:21:ce:14:00:f0:dd
Certificate

Issuer

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/01/2021, 00:00

Not After

06/01/2031, 00:00

Subject

CN=DigiCert Timestamp 2021,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0a:a1:25:d6:d6:32:1b:7e:41:e4:05:da:36:97:c2:15
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

07/01/2016, 12:00

Not After

07/01/2031, 12:00

Subject

CN=DigiCert SHA2 Assured ID Timestamping CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cf:64:6e:71:d0:3e:91:12:6b:a4:28:ef:8d:3a:16:a3:c3:bc:7c:e9:32:5a:14:c7:c2:7d:6c:0f:b9:5c:d5:30
Signer

Actual PE Digest

cf:64:6e:71:d0:3e:91:12:6b:a4:28:ef:8d:3a:16:a3:c3:bc:7c:e9:32:5a:14:c7:c2:7d:6c:0f:b9:5c:d5:30

Digest Algorithm

sha256

PE Digest Matches

true

90:0d:c0:dd:5f:d8:a3:03:c7:d6:57:0b:fd:85:8f:59:d4:bd:1c:f6
Signer

Actual PE Digest

90:0d:c0:dd:5f:d8:a3:03:c7:d6:57:0b:fd:85:8f:59:d4:bd:1c:f6

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

C:\Work\VSRevo\Windows\Projects\VSProjectII\Release Portable\RevoUn.pdb

Imports

comctl32

ord17
_TrackMouseEvent
ImageList_Duplicate

shlwapi

StrCatW
PathFileExistsW
PathFindExtensionW
PathAppendW
PathFindFileNameW
StrFormatByteSizeW
PathRemoveBackslashW
PathIsDirectoryW
StrStrIW
PathIsDirectoryEmptyW
StrCmpW
StrFormatKBSizeW
PathRemoveArgsW
SHDeleteValueW
SHDeleteKeyW
PathStripToRootW
StrToIntW
PathQuoteSpacesW
PathAddBackslashW
PathMatchSpecW
PathRemoveExtensionW
StrStrW
ord487
PathIsRootW
PathUnExpandEnvStringsW
SHQueryValueExW
PathUnquoteSpacesW
PathRemoveFileSpecW
StrCpyW
PathIsUNCW
PathGetArgsW
StrCmpIW

psapi

EnumProcesses
GetProcessImageFileNameW
GetModuleFileNameExW

msi

ord217
ord173

advapi32

GetTokenInformation
AdjustTokenPrivileges
RegQueryValueW
LookupPrivilegeValueW
SetSecurityInfo
SetEntriesInAclW
OpenProcessToken
RegEnumValueW
FreeSid
SetNamedSecurityInfoW
AllocateAndInitializeSid
ConvertSidToStringSidW
LookupAccountNameW
RegUnLoadKeyW
RegSetValueExW
RegSetKeySecurity
RegSaveKeyW
RegRestoreKeyW
RegReplaceKeyW
RegLoadKeyW
RegGetKeySecurity
RegFlushKey
RegEnumKeyExW
RegCreateKeyExW
RegConnectRegistryW
RegDeleteKeyW
RegEnumKeyW
GetUserNameW
RegOpenKeyExW
RegQueryValueExW
RegCloseKey
OpenSCManagerW
OpenServiceW
CloseServiceHandle
DeleteService
RegOpenKeyW
RegDeleteValueW
RegQueryInfoKeyW
RegNotifyChangeKeyValue

wininet

FindNextUrlCacheEntryW
FindFirstUrlCacheEntryW
DeleteUrlCacheEntryW
FindCloseUrlCache

kernel32

GetFileAttributesExW
GetCurrentThreadId
OutputDebugStringA
GetVersionExA
GetCurrentProcessId
GetTempPathA
AreFileApisANSI
DeleteFileA
TlsAlloc
VirtualAllocEx
VirtualFreeEx
ReadProcessMemory
WriteProcessMemory
DeviceIoControl
VirtualAlloc
VirtualFree
GetVersion
SystemTimeToTzSpecificLocalTime
GetUserDefaultLCID
GetLocaleInfoW
GetLongPathNameW
IsWow64Process
GetLogicalDriveStringsW
QueryDosDeviceW
VerSetConditionMask
VerifyVersionInfoW
GetUserDefaultLangID
GetCommandLineW
GetShortPathNameW
GlobalSize
CopyFileW
GlobalFree
SetThreadPriority
SuspendThread
GetModuleHandleA
CompareStringW
GlobalDeleteAtom
GlobalFindAtomW
GlobalAddAtomW
FreeResource
lstrcmpA
lstrlenA
GlobalGetAtomNameW
GetThreadLocale
GetVolumeInformationW
CompareStringA
LoadLibraryExW
EnumResourceLanguagesW
GetSystemInfo
GetCurrentThread
GetPrivateProfileIntW
LocalAlloc
TlsGetValue
GlobalReAlloc
GlobalHandle
TlsSetValue
LocalReAlloc
TlsFree
GlobalFlags
SetErrorMode
GetFileSizeEx
GetFileTime
GetSystemDirectoryW
GetCurrentDirectoryW
GetProfileIntW
GetStartupInfoW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
VirtualProtect
VirtualQuery
GetCPInfo
ExitThread
CreateThread
RtlUnwind
RaiseException
ExitProcess
GetStdHandle
GetModuleFileNameA
FreeEnvironmentStringsW
GetEnvironmentStringsW
SetHandleCount
GetFileType
GetStartupInfoA
GetACP
GetOEMCP
IsValidCodePage
GetTimeZoneInformation
LCMapStringW
LCMapStringA
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
GetStringTypeA
GetStringTypeW
GetConsoleCP
GetConsoleMode
GetFileInformationByHandle
PeekNamedPipe
GetCurrentDirectoryA
InitializeCriticalSectionAndSpinCount
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
SetStdHandle
GetDriveTypeA
SetEnvironmentVariableA
GetDiskFreeSpaceA
CreateFileMappingW
CreateFileMappingA
LoadLibraryA
GetDiskFreeSpaceW
LockFileEx
HeapSize
FlushFileBuffers
ReadFile
GetFileAttributesW
HeapValidate
HeapCreate
GetFileAttributesA
HeapDestroy
FormatMessageW
FormatMessageA
GetSystemTimeAsFileTime
GetProcessHeap
UnlockFileEx
GetTickCount
OutputDebugStringW
WaitForSingleObjectEx
LockFile
SetPriorityClass
GetPriorityClass
GetThreadPriority
GetTimeFormatW
GetDateFormatW
GetNumberFormatW
GetCurrencyFormatW
FindResourceExW
WinExec
IsBadWritePtr
IsBadReadPtr
FlushViewOfFile
UnlockFile
InterlockedCompareExchange
HeapFree
QueryPerformanceCounter
HeapAlloc
SetEndOfFile
UnmapViewOfFile
MapViewOfFile
TryEnterCriticalSection
SetFilePointer
HeapCompact
CreateMutexW
GetFileSize
CreateFileA
HeapReAlloc
GetFullPathNameA
FreeLibrary
FileTimeToLocalFileTime
FileTimeToSystemTime
GetComputerNameW
WaitForMultipleObjects
CreateEventW
GetModuleFileNameW
GetTempFileNameW
WideCharToMultiByte
TerminateProcess
DuplicateHandle
LocalFree
GetCurrentProcess
GetEnvironmentVariableW
GetPrivateProfileStringW
GetPrivateProfileSectionNamesW
GetPrivateProfileSectionW
WritePrivateProfileStringW
GetVersionExW
CompareFileTime
GetTempPathW
SystemTimeToFileTime
GetSystemTime
GetDiskFreeSpaceExW
lstrcmpiW
InterlockedExchange
lstrlenW
GetProcAddress
GetModuleHandleW
LoadLibraryW
SetLastError
GetDriveTypeW
GetLogicalDrives
InterlockedDecrement
InterlockedIncrement
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
MultiByteToWideChar
SetEvent
ResumeThread
ResetEvent
SetFileAttributesW
RemoveDirectoryW
OpenProcess
WriteFile
CreateFileW
GlobalUnlock
GlobalLock
GlobalAlloc
CloseHandle
CreateProcessW
MoveFileW
lstrcatW
GetWindowsDirectoryW
ExpandEnvironmentStringsW
lstrcmpW
lstrcpyW
GetFullPathNameW
DeleteFileW
FindClose
FindNextFileW
FindFirstFileW
GetLastError
CreateDirectoryW
Sleep
MoveFileExW
WaitForSingleObject
FindResourceW
LoadResource
LockResource
SizeofResource
MulDiv
ConvertDefaultLocale

user32

MessageBeep
GetNextDlgGroupItem
PostThreadMessageW
GetDCEx
CopyAcceleratorTableW
UnionRect
CreateMenu
InvalidateRgn
GetTabbedTextExtentA
UnregisterClassW
ShowOwnedPopups
SetWindowContextHelpId
MapDialogRect
RegisterClipboardFormatW
PostQuitMessage
DeleteMenu
IsRectEmpty
CharNextW
MapVirtualKeyW
GetKeyNameTextW
IsZoomed
CharUpperW
UnpackDDElParam
ReuseDDElParam
InsertMenuItemW
BringWindowToTop
SetParent
SetMenuItemBitmaps
GetMenuCheckMarkDimensions
GetWindowPlacement
EnableMenuItem
CheckMenuItem
CreateDialogIndirectParamW
GetNextDlgTabItem
EndDialog
GetMenuItemInfoW
RegisterWindowMessageW
SendDlgItemMessageA
WinHelpW
GetCapture
GetClassLongW
SetPropW
GetPropW
RemovePropW
GetLastActivePopup
SetActiveWindow
GetTopWindow
DestroyWindow
UnhookWindowsHookEx
GetMessageTime
MapWindowPoints
ScrollWindow
SetMenu
ShowScrollBar
GetClassInfoExW
RegisterClassW
AdjustWindowRectEx
GetScrollInfo
SetScrollInfo
SetWindowPlacement
CallWindowProcW
GetMenu
SystemParametersInfoA
GetWindowTextLengthW
GetWindowTextW
IsWindowEnabled
MoveWindow
GetDlgCtrlID
SetWindowTextW
IsDialogMessageW
SetDlgItemTextW
SendDlgItemMessageW
GetWindow
EndPaint
BeginPaint
IntersectRect
SetWindowsHookExW
CallNextHookEx
GetKeyState
ValidateRect
GetMenuState
GetMenuStringW
AppendMenuW
RemoveMenu
GetDoubleClickTime
IsCharAlphaW
MessageBoxW
DispatchMessageA
DispatchMessageW
TranslateMessage
GetMessageA
GetMessageW
IsWindowUnicode
MsgWaitForMultipleObjects
GetSubMenu
GetMenuItemID
GetMenuItemCount
IsWindowVisible
TrackPopupMenu
InsertMenuW
CreatePopupMenu
PeekMessageW
GetWindowThreadProcessId
WindowFromPoint
ReleaseCapture
SetCapture
DrawIcon
IsIconic
PtInRect
TranslateMDISysAccel
DrawMenuBar
DefMDIChildProcW
DefFrameProcW
DrawStateW
FrameRect
MapVirtualKeyExW
EnableScrollBar
IsClipboardFormatAvailable
SetLayeredWindowAttributes
EnumChildWindows
FindWindowW
GetWindowDC
SetForegroundWindow
GetForegroundWindow
SystemParametersInfoW
SetWindowRgn
LoadBitmapW
GetSysColorBrush
SetRect
GetMessagePos
DrawFrameControl
FillRect
SetWindowLongW
LockWindowUpdate
GetClassNameW
EqualRect
SetScrollRange
GetScrollPos
GetScrollRange
GetDesktopWindow
GetMonitorInfoW
MonitorFromWindow
LoadMenuW
DestroyMenu
LoadIconW
LoadStringW
InflateRect
OffsetRect
GetCursorPos
ReleaseDC
GetDC
SetScrollPos
ShowWindow
SetWindowPos
RedrawWindow
SetFocus
SetRectEmpty
TabbedTextOutW
DrawTextW
DrawTextExW
GrayStringW
KillTimer
wsprintfW
TranslateAcceleratorW
CloseClipboard
GetClipboardData
IsCharAlphaNumericW
GetIconInfo
DrawIconEx
DrawFocusRect
DestroyCursor
GetWindowRgn
GetCursor
DestroyAcceleratorTable
CreateIconIndirect
IsMenu
CreateAcceleratorTableW
LoadMenuIndirectW
WindowFromDC
GetKeyboardState
GetKeyboardLayout
ToUnicodeEx
GetAsyncKeyState
WaitMessage
SetClipboardData
EmptyClipboard
OpenClipboard
CreateWindowExW
PostMessageW
SetCursor
CopyRect
LoadAcceleratorsW
ClientToScreen
SendMessageW
GetParent
UpdateWindow
DestroyIcon
LoadImageW
GetSysColor
GetDlgItem
EnableWindow
InvalidateRect
GetSystemMenu
GetSystemMetrics
GetFocus
SetTimer
GetClassInfoW
DefWindowProcW
LoadCursorW
GetWindowLongW
IsChild
BeginDeferWindowPos
ScreenToClient
DeferWindowPos
EndDeferWindowPos
IsWindow
GetClientRect
GetWindowRect
GetActiveWindow
ModifyMenuW

gdi32

SaveDC
CreatePatternBrush
PatBlt
SetRectRgn
CreateRectRgnIndirect
SetBkColor
CreateDCW
CopyMetaFileW
StretchBlt
GetDIBits
CombineRgn
CreateRectRgn
RestoreDC
Ellipse
GetStockObject
CreateFontW
SetDIBColorTable
SelectObject
DeleteDC
PtVisible
RectVisible
TextOutW
ExtTextOutW
Escape
CreateCompatibleDC
GetWindowOrgEx
Rectangle
SetBkMode
GetRgnBox
GetViewportOrgEx
OffsetRgn
GetTextAlign
StretchDIBits
GetTextFaceW
GetROP2
GetPolyFillMode
Polygon
CreateEllipticRgn
CreateEllipticRgnIndirect
GetTextCharset
GetCharWidthW
EnumFontFamiliesW
CreatePalette
PlayEnhMetaFile
GetEnhMetaFileW
GetMetaFileW
DeleteEnhMetaFile
CloseEnhMetaFile
CreateEnhMetaFileW
EndDoc
AbortDoc
SetAbortProc
EndPage
StartPage
CreateDIBitmap
EnumFontFamiliesExW
GetBkMode
RoundRect
FrameRgn
FillRgn
RealizePalette
CreateRoundRectRgn
CreatePolygonRgn
GetStretchBltMode
SetPixelV
SetPixel
GetNearestColor
PtInRegion
GetTextColor
DeleteMetaFile
CloseMetaFile
CreateMetaFileW
GetDCOrgEx
CreateSolidBrush
ExtCreatePen
CreatePen
PlayMetaFile
SelectPalette
ExtSelectClipRgn
GetCurrentPositionEx
ScaleWindowExtEx
SetWindowExtEx
OffsetWindowOrgEx
SetWindowOrgEx
ScaleViewportExtEx
SetViewportExtEx
OffsetViewportOrgEx
SetViewportOrgEx
StartDocW
GetPixel
GetWindowExtEx
GetViewportExtEx
SelectClipRgn
SetTextAlign
MoveToEx
LineTo
IntersectClipRect
ExcludeClipRect
GetClipBox
SetMapMode
SetTextColor
SetStretchBltMode
SetROP2
SetPolyFillMode
GetTextMetricsW
GetDeviceCaps
GetTextExtentPoint32W
CreateFontIndirectW
DeleteObject
GetObjectW
GetBkColor
BitBlt
DPtoLP
GetMapMode
CreateCompatibleBitmap
CreateDIBSection
CreateBitmap
LPtoDP
GetTextExtentPoint32A

msimg32

AlphaBlend

comdlg32

GetFileTitleW

winspool.drv

DocumentPropertiesW
OpenPrinterW
ClosePrinter

shell32

SHGetMalloc
SHGetPathFromIDListW
SHGetDesktopFolder
CommandLineToArgvW
ShellExecuteW
DragQueryFileW
SHBrowseForFolderW
ShellExecuteExW
ord92
SHFileOperationW
SHGetFolderPathW
DragFinish
ExtractIconW
SHEmptyRecycleBinW
SHAddToRecentDocs
SHAppBarMessage
SHGetFileInfoW
Shell_NotifyIconW

oledlg

OleUIBusyW

ole32

StgOpenStorageOnILockBytes
CoGetClassObject
OleDestroyMenuDescriptor
OleCreateMenuDescriptor
CreateILockBytesOnHGlobal
StgCreateDocfileOnILockBytes
OleLoadFromStream
CreateStreamOnHGlobal
CLSIDFromProgID
OleInitialize
CoFreeUnusedLibraries
OleUninitialize
OleSaveToStream
OleDuplicateData
CoTaskMemAlloc
CoTaskMemFree
CLSIDFromString
CoInitializeEx
CoUninitialize
CoInitialize
CoCreateInstance
CoRevokeClassObject
OleIsCurrentClipboard
OleFlushClipboard
CoRegisterMessageFilter
WriteClassStm
DoDragDrop
RegisterDragDrop
CoLockObjectExternal
RevokeDragDrop
OleGetClipboard
OleTranslateAccelerator
IsAccelerator
ReleaseStgMedium

oleaut32

VarMul
VarR8FromStr
VarBstrFromR8
VarI4FromStr
OleCreatePictureIndirect
VarDiv
SysAllocString
VarCyFromStr
VariantTimeToSystemTime
SystemTimeToVariantTime
VarBstrFromDate
SysFreeString
VarDateFromStr
VariantClear
SysStringLen
SysAllocStringByteLen
SysStringByteLen
SysAllocStringLen
VariantChangeType
VariantInit
OleCreateFontIndirect
VariantCopy
SafeArrayDestroy

urlmon

URLDownloadToFileW

gdiplus

GdipGetImagePixelFormat
GdipGetImageHeight
GdipGetImageWidth
GdipGetImagePaletteSize
GdipDrawImageI
GdipDeleteGraphics
GdipGetImageGraphicsContext
GdipDisposeImage
GdipAlloc
GdipFree
GdipCloneImage
GdipGetImagePalette
GdipCreateBitmapFromFile
GdipCreateBitmapFromScan0
GdipBitmapLockBits
GdipBitmapUnlockBits
GdiplusStartup
GdiplusShutdown

version

GetFileVersionInfoW
VerQueryValueW
GetFileVersionInfoSizeW

winmm

PlaySoundW

rpcrt4

UuidToStringW
UuidCreate
RpcStringFreeW

Sections

.text
Size: 3.9MB - Virtual size: 3.9MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 798KB - Virtual size: 798KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 89KB - Virtual size: 117KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 7.3MB - Virtual size: 7.3MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

e4bef79f59242df9daf28c2c8193c40e

Headers

File Characteristics

Imports

kernel32

user32

advapi32

Sections

.text Size: 68KB - Virtual size: 67KB

.rdata Size: 36KB - Virtual size: 33KB

.data Size: 40KB - Virtual size: 45KB

ed928bd060b03bab412d37a11b9d26a0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

shell32

user32

advapi32

Sections

.text Size: 240KB - Virtual size: 239KB

.rdata Size: 114KB - Virtual size: 114KB

.data Size: 78KB - Virtual size: 116KB

.pdata Size: 10KB - Virtual size: 9KB

.rsrc Size: 1KB - Virtual size: 1KB

.reloc Size: 7KB - Virtual size: 7KB

9bbd972bee7030506f62236dff565e85

Headers

DLL Characteristics

File Characteristics

Imports

user32

kernel32

advapi32

gdi32

msimg32

comdlg32

winspool.drv

shell32

comctl32

shlwapi

uxtheme

ole32

oleaut32

oleacc

gdiplus

imm32

winmm

Sections

.text Size: 2.2MB - Virtual size: 2.2MB

.rdata Size: 775KB - Virtual size: 774KB

.data Size: 107KB - Virtual size: 2.4MB

.pdata Size: 98KB - Virtual size: 97KB

.rsrc Size: 31KB - Virtual size: 30KB

.reloc Size: 70KB - Virtual size: 69KB

6b893ca0388ae7a60f134fafc899b16d

Headers

File Characteristics

Imports

kernel32

advapi32

Exports

Exports

Sections

.text Size: 76KB - Virtual size: 73KB

.rdata Size: 8KB - Virtual size: 5KB

.data Size: 16KB - Virtual size: 231KB

.reloc Size: 8KB - Virtual size: 6KB

072f277c4d89044b84c482307008a355

Code Sign

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate

Extended Key Usages

Key Usages

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate

.text
Size: 68KB - Virtual size: 67KB

.rdata
Size: 36KB - Virtual size: 33KB

.data
Size: 40KB - Virtual size: 45KB

.text
Size: 240KB - Virtual size: 239KB

.rdata
Size: 114KB - Virtual size: 114KB

.data
Size: 78KB - Virtual size: 116KB

.pdata
Size: 10KB - Virtual size: 9KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 7KB - Virtual size: 7KB

.text
Size: 2.2MB - Virtual size: 2.2MB

.rdata
Size: 775KB - Virtual size: 774KB

.data
Size: 107KB - Virtual size: 2.4MB

.pdata
Size: 98KB - Virtual size: 97KB

.rsrc
Size: 31KB - Virtual size: 30KB

.reloc
Size: 70KB - Virtual size: 69KB

.text
Size: 76KB - Virtual size: 73KB

.rdata
Size: 8KB - Virtual size: 5KB

.data
Size: 16KB - Virtual size: 231KB

.reloc
Size: 8KB - Virtual size: 6KB

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

08:df:d8:0b:28:26:71:65:54:b1:fb:8c:fa:50:43:d7
Certificate

58:5d:db:1d:04:c7:4b:32:3b:2e:01:b5:59:b7:19:db:74:e5:e6:da
Signer

.text
Size: 6KB - Virtual size: 6KB

.data
Size: 32B - Virtual size: 4B

INIT
Size: 1KB - Virtual size: 1KB

.reloc
Size: 384B - Virtual size: 378B

38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5
Certificate

47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4
Certificate

41:91:a1:5a:39:78:df:cf:49:65:66:38:1d:4c:75:c2
Certificate

61:0c:12:06:00:00:00:00:00:1b
Certificate

08:df:d8:0b:28:26:71:65:54:b1:fb:8c:fa:50:43:d7
Certificate

c5:51:73:b9:26:23:5b:86:78:bd:db:9b:49:a1:a8:b9:a9:2a:1a:da
Signer

.text
Size: 6KB - Virtual size: 6KB

.pdata
Size: 160B - Virtual size: 144B

INIT
Size: 800B - Virtual size: 794B

61:20:4d:b4:00:00:00:00:00:27
Certificate

09:f4:3c:81:c1:eb:27:87:6e:e1:ae:fe:aa:5a:0f:5d
Certificate

03:01:9a:02:3a:ff:58:b1:6b:d6:d5:ea:e6:17:f0:66
Certificate

03:f1:b4:e1:5f:3a:82:f1:14:96:78:b3:d7:d8:47:5c
Certificate

06:fd:f9:03:96:03:ad:ea:00:0a:eb:3f:27:bb:ba:1b
Certificate

6a:eb:58:7e:dc:d0:12:89:ab:c8:43:16:ae:88:95:9c:23:56:63:fe
Signer