General

Malware Config

Signatures

Files

• Test.zip

  .zip

  Password: 123

• Loader.zip

  .zip

  Password: 123

• D3DCompiler_43.dll

  .dll windows:6 windows x64 arch:x64

  Password: 123

  87e48ad40a89f4f6e1404989a85ca976

  
  

  Code Sign

  33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  04-03-2020 18:39

  Not After

  03-03-2021 18:39

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  81:26:13:c5:f2:38:99:6b:98:b7:ef:c5:7c:90:6c:d4:ca:bf:23:75:a2:53:c5:d1:7b:fc:10:19:8c:05:ce:e7

  Signer

  Actual PE Digest

  81:26:13:c5:f2:38:99:6b:98:b7:ef:c5:7c:90:6c:d4:ca:bf:23:75:a2:53:c5:d1:7b:fc:10:19:8c:05:ce:e7

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  PDB Paths

  D3DCompiler_43.pdb

  Imports

  msvcrt

  ??1type_info@@UEAA@XZ

  ?terminate@@YAXXZ

  _unlock

  __dllonexit

  _lock

  _onexit

  _CxxThrowException

  memset

  memcpy

  __C_specific_handler

  _amsg_exit

  _initterm

  _XcptFilter

  _strtoui64

  isxdigit

  atof

  setlocale

  _strdup

  _mbstrlen

  modf

  isalnum

  _isnan

  _finite

  strrchr

  _clearfp

  _controlfp

  _strnicmp

  _fpclass

  _purecall

  strncmp

  isspace

  strstr

  strchr

  getenv

  _stricmp

  memmove

  qsort

  isalpha

  toupper

  atoi

  isdigit

  tolower

  free

  malloc

  ??2@YAPEAX_K@Z

  ??3@YAXPEAX@Z

  _vsnprintf

  __CxxFrameHandler

  floor

  fmod

  memcmp

  acos

  asin

  atan

  atan2

  ceil

  cos

  cosh

  exp

  log

  pow

  sin

  sinh

  sqrt

  tan

  tanh

  floorf

  gdi32

  DeleteObject

  kernel32

  GetCurrentProcess

  TerminateProcess

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetCurrentThreadId

  GetTickCount

  QueryPerformanceCounter

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  CloseHandle

  UnmapViewOfFile

  DeleteCriticalSection

  UnhandledExceptionFilter

  GetSystemInfo

  VirtualAlloc

  VirtualFree

  GetLastError

  MultiByteToWideChar

  WideCharToMultiByte

  GetFullPathNameA

  HeapCreate

  OutputDebugStringA

  GetProcAddress

  LoadLibraryA

  GetModuleHandleA

  lstrcmpiA

  GetProcessHeap

  HeapFree

  HeapAlloc

  TlsFree

  TlsGetValue

  HeapDestroy

  TlsSetValue

  TlsAlloc

  FreeLibrary

  Sleep

  VirtualProtect

  DisableThreadLibraryCalls

  InitializeCriticalSection

  SetUnhandledExceptionFilter

  Exports

  Exports

  D3DAssemble

  D3DCompile

  D3DCompressShaders

  D3DCreateBlob

  D3DDecompressShaders

  D3DDisassemble

  D3DDisassemble10Effect

  D3DGetBlobPart

  D3DGetDebugInfo

  D3DGetInputAndOutputSignatureBlob

  D3DGetInputSignatureBlob

  D3DGetOutputSignatureBlob

  D3DPreprocess

  D3DReflect

  D3DReturnFailure1

  D3DStripShader

  DebugSetMute

  Sections

  .text

  Size: 2.3MB - Virtual size: 2.3MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 21KB - Virtual size: 37KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 53KB - Virtual size: 52KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 968B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 18KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Loader.exe

  .exe windows:6 windows x64 arch:x64

  Password: 123

  3725abb7a8e75dc8a7290fd896b6ed64

  
  

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  PDB Paths

  D:\Source_c\Source c++\x64\Release\Loader.pdb

  Imports

  d3dx9_43

  D3DXCreateTextureFromFileInMemoryEx

  kernel32

  FindFirstFileW

  OutputDebugStringW

  FindNextFileW

  FindClose

  InitializeSListHead

  GetSystemTimeAsFileTime

  GetFileAttributesExW

  GetCurrentThreadId

  GetCurrentProcessId

  GetStartupInfoW

  IsDebuggerPresent

  IsProcessorFeaturePresent

  TerminateProcess

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  RtlVirtualUnwind

  RtlLookupFunctionEntry

  RtlCaptureContext

  SleepConditionVariableSRW

  WakeAllConditionVariable

  SetFileInformationByHandle

  AcquireSRWLockExclusive

  AreFileApisANSI

  ReleaseSRWLockExclusive

  GetFileInformationByHandleEx

  CreateProcessA

  CopyFileW

  CreateProcessW

  CloseHandle

  DeleteFileW

  GetLocaleInfoEx

  GetFileSizeEx

  CreateFileA

  WaitForMultipleObjects

  PeekNamedPipe

  ReadFile

  GetFileType

  GetStdHandle

  GetEnvironmentVariableA

  WaitForSingleObjectEx

  MoveFileExA

  GetTickCount

  VerifyVersionInfoA

  GetSystemDirectoryA

  SleepEx

  LeaveCriticalSection

  CreateFileW

  InitializeCriticalSectionEx

  DeleteCriticalSection

  GetCurrentProcess

  CreateThread

  VirtualProtect

  CreateFileMappingW

  GetLastError

  Sleep

  WaitForSingleObject

  GetTempPathW

  QueryPerformanceCounter

  VerifyVersionInfoW

  FreeLibrary

  GetModuleHandleW

  VerSetConditionMask

  GetProcAddress

  QueryPerformanceFrequency

  LoadLibraryA

  GlobalUnlock

  WideCharToMultiByte

  GlobalLock

  GlobalFree

  MapViewOfFile

  GlobalAlloc

  UnmapViewOfFile

  GetModuleFileNameA

  GetModuleFileNameW

  GetModuleHandleA

  FindFirstFileExW

  MultiByteToWideChar

  LocalFree

  EnterCriticalSection

  SetLastError

  FormatMessageA

  user32

  IsIconic

  SetForegroundWindow

  ReleaseCapture

  GetClientRect

  SetWindowLongW

  ReleaseDC

  GetCursorPos

  SetCursor

  SetCapture

  LoadCursorW

  OpenClipboard

  SetFocus

  SetLayeredWindowAttributes

  GetForegroundWindow

  IsChild

  ClientToScreen

  GetMonitorInfoW

  GetCapture

  ShowWindow

  WindowFromPoint

  RegisterClassExW

  SetWindowTextW

  UnregisterClassW

  ScreenToClient

  CreateWindowExW

  EnumDisplayMonitors

  MonitorFromWindow

  SetWindowPos

  GetDC

  CloseClipboard

  EmptyClipboard

  GetClipboardData

  SetClipboardData

  SetCursorPos

  BringWindowToTop

  DestroyWindow

  GetActiveWindow

  DispatchMessageW

  PeekMessageW

  SetWindowDisplayAffinity

  MessageBoxA

  TranslateMessage

  PostQuitMessage

  UpdateWindow

  GetWindowLongW

  DefWindowProcW

  AdjustWindowRectEx

  GetKeyState

  gdi32

  GetDeviceCaps

  advapi32

  OpenServiceW

  AddAccessAllowedAce

  GetLengthSid

  CryptEncrypt

  GetTokenInformation

  InitializeAcl

  IsValidSid

  SetSecurityInfo

  CryptAcquireContextA

  ChangeServiceConfigW

  RegOpenKeyExW

  RegDeleteTreeW

  ControlService

  OpenSCManagerW

  CloseServiceHandle

  RegCloseKey

  CryptReleaseContext

  CryptGetHashParam

  CryptGenRandom

  CryptCreateHash

  CryptHashData

  CryptDestroyHash

  CryptDestroyKey

  CryptImportKey

  OpenProcessToken

  shell32

  ShellExecuteW

  ShellExecuteA

  msvcp140

  ??0?$basic_ios@DU?$char_traits@D@std@@@std@@IEAA@XZ

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAVios_base@1@AEAV21@@Z@Z

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@H@Z

  ??0?$basic_iostream@DU?$char_traits@D@std@@@std@@QEAA@PEAV?$basic_streambuf@DU?$char_traits@D@std@@@1@@Z

  ??1?$basic_iostream@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ?_Xbad_function_call@std@@YAXXZ

  ?setw@std@@YA?AU?$_Smanip@_J@1@_J@Z

  ?imbue@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAXAEBVlocale@2@@Z

  ?sync@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

  ?setbuf@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAPEAV12@PEAD_J@Z

  ?xsputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEBD_J@Z

  ?xsgetn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JPEAD_J@Z

  ?uflow@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAAHXZ

  ?_Pninc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAAPEADXZ

  ?_Unlock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

  ?_Lock@?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAAXXZ

  ??1?$basic_ios@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ??1?$basic_streambuf@DU?$char_traits@D@std@@@std@@UEAA@XZ

  ??0?$basic_streambuf@DU?$char_traits@D@std@@@std@@IEAA@XZ

  ??0_Locinfo@std@@QEAA@PEBD@Z

  ??1_Locinfo@std@@QEAA@XZ

  ?_Getcoll@_Locinfo@std@@QEBA?AU_Collvec@@XZ

  ??Bid@locale@std@@QEAA_KXZ

  ?_Incref@facet@locale@std@@UEAAXXZ

  ?_Decref@facet@locale@std@@UEAAPEAV_Facet_base@3@XZ

  ??0facet@locale@std@@IEAA@_K@Z

  ??1facet@locale@std@@MEAA@XZ

  ?_Xlength_error@std@@YAXPEBD@Z

  ?_Xbad_alloc@std@@YAXXZ

  ?_Xout_of_range@std@@YAXPEBD@Z

  _Strxfrm

  _Query_perf_frequency

  ??1_Lockit@std@@QEAA@XZ

  ??0_Lockit@std@@QEAA@H@Z

  ?_Throw_Cpp_error@std@@YAXH@Z

  ?uncaught_exceptions@std@@YAHXZ

  ?cout@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

  ?_Getgloballocale@locale@std@@CAPEAV_Locimp@12@XZ

  ?_Init@locale@std@@CAPEAV_Locimp@12@_N@Z

  ?wcout@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A

  ?cerr@std@@3V?$basic_ostream@DU?$char_traits@D@std@@@1@A

  ?_Xregex_error@std@@YAXW4error_type@regex_constants@1@@Z

  ?wcerr@std@@3V?$basic_ostream@_WU?$char_traits@_W@std@@@1@A

  ?tolower@?$ctype@D@std@@QEBADD@Z

  ?tolower@?$ctype@D@std@@QEBAPEBDPEADPEBD@Z

  ?_Getcat@?$ctype@D@std@@SA_KPEAPEBVfacet@locale@2@PEBV42@@Z

  ?good@ios_base@std@@QEBA_NXZ

  ??6?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

  ??6?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV01@P6AAEAV01@AEAV01@@Z@Z

  ?sputc@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAAG_W@Z

  ?sputc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAAHD@Z

  ?flush@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@XZ

  ?put@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAAEAV12@_W@Z

  ?flush@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@XZ

  ?put@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAAEAV12@D@Z

  ?widen@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEBA_WD@Z

  ?setstate@?$basic_ios@_WU?$char_traits@_W@std@@@std@@QEAAXH_N@Z

  ?widen@?$basic_ios@DU?$char_traits@D@std@@@std@@QEBADD@Z

  ?setstate@?$basic_ios@DU?$char_traits@D@std@@@std@@QEAAXH_N@Z

  ?sputn@?$basic_streambuf@_WU?$char_traits@_W@std@@@std@@QEAA_JPEB_W_J@Z

  ?sputn@?$basic_streambuf@DU?$char_traits@D@std@@@std@@QEAA_JPEBD_J@Z

  ?_Osfx@?$basic_ostream@_WU?$char_traits@_W@std@@@std@@QEAAXXZ

  ?_Osfx@?$basic_ostream@DU?$char_traits@D@std@@@std@@QEAAXXZ

  _Xtime_get_ticks

  _Thrd_detach

  _Query_perf_counter

  _Thrd_sleep

  _Cnd_do_broadcast_at_thread_exit

  _Strcoll

  ?_Syserror_map@std@@YAPEBDH@Z

  ?id@?$collate@D@std@@2V0locale@2@A

  ?_Random_device@std@@YAIXZ

  ?id@?$ctype@D@std@@2V0locale@2@A

  ?_Winerror_map@std@@YAHH@Z

  ?showmanyc@?$basic_streambuf@DU?$char_traits@D@std@@@std@@MEAA_JXZ

  d3d9

  Direct3DCreate9

  imm32

  ImmReleaseContext

  ImmGetContext

  ImmSetCompositionWindow

  urlmon

  URLDownloadToFileW

  normaliz

  IdnToAscii

  wldap32

  ord217

  ord143

  ord46

  ord211

  ord60

  ord45

  ord50

  ord41

  ord22

  ord26

  ord27

  ord32

  ord33

  ord35

  ord79

  ord30

  ord200

  ord301

  crypt32

  CertCloseStore

  CertEnumCertificatesInStore

  CertFindCertificateInStore

  CertFreeCertificateContext

  CertOpenStore

  PFXImportCertStore

  CryptDecodeObjectEx

  CertAddCertificateContextToStore

  CertFreeCertificateChain

  CryptStringToBinaryA

  CertGetCertificateChain

  CertFreeCertificateChainEngine

  CertCreateCertificateChainEngine

  CryptQueryObject

  CertGetNameStringA

  CertFindExtension

  ws2_32

  ioctlsocket

  closesocket

  recv

  send

  WSAGetLastError

  bind

  connect

  getpeername

  getsockname

  getsockopt

  htons

  ntohs

  setsockopt

  socket

  WSASetLastError

  WSAIoctl

  WSAStartup

  WSACleanup

  accept

  htonl

  listen

  ntohl

  gethostname

  sendto

  freeaddrinfo

  __WSAFDIsSet

  recvfrom

  select

  getaddrinfo

  rpcrt4

  UuidCreate

  UuidToStringA

  RpcStringFreeA

  psapi

  GetModuleInformation

  vcruntime140_1

  __CxxFrameHandler4

  vcruntime140

  __std_terminate

  strstr

  __C_specific_handler

  __current_exception_context

  __current_exception

  strrchr

  memset

  memmove

  memcpy

  memcmp

  memchr

  _CxxThrowException

  __std_exception_copy

  __std_exception_destroy

  strchr

  api-ms-win-crt-stdio-l1-1-0

  __stdio_common_vsprintf

  fwrite

  _lseeki64

  fread

  __acrt_iob_func

  __stdio_common_vsscanf

  _set_fmode

  feof

  __p__commode

  fputs

  fseek

  fputc

  _read

  _write

  _close

  _open

  fclose

  _popen

  _pclose

  fgets

  fflush

  ftell

  _wfopen

  fopen

  api-ms-win-crt-string-l1-1-0

  _strdup

  tolower

  strpbrk

  strcmp

  strcspn

  strspn

  isupper

  strncmp

  strncpy

  api-ms-win-crt-utility-l1-1-0

  qsort

  api-ms-win-crt-heap-l1-1-0

  calloc

  _set_new_mode

  realloc

  _callnewh

  malloc

  free

  api-ms-win-crt-convert-l1-1-0

  strtod

  atoi

  strtoul

  strtoll

  strtoull

  strtol

  api-ms-win-crt-runtime-l1-1-0

  system

  _errno

  abort

  strerror

  __sys_nerr

  _beginthreadex

  perror

  exit

  _register_thread_local_exe_atexit_callback

  _c_exit

  _invalid_parameter_noinfo_noreturn

  _exit

  _initterm_e

  _initterm

  _get_wide_winmain_command_line

  _initialize_wide_environment

  _configure_wide_argv

  _set_app_type

  _seh_filter_exe

  _cexit

  _crt_atexit

  _register_onexit_function

  _initialize_onexit_table

  terminate

  _getpid

  api-ms-win-crt-filesystem-l1-1-0

  _unlink

  _fstat64

  _access

  _stat64

  remove

  api-ms-win-crt-environment-l1-1-0

  _dupenv_s

  api-ms-win-crt-locale-l1-1-0

  ___lc_codepage_func

  localeconv

  _configthreadlocale

  api-ms-win-crt-math-l1-1-0

  _dclass

  sqrtf

  acosf

  ceilf

  cosf

  fmodf

  pow

  sinf

  sqrt

  __setusermatherr

  api-ms-win-crt-time-l1-1-0

  _gmtime64

  _time64

  Sections

  .text

  Size: 755KB - Virtual size: 754KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 157KB - Virtual size: 157KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 64KB - Virtual size: 67KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 32KB - Virtual size: 32KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 512B - Virtual size: 488B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 2KB - Virtual size: 1KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• d3dx10_43.dll

  .dll windows:6 windows x64 arch:x64

  Password: 123

  6f5981b2b8cdc7af020c15c84f8c0fee

  
  

  Code Sign

  33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  04-03-2020 18:39

  Not After

  03-03-2021 18:39

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  eb:8a:75:48:24:a0:be:05:3c:d7:13:9e:b1:97:86:99:e9:85:8c:b3:4e:fd:ed:cb:f9:fe:00:38:1a:30:cd:af

  Signer

  Actual PE Digest

  eb:8a:75:48:24:a0:be:05:3c:d7:13:9e:b1:97:86:99:e9:85:8c:b3:4e:fd:ed:cb:f9:fe:00:38:1a:30:cd:af

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  PDB Paths

  d3dx10_43.pdb

  Imports

  msvcrt

  _isnan

  _controlfp

  __CxxFrameHandler

  _purecall

  _finite

  iswpunct

  iswdigit

  iswalpha

  iswspace

  _vsnwprintf

  memmove

  qsort

  tolower

  ??2@YAPEAX_K@Z

  _stricmp

  _vsnprintf

  _XcptFilter

  malloc

  _initterm

  free

  ??1type_info@@UEAA@XZ

  _onexit

  _lock

  __dllonexit

  _unlock

  ?terminate@@YAXXZ

  _CxxThrowException

  memset

  sqrt

  asinf

  memcpy

  __C_specific_handler

  ??3@YAXPEAX@Z

  _amsg_exit

  sqrtf

  floorf

  cosf

  sinf

  atan2f

  acosf

  atan

  gdi32

  GetTextMetricsW

  TranslateCharsetInfo

  ExtTextOutA

  MoveToEx

  ExtTextOutW

  CreateDIBSection

  GetGlyphOutlineA

  GetObjectW

  GetObjectA

  GetCharacterPlacementA

  GetCharacterPlacementW

  SetTextColor

  SetBkColor

  SetBkMode

  GetTextMetricsA

  GetFontLanguageInfo

  CreateFontIndirectA

  CreateFontIndirectW

  SetTextAlign

  SetMapMode

  CreateCompatibleDC

  DeleteDC

  DeleteObject

  SelectObject

  kernel32

  LockResource

  LoadResource

  FindResourceW

  FindResourceA

  WriteFile

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  TerminateProcess

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetCurrentThreadId

  GetTickCount

  QueryPerformanceCounter

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  OutputDebugStringA

  GetFileSize

  GetModuleFileNameA

  DeleteCriticalSection

  InitializeCriticalSection

  CreateFileA

  IsProcessorFeaturePresent

  WideCharToMultiByte

  GetLastError

  MultiByteToWideChar

  GetFullPathNameW

  CreateFileW

  GetFileSizeEx

  ReadFile

  FreeLibrary

  GetModuleHandleA

  DebugBreak

  CloseHandle

  ReleaseMutex

  ReleaseSemaphore

  WaitForSingleObject

  CreateMutexA

  CreateSemaphoreA

  WaitForMultipleObjects

  CreateThread

  GetCurrentProcess

  GetProcessAffinityMask

  EnterCriticalSection

  LeaveCriticalSection

  LoadLibraryA

  GetProcAddress

  Sleep

  VirtualProtect

  DisableThreadLibraryCalls

  SizeofResource

  advapi32

  RegEnumKeyExA

  RegOpenKeyExA

  RegCloseKey

  RegQueryValueExA

  ole32

  CreateStreamOnHGlobal

  Exports

  Exports

  D3DX10CheckVersion

  D3DX10CompileFromFileA

  D3DX10CompileFromFileW

  D3DX10CompileFromMemory

  D3DX10CompileFromResourceA

  D3DX10CompileFromResourceW

  D3DX10ComputeNormalMap

  D3DX10CreateAsyncCompilerProcessor

  D3DX10CreateAsyncEffectCreateProcessor

  D3DX10CreateAsyncEffectPoolCreateProcessor

  D3DX10CreateAsyncFileLoaderA

  D3DX10CreateAsyncFileLoaderW

  D3DX10CreateAsyncMemoryLoader

  D3DX10CreateAsyncResourceLoaderA

  D3DX10CreateAsyncResourceLoaderW

  D3DX10CreateAsyncShaderPreprocessProcessor

  D3DX10CreateAsyncShaderResourceViewProcessor

  D3DX10CreateAsyncTextureInfoProcessor

  D3DX10CreateAsyncTextureProcessor

  D3DX10CreateDevice

  D3DX10CreateDeviceAndSwapChain

  D3DX10CreateEffectFromFileA

  D3DX10CreateEffectFromFileW

  D3DX10CreateEffectFromMemory

  D3DX10CreateEffectFromResourceA

  D3DX10CreateEffectFromResourceW

  D3DX10CreateEffectPoolFromFileA

  D3DX10CreateEffectPoolFromFileW

  D3DX10CreateEffectPoolFromMemory

  D3DX10CreateEffectPoolFromResourceA

  D3DX10CreateEffectPoolFromResourceW

  D3DX10CreateFontA

  D3DX10CreateFontIndirectA

  D3DX10CreateFontIndirectW

  D3DX10CreateFontW

  D3DX10CreateMesh

  D3DX10CreateShaderResourceViewFromFileA

  D3DX10CreateShaderResourceViewFromFileW

  D3DX10CreateShaderResourceViewFromMemory

  D3DX10CreateShaderResourceViewFromResourceA

  D3DX10CreateShaderResourceViewFromResourceW

  D3DX10CreateSkinInfo

  D3DX10CreateSprite

  D3DX10CreateTextureFromFileA

  D3DX10CreateTextureFromFileW

  D3DX10CreateTextureFromMemory

  D3DX10CreateTextureFromResourceA

  D3DX10CreateTextureFromResourceW

  D3DX10CreateThreadPump

  D3DX10FilterTexture

  D3DX10GetFeatureLevel1

  D3DX10GetImageInfoFromFileA

  D3DX10GetImageInfoFromFileW

  D3DX10GetImageInfoFromMemory

  D3DX10GetImageInfoFromResourceA

  D3DX10GetImageInfoFromResourceW

  D3DX10LoadTextureFromTexture

  D3DX10PreprocessShaderFromFileA

  D3DX10PreprocessShaderFromFileW

  D3DX10PreprocessShaderFromMemory

  D3DX10PreprocessShaderFromResourceA

  D3DX10PreprocessShaderFromResourceW

  D3DX10SHProjectCubeMap

  D3DX10SaveTextureToFileA

  D3DX10SaveTextureToFileW

  D3DX10SaveTextureToMemory

  D3DX10UnsetAllDeviceObjects

  D3DXBoxBoundProbe

  D3DXColorAdjustContrast

  D3DXColorAdjustSaturation

  D3DXComputeBoundingBox

  D3DXComputeBoundingSphere

  D3DXCpuOptimizations

  D3DXCreateMatrixStack

  D3DXFloat16To32Array

  D3DXFloat32To16Array

  D3DXFresnelTerm

  D3DXIntersectTri

  D3DXMatrixAffineTransformation

  D3DXMatrixAffineTransformation2D

  D3DXMatrixDecompose

  D3DXMatrixDeterminant

  D3DXMatrixInverse

  D3DXMatrixLookAtLH

  D3DXMatrixLookAtRH

  D3DXMatrixMultiply

  D3DXMatrixMultiplyTranspose

  D3DXMatrixOrthoLH

  D3DXMatrixOrthoOffCenterLH

  D3DXMatrixOrthoOffCenterRH

  D3DXMatrixOrthoRH

  D3DXMatrixPerspectiveFovLH

  D3DXMatrixPerspectiveFovRH

  D3DXMatrixPerspectiveLH

  D3DXMatrixPerspectiveOffCenterLH

  D3DXMatrixPerspectiveOffCenterRH

  D3DXMatrixPerspectiveRH

  D3DXMatrixReflect

  D3DXMatrixRotationAxis

  D3DXMatrixRotationQuaternion

  D3DXMatrixRotationX

  D3DXMatrixRotationY

  D3DXMatrixRotationYawPitchRoll

  D3DXMatrixRotationZ

  D3DXMatrixScaling

  D3DXMatrixShadow

  D3DXMatrixTransformation

  D3DXMatrixTransformation2D

  D3DXMatrixTranslation

  D3DXMatrixTranspose

  D3DXPlaneFromPointNormal

  D3DXPlaneFromPoints

  D3DXPlaneIntersectLine

  D3DXPlaneNormalize

  D3DXPlaneTransform

  D3DXPlaneTransformArray

  D3DXQuaternionBaryCentric

  D3DXQuaternionExp

  D3DXQuaternionInverse

  D3DXQuaternionLn

  D3DXQuaternionMultiply

  D3DXQuaternionNormalize

  D3DXQuaternionRotationAxis

  D3DXQuaternionRotationMatrix

  D3DXQuaternionRotationYawPitchRoll

  D3DXQuaternionSlerp

  D3DXQuaternionSquad

  D3DXQuaternionSquadSetup

  D3DXQuaternionToAxisAngle

  D3DXSHAdd

  D3DXSHDot

  D3DXSHEvalConeLight

  D3DXSHEvalDirection

  D3DXSHEvalDirectionalLight

  D3DXSHEvalHemisphereLight

  D3DXSHEvalSphericalLight

  D3DXSHMultiply2

  D3DXSHMultiply3

  D3DXSHMultiply4

  D3DXSHMultiply5

  D3DXSHMultiply6

  D3DXSHRotate

  D3DXSHRotateZ

  D3DXSHScale

  D3DXSphereBoundProbe

  D3DXVec2BaryCentric

  D3DXVec2CatmullRom

  D3DXVec2Hermite

  D3DXVec2Normalize

  D3DXVec2Transform

  D3DXVec2TransformArray

  D3DXVec2TransformCoord

  D3DXVec2TransformCoordArray

  D3DXVec2TransformNormal

  D3DXVec2TransformNormalArray

  D3DXVec3BaryCentric

  D3DXVec3CatmullRom

  D3DXVec3Hermite

  D3DXVec3Normalize

  D3DXVec3Project

  D3DXVec3ProjectArray

  D3DXVec3Transform

  D3DXVec3TransformArray

  D3DXVec3TransformCoord

  D3DXVec3TransformCoordArray

  D3DXVec3TransformNormal

  D3DXVec3TransformNormalArray

  D3DXVec3Unproject

  D3DXVec3UnprojectArray

  D3DXVec4BaryCentric

  D3DXVec4CatmullRom

  D3DXVec4Cross

  D3DXVec4Hermite

  D3DXVec4Normalize

  D3DXVec4Transform

  D3DXVec4TransformArray

  Sections

  .text

  Size: 459KB - Virtual size: 459KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 17KB - Virtual size: 20KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 11KB - Virtual size: 10KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 936B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 4KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• d3dx11_43.dll

  .dll windows:6 windows x64 arch:x64

  Password: 123

  81904c72645caa23fce37aa3b4a853e1

  
  

  Code Sign

  33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  04-03-2020 18:39

  Not After

  03-03-2021 18:39

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  15:46:a7:8f:b9:2a:1f:14:2b:d2:f6:c8:a2:7a:f2:c9:e2:d8:d9:46:dc:24:9b:c0:da:ac:b5:89:e9:95:63:0a

  Signer

  Actual PE Digest

  15:46:a7:8f:b9:2a:1f:14:2b:d2:f6:c8:a2:7a:f2:c9:e2:d8:d9:46:dc:24:9b:c0:da:ac:b5:89:e9:95:63:0a

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  PDB Paths

  d3dx11_43.pdb

  Imports

  msvcrt

  ??1type_info@@UEAA@XZ

  ?terminate@@YAXXZ

  _onexit

  _lock

  __dllonexit

  _unlock

  memmove

  memset

  memcpy

  __C_specific_handler

  _amsg_exit

  _initterm

  _XcptFilter

  _callnewh

  malloc

  _CxxThrowException

  free

  ??0exception@@QEAA@AEBV0@@Z

  ??1exception@@UEAA@XZ

  ?what@exception@@UEBAPEBDXZ

  ??0exception@@QEAA@AEBQEBDH@Z

  _isnan

  _controlfp

  _purecall

  _vsnwprintf

  sqrtf

  __CxxFrameHandler

  floorf

  kernel32

  WideCharToMultiByte

  WriteFile

  FindResourceA

  FindResourceW

  SizeofResource

  LockResource

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  TerminateProcess

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetCurrentThreadId

  GetTickCount

  QueryPerformanceCounter

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  OutputDebugStringA

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  CreateFileA

  DebugBreak

  ReleaseMutex

  ReleaseSemaphore

  WaitForSingleObject

  CreateMutexA

  CreateSemaphoreA

  WaitForMultipleObjects

  CreateThread

  GetCurrentProcess

  GetProcessAffinityMask

  GetLastError

  MultiByteToWideChar

  GetFullPathNameW

  CreateFileW

  GetFileSizeEx

  ReadFile

  CloseHandle

  FreeLibrary

  GetProcAddress

  LoadLibraryA

  GetModuleHandleA

  Sleep

  VirtualProtect

  DisableThreadLibraryCalls

  LoadResource

  ole32

  CreateStreamOnHGlobal

  gdi32

  DeleteObject

  Exports

  Exports

  D3DX11CheckVersion

  D3DX11CompileFromFileA

  D3DX11CompileFromFileW

  D3DX11CompileFromMemory

  D3DX11CompileFromResourceA

  D3DX11CompileFromResourceW

  D3DX11ComputeNormalMap

  D3DX11CreateAsyncCompilerProcessor

  D3DX11CreateAsyncFileLoaderA

  D3DX11CreateAsyncFileLoaderW

  D3DX11CreateAsyncMemoryLoader

  D3DX11CreateAsyncResourceLoaderA

  D3DX11CreateAsyncResourceLoaderW

  D3DX11CreateAsyncShaderPreprocessProcessor

  D3DX11CreateAsyncShaderResourceViewProcessor

  D3DX11CreateAsyncTextureInfoProcessor

  D3DX11CreateAsyncTextureProcessor

  D3DX11CreateShaderResourceViewFromFileA

  D3DX11CreateShaderResourceViewFromFileW

  D3DX11CreateShaderResourceViewFromMemory

  D3DX11CreateShaderResourceViewFromResourceA

  D3DX11CreateShaderResourceViewFromResourceW

  D3DX11CreateTextureFromFileA

  D3DX11CreateTextureFromFileW

  D3DX11CreateTextureFromMemory

  D3DX11CreateTextureFromResourceA

  D3DX11CreateTextureFromResourceW

  D3DX11CreateThreadPump

  D3DX11FilterTexture

  D3DX11GetImageInfoFromFileA

  D3DX11GetImageInfoFromFileW

  D3DX11GetImageInfoFromMemory

  D3DX11GetImageInfoFromResourceA

  D3DX11GetImageInfoFromResourceW

  D3DX11LoadTextureFromTexture

  D3DX11PreprocessShaderFromFileA

  D3DX11PreprocessShaderFromFileW

  D3DX11PreprocessShaderFromMemory

  D3DX11PreprocessShaderFromResourceA

  D3DX11PreprocessShaderFromResourceW

  D3DX11SHProjectCubeMap

  D3DX11SaveTextureToFileA

  D3DX11SaveTextureToFileW

  D3DX11SaveTextureToMemory

  Sections

  .text

  Size: 236KB - Virtual size: 236KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 17KB - Virtual size: 18KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 5KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 936B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 3KB - Virtual size: 3KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• d3dx9_43.dll

  .dll windows:6 windows x64 arch:x64

  Password: 123

  336d8057d1db03e5a3ac3b62e8902f4b

  
  

  Code Sign

  33:00:00:01:87:72:17:72:15:59:40:c7:09:00:00:00:00:01:87

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  04-03-2020 18:39

  Not After

  03-03-2021 18:39

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  a2:29:f0:57:b9:60:2a:7d:85:68:70:a5:20:96:28:19:2d:3c:9e:45:bd:92:d8:97:52:b1:99:a5:7a:66:12:d5

  Signer

  Actual PE Digest

  a2:29:f0:57:b9:60:2a:7d:85:68:70:a5:20:96:28:19:2d:3c:9e:45:bd:92:d8:97:52:b1:99:a5:7a:66:12:d5

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LARGE_ADDRESS_AWARE

  IMAGE_FILE_DLL

  PDB Paths

  d3dx9_43.pdb

  Imports

  msvcrt

  malloc

  _vsnprintf

  _finite

  memmove

  _purecall

  qsort

  _stricmp

  modff

  iswpunct

  _clearfp

  iswdigit

  iswalpha

  iswspace

  ??2@YAPEAX_K@Z

  ??3@YAXPEAX@Z

  _strdup

  setlocale

  free

  calloc

  realloc

  sscanf

  _strtime

  _isatty

  _write

  _lseeki64

  __pioinfo

  __badioinfo

  wctomb

  _itoa

  _snprintf

  _iob

  _fileno

  isleadbyte

  ?terminate@@YAXXZ

  _onexit

  _lock

  __dllonexit

  _unlock

  memset

  memcpy

  __C_specific_handler

  _amsg_exit

  _initterm

  _XcptFilter

  srand

  strtod

  fread

  fwrite

  fflush

  abort

  _tempnam

  _ultoa

  isalpha

  atol

  atof

  isxdigit

  wcstombs

  _isnan

  rand

  atoi

  isalnum

  _vsnwprintf

  isdigit

  isspace

  longjmp

  ldexp

  frexp

  __CxxFrameHandler

  _errno

  _strdate

  sqrt

  powf

  sqrtf

  floor

  fmodf

  memcmp

  log

  cos

  exp

  sinf

  cosf

  floorf

  ceilf

  atan2

  atan

  acos

  asin

  sin

  pow

  atan2f

  logf

  acosf

  fmod

  asinf

  _setjmp

  ceil

  gdi32

  GetObjectW

  GetGlyphOutlineW

  GetCurrentObject

  GetOutlineTextMetricsA

  TranslateCharsetInfo

  ExtTextOutA

  MoveToEx

  ExtTextOutW

  CreateDIBSection

  GetGlyphOutlineA

  GetObjectA

  GetCharacterPlacementA

  GetCharacterPlacementW

  SetTextColor

  SetBkColor

  SetBkMode

  GetTextMetricsA

  GetTextMetricsW

  GetFontLanguageInfo

  CreateFontIndirectA

  CreateFontIndirectW

  SetTextAlign

  SetMapMode

  CreateCompatibleDC

  DeleteDC

  DeleteObject

  SelectObject

  kernel32

  FindResourceW

  SetUnhandledExceptionFilter

  UnhandledExceptionFilter

  GetCurrentProcess

  TerminateProcess

  GetSystemTimeAsFileTime

  GetCurrentProcessId

  GetCurrentThreadId

  GetTickCount

  QueryPerformanceCounter

  RtlCaptureContext

  RtlLookupFunctionEntry

  RtlVirtualUnwind

  GetProcessHeap

  HeapFree

  HeapAlloc

  ReleaseMutex

  WaitForSingleObject

  CreateMutexA

  IsBadWritePtr

  IsBadReadPtr

  IsBadCodePtr

  ExpandEnvironmentStringsA

  GlobalMemoryStatus

  GetSystemInfo

  SetEndOfFile

  MoveFileW

  GetTempFileNameW

  MoveFileA

  CompareStringA

  SetFilePointer

  DeleteFileW

  FindResourceA

  LoadResource

  LockResource

  SizeofResource

  GetFileSize

  CreateFileMappingA

  MapViewOfFile

  FreeResource

  UnmapViewOfFile

  LeaveCriticalSection

  EnterCriticalSection

  DeleteCriticalSection

  InitializeCriticalSection

  LocalFree

  FormatMessageA

  GetFullPathNameW

  CreateFileW

  GetFileSizeEx

  GetLastError

  IsDBCSLeadByte

  WriteFile

  DeleteFileA

  CloseHandle

  ReadFile

  CreateFileA

  GetTempFileNameA

  GetTempPathA

  IsProcessorFeaturePresent

  VirtualFree

  VirtualAlloc

  GetACP

  MultiByteToWideChar

  WideCharToMultiByte

  OutputDebugStringA

  GetModuleHandleA

  FreeLibrary

  GetProcAddress

  LoadLibraryA

  GetVersionExA

  Sleep

  VirtualProtect

  DisableThreadLibraryCalls

  advapi32

  RegCloseKey

  RegQueryValueExA

  RegOpenKeyA

  Exports

  Exports

  D3DXAssembleShader

  D3DXAssembleShaderFromFileA

  D3DXAssembleShaderFromFileW

  D3DXAssembleShaderFromResourceA

  D3DXAssembleShaderFromResourceW

  D3DXBoxBoundProbe

  D3DXCheckCubeTextureRequirements

  D3DXCheckTextureRequirements

  D3DXCheckVersion

  D3DXCheckVolumeTextureRequirements

  D3DXCleanMesh

  D3DXColorAdjustContrast

  D3DXColorAdjustSaturation

  D3DXCompileShader

  D3DXCompileShaderFromFileA

  D3DXCompileShaderFromFileW

  D3DXCompileShaderFromResourceA

  D3DXCompileShaderFromResourceW

  D3DXComputeBoundingBox

  D3DXComputeBoundingSphere

  D3DXComputeIMTFromPerTexelSignal

  D3DXComputeIMTFromPerVertexSignal

  D3DXComputeIMTFromSignal

  D3DXComputeIMTFromTexture

  D3DXComputeNormalMap

  D3DXComputeNormals

  D3DXComputeTangent

  D3DXComputeTangentFrame

  D3DXComputeTangentFrameEx

  D3DXConcatenateMeshes

  D3DXConvertMeshSubsetToSingleStrip

  D3DXConvertMeshSubsetToStrips

  D3DXCreateAnimationController

  D3DXCreateBox

  D3DXCreateBuffer

  D3DXCreateCompressedAnimationSet

  D3DXCreateCubeTexture

  D3DXCreateCubeTextureFromFileA

  D3DXCreateCubeTextureFromFileExA

  D3DXCreateCubeTextureFromFileExW

  D3DXCreateCubeTextureFromFileInMemory

  D3DXCreateCubeTextureFromFileInMemoryEx

  D3DXCreateCubeTextureFromFileW

  D3DXCreateCubeTextureFromResourceA

  D3DXCreateCubeTextureFromResourceExA

  D3DXCreateCubeTextureFromResourceExW

  D3DXCreateCubeTextureFromResourceW

  D3DXCreateCylinder

  D3DXCreateEffect

  D3DXCreateEffectCompiler

  D3DXCreateEffectCompilerFromFileA

  D3DXCreateEffectCompilerFromFileW

  D3DXCreateEffectCompilerFromResourceA

  D3DXCreateEffectCompilerFromResourceW

  D3DXCreateEffectEx

  D3DXCreateEffectFromFileA

  D3DXCreateEffectFromFileExA

  D3DXCreateEffectFromFileExW

  D3DXCreateEffectFromFileW

  D3DXCreateEffectFromResourceA

  D3DXCreateEffectFromResourceExA

  D3DXCreateEffectFromResourceExW

  D3DXCreateEffectFromResourceW

  D3DXCreateEffectPool

  D3DXCreateFontA

  D3DXCreateFontIndirectA

  D3DXCreateFontIndirectW

  D3DXCreateFontW

  D3DXCreateKeyframedAnimationSet

  D3DXCreateLine

  D3DXCreateMatrixStack

  D3DXCreateMesh

  D3DXCreateMeshFVF

  D3DXCreateNPatchMesh

  D3DXCreatePMeshFromStream

  D3DXCreatePRTBuffer

  D3DXCreatePRTBufferTex

  D3DXCreatePRTCompBuffer

  D3DXCreatePRTEngine

  D3DXCreatePatchMesh

  D3DXCreatePolygon

  D3DXCreateRenderToEnvMap

  D3DXCreateRenderToSurface

  D3DXCreateSPMesh

  D3DXCreateSkinInfo

  D3DXCreateSkinInfoFVF

  D3DXCreateSkinInfoFromBlendedMesh

  D3DXCreateSphere

  D3DXCreateSprite

  D3DXCreateTeapot

  D3DXCreateTextA

  D3DXCreateTextW

  D3DXCreateTexture

  D3DXCreateTextureFromFileA

  D3DXCreateTextureFromFileExA

  D3DXCreateTextureFromFileExW

  D3DXCreateTextureFromFileInMemory

  D3DXCreateTextureFromFileInMemoryEx

  D3DXCreateTextureFromFileW

  D3DXCreateTextureFromResourceA

  D3DXCreateTextureFromResourceExA

  D3DXCreateTextureFromResourceExW

  D3DXCreateTextureFromResourceW

  D3DXCreateTextureGutterHelper

  D3DXCreateTextureShader

  D3DXCreateTorus

  D3DXCreateVolumeTexture

  D3DXCreateVolumeTextureFromFileA

  D3DXCreateVolumeTextureFromFileExA

  D3DXCreateVolumeTextureFromFileExW

  D3DXCreateVolumeTextureFromFileInMemory

  D3DXCreateVolumeTextureFromFileInMemoryEx

  D3DXCreateVolumeTextureFromFileW

  D3DXCreateVolumeTextureFromResourceA

  D3DXCreateVolumeTextureFromResourceExA

  D3DXCreateVolumeTextureFromResourceExW

  D3DXCreateVolumeTextureFromResourceW

  D3DXDebugMute

  D3DXDeclaratorFromFVF

  D3DXDisassembleEffect

  D3DXDisassembleShader

  D3DXFVFFromDeclarator

  D3DXFileCreate

  D3DXFillCubeTexture

  D3DXFillCubeTextureTX

  D3DXFillTexture

  D3DXFillTextureTX

  D3DXFillVolumeTexture

  D3DXFillVolumeTextureTX

  D3DXFilterTexture

  D3DXFindShaderComment

  D3DXFloat16To32Array

  D3DXFloat32To16Array

  D3DXFrameAppendChild

  D3DXFrameCalculateBoundingSphere

  D3DXFrameDestroy

  D3DXFrameFind

  D3DXFrameNumNamedMatrices

  D3DXFrameRegisterNamedMatrices

  D3DXFresnelTerm

  D3DXGenerateOutputDecl

  D3DXGeneratePMesh

  D3DXGetDeclLength

  D3DXGetDeclVertexSize

  D3DXGetDriverLevel

  D3DXGetFVFVertexSize

  D3DXGetImageInfoFromFileA

  D3DXGetImageInfoFromFileInMemory

  D3DXGetImageInfoFromFileW

  D3DXGetImageInfoFromResourceA

  D3DXGetImageInfoFromResourceW

  D3DXGetPixelShaderProfile

  D3DXGetShaderConstantTable

  D3DXGetShaderConstantTableEx

  D3DXGetShaderInputSemantics

  D3DXGetShaderOutputSemantics

  D3DXGetShaderSamplers

  D3DXGetShaderSize

  D3DXGetShaderVersion

  D3DXGetVertexShaderProfile

  D3DXIntersect

  D3DXIntersectSubset

  D3DXIntersectTri

  D3DXLoadMeshFromXA

  D3DXLoadMeshFromXInMemory

  D3DXLoadMeshFromXResource

  D3DXLoadMeshFromXW

  D3DXLoadMeshFromXof

  D3DXLoadMeshHierarchyFromXA

  D3DXLoadMeshHierarchyFromXInMemory

  D3DXLoadMeshHierarchyFromXW

  D3DXLoadPRTBufferFromFileA

  D3DXLoadPRTBufferFromFileW

  D3DXLoadPRTCompBufferFromFileA

  D3DXLoadPRTCompBufferFromFileW

  D3DXLoadPatchMeshFromXof

  D3DXLoadSkinMeshFromXof

  D3DXLoadSurfaceFromFileA

  D3DXLoadSurfaceFromFileInMemory

  D3DXLoadSurfaceFromFileW

  D3DXLoadSurfaceFromMemory

  D3DXLoadSurfaceFromResourceA

  D3DXLoadSurfaceFromResourceW

  D3DXLoadSurfaceFromSurface

  D3DXLoadVolumeFromFileA

  D3DXLoadVolumeFromFileInMemory

  D3DXLoadVolumeFromFileW

  D3DXLoadVolumeFromMemory

  D3DXLoadVolumeFromResourceA

  D3DXLoadVolumeFromResourceW

  D3DXLoadVolumeFromVolume

  D3DXMatrixAffineTransformation

  D3DXMatrixAffineTransformation2D

  D3DXMatrixDecompose

  D3DXMatrixDeterminant

  D3DXMatrixInverse

  D3DXMatrixLookAtLH

  D3DXMatrixLookAtRH

  D3DXMatrixMultiply

  D3DXMatrixMultiplyTranspose

  D3DXMatrixOrthoLH

  D3DXMatrixOrthoOffCenterLH

  D3DXMatrixOrthoOffCenterRH

  D3DXMatrixOrthoRH

  D3DXMatrixPerspectiveFovLH

  D3DXMatrixPerspectiveFovRH

  D3DXMatrixPerspectiveLH

  D3DXMatrixPerspectiveOffCenterLH

  D3DXMatrixPerspectiveOffCenterRH

  D3DXMatrixPerspectiveRH

  D3DXMatrixReflect

  D3DXMatrixRotationAxis

  D3DXMatrixRotationQuaternion

  D3DXMatrixRotationX

  D3DXMatrixRotationY

  D3DXMatrixRotationYawPitchRoll

  D3DXMatrixRotationZ

  D3DXMatrixScaling

  D3DXMatrixShadow

  D3DXMatrixTransformation

  D3DXMatrixTransformation2D

  D3DXMatrixTranslation

  D3DXMatrixTranspose

  D3DXOptimizeFaces

  D3DXOptimizeVertices

  D3DXPlaneFromPointNormal

  D3DXPlaneFromPoints

  D3DXPlaneIntersectLine

  D3DXPlaneNormalize

  D3DXPlaneTransform

  D3DXPlaneTransformArray

  D3DXPreprocessShader

  D3DXPreprocessShaderFromFileA

  D3DXPreprocessShaderFromFileW

  D3DXPreprocessShaderFromResourceA

  D3DXPreprocessShaderFromResourceW

  D3DXQuaternionBaryCentric

  D3DXQuaternionExp

  D3DXQuaternionInverse

  D3DXQuaternionLn

  D3DXQuaternionMultiply

  D3DXQuaternionNormalize

  D3DXQuaternionRotationAxis

  D3DXQuaternionRotationMatrix

  D3DXQuaternionRotationYawPitchRoll

  D3DXQuaternionSlerp

  D3DXQuaternionSquad

  D3DXQuaternionSquadSetup

  D3DXQuaternionToAxisAngle

  D3DXRectPatchSize

  D3DXSHAdd

  D3DXSHDot

  D3DXSHEvalConeLight

  D3DXSHEvalDirection

  D3DXSHEvalDirectionalLight

  D3DXSHEvalHemisphereLight

  D3DXSHEvalSphericalLight

  D3DXSHMultiply2

  D3DXSHMultiply3

  D3DXSHMultiply4

  D3DXSHMultiply5

  D3DXSHMultiply6

  D3DXSHPRTCompSplitMeshSC

  D3DXSHPRTCompSuperCluster

  D3DXSHProjectCubeMap

  D3DXSHRotate

  D3DXSHRotateZ

  D3DXSHScale

  D3DXSaveMeshHierarchyToFileA

  D3DXSaveMeshHierarchyToFileW

  D3DXSaveMeshToXA

  D3DXSaveMeshToXW

  D3DXSavePRTBufferToFileA

  D3DXSavePRTBufferToFileW

  D3DXSavePRTCompBufferToFileA

  D3DXSavePRTCompBufferToFileW

  D3DXSaveSurfaceToFileA

  D3DXSaveSurfaceToFileInMemory

  D3DXSaveSurfaceToFileW

  D3DXSaveTextureToFileA

  D3DXSaveTextureToFileInMemory

  D3DXSaveTextureToFileW

  D3DXSaveVolumeToFileA

  D3DXSaveVolumeToFileInMemory

  D3DXSaveVolumeToFileW

  D3DXSimplifyMesh

  D3DXSphereBoundProbe

  D3DXSplitMesh

  D3DXTessellateNPatches

  D3DXTessellateRectPatch

  D3DXTessellateTriPatch

  D3DXTriPatchSize

  D3DXUVAtlasCreate

  D3DXUVAtlasPack

  D3DXUVAtlasPartition

  D3DXValidMesh

  D3DXValidPatchMesh

  D3DXVec2BaryCentric

  D3DXVec2CatmullRom

  D3DXVec2Hermite

  D3DXVec2Normalize

  D3DXVec2Transform

  D3DXVec2TransformArray

  D3DXVec2TransformCoord

  D3DXVec2TransformCoordArray

  D3DXVec2TransformNormal

  D3DXVec2TransformNormalArray

  D3DXVec3BaryCentric

  D3DXVec3CatmullRom

  D3DXVec3Hermite

  D3DXVec3Normalize

  D3DXVec3Project

  D3DXVec3ProjectArray

  D3DXVec3Transform

  D3DXVec3TransformArray

  D3DXVec3TransformCoord

  D3DXVec3TransformCoordArray

  D3DXVec3TransformNormal

  D3DXVec3TransformNormalArray

  D3DXVec3Unproject

  D3DXVec3UnprojectArray

  D3DXVec4BaryCentric

  D3DXVec4CatmullRom

  D3DXVec4Cross

  D3DXVec4Hermite

  D3DXVec4Normalize

  D3DXVec4Transform

  D3DXVec4TransformArray

  D3DXWeldVertices

  Sections

  .text

  Size: 2.2MB - Virtual size: 2.2MB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 57KB - Virtual size: 148KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .pdata

  Size: 39KB - Virtual size: 38KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 1024B - Virtual size: 928B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 13KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• Visual-C-Runtimes-All-in-One-May-2024.zip

  .zip

  Password: 123

• install_all.bat
• vcredist2005_x64.exe

  .exe windows:5 windows x86 arch:x86

  Password: 123

  0ebb3c09b06b1666d307952e824c8697

  
  

  Code Sign

  2e:ab:11:dc:50:ff:5c:9d:cb:c0

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  22-08-2007 22:31

  Not After

  25-08-2012 07:00

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:01:b2:9b:00:00:00:00:00:15

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  21-02-2011 20:53

  Not After

  21-05-2012 20:53

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  16-09-2006 01:04

  Not After

  15-09-2019 07:00

  Subject

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:06:94:2d:00:00:00:00:00:09

  Certificate

  Issuer

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  25-07-2008 19:02

  Not After

  25-07-2013 19:12

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  72:eb:ec:84:ec:eb:2c:99:f6:93:1a:22:55:c2:43:bc:37:c7:56:59

  Signer

  Actual PE Digest

  72:eb:ec:84:ec:eb:2c:99:f6:93:1a:22:55:c2:43:bc:37:c7:56:59

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  wextract.pdb

  Imports

  advapi32

  FreeSid

  AllocateAndInitializeSid

  EqualSid

  GetTokenInformation

  OpenProcessToken

  AdjustTokenPrivileges

  LookupPrivilegeValueA

  RegCloseKey

  RegDeleteValueA

  RegOpenKeyExA

  RegSetValueExA

  RegQueryValueExA

  RegCreateKeyExA

  RegQueryInfoKeyA

  kernel32

  LocalFree

  LocalAlloc

  GetLastError

  GetCurrentProcess

  lstrlenA

  GetModuleFileNameA

  GetSystemDirectoryA

  _lclose

  _llseek

  _lopen

  WritePrivateProfileStringA

  GetWindowsDirectoryA

  CreateDirectoryA

  GetFileAttributesA

  ExpandEnvironmentStringsA

  lstrcpyA

  GlobalFree

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  IsDBCSLeadByte

  GetShortPathNameA

  GetPrivateProfileStringA

  GetPrivateProfileIntA

  lstrcmpiA

  RemoveDirectoryA

  FindClose

  FindNextFileA

  DeleteFileA

  SetFileAttributesA

  lstrcmpA

  FindFirstFileA

  FreeResource

  GetProcAddress

  LoadResource

  SizeofResource

  FindResourceA

  lstrcatA

  CloseHandle

  WriteFile

  SetFilePointer

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  SetCurrentDirectoryA

  GetTempFileNameA

  ExitProcess

  CreateFileA

  LoadLibraryExA

  lstrcpynA

  GetVolumeInformationA

  FormatMessageA

  GetCurrentDirectoryA

  GetVersionExA

  GetExitCodeProcess

  WaitForSingleObject

  CreateProcessA

  GetTempPathA

  GetSystemInfo

  CreateMutexA

  SetEvent

  CreateEventA

  CreateThread

  ResetEvent

  TerminateThread

  GetDriveTypeA

  GetModuleHandleA

  GetStartupInfoA

  GetCommandLineA

  QueryPerformanceCounter

  GetTickCount

  GetCurrentThreadId

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  TerminateProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  ReadFile

  LoadLibraryA

  GetDiskFreeSpaceA

  MulDiv

  EnumResourceLanguagesA

  FreeLibrary

  LockResource

  gdi32

  GetDeviceCaps

  user32

  ExitWindowsEx

  wsprintfA

  CharNextA

  CharUpperA

  CharPrevA

  SetWindowLongA

  GetWindowLongA

  CallWindowProcA

  DispatchMessageA

  MsgWaitForMultipleObjects

  PeekMessageA

  SendMessageA

  SetWindowPos

  ReleaseDC

  GetDC

  GetWindowRect

  SendDlgItemMessageA

  GetDlgItem

  SetForegroundWindow

  SetWindowTextA

  MessageBoxA

  DialogBoxIndirectParamA

  ShowWindow

  EnableWindow

  GetDlgItemTextA

  EndDialog

  GetDesktopWindow

  MessageBeep

  SetDlgItemTextA

  LoadStringA

  GetSystemMetrics

  comctl32

  ord17

  version

  GetFileVersionInfoA

  VerQueryValueA

  GetFileVersionInfoSizeA

  Sections

  .text

  Size: 38KB - Virtual size: 38KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 3.0MB - Virtual size: 3.0MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• vcredist2005_x86.exe

  .exe windows:5 windows x86 arch:x86

  0ebb3c09b06b1666d307952e824c8697

  
  

  Code Sign

  2e:ab:11:dc:50:ff:5c:9d:cb:c0

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  22-08-2007 22:31

  Not After

  25-08-2012 07:00

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:01:b2:9b:00:00:00:00:00:15

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  21-02-2011 20:53

  Not After

  21-05-2012 20:53

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  16-09-2006 01:04

  Not After

  15-09-2019 07:00

  Subject

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:06:94:2d:00:00:00:00:00:09

  Certificate

  Issuer

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  25-07-2008 19:02

  Not After

  25-07-2013 19:12

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  5d:9a:9e:30:e8:b4:79:bd:b9:25:8e:b1:69:72:67:0f:90:ec:0f:7f

  Signer

  Actual PE Digest

  5d:9a:9e:30:e8:b4:79:bd:b9:25:8e:b1:69:72:67:0f:90:ec:0f:7f

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  PDB Paths

  wextract.pdb

  Imports

  advapi32

  FreeSid

  AllocateAndInitializeSid

  EqualSid

  GetTokenInformation

  OpenProcessToken

  AdjustTokenPrivileges

  LookupPrivilegeValueA

  RegCloseKey

  RegDeleteValueA

  RegOpenKeyExA

  RegSetValueExA

  RegQueryValueExA

  RegCreateKeyExA

  RegQueryInfoKeyA

  kernel32

  LocalFree

  LocalAlloc

  GetLastError

  GetCurrentProcess

  lstrlenA

  GetModuleFileNameA

  GetSystemDirectoryA

  _lclose

  _llseek

  _lopen

  WritePrivateProfileStringA

  GetWindowsDirectoryA

  CreateDirectoryA

  GetFileAttributesA

  ExpandEnvironmentStringsA

  lstrcpyA

  GlobalFree

  GlobalUnlock

  GlobalLock

  GlobalAlloc

  IsDBCSLeadByte

  GetShortPathNameA

  GetPrivateProfileStringA

  GetPrivateProfileIntA

  lstrcmpiA

  RemoveDirectoryA

  FindClose

  FindNextFileA

  DeleteFileA

  SetFileAttributesA

  lstrcmpA

  FindFirstFileA

  FreeResource

  GetProcAddress

  LoadResource

  SizeofResource

  FindResourceA

  lstrcatA

  CloseHandle

  WriteFile

  SetFilePointer

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  SetCurrentDirectoryA

  GetTempFileNameA

  ExitProcess

  CreateFileA

  LoadLibraryExA

  lstrcpynA

  GetVolumeInformationA

  FormatMessageA

  GetCurrentDirectoryA

  GetVersionExA

  GetExitCodeProcess

  WaitForSingleObject

  CreateProcessA

  GetTempPathA

  GetSystemInfo

  CreateMutexA

  SetEvent

  CreateEventA

  CreateThread

  ResetEvent

  TerminateThread

  GetDriveTypeA

  GetModuleHandleA

  GetStartupInfoA

  GetCommandLineA

  QueryPerformanceCounter

  GetTickCount

  GetCurrentThreadId

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  TerminateProcess

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  ReadFile

  LoadLibraryA

  GetDiskFreeSpaceA

  MulDiv

  EnumResourceLanguagesA

  FreeLibrary

  LockResource

  gdi32

  GetDeviceCaps

  user32

  ExitWindowsEx

  wsprintfA

  CharNextA

  CharUpperA

  CharPrevA

  SetWindowLongA

  GetWindowLongA

  CallWindowProcA

  DispatchMessageA

  MsgWaitForMultipleObjects

  PeekMessageA

  SendMessageA

  SetWindowPos

  ReleaseDC

  GetDC

  GetWindowRect

  SendDlgItemMessageA

  GetDlgItem

  SetForegroundWindow

  SetWindowTextA

  MessageBoxA

  DialogBoxIndirectParamA

  ShowWindow

  EnableWindow

  GetDlgItemTextA

  EndDialog

  GetDesktopWindow

  MessageBeep

  SetDlgItemTextA

  LoadStringA

  GetSystemMetrics

  comctl32

  ord17

  version

  GetFileVersionInfoA

  VerQueryValueA

  GetFileVersionInfoSizeA

  Sections

  .text

  Size: 38KB - Virtual size: 38KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 1024B - Virtual size: 6KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 2.5MB - Virtual size: 2.5MB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• vcredist2008_x64.exe

  .exe windows:5 windows x86 arch:x86

  092eb6daba2f17cbda102fd1a32acd00

  
  

  Code Sign

  2e:ab:11:dc:50:ff:5c:9d:cb:c0

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  22-08-2007 22:31

  Not After

  25-08-2012 07:00

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:01:b2:9b:00:00:00:00:00:15

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  21-02-2011 20:53

  Not After

  21-05-2012 20:53

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  16-09-2006 01:04

  Not After

  15-09-2019 07:00

  Subject

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:06:94:2d:00:00:00:00:00:09

  Certificate

  Issuer

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  25-07-2008 19:02

  Not After

  25-07-2013 19:12

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  8f:01:df:78:ce:80:39:28:c8:49:b3:c7:c4:01:28:81:cc:40:e4:47

  Signer

  Actual PE Digest

  8f:01:df:78:ce:80:39:28:c8:49:b3:c7:c4:01:28:81:cc:40:e4:47

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  Imports

  kernel32

  GetDriveTypeA

  HeapFree

  FormatMessageA

  LeaveCriticalSection

  DeleteFileA

  EnterCriticalSection

  TerminateProcess

  WaitForMultipleObjects

  CreateEventW

  SetEvent

  Sleep

  SetEnvironmentVariableA

  GetEnvironmentVariableA

  WideCharToMultiByte

  HeapAlloc

  SetLastError

  WriteFile

  MoveFileA

  ExitProcess

  DeleteCriticalSection

  FlushFileBuffers

  GetVersionExA

  WaitForSingleObject

  OpenEventA

  GetCurrentProcess

  GetFileAttributesA

  GetCommandLineA

  GetModuleFileNameA

  CreateFileA

  FindNextFileA

  FindFirstFileA

  CopyFileA

  SetFileAttributesA

  SystemTimeToFileTime

  GetSystemTime

  GetDiskFreeSpaceA

  QueryDosDeviceA

  GetCurrentDirectoryA

  SetEndOfFile

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  GetExitCodeProcess

  CreateProcessA

  ExpandEnvironmentStringsA

  GetFileSize

  CreateThread

  CreateEventA

  GetProcessHeap

  InitializeCriticalSectionAndSpinCount

  GetModuleHandleA

  QueryPerformanceCounter

  GetCurrentThreadId

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  SetUnhandledExceptionFilter

  CloseHandle

  DeviceIoControl

  GetSystemDirectoryA

  LoadLibraryA

  GetProcAddress

  FreeLibrary

  SetErrorMode

  GetTickCount

  CreateDirectoryA

  GetLastError

  RemoveDirectoryA

  MoveFileExA

  SetFilePointer

  FindClose

  ReadFile

  msvcrt

  strchr

  _strnicmp

  _stricmp

  strrchr

  _strlwr

  strncpy

  strstr

  _snprintf

  sprintf

  advapi32

  AllocateAndInitializeSid

  GetTokenInformation

  GetLengthSid

  InitiateSystemShutdownA

  CryptReleaseContext

  CryptGenRandom

  CryptAcquireContextA

  SetSecurityDescriptorDacl

  AddAccessAllowedAce

  InitializeAcl

  InitializeSecurityDescriptor

  OpenProcessToken

  user32

  ShowWindow

  SendDlgItemMessageA

  SendMessageA

  DialogBoxParamA

  LoadStringA

  EndDialog

  SetParent

  MessageBoxA

  ntdll

  NtShutdownSystem

  NtAdjustPrivilegesToken

  NtClose

  NtOpenProcessToken

  comctl32

  ord17

  shell32

  SHBrowseForFolderA

  SHGetPathFromIDListA

  Sections

  .text

  Size: 30KB - Virtual size: 30KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 68KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4.9MB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• vcredist2008_x86.exe

  .exe windows:5 windows x86 arch:x86

  092eb6daba2f17cbda102fd1a32acd00

  
  

  Code Sign

  2e:ab:11:dc:50:ff:5c:9d:cb:c0

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  22-08-2007 22:31

  Not After

  25-08-2012 07:00

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:01:b2:9b:00:00:00:00:00:15

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  21-02-2011 20:53

  Not After

  21-05-2012 20:53

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  16-09-2006 01:04

  Not After

  15-09-2019 07:00

  Subject

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:05:a2:30:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  25-07-2008 19:01

  Not After

  25-07-2013 19:11

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  d0:b8:36:c9:ae:3b:cb:20:6d:59:26:4f:5f:9c:95:6f:4b:15:75:3a

  Signer

  Actual PE Digest

  d0:b8:36:c9:ae:3b:cb:20:6d:59:26:4f:5f:9c:95:6f:4b:15:75:3a

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_NO_SEH

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  Imports

  kernel32

  GetDriveTypeA

  HeapFree

  FormatMessageA

  LeaveCriticalSection

  DeleteFileA

  EnterCriticalSection

  TerminateProcess

  WaitForMultipleObjects

  CreateEventW

  SetEvent

  Sleep

  SetEnvironmentVariableA

  GetEnvironmentVariableA

  WideCharToMultiByte

  HeapAlloc

  SetLastError

  WriteFile

  MoveFileA

  ExitProcess

  DeleteCriticalSection

  FlushFileBuffers

  GetVersionExA

  WaitForSingleObject

  OpenEventA

  GetCurrentProcess

  GetFileAttributesA

  GetCommandLineA

  GetModuleFileNameA

  CreateFileA

  FindNextFileA

  FindFirstFileA

  CopyFileA

  SetFileAttributesA

  SystemTimeToFileTime

  GetSystemTime

  GetDiskFreeSpaceA

  QueryDosDeviceA

  GetCurrentDirectoryA

  SetEndOfFile

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  GetExitCodeProcess

  CreateProcessA

  ExpandEnvironmentStringsA

  GetFileSize

  CreateThread

  CreateEventA

  GetProcessHeap

  InitializeCriticalSectionAndSpinCount

  GetModuleHandleA

  QueryPerformanceCounter

  GetCurrentThreadId

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  SetUnhandledExceptionFilter

  CloseHandle

  DeviceIoControl

  GetSystemDirectoryA

  LoadLibraryA

  GetProcAddress

  FreeLibrary

  SetErrorMode

  GetTickCount

  CreateDirectoryA

  GetLastError

  RemoveDirectoryA

  MoveFileExA

  SetFilePointer

  FindClose

  ReadFile

  msvcrt

  strchr

  _strnicmp

  _stricmp

  strrchr

  _strlwr

  strncpy

  strstr

  _snprintf

  sprintf

  advapi32

  AllocateAndInitializeSid

  GetTokenInformation

  GetLengthSid

  InitiateSystemShutdownA

  CryptReleaseContext

  CryptGenRandom

  CryptAcquireContextA

  SetSecurityDescriptorDacl

  AddAccessAllowedAce

  InitializeAcl

  InitializeSecurityDescriptor

  OpenProcessToken

  user32

  ShowWindow

  SendDlgItemMessageA

  SendMessageA

  DialogBoxParamA

  LoadStringA

  EndDialog

  SetParent

  MessageBoxA

  ntdll

  NtShutdownSystem

  NtAdjustPrivilegesToken

  NtClose

  NtOpenProcessToken

  comctl32

  ord17

  shell32

  SHBrowseForFolderA

  SHGetPathFromIDListA

  Sections

  .text

  Size: 30KB - Virtual size: 30KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 68KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 4.2MB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• vcredist2010_x64.exe

  .exe windows:5 windows x86 arch:x86

  a1f6f100bff4507a3332f3f0cdfc24f5

  
  

  Code Sign

  2e:ab:11:dc:50:ff:5c:9d:cb:c0

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  22-08-2007 22:31

  Not After

  25-08-2012 07:00

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:01:b2:9b:00:00:00:00:00:15

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  21-02-2011 20:53

  Not After

  21-05-2012 20:53

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  16-09-2006 01:04

  Not After

  15-09-2019 07:00

  Subject

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:06:94:2d:00:00:00:00:00:09

  Certificate

  Issuer

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  25-07-2008 19:02

  Not After

  25-07-2013 19:12

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:7A82-688A-9F92,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  3e:29:68:50:9f:c0:15:85:b2:43:f6:40:df:72:7e:8c:87:c3:b3:4f

  Signer

  Actual PE Digest

  3e:29:68:50:9f:c0:15:85:b2:43:f6:40:df:72:7e:8c:87:c3:b3:4f

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  PDB Paths

  sfxcab.pdb

  Imports

  msvcrt

  __setusermatherr

  _initterm

  __getmainargs

  __initenv

  exit

  _cexit

  _adjust_fdiv

  _exit

  _c_exit

  strncpy

  strstr

  _strlwr

  strrchr

  _stricmp

  __p__commode

  __p__fmode

  __set_app_type

  _except_handler3

  _controlfp

  _XcptFilter

  _snprintf

  sprintf

  strchr

  _strnicmp

  _vsnprintf

  advapi32

  InitializeAcl

  AddAccessAllowedAce

  SetSecurityDescriptorDacl

  CryptAcquireContextA

  CryptGenRandom

  CryptReleaseContext

  AllocateAndInitializeSid

  OpenProcessToken

  GetTokenInformation

  GetLengthSid

  InitiateSystemShutdownA

  InitializeSecurityDescriptor

  kernel32

  CreateThread

  GetFileSize

  ExpandEnvironmentStringsA

  CreateProcessA

  GetExitCodeProcess

  InitializeCriticalSectionAndSpinCount

  LocalFileTimeToFileTime

  SetFileTime

  SetEndOfFile

  CreateEventA

  QueryDosDeviceA

  GetDiskFreeSpaceA

  GetSystemTime

  QueryPerformanceCounter

  GetCurrentThreadId

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentDirectoryA

  GetProcessHeap

  CopyFileA

  SetFileAttributesA

  DosDateTimeToFileTime

  SetEvent

  GetVersionExA

  ReadFile

  SetFilePointer

  MoveFileExA

  RemoveDirectoryA

  GetLastError

  CreateDirectoryA

  GetTickCount

  SetErrorMode

  FreeLibrary

  GetProcAddress

  LoadLibraryA

  GetSystemDirectoryA

  CloseHandle

  DeviceIoControl

  CreateFileA

  GetDriveTypeA

  HeapFree

  FormatMessageA

  LeaveCriticalSection

  DeleteFileA

  EnterCriticalSection

  TerminateProcess

  WaitForMultipleObjects

  CreateEventW

  FindFirstFileA

  Sleep

  SetEnvironmentVariableA

  GetEnvironmentVariableA

  WideCharToMultiByte

  HeapAlloc

  SetLastError

  WriteFile

  MoveFileA

  ExitProcess

  DeleteCriticalSection

  FlushFileBuffers

  WaitForSingleObject

  OpenEventA

  GetCurrentProcess

  GetFileAttributesA

  GetCommandLineA

  GetModuleFileNameA

  FindClose

  FindNextFileA

  SystemTimeToFileTime

  user32

  SendDlgItemMessageA

  SendMessageA

  DialogBoxParamA

  MessageBoxA

  SetParent

  EndDialog

  LoadStringA

  ShowWindow

  ntdll

  NtOpenProcessToken

  NtAdjustPrivilegesToken

  NtClose

  NtShutdownSystem

  comctl32

  ord17

  shell32

  SHBrowseForFolderA

  SHGetPathFromIDListA

  Sections

  .text

  Size: 33KB - Virtual size: 33KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 68KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 9.8MB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• vcredist2010_x86.exe

  .exe windows:5 windows x86 arch:x86

  a1f6f100bff4507a3332f3f0cdfc24f5

  
  

  Code Sign

  2e:ab:11:dc:50:ff:5c:9d:cb:c0

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  22-08-2007 22:31

  Not After

  25-08-2012 07:00

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:01:b2:9b:00:00:00:00:00:15

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  21-02-2011 20:53

  Not After

  21-05-2012 20:53

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  Key Usages

  KeyUsageDigitalSignature

  6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2

  Certificate

  Issuer

  CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

  Not Before

  16-09-2006 01:04

  Not After

  15-09-2019 07:00

  Subject

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:05:a2:30:00:00:00:00:00:08

  Certificate

  Issuer

  CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  25-07-2008 19:01

  Not After

  25-07-2013 19:11

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:85D3-305C-5BCF,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageContentCommitment

  58:5d:c5:26:99:03:d9:98:d7:bd:f4:32:05:e3:4e:3b:e4:dd:15:47

  Signer

  Actual PE Digest

  58:5d:c5:26:99:03:d9:98:d7:bd:f4:32:05:e3:4e:3b:e4:dd:15:47

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_RELOCS_STRIPPED

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_LINE_NUMS_STRIPPED

  IMAGE_FILE_LOCAL_SYMS_STRIPPED

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  PDB Paths

  sfxcab.pdb

  Imports

  msvcrt

  __setusermatherr

  _initterm

  __getmainargs

  __initenv

  exit

  _cexit

  _adjust_fdiv

  _exit

  _c_exit

  strncpy

  strstr

  _strlwr

  strrchr

  _stricmp

  __p__commode

  __p__fmode

  __set_app_type

  _except_handler3

  _controlfp

  _XcptFilter

  _snprintf

  sprintf

  strchr

  _strnicmp

  _vsnprintf

  advapi32

  InitializeAcl

  AddAccessAllowedAce

  SetSecurityDescriptorDacl

  CryptAcquireContextA

  CryptGenRandom

  CryptReleaseContext

  AllocateAndInitializeSid

  OpenProcessToken

  GetTokenInformation

  GetLengthSid

  InitiateSystemShutdownA

  InitializeSecurityDescriptor

  kernel32

  CreateThread

  GetFileSize

  ExpandEnvironmentStringsA

  CreateProcessA

  GetExitCodeProcess

  InitializeCriticalSectionAndSpinCount

  LocalFileTimeToFileTime

  SetFileTime

  SetEndOfFile

  CreateEventA

  QueryDosDeviceA

  GetDiskFreeSpaceA

  GetSystemTime

  QueryPerformanceCounter

  GetCurrentThreadId

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  GetCurrentDirectoryA

  GetProcessHeap

  CopyFileA

  SetFileAttributesA

  DosDateTimeToFileTime

  SetEvent

  GetVersionExA

  ReadFile

  SetFilePointer

  MoveFileExA

  RemoveDirectoryA

  GetLastError

  CreateDirectoryA

  GetTickCount

  SetErrorMode

  FreeLibrary

  GetProcAddress

  LoadLibraryA

  GetSystemDirectoryA

  CloseHandle

  DeviceIoControl

  CreateFileA

  GetDriveTypeA

  HeapFree

  FormatMessageA

  LeaveCriticalSection

  DeleteFileA

  EnterCriticalSection

  TerminateProcess

  WaitForMultipleObjects

  CreateEventW

  FindFirstFileA

  Sleep

  SetEnvironmentVariableA

  GetEnvironmentVariableA

  WideCharToMultiByte

  HeapAlloc

  SetLastError

  WriteFile

  MoveFileA

  ExitProcess

  DeleteCriticalSection

  FlushFileBuffers

  WaitForSingleObject

  OpenEventA

  GetCurrentProcess

  GetFileAttributesA

  GetCommandLineA

  GetModuleFileNameA

  FindClose

  FindNextFileA

  SystemTimeToFileTime

  user32

  SendDlgItemMessageA

  SendMessageA

  DialogBoxParamA

  MessageBoxA

  SetParent

  EndDialog

  LoadStringA

  ShowWindow

  ntdll

  NtOpenProcessToken

  NtAdjustPrivilegesToken

  NtClose

  NtShutdownSystem

  comctl32

  ord17

  shell32

  SHBrowseForFolderA

  SHGetPathFromIDListA

  Sections

  .text

  Size: 33KB - Virtual size: 33KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 512B - Virtual size: 68KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 8.5MB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

• vcredist2012_x64.exe

  .exe windows:5 windows x86 arch:x86

  33c6db41ca15b47cfcec52de6c2ab2b7

  
  

  Code Sign

  33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b

  Certificate

  Issuer

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  04-09-2012 21:12

  Not After

  04-12-2013 21:12

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  24-01-2013 22:33

  Not After

  24-04-2014 22:33

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:33:26:1a:00:00:00:00:00:31

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  31-08-2010 22:19

  Not After

  31-08-2020 22:29

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:16:68:34:00:00:00:00:00:1c

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  03-04-2007 12:53

  Not After

  03-04-2021 13:03

  Subject

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  24-09-2013 17:41

  Not After

  24-12-2014 17:41

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  f9:21:a8:7f:5a:3b:9a:0a:03:ac:c7:ff:64:14:0d:fb:d7:83:d6:35:6f:b3:45:b4:6a:5d:07:98:a0:f2:ce:30

  Signer

  Actual PE Digest

  f9:21:a8:7f:5a:3b:9a:0a:03:ac:c7:ff:64:14:0d:fb:d7:83:d6:35:6f:b3:45:b4:6a:5d:07:98:a0:f2:ce:30

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  fa:4d:cd:f6:4c:96:60:0c:ed:96:a4:ab:84:4d:56:72:9b:e5:6f:2f

  Signer

  Actual PE Digest

  fa:4d:cd:f6:4c:96:60:0c:ed:96:a4:ab:84:4d:56:72:9b:e5:6f:2f

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  PDB Paths

  E:\delivery\Dev\wix36_dev11\build\ship\x86\x86\burn.pdb

  Imports

  kernel32

  CopyFileExW

  MapViewOfFile

  CreateFileMappingW

  CreateMutexW

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  ResetEvent

  SetEndOfFile

  DeleteFileW

  GetThreadLocale

  UnmapViewOfFile

  GetFullPathNameW

  GetTempFileNameW

  CreateDirectoryW

  GetLocalTime

  SetFilePointer

  GetComputerNameW

  CreateFileA

  GetProcessHeap

  GetModuleHandleA

  CopyFileW

  MoveFileExW

  GlobalFree

  GlobalAlloc

  GetFileSizeEx

  GetCurrentDirectoryW

  SystemTimeToFileTime

  SystemTimeToTzSpecificLocalTime

  RaiseException

  GetConsoleCP

  GetConsoleMode

  SetStdHandle

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  FormatMessageW

  HeapSetInformation

  GetStartupInfoW

  SetUnhandledExceptionFilter

  GetModuleHandleW

  Sleep

  GetProcAddress

  ExitProcess

  WriteFile

  GetStdHandle

  GetModuleFileNameA

  GetModuleFileNameW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  SetHandleCount

  GetFileType

  GetStartupInfoA

  DeleteCriticalSection

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetCurrentThreadId

  GetLastError

  InterlockedDecrement

  HeapCreate

  VirtualFree

  HeapFree

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  LeaveCriticalSection

  EnterCriticalSection

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  IsDebuggerPresent

  FreeLibrary

  InterlockedExchange

  LoadLibraryA

  InitializeCriticalSectionAndSpinCount

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  HeapAlloc

  VirtualAlloc

  HeapReAlloc

  RtlUnwind

  HeapSize

  GetLocaleInfoA

  WideCharToMultiByte

  GetStringTypeA

  MultiByteToWideChar

  GetStringTypeW

  LCMapStringA

  LCMapStringW

  GetTimeZoneInformation

  CompareStringW

  InitializeCriticalSection

  CloseHandle

  LocalFree

  ReleaseMutex

  GetVersionExW

  GetProcessId

  ReadFile

  CreateNamedPipeW

  ConnectNamedPipe

  SetNamedPipeHandleState

  lstrlenW

  WaitForSingleObject

  OpenProcess

  CreateFileW

  SetFilePointerEx

  lstrlenA

  RemoveDirectoryW

  GetFileAttributesW

  ExpandEnvironmentStringsW

  VerifyVersionInfoW

  VerSetConditionMask

  GetTempPathW

  GetSystemDirectoryW

  GetSystemWow64DirectoryW

  GetVolumePathNameW

  GetWindowsDirectoryW

  GetSystemDefaultLangID

  GetUserDefaultLangID

  GetDateFormatW

  GetSystemTime

  LoadLibraryW

  InterlockedCompareExchange

  GetExitCodeThread

  CreateThread

  SetEvent

  WaitForMultipleObjects

  CreateEventW

  ProcessIdToSessionId

  SetFileAttributesW

  FindClose

  FindNextFileW

  FindFirstFileW

  CreateProcessW

  GetExitCodeProcess

  SetThreadExecutionState

  FlushFileBuffers

  msi

  ord171

  ord45

  ord137

  ord125

  ord17

  ord8

  ord141

  ord238

  ord190

  ord88

  ord90

  ord173

  ord111

  ord70

  ord169

  ord118

  ord115

  ord116

  ord205

  shell32

  SHGetFolderPathW

  ShellExecuteExW

  CommandLineToArgvW

  rpcrt4

  UuidCreate

  wininet

  HttpQueryInfoW

  InternetCrackUrlW

  InternetSetOptionW

  InternetConnectW

  InternetCloseHandle

  InternetOpenW

  HttpAddRequestHeadersW

  HttpOpenRequestW

  InternetErrorDlg

  InternetReadFile

  HttpSendRequestW

  wintrust

  WinVerifyTrust

  WTHelperGetProvSignerFromChain

  WTHelperProvDataFromStateData

  CryptCATAdminCalcHashFromFileHandle

  crypt32

  CertGetCertificateContextProperty

  CryptHashPublicKeyInfo

  gdi32

  DeleteDC

  DeleteObject

  GetObjectW

  CreateCompatibleDC

  SelectObject

  StretchBlt

  cabinet

  ord23

  ord22

  ord20

  advapi32

  CryptAcquireContextW

  CryptCreateHash

  CryptHashData

  CryptGetHashParam

  CryptDestroyHash

  CryptReleaseContext

  SetNamedSecurityInfoW

  AllocateAndInitializeSid

  CheckTokenMembership

  RegDeleteKeyW

  RegCreateKeyExW

  RegEnumKeyExW

  RegEnumValueW

  RegQueryInfoKeyW

  RegSetValueExW

  InitializeSecurityDescriptor

  SetEntriesInAclA

  SetSecurityDescriptorOwner

  SetSecurityDescriptorGroup

  SetSecurityDescriptorDacl

  RegOpenKeyExW

  GetTokenInformation

  OpenSCManagerW

  OpenServiceW

  QueryServiceStatus

  CloseServiceHandle

  ChangeServiceConfigW

  DecryptFileW

  SetEntriesInAclW

  InitializeAcl

  CreateWellKnownSid

  InitiateSystemShutdownExW

  GetUserNameW

  RegQueryValueExW

  RegDeleteValueW

  RegCloseKey

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  OpenProcessToken

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  QueryServiceConfigW

  oleaut32

  SysFreeString

  SysAllocString

  VariantInit

  VariantClear

  ole32

  CLSIDFromProgID

  CoInitializeSecurity

  CoTaskMemFree

  CoCreateInstance

  CoInitialize

  CoInitializeEx

  CoUninitialize

  StringFromGUID2

  user32

  LoadBitmapW

  IsWindow

  PostMessageW

  PeekMessageW

  GetMessageW

  GetWindowLongW

  SetWindowLongW

  DefWindowProcW

  UnregisterClassW

  DispatchMessageW

  TranslateMessage

  IsDialogMessageW

  CreateWindowExW

  RegisterClassW

  MsgWaitForMultipleObjects

  LoadCursorW

  PostQuitMessage

  GetCursorPos

  MonitorFromPoint

  GetMonitorInfoW

  PostThreadMessageW

  MessageBoxW

  version

  GetFileVersionInfoW

  VerQueryValueW

  GetFileVersionInfoSizeW

  Sections

  .text

  Size: 312KB - Virtual size: 312KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .wixburn

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 12KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 16KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• vcredist2012_x86.exe

  .exe windows:5 windows x86 arch:x86

  33c6db41ca15b47cfcec52de6c2ab2b7

  
  

  Code Sign

  33:00:00:00:2b:39:32:48:c1:b2:c9:48:f3:00:00:00:00:00:2b

  Certificate

  Issuer

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  04-09-2012 21:12

  Not After

  04-12-2013 21:12

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:C0F4-3086-DEF8,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  33:00:00:00:b0:11:af:0a:8b:d0:3b:9f:dd:00:01:00:00:00:b0

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  24-01-2013 22:33

  Not After

  24-04-2014 22:33

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:33:26:1a:00:00:00:00:00:31

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  31-08-2010 22:19

  Not After

  31-08-2020 22:29

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:16:68:34:00:00:00:00:00:1c

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  03-04-2007 12:53

  Not After

  03-04-2021 13:03

  Subject

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:00:00:00:1a:77:bb:74:b3:07:d1:16:b8:00:00:00:00:00:1a

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  24-09-2013 17:41

  Not After

  24-12-2014 17:41

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  51:3c:0e:d0:e9:29:66:d4:05:e1:26:24:9d:da:d9:c0:63:79:c5:68:38:c7:69:c5:25:f3:62:ab:0e:b8:a4:f6

  Signer

  Actual PE Digest

  51:3c:0e:d0:e9:29:66:d4:05:e1:26:24:9d:da:d9:c0:63:79:c5:68:38:c7:69:c5:25:f3:62:ab:0e:b8:a4:f6

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  8c:12:40:11:a9:d9:22:02:f1:9b:18:34:2a:70:2d:89:dc:3c:69:a5

  Signer

  Actual PE Digest

  8c:12:40:11:a9:d9:22:02:f1:9b:18:34:2a:70:2d:89:dc:3c:69:a5

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  PDB Paths

  E:\delivery\Dev\wix36_dev11\build\ship\x86\x86\burn.pdb

  Imports

  kernel32

  CopyFileExW

  MapViewOfFile

  CreateFileMappingW

  CreateMutexW

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  ResetEvent

  SetEndOfFile

  DeleteFileW

  GetThreadLocale

  UnmapViewOfFile

  GetFullPathNameW

  GetTempFileNameW

  CreateDirectoryW

  GetLocalTime

  SetFilePointer

  GetComputerNameW

  CreateFileA

  GetProcessHeap

  GetModuleHandleA

  CopyFileW

  MoveFileExW

  GlobalFree

  GlobalAlloc

  GetFileSizeEx

  GetCurrentDirectoryW

  SystemTimeToFileTime

  SystemTimeToTzSpecificLocalTime

  RaiseException

  GetConsoleCP

  GetConsoleMode

  SetStdHandle

  WriteConsoleA

  GetConsoleOutputCP

  WriteConsoleW

  FormatMessageW

  HeapSetInformation

  GetStartupInfoW

  SetUnhandledExceptionFilter

  GetModuleHandleW

  Sleep

  GetProcAddress

  ExitProcess

  WriteFile

  GetStdHandle

  GetModuleFileNameA

  GetModuleFileNameW

  FreeEnvironmentStringsW

  GetEnvironmentStringsW

  GetCommandLineW

  SetHandleCount

  GetFileType

  GetStartupInfoA

  DeleteCriticalSection

  TlsGetValue

  TlsAlloc

  TlsSetValue

  TlsFree

  InterlockedIncrement

  SetLastError

  GetCurrentThreadId

  GetLastError

  InterlockedDecrement

  HeapCreate

  VirtualFree

  HeapFree

  QueryPerformanceCounter

  GetTickCount

  GetCurrentProcessId

  GetSystemTimeAsFileTime

  LeaveCriticalSection

  EnterCriticalSection

  TerminateProcess

  GetCurrentProcess

  UnhandledExceptionFilter

  IsDebuggerPresent

  FreeLibrary

  InterlockedExchange

  LoadLibraryA

  InitializeCriticalSectionAndSpinCount

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  HeapAlloc

  VirtualAlloc

  HeapReAlloc

  RtlUnwind

  HeapSize

  GetLocaleInfoA

  WideCharToMultiByte

  GetStringTypeA

  MultiByteToWideChar

  GetStringTypeW

  LCMapStringA

  LCMapStringW

  GetTimeZoneInformation

  CompareStringW

  InitializeCriticalSection

  CloseHandle

  LocalFree

  ReleaseMutex

  GetVersionExW

  GetProcessId

  ReadFile

  CreateNamedPipeW

  ConnectNamedPipe

  SetNamedPipeHandleState

  lstrlenW

  WaitForSingleObject

  OpenProcess

  CreateFileW

  SetFilePointerEx

  lstrlenA

  RemoveDirectoryW

  GetFileAttributesW

  ExpandEnvironmentStringsW

  VerifyVersionInfoW

  VerSetConditionMask

  GetTempPathW

  GetSystemDirectoryW

  GetSystemWow64DirectoryW

  GetVolumePathNameW

  GetWindowsDirectoryW

  GetSystemDefaultLangID

  GetUserDefaultLangID

  GetDateFormatW

  GetSystemTime

  LoadLibraryW

  InterlockedCompareExchange

  GetExitCodeThread

  CreateThread

  SetEvent

  WaitForMultipleObjects

  CreateEventW

  ProcessIdToSessionId

  SetFileAttributesW

  FindClose

  FindNextFileW

  FindFirstFileW

  CreateProcessW

  GetExitCodeProcess

  SetThreadExecutionState

  FlushFileBuffers

  msi

  ord171

  ord45

  ord137

  ord125

  ord17

  ord8

  ord141

  ord238

  ord190

  ord88

  ord90

  ord173

  ord111

  ord70

  ord169

  ord118

  ord115

  ord116

  ord205

  shell32

  SHGetFolderPathW

  ShellExecuteExW

  CommandLineToArgvW

  rpcrt4

  UuidCreate

  wininet

  HttpQueryInfoW

  InternetCrackUrlW

  InternetSetOptionW

  InternetConnectW

  InternetCloseHandle

  InternetOpenW

  HttpAddRequestHeadersW

  HttpOpenRequestW

  InternetErrorDlg

  InternetReadFile

  HttpSendRequestW

  wintrust

  WinVerifyTrust

  WTHelperGetProvSignerFromChain

  WTHelperProvDataFromStateData

  CryptCATAdminCalcHashFromFileHandle

  crypt32

  CertGetCertificateContextProperty

  CryptHashPublicKeyInfo

  gdi32

  DeleteDC

  DeleteObject

  GetObjectW

  CreateCompatibleDC

  SelectObject

  StretchBlt

  cabinet

  ord23

  ord22

  ord20

  advapi32

  CryptAcquireContextW

  CryptCreateHash

  CryptHashData

  CryptGetHashParam

  CryptDestroyHash

  CryptReleaseContext

  SetNamedSecurityInfoW

  AllocateAndInitializeSid

  CheckTokenMembership

  RegDeleteKeyW

  RegCreateKeyExW

  RegEnumKeyExW

  RegEnumValueW

  RegQueryInfoKeyW

  RegSetValueExW

  InitializeSecurityDescriptor

  SetEntriesInAclA

  SetSecurityDescriptorOwner

  SetSecurityDescriptorGroup

  SetSecurityDescriptorDacl

  RegOpenKeyExW

  GetTokenInformation

  OpenSCManagerW

  OpenServiceW

  QueryServiceStatus

  CloseServiceHandle

  ChangeServiceConfigW

  DecryptFileW

  SetEntriesInAclW

  InitializeAcl

  CreateWellKnownSid

  InitiateSystemShutdownExW

  GetUserNameW

  RegQueryValueExW

  RegDeleteValueW

  RegCloseKey

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  OpenProcessToken

  LookupPrivilegeValueW

  AdjustTokenPrivileges

  QueryServiceConfigW

  oleaut32

  SysFreeString

  SysAllocString

  VariantInit

  VariantClear

  ole32

  CLSIDFromProgID

  CoInitializeSecurity

  CoTaskMemFree

  CoCreateInstance

  CoInitialize

  CoInitializeEx

  CoUninitialize

  StringFromGUID2

  user32

  LoadBitmapW

  IsWindow

  PostMessageW

  PeekMessageW

  GetMessageW

  GetWindowLongW

  SetWindowLongW

  DefWindowProcW

  UnregisterClassW

  DispatchMessageW

  TranslateMessage

  IsDialogMessageW

  CreateWindowExW

  RegisterClassW

  MsgWaitForMultipleObjects

  LoadCursorW

  PostQuitMessage

  GetCursorPos

  MonitorFromPoint

  GetMonitorInfoW

  PostThreadMessageW

  MessageBoxW

  version

  GetFileVersionInfoW

  VerQueryValueW

  GetFileVersionInfoSizeW

  Sections

  .text

  Size: 312KB - Virtual size: 312KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 11KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .wixburn

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 12KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 16KB - Virtual size: 16KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• vcredist2013_x64.exe

  .exe windows:5 windows x86 arch:x86

  8e2588a9cf43886de3449dfff03137b6

  
  

  Code Sign

  33:00:00:00:c8:47:22:9d:a3:0d:ca:c0:58:00:00:00:00:00:c8

  Certificate

  Issuer

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  07-09-2016 17:58

  Not After

  07-09-2018 17:58

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:98FD-C61E-E641,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  18-08-2016 20:17

  Not After

  02-11-2017 20:17

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:33:26:1a:00:00:00:00:00:31

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  31-08-2010 22:19

  Not After

  31-08-2020 22:29

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:16:68:34:00:00:00:00:00:1c

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  03-04-2007 12:53

  Not After

  03-04-2021 13:03

  Subject

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8e

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  17-11-2016 22:09

  Not After

  17-02-2018 22:09

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  d2:15:be:d8:35:8b:b3:7c:e3:4d:4d:50:1d:e6:91:02:c5:a1:a4:0d:b3:8f:12:4d:59:61:61:e5:59:2d:0e:e7

  Signer

  Actual PE Digest

  d2:15:be:d8:35:8b:b3:7c:e3:4d:4d:50:1d:e6:91:02:c5:a1:a4:0d:b3:8f:12:4d:59:61:61:e5:59:2d:0e:e7

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  44:91:26:71:a4:e4:9a:f9:12:6b:88:da:fb:ae:ae:f6:69:04:19:21

  Signer

  Actual PE Digest

  44:91:26:71:a4:e4:9a:f9:12:6b:88:da:fb:ae:ae:f6:69:04:19:21

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  PDB Paths

  E:\delivery\Dev\wix37\build\ship\x86\burn.pdb

  Imports

  gdiplus

  GdiplusShutdown

  GdiplusStartup

  GdipDeleteGraphics

  GdipFree

  GdipCloneImage

  GdipDisposeImage

  GdipGetImageWidth

  GdipGetImageHeight

  GdipCreateBitmapFromResource

  GdipCreateFromHDC

  GdipSetInterpolationMode

  GdipDrawImageRectI

  GdipAlloc

  advapi32

  QueryServiceConfigW

  CryptAcquireContextW

  CryptCreateHash

  CryptHashData

  CryptGetHashParam

  CryptDestroyHash

  CryptReleaseContext

  RegDeleteKeyW

  RegCreateKeyExW

  RegEnumKeyExW

  RegEnumValueW

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  OpenProcessToken

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  RegCloseKey

  RegDeleteValueW

  RegQueryValueExW

  GetUserNameW

  InitiateSystemShutdownExW

  CreateWellKnownSid

  InitializeAcl

  SetEntriesInAclW

  DecryptFileW

  ChangeServiceConfigW

  ControlService

  CloseServiceHandle

  QueryServiceStatus

  OpenServiceW

  OpenSCManagerW

  RegQueryInfoKeyW

  RegSetValueExW

  SetEntriesInAclA

  SetSecurityDescriptorGroup

  RegOpenKeyExW

  GetTokenInformation

  CheckTokenMembership

  AllocateAndInitializeSid

  FreeSid

  LookupAccountNameW

  SetNamedSecurityInfoW

  InitializeSecurityDescriptor

  SetSecurityDescriptorDacl

  SetSecurityDescriptorOwner

  user32

  GetMessageW

  PeekMessageW

  PostMessageW

  IsWindow

  PostQuitMessage

  GetWindowLongW

  SetWindowLongW

  DefWindowProcW

  UnregisterClassW

  DispatchMessageW

  TranslateMessage

  IsDialogMessageW

  MsgWaitForMultipleObjects

  WaitForInputIdle

  LoadCursorW

  BeginPaint

  EndPaint

  GetCursorPos

  MonitorFromPoint

  GetMonitorInfoW

  ReleaseDC

  MessageBoxW

  PostThreadMessageW

  RegisterClassW

  CreateWindowExW

  oleaut32

  VariantClear

  VariantInit

  SysAllocString

  SysFreeString

  gdi32

  GetDeviceCaps

  CreateDCW

  shell32

  ShellExecuteExW

  SHGetFolderPathW

  CommandLineToArgvW

  ole32

  CoTaskMemFree

  CoCreateInstance

  CoInitialize

  CoUninitialize

  CoInitializeEx

  StringFromGUID2

  CoInitializeSecurity

  CLSIDFromProgID

  kernel32

  GetCurrentProcess

  InitializeCriticalSection

  TlsFree

  DeleteCriticalSection

  CloseHandle

  TlsGetValue

  Sleep

  GetLastError

  ReleaseMutex

  TlsSetValue

  TlsAlloc

  GetCurrentThreadId

  GetVersionExW

  GetModuleHandleW

  ReadFile

  SetFilePointerEx

  CreateFileW

  GetCurrentProcessId

  GetProcessId

  WriteFile

  ConnectNamedPipe

  SetNamedPipeHandleState

  lstrlenW

  CompareStringW

  LocalFree

  CreateNamedPipeW

  WaitForSingleObject

  OpenProcess

  lstrlenA

  RemoveDirectoryW

  GetFileAttributesW

  ExpandEnvironmentStringsW

  LeaveCriticalSection

  EnterCriticalSection

  FreeLibrary

  GetProcAddress

  VerifyVersionInfoW

  VerSetConditionMask

  GetComputerNameW

  GetTempPathW

  GetSystemDirectoryW

  GetSystemWow64DirectoryW

  GetVolumePathNameW

  HeapAlloc

  GetSystemDefaultLangID

  GetUserDefaultLangID

  GetDateFormatW

  GetSystemTime

  InterlockedExchange

  LoadLibraryW

  InterlockedCompareExchange

  GetExitCodeThread

  CreateThread

  SetEvent

  WaitForMultipleObjects

  CreateEventW

  ProcessIdToSessionId

  InterlockedIncrement

  InterlockedDecrement

  GetStringTypeW

  SetFileAttributesW

  FindClose

  FindNextFileW

  FindFirstFileW

  CreateProcessW

  SetCurrentDirectoryW

  GetCurrentDirectoryW

  GetExitCodeProcess

  SetThreadExecutionState

  CopyFileExW

  HeapSetInformation

  MapViewOfFile

  CreateFileMappingW

  CreateMutexW

  SetEndOfFile

  ResetEvent

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  CreateFileA

  GetSystemTimeAsFileTime

  VirtualFree

  VirtualAlloc

  DeleteFileW

  GetThreadLocale

  GetTimeZoneInformation

  TerminateProcess

  UnhandledExceptionFilter

  SystemTimeToTzSpecificLocalTime

  SystemTimeToFileTime

  GlobalAlloc

  IsProcessorFeaturePresent

  GetTickCount

  QueryPerformanceCounter

  HeapCreate

  SetLastError

  EncodePointer

  GetFileType

  InitializeCriticalSectionAndSpinCount

  SetHandleCount

  GetEnvironmentStringsW

  GlobalFree

  MoveFileExW

  CopyFileW

  GetFileSizeEx

  GetModuleHandleA

  RaiseException

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  RtlUnwind

  SetFilePointer

  WideCharToMultiByte

  GetConsoleCP

  GetConsoleMode

  HeapSize

  HeapReAlloc

  LCMapStringW

  MultiByteToWideChar

  SetStdHandle

  WriteConsoleW

  FlushFileBuffers

  GetLocalTime

  UnmapViewOfFile

  IsDebuggerPresent

  DuplicateHandle

  HeapFree

  FormatMessageW

  GetTempFileNameW

  GetWindowsDirectoryW

  CompareStringA

  FreeEnvironmentStringsW

  GetModuleFileNameW

  GetStdHandle

  DecodePointer

  ExitProcess

  SetUnhandledExceptionFilter

  GetStartupInfoW

  GetCommandLineW

  GetFullPathNameW

  CreateDirectoryW

  GetProcessHeap

  cabinet

  ord22

  ord20

  ord23

  crypt32

  CertGetCertificateContextProperty

  CryptHashPublicKeyInfo

  msi

  ord88

  ord17

  ord125

  ord116

  ord115

  ord118

  ord8

  ord171

  ord205

  ord45

  ord137

  ord141

  ord238

  ord190

  ord169

  ord90

  ord173

  ord111

  ord70

  rpcrt4

  UuidCreate

  wininet

  InternetCloseHandle

  HttpAddRequestHeadersW

  HttpOpenRequestW

  InternetErrorDlg

  InternetReadFile

  HttpSendRequestW

  InternetSetOptionW

  InternetOpenW

  HttpQueryInfoW

  InternetCrackUrlW

  InternetConnectW

  wintrust

  WinVerifyTrust

  WTHelperGetProvSignerFromChain

  WTHelperProvDataFromStateData

  CryptCATAdminCalcHashFromFileHandle

  version

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  VerQueryValueW

  Sections

  .text

  Size: 229KB - Virtual size: 228KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 104KB - Virtual size: 104KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .wixburn

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 14KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 17KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• vcredist2013_x86.exe

  .exe windows:5 windows x86 arch:x86

  8e2588a9cf43886de3449dfff03137b6

  
  

  Code Sign

  33:00:00:00:c6:78:80:36:01:75:1a:69:72:00:00:00:00:00:c6

  Certificate

  Issuer

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  07-09-2016 17:58

  Not After

  07-09-2018 17:58

  Subject

  CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:F528-3777-8A76,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  33:00:00:01:40:96:a9:ee:70:56:fe:cc:07:00:01:00:00:01:40

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  18-08-2016 20:17

  Not After

  02-11-2017 20:17

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:33:26:1a:00:00:00:00:00:31

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  31-08-2010 22:19

  Not After

  31-08-2020 22:29

  Subject

  CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  61:16:68:34:00:00:00:00:00:1c

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

  Not Before

  03-04-2007 12:53

  Not After

  03-04-2021 13:03

  Subject

  CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageTimeStamping

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  33:00:00:00:8e:87:91:a4:57:1a:5f:ca:3e:00:00:00:00:00:8e

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  17-11-2016 22:09

  Not After

  17-02-2018 22:09

  Subject

  CN=Microsoft Corporation,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  52:23:3d:61:a3:c7:a5:8d:8d:8c:82:da:a0:4b:34:8f:7b:f4:1d:29:40:64:85:23:a9:3c:34:b5:c4:85:42:3f

  Signer

  Actual PE Digest

  52:23:3d:61:a3:c7:a5:8d:8d:8c:82:da:a0:4b:34:8f:7b:f4:1d:29:40:64:85:23:a9:3c:34:b5:c4:85:42:3f

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  55:93:21:ff:30:02:58:ca:25:32:ed:9f:50:2b:ee:cc:82:3b:d9:62

  Signer

  Actual PE Digest

  55:93:21:ff:30:02:58:ca:25:32:ed:9f:50:2b:ee:cc:82:3b:d9:62

  Digest Algorithm

  sha1

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  PDB Paths

  E:\delivery\Dev\wix37\build\ship\x86\burn.pdb

  Imports

  gdiplus

  GdiplusShutdown

  GdiplusStartup

  GdipDeleteGraphics

  GdipFree

  GdipCloneImage

  GdipDisposeImage

  GdipGetImageWidth

  GdipGetImageHeight

  GdipCreateBitmapFromResource

  GdipCreateFromHDC

  GdipSetInterpolationMode

  GdipDrawImageRectI

  GdipAlloc

  advapi32

  QueryServiceConfigW

  CryptAcquireContextW

  CryptCreateHash

  CryptHashData

  CryptGetHashParam

  CryptDestroyHash

  CryptReleaseContext

  RegDeleteKeyW

  RegCreateKeyExW

  RegEnumKeyExW

  RegEnumValueW

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  OpenProcessToken

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  RegCloseKey

  RegDeleteValueW

  RegQueryValueExW

  GetUserNameW

  InitiateSystemShutdownExW

  CreateWellKnownSid

  InitializeAcl

  SetEntriesInAclW

  DecryptFileW

  ChangeServiceConfigW

  ControlService

  CloseServiceHandle

  QueryServiceStatus

  OpenServiceW

  OpenSCManagerW

  RegQueryInfoKeyW

  RegSetValueExW

  SetEntriesInAclA

  SetSecurityDescriptorGroup

  RegOpenKeyExW

  GetTokenInformation

  CheckTokenMembership

  AllocateAndInitializeSid

  FreeSid

  LookupAccountNameW

  SetNamedSecurityInfoW

  InitializeSecurityDescriptor

  SetSecurityDescriptorDacl

  SetSecurityDescriptorOwner

  user32

  GetMessageW

  PeekMessageW

  PostMessageW

  IsWindow

  PostQuitMessage

  GetWindowLongW

  SetWindowLongW

  DefWindowProcW

  UnregisterClassW

  DispatchMessageW

  TranslateMessage

  IsDialogMessageW

  MsgWaitForMultipleObjects

  WaitForInputIdle

  LoadCursorW

  BeginPaint

  EndPaint

  GetCursorPos

  MonitorFromPoint

  GetMonitorInfoW

  ReleaseDC

  MessageBoxW

  PostThreadMessageW

  RegisterClassW

  CreateWindowExW

  oleaut32

  VariantClear

  VariantInit

  SysAllocString

  SysFreeString

  gdi32

  GetDeviceCaps

  CreateDCW

  shell32

  ShellExecuteExW

  SHGetFolderPathW

  CommandLineToArgvW

  ole32

  CoTaskMemFree

  CoCreateInstance

  CoInitialize

  CoUninitialize

  CoInitializeEx

  StringFromGUID2

  CoInitializeSecurity

  CLSIDFromProgID

  kernel32

  GetCurrentProcess

  InitializeCriticalSection

  TlsFree

  DeleteCriticalSection

  CloseHandle

  TlsGetValue

  Sleep

  GetLastError

  ReleaseMutex

  TlsSetValue

  TlsAlloc

  GetCurrentThreadId

  GetVersionExW

  GetModuleHandleW

  ReadFile

  SetFilePointerEx

  CreateFileW

  GetCurrentProcessId

  GetProcessId

  WriteFile

  ConnectNamedPipe

  SetNamedPipeHandleState

  lstrlenW

  CompareStringW

  LocalFree

  CreateNamedPipeW

  WaitForSingleObject

  OpenProcess

  lstrlenA

  RemoveDirectoryW

  GetFileAttributesW

  ExpandEnvironmentStringsW

  LeaveCriticalSection

  EnterCriticalSection

  FreeLibrary

  GetProcAddress

  VerifyVersionInfoW

  VerSetConditionMask

  GetComputerNameW

  GetTempPathW

  GetSystemDirectoryW

  GetSystemWow64DirectoryW

  GetVolumePathNameW

  HeapAlloc

  GetSystemDefaultLangID

  GetUserDefaultLangID

  GetDateFormatW

  GetSystemTime

  InterlockedExchange

  LoadLibraryW

  InterlockedCompareExchange

  GetExitCodeThread

  CreateThread

  SetEvent

  WaitForMultipleObjects

  CreateEventW

  ProcessIdToSessionId

  InterlockedIncrement

  InterlockedDecrement

  GetStringTypeW

  SetFileAttributesW

  FindClose

  FindNextFileW

  FindFirstFileW

  CreateProcessW

  SetCurrentDirectoryW

  GetCurrentDirectoryW

  GetExitCodeProcess

  SetThreadExecutionState

  CopyFileExW

  HeapSetInformation

  MapViewOfFile

  CreateFileMappingW

  CreateMutexW

  SetEndOfFile

  ResetEvent

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  CreateFileA

  GetSystemTimeAsFileTime

  VirtualFree

  VirtualAlloc

  DeleteFileW

  GetThreadLocale

  GetTimeZoneInformation

  TerminateProcess

  UnhandledExceptionFilter

  SystemTimeToTzSpecificLocalTime

  SystemTimeToFileTime

  GlobalAlloc

  IsProcessorFeaturePresent

  GetTickCount

  QueryPerformanceCounter

  HeapCreate

  SetLastError

  EncodePointer

  GetFileType

  InitializeCriticalSectionAndSpinCount

  SetHandleCount

  GetEnvironmentStringsW

  GlobalFree

  MoveFileExW

  CopyFileW

  GetFileSizeEx

  GetModuleHandleA

  RaiseException

  GetCPInfo

  GetACP

  GetOEMCP

  IsValidCodePage

  RtlUnwind

  SetFilePointer

  WideCharToMultiByte

  GetConsoleCP

  GetConsoleMode

  HeapSize

  HeapReAlloc

  LCMapStringW

  MultiByteToWideChar

  SetStdHandle

  WriteConsoleW

  FlushFileBuffers

  GetLocalTime

  UnmapViewOfFile

  IsDebuggerPresent

  DuplicateHandle

  HeapFree

  FormatMessageW

  GetTempFileNameW

  GetWindowsDirectoryW

  CompareStringA

  FreeEnvironmentStringsW

  GetModuleFileNameW

  GetStdHandle

  DecodePointer

  ExitProcess

  SetUnhandledExceptionFilter

  GetStartupInfoW

  GetCommandLineW

  GetFullPathNameW

  CreateDirectoryW

  GetProcessHeap

  cabinet

  ord22

  ord20

  ord23

  crypt32

  CertGetCertificateContextProperty

  CryptHashPublicKeyInfo

  msi

  ord88

  ord17

  ord125

  ord116

  ord115

  ord118

  ord8

  ord171

  ord205

  ord45

  ord137

  ord141

  ord238

  ord190

  ord169

  ord90

  ord173

  ord111

  ord70

  rpcrt4

  UuidCreate

  wininet

  InternetCloseHandle

  HttpAddRequestHeadersW

  HttpOpenRequestW

  InternetErrorDlg

  InternetReadFile

  HttpSendRequestW

  InternetSetOptionW

  InternetOpenW

  HttpQueryInfoW

  InternetCrackUrlW

  InternetConnectW

  wintrust

  WinVerifyTrust

  WTHelperGetProvSignerFromChain

  WTHelperProvDataFromStateData

  CryptCATAdminCalcHashFromFileHandle

  version

  GetFileVersionInfoW

  GetFileVersionInfoSizeW

  VerQueryValueW

  Sections

  .text

  Size: 229KB - Virtual size: 228KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 104KB - Virtual size: 104KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 4KB - Virtual size: 12KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .wixburn

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .rsrc

  Size: 14KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 17KB - Virtual size: 17KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• vcredist2015_2017_2019_2022_x64.exe

  .exe windows:5 windows x86 arch:x86

  1a5cdbf711fee14b077e599d13fddab2

  
  

  Code Sign

  33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2023 19:51

  Not After

  16-10-2024 19:51

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  48:e8:f4:91:26:a0:28:7f:3c:b2:27:8c:31:c5:37:ba:fe:08:0f:62:c8:41:e0:34:65:b4:31:42:a2:15:af:ad

  Signer

  Actual PE Digest

  48:e8:f4:91:26:a0:28:7f:3c:b2:27:8c:31:c5:37:ba:fe:08:0f:62:c8:41:e0:34:65:b4:31:42:a2:15:af:ad

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  PDB Paths

  C:\agent\_work\8\s\build\ship\x86\burn.pdb

  Imports

  advapi32

  RegCloseKey

  RegOpenKeyExW

  OpenProcessToken

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  InitiateSystemShutdownExW

  GetUserNameW

  RegQueryValueExW

  RegDeleteValueW

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  DecryptFileW

  CreateWellKnownSid

  InitializeAcl

  SetEntriesInAclW

  ChangeServiceConfigW

  CloseServiceHandle

  ControlService

  OpenSCManagerW

  OpenServiceW

  QueryServiceStatus

  SetNamedSecurityInfoW

  CheckTokenMembership

  AllocateAndInitializeSid

  SetEntriesInAclA

  SetSecurityDescriptorGroup

  SetSecurityDescriptorOwner

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  RegSetValueExW

  RegQueryInfoKeyW

  RegEnumValueW

  RegEnumKeyExW

  RegDeleteKeyW

  RegCreateKeyExW

  GetTokenInformation

  CryptDestroyHash

  CryptHashData

  CryptCreateHash

  CryptGetHashParam

  CryptReleaseContext

  CryptAcquireContextW

  QueryServiceConfigW

  user32

  GetMessageW

  PostMessageW

  IsWindow

  WaitForInputIdle

  PostQuitMessage

  PeekMessageW

  MsgWaitForMultipleObjects

  PostThreadMessageW

  GetMonitorInfoW

  MonitorFromPoint

  IsDialogMessageW

  LoadCursorW

  LoadBitmapW

  SetWindowLongW

  GetWindowLongW

  GetCursorPos

  MessageBoxW

  CreateWindowExW

  UnregisterClassW

  RegisterClassW

  DefWindowProcW

  DispatchMessageW

  TranslateMessage

  oleaut32

  SysFreeString

  SysAllocString

  VariantInit

  VariantClear

  gdi32

  CreateCompatibleDC

  DeleteObject

  SelectObject

  StretchBlt

  GetObjectW

  DeleteDC

  shell32

  SHGetFolderPathW

  CommandLineToArgvW

  ShellExecuteExW

  ole32

  CoUninitialize

  CoInitializeEx

  CoInitialize

  StringFromGUID2

  CoCreateInstance

  CoTaskMemFree

  CoInitializeSecurity

  CLSIDFromProgID

  kernel32

  GetCommandLineA

  GetCPInfo

  GetOEMCP

  CloseHandle

  CreateFileW

  GetProcAddress

  LocalFree

  HeapSetInformation

  GetLastError

  GetModuleHandleW

  FormatMessageW

  lstrlenA

  lstrlenW

  MultiByteToWideChar

  WideCharToMultiByte

  LCMapStringW

  Sleep

  GetLocalTime

  GetModuleFileNameW

  ExpandEnvironmentStringsW

  GetTempPathW

  GetTempFileNameW

  CreateDirectoryW

  GetFullPathNameW

  CompareStringW

  GetCurrentProcessId

  WriteFile

  SetFilePointer

  LoadLibraryW

  GetSystemDirectoryW

  CreateFileA

  HeapAlloc

  HeapReAlloc

  HeapFree

  HeapSize

  GetProcessHeap

  FindClose

  GetCommandLineW

  GetCurrentDirectoryW

  RemoveDirectoryW

  SetFileAttributesW

  GetFileAttributesW

  DeleteFileW

  FindFirstFileW

  FindNextFileW

  MoveFileExW

  GetCurrentProcess

  GetCurrentThreadId

  InitializeCriticalSection

  DeleteCriticalSection

  ReleaseMutex

  GetEnvironmentStringsW

  TlsGetValue

  TlsSetValue

  TlsFree

  CreateProcessW

  GetVersionExW

  VerSetConditionMask

  FreeLibrary

  EnterCriticalSection

  LeaveCriticalSection

  GetSystemTime

  GetNativeSystemInfo

  GetModuleHandleExW

  GetWindowsDirectoryW

  GetSystemWow64DirectoryW

  GetComputerNameW

  VerifyVersionInfoW

  GetVolumePathNameW

  GetDateFormatW

  GetSystemDefaultLangID

  GetUserDefaultLangID

  GetStringTypeW

  ReadFile

  SetFilePointerEx

  DuplicateHandle

  InterlockedExchange

  InterlockedCompareExchange

  CreateEventW

  ProcessIdToSessionId

  OpenProcess

  GetProcessId

  WaitForSingleObject

  ConnectNamedPipe

  SetNamedPipeHandleState

  CreateNamedPipeW

  CreateThread

  GetExitCodeThread

  SetEvent

  WaitForMultipleObjects

  InterlockedIncrement

  InterlockedDecrement

  ResetEvent

  SetEndOfFile

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  CompareStringA

  GetExitCodeProcess

  SetThreadExecutionState

  CopyFileExW

  MapViewOfFile

  UnmapViewOfFile

  CreateMutexW

  CreateFileMappingW

  GetThreadLocale

  IsValidCodePage

  FreeEnvironmentStringsW

  TlsAlloc

  SetStdHandle

  GetConsoleCP

  GetConsoleMode

  FlushFileBuffers

  DecodePointer

  WriteConsoleW

  GetModuleHandleA

  GlobalAlloc

  GlobalFree

  GetFileSizeEx

  CopyFileW

  VirtualAlloc

  VirtualFree

  SystemTimeToTzSpecificLocalTime

  GetTimeZoneInformation

  SystemTimeToFileTime

  GetSystemInfo

  VirtualProtect

  VirtualQuery

  SetCurrentDirectoryW

  FindFirstFileExW

  GetFileType

  GetACP

  ExitProcess

  GetStdHandle

  LoadLibraryExW

  InitializeCriticalSectionAndSpinCount

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  InitializeSListHead

  IsDebuggerPresent

  GetStartupInfoW

  RaiseException

  RtlUnwind

  SetLastError

  LoadLibraryExA

  rpcrt4

  UuidCreate

  Sections

  .text

  Size: 294KB - Virtual size: 293KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 123KB - Virtual size: 122KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .wixburn

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 512B - Virtual size: 224B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 15KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 15KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ

• vcredist2015_2017_2019_2022_x86.exe

  .exe windows:5 windows x86 arch:x86

  1a5cdbf711fee14b077e599d13fddab2

  
  

  Code Sign

  33:00:00:03:a5:41:11:e8:f0:7f:be:0b:75:00:00:00:00:03:a5

  Certificate

  Issuer

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  19-10-2023 19:51

  Not After

  16-10-2024 19:51

  Subject

  CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Extended Key Usages

  ExtKeyUsageCodeSigning

  61:0e:90:d2:00:00:00:00:00:03

  Certificate

  Issuer

  CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Not Before

  08-07-2011 20:59

  Not After

  08-07-2026 21:09

  Subject

  CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

  Key Usages

  KeyUsageDigitalSignature

  KeyUsageCertSign

  KeyUsageCRLSign

  e8:0a:d7:e5:13:99:94:d9:9a:4e:9c:aa:c2:b6:13:8e:29:c8:5f:99:05:8c:05:b6:0d:fa:b1:ad:95:1d:b0:3c

  Signer

  Actual PE Digest

  e8:0a:d7:e5:13:99:94:d9:9a:4e:9c:aa:c2:b6:13:8e:29:c8:5f:99:05:8c:05:b6:0d:fa:b1:ad:95:1d:b0:3c

  Digest Algorithm

  sha256

  PE Digest Matches

  true

  Headers

  DLL Characteristics

  IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

  IMAGE_DLLCHARACTERISTICS_NX_COMPAT

  IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

  File Characteristics

  IMAGE_FILE_EXECUTABLE_IMAGE

  IMAGE_FILE_32BIT_MACHINE

  IMAGE_FILE_REMOVABLE_RUN_FROM_SWAP

  IMAGE_FILE_NET_RUN_FROM_SWAP

  PDB Paths

  C:\agent\_work\8\s\build\ship\x86\burn.pdb

  Imports

  advapi32

  RegCloseKey

  RegOpenKeyExW

  OpenProcessToken

  AdjustTokenPrivileges

  LookupPrivilegeValueW

  InitiateSystemShutdownExW

  GetUserNameW

  RegQueryValueExW

  RegDeleteValueW

  ConvertStringSecurityDescriptorToSecurityDescriptorW

  DecryptFileW

  CreateWellKnownSid

  InitializeAcl

  SetEntriesInAclW

  ChangeServiceConfigW

  CloseServiceHandle

  ControlService

  OpenSCManagerW

  OpenServiceW

  QueryServiceStatus

  SetNamedSecurityInfoW

  CheckTokenMembership

  AllocateAndInitializeSid

  SetEntriesInAclA

  SetSecurityDescriptorGroup

  SetSecurityDescriptorOwner

  SetSecurityDescriptorDacl

  InitializeSecurityDescriptor

  RegSetValueExW

  RegQueryInfoKeyW

  RegEnumValueW

  RegEnumKeyExW

  RegDeleteKeyW

  RegCreateKeyExW

  GetTokenInformation

  CryptDestroyHash

  CryptHashData

  CryptCreateHash

  CryptGetHashParam

  CryptReleaseContext

  CryptAcquireContextW

  QueryServiceConfigW

  user32

  GetMessageW

  PostMessageW

  IsWindow

  WaitForInputIdle

  PostQuitMessage

  PeekMessageW

  MsgWaitForMultipleObjects

  PostThreadMessageW

  GetMonitorInfoW

  MonitorFromPoint

  IsDialogMessageW

  LoadCursorW

  LoadBitmapW

  SetWindowLongW

  GetWindowLongW

  GetCursorPos

  MessageBoxW

  CreateWindowExW

  UnregisterClassW

  RegisterClassW

  DefWindowProcW

  DispatchMessageW

  TranslateMessage

  oleaut32

  SysFreeString

  SysAllocString

  VariantInit

  VariantClear

  gdi32

  CreateCompatibleDC

  DeleteObject

  SelectObject

  StretchBlt

  GetObjectW

  DeleteDC

  shell32

  SHGetFolderPathW

  CommandLineToArgvW

  ShellExecuteExW

  ole32

  CoUninitialize

  CoInitializeEx

  CoInitialize

  StringFromGUID2

  CoCreateInstance

  CoTaskMemFree

  CoInitializeSecurity

  CLSIDFromProgID

  kernel32

  GetCommandLineA

  GetCPInfo

  GetOEMCP

  CloseHandle

  CreateFileW

  GetProcAddress

  LocalFree

  HeapSetInformation

  GetLastError

  GetModuleHandleW

  FormatMessageW

  lstrlenA

  lstrlenW

  MultiByteToWideChar

  WideCharToMultiByte

  LCMapStringW

  Sleep

  GetLocalTime

  GetModuleFileNameW

  ExpandEnvironmentStringsW

  GetTempPathW

  GetTempFileNameW

  CreateDirectoryW

  GetFullPathNameW

  CompareStringW

  GetCurrentProcessId

  WriteFile

  SetFilePointer

  LoadLibraryW

  GetSystemDirectoryW

  CreateFileA

  HeapAlloc

  HeapReAlloc

  HeapFree

  HeapSize

  GetProcessHeap

  FindClose

  GetCommandLineW

  GetCurrentDirectoryW

  RemoveDirectoryW

  SetFileAttributesW

  GetFileAttributesW

  DeleteFileW

  FindFirstFileW

  FindNextFileW

  MoveFileExW

  GetCurrentProcess

  GetCurrentThreadId

  InitializeCriticalSection

  DeleteCriticalSection

  ReleaseMutex

  GetEnvironmentStringsW

  TlsGetValue

  TlsSetValue

  TlsFree

  CreateProcessW

  GetVersionExW

  VerSetConditionMask

  FreeLibrary

  EnterCriticalSection

  LeaveCriticalSection

  GetSystemTime

  GetNativeSystemInfo

  GetModuleHandleExW

  GetWindowsDirectoryW

  GetSystemWow64DirectoryW

  GetComputerNameW

  VerifyVersionInfoW

  GetVolumePathNameW

  GetDateFormatW

  GetSystemDefaultLangID

  GetUserDefaultLangID

  GetStringTypeW

  ReadFile

  SetFilePointerEx

  DuplicateHandle

  InterlockedExchange

  InterlockedCompareExchange

  CreateEventW

  ProcessIdToSessionId

  OpenProcess

  GetProcessId

  WaitForSingleObject

  ConnectNamedPipe

  SetNamedPipeHandleState

  CreateNamedPipeW

  CreateThread

  GetExitCodeThread

  SetEvent

  WaitForMultipleObjects

  InterlockedIncrement

  InterlockedDecrement

  ResetEvent

  SetEndOfFile

  SetFileTime

  LocalFileTimeToFileTime

  DosDateTimeToFileTime

  CompareStringA

  GetExitCodeProcess

  SetThreadExecutionState

  CopyFileExW

  MapViewOfFile

  UnmapViewOfFile

  CreateMutexW

  CreateFileMappingW

  GetThreadLocale

  IsValidCodePage

  FreeEnvironmentStringsW

  TlsAlloc

  SetStdHandle

  GetConsoleCP

  GetConsoleMode

  FlushFileBuffers

  DecodePointer

  WriteConsoleW

  GetModuleHandleA

  GlobalAlloc

  GlobalFree

  GetFileSizeEx

  CopyFileW

  VirtualAlloc

  VirtualFree

  SystemTimeToTzSpecificLocalTime

  GetTimeZoneInformation

  SystemTimeToFileTime

  GetSystemInfo

  VirtualProtect

  VirtualQuery

  SetCurrentDirectoryW

  FindFirstFileExW

  GetFileType

  GetACP

  ExitProcess

  GetStdHandle

  LoadLibraryExW

  InitializeCriticalSectionAndSpinCount

  UnhandledExceptionFilter

  SetUnhandledExceptionFilter

  TerminateProcess

  IsProcessorFeaturePresent

  QueryPerformanceCounter

  GetSystemTimeAsFileTime

  InitializeSListHead

  IsDebuggerPresent

  GetStartupInfoW

  RaiseException

  RtlUnwind

  SetLastError

  LoadLibraryExA

  rpcrt4

  UuidCreate

  Sections

  .text

  Size: 294KB - Virtual size: 293KB

  IMAGE_SCN_CNT_CODE

  IMAGE_SCN_MEM_EXECUTE

  IMAGE_SCN_MEM_READ

  .rdata

  Size: 123KB - Virtual size: 122KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .data

  Size: 2KB - Virtual size: 5KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .wixburn

  Size: 512B - Virtual size: 56B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .tls

  Size: 512B - Virtual size: 9B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  IMAGE_SCN_MEM_WRITE

  .gfids

  Size: 512B - Virtual size: 224B

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .rsrc

  Size: 15KB - Virtual size: 14KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_READ

  .reloc

  Size: 15KB - Virtual size: 15KB

  IMAGE_SCN_CNT_INITIALIZED_DATA

  IMAGE_SCN_MEM_DISCARDABLE

  IMAGE_SCN_MEM_READ