Oracle_VM_VirtualBox_Extension_Pack-7[.]0[.]20[.]vbox-extpack

Sharing

Copy URL

Twitter E-mail

General

Target

Oracle_VM_VirtualBox_Extension_Pack-7.0.20.vbox-extpack
Size

17.4MB
MD5

9a85012cc2a3f86789c58578458b016c
SHA1

41dd3a41c758b7d17ab23b4a5da34b4094e3bb9d
SHA256

d750fb17688d70e0cb2d7b06f1ad3a661303793f4d1ac39cfa9a54806b89da25
SHA512

b0ba22299a9bb81f47fb4c7f4117b1b5210a72973da723185c6d87fe192f7ab0ea0eb9fae6671b84332a234ead8539375976c87c483628449812e617c42598c7
SSDEEP

393216:hYOdIR52LuC/K3QzbKzb2fWso/fpvEb6sHWlrkljZTyKYMbokg/NRH:hDg5yC3suzboWso/fp062WlS0KYMlglt

Score

3^/10

Malware Config

Signatures

Unsigned PE 1 IoCs

Checks for missing Authenticode signature.

resource
unpack002/win.amd64/VBoxNvmeR0.r0

Files

Oracle_VM_VirtualBox_Extension_Pack-7.0.20.vbox-extpack
.gz
sample
.tar
ExtPack-license.html
.html
ExtPack-license.rtf
.rtf
ExtPack-license.txt
ExtPack.manifest
ExtPack.signature
ExtPack.xml
.xml
PXE-Intel.rom
darwin.amd64/VBoxHostWebcam.dylib
.dylib macos arch:x64
darwin.amd64/VBoxNvmeR0.r0
.macho macos arch:x64
darwin.amd64/VBoxNvmeR3.dylib
.dylib macos arch:x64
darwin.amd64/VBoxPuelCrypto.dylib
.dylib macos arch:x64
darwin.amd64/VBoxPuelMain.dylib
.dylib macos arch:x64
darwin.amd64/VBoxPuelMainVM.dylib
.dylib macos arch:x64
darwin.amd64/VBoxUsbCardReaderR3.dylib
.dylib macos arch:x64
darwin.amd64/VBoxUsbWebcamR3.dylib
.dylib macos arch:x64
darwin.amd64/VBoxVRDP.dylib
.dylib macos arch:x64
darwin.amd64/VDPluginCrypt.dylib
.dylib macos arch:x64
darwin.arm64/VBoxNvmeR3.dylib
.dylib macos arch:arm64
darwin.arm64/VBoxPuelCrypto.dylib
.dylib macos arch:arm64
darwin.arm64/VBoxPuelMain.dylib
.dylib macos arch:arm64
darwin.arm64/VBoxPuelMainVM.dylib
.dylib macos arch:arm64
darwin.arm64/VBoxUsbCardReaderR3.dylib
.dylib macos arch:arm64
darwin.arm64/VBoxUsbWebcamR3.dylib
.dylib macos arch:arm64
darwin.arm64/VBoxVRDP.dylib
.dylib macos arch:arm64
darwin.arm64/VDPluginCrypt.dylib
.dylib macos arch:arm64
linux.amd64/VBoxHostWebcam.so
.elf linux x64
linux.amd64/VBoxNvmeR0.r0
.elf linux x64
linux.amd64/VBoxNvmeR3.so
.elf linux x64
linux.amd64/VBoxPuelCrypto.so
.elf linux x64
linux.amd64/VBoxPuelMain.so
.elf linux x64
linux.amd64/VBoxPuelMainVM.so
.elf linux x64
linux.amd64/VBoxUsbCardReaderR3.so
.elf linux x64
linux.amd64/VBoxUsbWebcamR3.so
.elf linux x64
linux.amd64/VBoxVRDP.so
.elf linux x64
linux.amd64/VDPluginCrypt.so
.elf linux x64
solaris.amd64/VBoxHostWebcam.so
.elf linux x64
solaris.amd64/VBoxNvmeR0.r0
.elf linux x64
solaris.amd64/VBoxNvmeR3.so
.elf linux x64
solaris.amd64/VBoxPuelCrypto.so
.elf linux x64
solaris.amd64/VBoxPuelMain.so
.elf linux x64
solaris.amd64/VBoxPuelMainVM.so
.elf linux x64
solaris.amd64/VBoxUsbCardReaderR3.so
.elf linux x64
solaris.amd64/VBoxUsbWebcamR3.so
.elf linux x64
solaris.amd64/VBoxVRDP.so
.elf linux x64
solaris.amd64/VDPluginCrypt.so
.elf linux x64
win.amd64/VBoxExtPackPuel.inf
win.amd64/VBoxHostWebcam.dll
.dll windows:6 windows x64 arch:x64

270bd663ee39ee9234e754958d09abac

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09-03-2023 00:00

Not After

11-03-2025 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

79:8e:46:74:a1:2b:43:d1:f5:ba:0a:44:76:fd:3e:e9:e1:5e:6c:6c:e6:de:f4:df:45:03:2e:b5:71:2c:36:a1
Signer

Actual PE Digest

79:8e:46:74:a1:2b:43:d1:f5:ba:0a:44:76:fd:3e:e9:e1:5e:6c:6c:e6:de:f4:df:45:03:2e:b5:71:2c:36:a1

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\extpacks-7.0\out\win.amd64\release\obj\VBoxHostWebcam\VBoxHostWebcam.pdb

Imports

vcruntime140

__C_specific_handler
__std_exception_copy
__std_exception_destroy
__intrinsic_setjmp
_CxxThrowException
__std_type_info_destroy_list
memcmp
strchr
__std_terminate
memset
memcpy
longjmp

vcruntime140_1

__CxxFrameHandler4

vboxrt

RTStrToUtf16Tag
RTStrFree
RTStrAPrintfVTag
RTStrCopy
RTUuidCompare2Strs
RTStrToUInt16Full
RTMemFree
RTLogLoggerEx
RTLogRelGetDefaultInstanceEx
RTStrToUInt32Ex
RTUtf16ToUtf8Tag
RTUtf16ICmp
RTUtf16Len
RTUtf16Free
RTMemAllocTag
RTCrc64
RTStrPrintf
RTMemReallocTag
RTMemAllocZTag

api-ms-win-crt-string-l1-1-0

_wcsicmp

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

exit
_cexit
_execute_onexit_table
_initterm
_initterm_e
_seh_filter_dll
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv

api-ms-win-crt-stdio-l1-1-0

__stdio_common_vfprintf
__acrt_iob_func
__stdio_common_vsprintf
__stdio_common_vsscanf

api-ms-win-crt-environment-l1-1-0

getenv_s

kernel32

IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
GetModuleHandleW

user32

TranslateMessage
DispatchMessageW
RegisterDeviceNotificationW
UnregisterDeviceNotification
DefWindowProcW
RegisterClassW
UnregisterClassW
CreateWindowExW
DestroyWindow
PostMessageW
GetWindowLongPtrW
SetWindowLongPtrW
GetMessageW

ole32

CoCreateInstance
CoTaskMemFree

oleaut32

SysAllocString
SysFreeString
SysStringByteLen
VariantInit
VariantClear

Exports

Exports

VBoxDriversRegister
VBoxHostWebcamList

Sections

.text
Size: 233KB - Virtual size: 232KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 253KB - Virtual size: 253KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 372B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win.amd64/VBoxNvmeR0.r0
.sys windows:6 windows x64 arch:x64

6a756423db02f0014d7ac747a93259b6

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

D:\tinderbox\extpacks-7.0\out\win.amd64\release\obj\VBoxNvmeR0\VBoxNvmeR0.pdb

Imports

vmmr0.r0

PDMR0DeviceRegisterModule
PDMR0DeviceDeregisterModule
RTLogRelGetDefaultInstanceEx
RTLogLoggerEx
ASMAtomicXchgU8

Exports

Exports

ModuleInit
ModuleInitSecurityCookie
ModuleTerm

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 64B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 192B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.edata
Size: 512B - Virtual size: 131B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 512B - Virtual size: 326B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win.amd64/VBoxNvmeR3.dll
.dll windows:6 windows x64 arch:x64

068dd613766dbaf64e0a91026aca1866

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09-03-2023 00:00

Not After

11-03-2025 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

10:e1:44:fd:6d:48:6b:10:26:bc:88:ec:cd:2e:5c:e5:8a:68:d0:d7:32:76:b8:16:d8:29:51:60:87:17:f9:d3
Signer

Actual PE Digest

10:e1:44:fd:6d:48:6b:10:26:bc:88:ec:cd:2e:5c:e5:8a:68:d0:d7:32:76:b8:16:d8:29:51:60:87:17:f9:d3

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\extpacks-7.0\out\win.amd64\release\obj\VBoxNvmeR3\VBoxNvmeR3.pdb

Imports

vcruntime140

__std_type_info_destroy_list
memset
memcpy
strstr
__C_specific_handler

vboxrt

RTLogLoggerEx
RTUuidClear
RTUuidCompare2Strs
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSgBufGetNextSegment
RTSemFastMutexRelease
RTMemAllocZTag
RTMemFree
RTReqQueueCreate
RTReqQueueDestroy
RTReqQueueProcess
RTReqQueueCallEx
RTReqRelease
RTReqWait
RTSgBufInit
RTCritSectDelete
RTCritSectLeave
RTCritSectEnter
RTLogRelGetDefaultInstanceEx
RTCritSectInit
RTThreadSelf
ASMAtomicXchgU8
RTStrAPrintfVTag
RTStrPrintf
RTAssertShouldPanic
RTAssertMsg2Weak
RTAssertMsg1Weak
RTSemFastMutexRequest

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initterm
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initialize_onexit_table

kernel32

IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
QueryPerformanceCounter

Exports

Exports

VBoxDevicesRegister

Sections

.text
Size: 35KB - Virtual size: 34KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1000B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 204B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win.amd64/VBoxPuelCrypto.dll
.dll windows:6 windows x64 arch:x64

72e5c3ccbc08eee605dc7a04d423ecfe

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09-03-2023 00:00

Not After

11-03-2025 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:34:f6:3b:b9:1a:44:c4:b9:34:78:d7:38:62:bb:25:18:14:7c:62:a3:9c:10:39:18:b2:c7:32:c2:46:ad:de
Signer

Actual PE Digest

72:34:f6:3b:b9:1a:44:c4:b9:34:78:d7:38:62:bb:25:18:14:7c:62:a3:9c:10:39:18:b2:c7:32:c2:46:ad:de

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\extpacks-7.0\out\win.amd64\release\obj\VBoxPuelCrypto\VBoxPuelCrypto.pdb

Imports

vcruntime140

memcmp
memset
memcpy
__std_type_info_destroy_list
__C_specific_handler

vboxrt

RTTimeMilliTS
RTCrCipherOpenByType
RTCrCipherRelease
RTCrCipherCtxFree
RTCrCipherCtxEncryptInit
RTCrCipherCtxEncryptProcess
RTCrCipherCtxEncryptFinish
RTCrCipherCtxDecryptInit
RTCrCipherCtxDecryptProcess
RTCrCipherCtxDecryptFinish
RTCrCipherEncrypt
RTCrCipherDecrypt
RTCrCipherEncryptEx
RTCrCipherDecryptEx
RTCrDigestCreateByType
RTCrDigestRelease
RTCrDigestUpdate
RTCrDigestFinal
RTStrCopy
RTCrDigestTypeToHashSize
RTCrRandBytes
RTCrPkcs5Pbkdf2Hmac
RTMemPageAllocZTag
RTMemPageFree
RTVfsIoStrmRetain
RTVfsIoStrmRelease
RTVfsIoStrmToFile
RTVfsIoStrmQueryInfo
RTVfsIoStrmRead
RTVfsIoStrmReadAt
RTVfsIoStrmWrite
RTStrDupNTag
RTVfsIoStrmFlush
RTVfsFileToIoStream
RTVfsFileRetain
RTVfsFileRelease
RTVfsFileRead
RTVfsFileSeek
RTVfsFileQuerySize
RTVfsFileQueryMaxSize
RTVfsNewIoStream
RTVfsNewFile
RTStrDupTag
RTStrFree
RTMemSaferFree
RTStrCmp
RTMemSaferAllocZExTag
RTMemFree
RTMemAllocZTag
RTMemTmpFree
RTMemTmpAllocZTag
RTBase64Encode
RTBase64EncodedLength
RTBase64Decode
RTCrDigestGetHashSize
RTVfsIoStrmWriteAt

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-runtime-l1-1-0

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

kernel32

SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
RtlCaptureContext
QueryPerformanceCounter

Exports

Exports

VBoxCryptoEntry

Sections

.text
Size: 16KB - Virtual size: 16KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 124B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win.amd64/VBoxPuelMain.dll
.dll windows:6 windows x64 arch:x64

7f4d38254567c3efbe4cadf4efa223cb

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09-03-2023 00:00

Not After

11-03-2025 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

38:25:25:41:df:bb:86:fd:5f:3a:da:25:08:83:1a:c3:00:77:bc:1c:18:8c:a3:11:ba:31:f6:88:d6:c4:48:23
Signer

Actual PE Digest

38:25:25:41:df:bb:86:fd:5f:3a:da:25:08:83:1a:c3:00:77:bc:1c:18:8c:a3:11:ba:31:f6:88:d6:c4:48:23

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\extpacks-7.0\out\win.amd64\release\obj\VBoxPuelMain\VBoxPuelMain.pdb

Imports

vcruntime140

memmove
__std_exception_copy
__std_exception_destroy
memset
_CxxThrowException
_purecall
__RTtypeid
__C_specific_handler
__std_type_info_destroy_list
memcmp
__std_type_info_name
__std_terminate
memcpy

vcruntime140_1

__CxxFrameHandler4

msvcp140

?_Xout_of_range@std@@YAXPEBD@Z
?_Xlength_error@std@@YAXPEBD@Z

vboxrt

?appendPrintfVNoThrow@RTCString@@QEAAHPEBDPEAD@Z
?erase@RTCString@@QEAAAEAV1@_K0@Z
?isEmpty@RTCString@@QEBA_NXZ
?isNotEmpty@RTCString@@QEBA_NXZ
?isNull@RTCRestObjectBase@@QEBA_NXZ
??0RTCRestString@@QEAA@XZ
??1RTCRestString@@UEAA@XZ
??0RTCRestString@@QEAA@AEBVRTCString@@@Z
??0RTCRestString@@QEAA@PEBD@Z
?deserializeInstanceFromJson@RTCRestString@@SAHAEBURTCRestJsonCursor@@PEAPEAVRTCRestObjectBase@@@Z
??0RTCRestStringMapBase@@QEAA@XZ
??1RTCRestStringMapBase@@UEAA@XZ
?putCopyWorker@RTCRestStringMapBase@@IEAAHPEBDAEBVRTCRestObjectBase@@_N_K@Z
?getContentLength@RTCRestBinaryParameter@@QEBA_KXZ
?setServerUrl@RTCRestClientApiBase@@QEAAHPEBD@Z
?setServerScheme@RTCRestClientApiBase@@QEAAHPEBD@Z
?setServerAuthority@RTCRestClientApiBase@@QEAAHPEBD@Z
?setCAFile@RTCRestClientApiBase@@QEAAHAEBVRTCString@@@Z
??0RTCRestArrayBase@@QEAA@XZ
??1RTCRestArrayBase@@UEAA@XZ
?copyArrayWorkerMayThrow@RTCRestArrayBase@@IEAAXAEBV1@@Z
?baseClone@RTCRestArrayBase@@UEBAPEAVRTCRestObjectBase@@XZ
?baseClone@RTCRestString@@UEBAPEAVRTCRestObjectBase@@XZ
?baseClone@RTCRestStringMapBase@@UEBAPEAVRTCRestObjectBase@@XZ
?deserializeFromJson@RTCRestArrayBase@@UEAAHAEBURTCRestJsonCursor@@@Z
?deserializeFromJson@RTCRestString@@UEAAHAEBURTCRestJsonCursor@@@Z
?deserializeFromJson@RTCRestStringMapBase@@UEAAHAEBURTCRestJsonCursor@@@Z
?fromString@RTCRestArrayBase@@UEAAHAEBVRTCString@@PEBDPEAURTERRINFO@@I@Z
?fromString@RTCRestObjectBase@@UEAAHAEBVRTCString@@PEBDPEAURTERRINFO@@I@Z
?fromString@RTCRestString@@UEAAHAEBVRTCString@@PEBDPEAURTERRINFO@@I@Z
?resetToDefault@RTCRestArrayBase@@UEAAHXZ
?resetToDefault@RTCRestString@@UEAAHXZ
?resetToDefault@RTCRestStringMapBase@@UEAAHXZ
?serializeAsJson@RTCRestArrayBase@@UEBAAEAVRTCRestOutputBase@@AEAV2@@Z
?serializeAsJson@RTCRestString@@UEBAAEAVRTCRestOutputBase@@AEAV2@@Z
?serializeAsJson@RTCRestStringMapBase@@UEBAAEAVRTCRestOutputBase@@AEAV2@@Z
?setNotNull@RTCRestObjectBase@@UEAAXXZ
?setNull@RTCRestObjectBase@@UEAAHXZ
?setNull@RTCRestString@@UEAAHXZ
?toString@RTCRestArrayBase@@UEBAHPEAVRTCString@@I@Z
?toString@RTCRestObjectBase@@UEBAHPEAVRTCString@@I@Z
?toString@RTCRestString@@UEBAHPEAVRTCString@@I@Z
?typeClass@RTCRestArrayBase@@UEBA?AW4kTypeClass@RTCRestObjectBase@@XZ
?typeClass@RTCRestString@@UEBA?AW4kTypeClass@RTCRestObjectBase@@XZ
?typeClass@RTCRestStringMapBase@@UEBA?AW4kTypeClass@RTCRestObjectBase@@XZ
?typeName@RTCRestArrayBase@@UEBAPEBDXZ
?typeName@RTCRestString@@UEBAPEBDXZ
?typeName@RTCRestStringMapBase@@UEBAPEBDXZ
?compare@RTCString@@QEBAHAEBV1@W4CaseSensitivity@1@@Z
??H@YA?BVRTCString@@AEBV0@PEBD@Z
??0RTCRestBinaryParameter@@QEAA@XZ
?getCallbackData@RTCRestBinaryParameter@@QEBAPEAXXZ
?setProducerCallback@RTCRestBinaryParameter@@QEAAXP6AHPEAV1@PEAX_K2PEA_K@_E12@Z
??1RTCRestBinaryParameter@@UEAA@XZ
?getCallbackData@RTCRestBinaryResponse@@QEBAPEAXXZ
?setConsumerCallback@RTCRestBinaryResponse@@QEAAXP6AHPEAV1@PEBX_KI22@_EPEAX@Z
??1RTCRestBinaryResponse@@UEAA@XZ
?size@RTCRestArrayBase@@QEBA_KXZ
RTVfsFileRead
RTVfsFileWrite
?assignCopy@RTCRestBinaryParameter@@UEAAHAEBV1@@Z
?assignCopy@RTCRestBinaryParameter@@UEAAHAEBVRTCRestBinary@@@Z
?assignCopy@RTCRestBinaryParameter@@UEAAHPEBX_K@Z
?assignCopy@RTCRestBinaryResponse@@UEAAHAEBV1@@Z
?assignCopy@RTCRestBinaryResponse@@UEAAHAEBVRTCRestBinary@@@Z
?assignCopy@RTCRestBinaryResponse@@UEAAHPEBX_K@Z
?assignReadOnly@RTCRestBinaryParameter@@UEAAHPEBX_K@Z
?assignReadOnly@RTCRestBinaryResponse@@UEAAHPEBX_K@Z
?assignWriteable@RTCRestBinaryParameter@@UEAAHPEAX_K@Z
?assignWriteable@RTCRestBinaryResponse@@UEAAHPEAX_K@Z
?baseClone@RTCRestBinaryParameter@@UEBAPEAVRTCRestObjectBase@@XZ
?baseClone@RTCRestBinaryResponse@@UEBAPEAVRTCRestObjectBase@@XZ
?deserializeFromJson@RTCRestBinary@@UEAAHAEBURTCRestJsonCursor@@@Z
?freeData@RTCRestBinary@@UEAAXXZ
?fromString@RTCRestBinary@@UEAAHAEBVRTCString@@PEBDPEAURTERRINFO@@I@Z
?receiveComplete@RTCRestBinaryResponse@@UEAAXPEAURTHTTPINTERNAL@@@Z
?receivePrepare@RTCRestBinaryResponse@@UEAAHPEAURTHTTPINTERNAL@@I@Z
?resetToDefault@RTCRestBinaryParameter@@UEAAHXZ
?resetToDefault@RTCRestBinaryResponse@@UEAAHXZ
?serializeAsJson@RTCRestBinary@@UEBAAEAVRTCRestOutputBase@@AEAV2@@Z
?setNull@RTCRestBinary@@UEAAHXZ
?toString@RTCRestBinary@@UEBAHPEAVRTCString@@I@Z
?typeClass@RTCRestBinary@@UEBA?AW4kTypeClass@RTCRestObjectBase@@XZ
?typeName@RTCRestBinaryParameter@@UEBAPEBDXZ
?typeName@RTCRestBinaryResponse@@UEBAPEBDXZ
?xmitComplete@RTCRestBinaryParameter@@UEBAXPEAURTHTTPINTERNAL@@@Z
?xmitPrepare@RTCRestBinaryParameter@@UEBAHPEAURTHTTPINTERNAL@@@Z
RTThreadSleep
RTMemAllocTag
RTMemReallocTag
RTMemFree
RTStrFormatU64
RTStrNLen
RTStrToUInt64Full
?reserve@RTCString@@QEAAX_K@Z
?assign@RTCString@@QEAAAEAV1@PEBD@Z
?assignNoThrow@RTCString@@QEAAHPEBD@Z
?assign@RTCString@@QEAAAEAV1@PEBD_K@Z
?append@RTCString@@QEAAAEAV1@AEBV1@@Z
?append@RTCString@@QEAAAEAV1@PEBD@Z
?toUpper@RTCString@@QEAAAEAV1@XZ
?mutableRaw@RTCString@@QEAAPEADXZ
?jolt@RTCString@@QEAAXXZ
?compare@RTCString@@QEBAHPEBDW4CaseSensitivity@1@@Z
??MRTCString@@QEBA_NAEBV0@@Z
??8RTCString@@QEBA_NPEBD@Z
?contains@RTCString@@QEBA_NPEBDW4CaseSensitivity@1@@Z
?toUInt32@RTCString@@QEBAIXZ
?toUInt64@RTCString@@QEBA_KXZ
?split@RTCString@@QEBA?AV?$RTCList@VRTCString@@PEAV1@@@AEBV1@W4SplitMode@1@@Z
?cleanup@RTCString@@IEAAXXZ
RTTimeNow
RTTimeMilliTS
?toString@RTCRestObjectBase@@QEBA?AVRTCString@@XZ
??0RTCRestDate@@QEAA@AEBV0@@Z
??1RTCRestDate@@UEAA@XZ
?getString@RTCRestDate@@QEBAAEBVRTCString@@XZ
??0RTCRestStringEnumBase@@QEAA@XZ
??1RTCRestStringEnumBase@@UEAA@XZ
?setByString@RTCRestStringEnumBase@@QEAAHAEBVRTCString@@@Z
?getString@RTCRestStringEnumBase@@QEBAPEBDXZ
?setWorker@RTCRestStringEnumBase@@IEAA_NH@Z
?cloneWorker@RTCRestStringEnumBase@@IEBAPEAVRTCRestObjectBase@@PEAV1@@Z
?isEmpty@RTCRestStringMapBase@@QEBA_NXZ
?size@RTCRestStringMapBase@@QEBA_KXZ
?remove@RTCRestStringMapBase@@QEAA_NAEBVRTCString@@@Z
?begin@RTCRestStringMapBase@@QEBA?AVConstIterator@1@XZ
?last@RTCRestStringMapBase@@QEBA?AVConstIterator@1@XZ
?end@RTCRestStringMapBase@@QEBA?AVConstIterator@1@XZ
?copyMapWorkerMayThrow@RTCRestStringMapBase@@IEAAXAEBV1@@Z
??0RTCRestBinaryResponse@@QEAA@XZ
?isEmpty@RTCRestArrayBase@@QEBA_NXZ
RTNetIsIPv4AddrStr
RTFileExists
RTFileDelete
RTFileRename
RTFileReadAll
RTFileReadAllFree
RTIniFileCreateFromVfsFile
RTIniFileRelease
RTIniFileQueryValue
RTPathSkipRootSpec
RTPathPurgeFilename
RTPathStartsWithRoot
RTPathCompare
RTPathAppend
RTPathUserHome
RTPathTemp
RTRandU64Ex
RTStrmOpen
RTStrmClose
RTStrmPutCh
RTStrmPutStr
RTStrmGetLine
RTStrmPrintf
RTVfsFileOpenNormal
RTVfsFileRelease
RTBase64EncodedLengthEx
RTBase64EncodeEx
RTUriParse
?deserializeFromJson@RTCRestStringEnumBase@@UEAAHAEBURTCRestJsonCursor@@@Z
?fromString@RTCRestStringEnumBase@@UEAAHAEBVRTCString@@PEBDPEAURTERRINFO@@I@Z
?resetToDefault@RTCRestStringEnumBase@@UEAAHXZ
?serializeAsJson@RTCRestStringEnumBase@@UEBAAEAVRTCRestOutputBase@@AEAV2@@Z
?toString@RTCRestStringEnumBase@@UEBAHPEAVRTCString@@I@Z
?typeClass@RTCRestStringEnumBase@@UEBA?AW4kTypeClass@RTCRestObjectBase@@XZ
RTVfsFileTell
RTVfsFileSeek
RTVfsMemFileCreate
RTUuidClear
RTStrToInt64Full
RTStrToInt32Full
RTUtf16Cmp
?strip@RTCString@@QEAAAEAV1@XZ
?substr@RTCString@@QEBA?AV1@_K0@Z
?endsWith@RTCString@@QEBA_NAEBV1@W4CaseSensitivity@1@@Z
??0RTCString@@QEAA@PEBD_K@Z
??0RTCString@@QEAA@PEBDPEAD@Z
?printfNoThrow@RTCString@@QEAAHPEBDZZ
??9RTCString@@QEBA_NAEBV0@@Z
RTUuidToStr
RTStrStripL
?stripRight@RTCString@@QEAAAEAV1@XZ
?startsWith@RTCString@@QEBA_NAEBV1@W4CaseSensitivity@1@@Z
?toInt@RTCString@@QEBAHAEA_K@Z
??0RTCRestString@@QEAA@AEBV0@@Z
?containsKey@RTCRestStringMapBase@@QEBA_NPEBD@Z
?getWorker@RTCRestStringMapBase@@IEBAPEBVRTCRestObjectBase@@PEBD@Z
RTUuidCreate
RTUuidIsNull
RTUuidFromStr
RTFileCopy
RTStrVersionCompare
?find@RTCString@@QEBA_KPEBD_K@Z
RTThreadCreate
?append@RTCString@@QEAAAEAV1@D@Z
RTStrToUInt64Ex
RTSemEventCreate
RTSemEventDestroy
?assign@RTCString@@QEAAAEAV1@AEBV1@@Z
RTSemEventWait
RTSemEventMultiCreate
RTSemEventMultiDestroy
RTSemEventMultiSignal
RTSemEventMultiWait
RTThreadSelf
RTTlsGet
RTTlsSet
RTUuidToUtf16
RTUuidFromUtf16
RTStrValidateEncodingEx
?reserveNoThrow@RTCString@@QEAAH_K@Z
?find@RTCString@@QEBA_KPEBV1@_K@Z
RTFileOpen
RTFileClose
RTFileWrite
RTStrCopy
RTVfsFileReadAt
RTVfsFileQuerySize
RTOnceSlow
RTCritSectRwInit
RTCritSectRwEnterShared
RTCritSectRwLeaveShared
RTCritSectRwEnterExcl
RTCritSectRwLeaveExcl
RTStrCmp
RTStrHash1
??0RTCRestBool@@QEAA@AEBV0@@Z
??0RTCRestBool@@QEAA@_N@Z
??1RTCRestBool@@UEAA@XZ
??4RTCRestBool@@QEAAAEAV0@AEBV0@@Z
?assignValue@RTCRestBool@@QEAAX_N@Z
?assignCopy@RTCRestString@@QEAAHAEBV1@@Z
?assignNoThrow@RTCRestString@@QEAAHAEBVRTCString@@@Z
?assignNoThrow@RTCRestString@@QEAAHPEBD@Z
??4RTCRestString@@QEAAAEAV0@AEBV0@@Z
??0RTCRestDate@@QEAA@XZ
??4RTCRestDate@@QEAAAEAV0@AEBV0@@Z
?assignCopy@RTCRestDate@@QEAAHAEBV1@@Z
??0RTCRestStringEnumBase@@QEAA@AEBV0@@Z
??4RTCRestStringEnumBase@@QEAAAEAV0@AEBV0@@Z
?assignCopy@RTCRestStringEnumBase@@QEAAHAEBV1@@Z
?setByString@RTCRestStringEnumBase@@QEAAHPEBD_K@Z
??0RTCRestDataObject@@QEAA@XZ
??0RTCRestDataObject@@QEAA@AEBV0@@Z
??1RTCRestDataObject@@UEAA@XZ
?resetToDefault@RTCRestDataObject@@UEAAHXZ
?serializeMembersAsJson@RTCRestDataObject@@UEBAAEAVRTCRestOutputBase@@AEAV2@@Z
?deserializeMemberFromJson@RTCRestDataObject@@UEAAHAEBURTCRestJsonCursor@@_K@Z
??4RTCRestDataObject@@IEAAAEAV0@AEBV0@@Z
?assignCopy@RTCRestDataObject@@MEAAHAEBV1@@Z
?deserializeFromJson@RTCRestDataObject@@UEAAHAEBURTCRestJsonCursor@@@Z
?serializeAsJson@RTCRestDataObject@@UEBAAEAVRTCRestOutputBase@@AEAV2@@Z
?typeClass@RTCRestDataObject@@UEBA?AW4kTypeClass@RTCRestObjectBase@@XZ
?assignNoThrow@RTCRestString@@QEAAHPEBD_K@Z
?copyMapWorkerNoThrow@RTCRestStringMapBase@@IEAAHAEBV1@@Z
?putWorker@RTCRestStringMapBase@@IEAAHPEBDPEAVRTCRestObjectBase@@_N_K@Z
??0RTCRestAnyObject@@QEAA@XZ
??1RTCRestAnyObject@@UEAA@XZ
?deserializeInstanceFromJson@RTCRestAnyObject@@SAHAEBURTCRestJsonCursor@@PEAPEAVRTCRestObjectBase@@@Z
?baseClone@RTCRestAnyObject@@UEBAPEAVRTCRestObjectBase@@XZ
?deserializeFromJson@RTCRestAnyObject@@UEAAHAEBURTCRestJsonCursor@@@Z
?fromString@RTCRestAnyObject@@UEAAHAEBVRTCString@@PEBDPEAURTERRINFO@@I@Z
?resetToDefault@RTCRestAnyObject@@UEAAHXZ
?serializeAsJson@RTCRestAnyObject@@UEBAAEAVRTCRestOutputBase@@AEAV2@@Z
?setNull@RTCRestAnyObject@@UEAAHXZ
?toString@RTCRestAnyObject@@UEBAHPEAVRTCString@@I@Z
?typeClass@RTCRestAnyObject@@UEBA?AW4kTypeClass@RTCRestObjectBase@@XZ
?typeName@RTCRestAnyObject@@UEBAPEBDXZ
?nullValue@RTCRestOutputBase@@QEAAXXZ
??0RTCRestInt64@@QEAA@AEBV0@@Z
??0RTCRestInt64@@QEAA@_J@Z
??1RTCRestInt64@@UEAA@XZ
??4RTCRestInt64@@QEAAAEAV0@AEBV0@@Z
?assignValue@RTCRestInt64@@QEAAX_J@Z
??0RTCRestInt32@@QEAA@AEBV0@@Z
??0RTCRestInt32@@QEAA@H@Z
??1RTCRestInt32@@UEAA@XZ
??4RTCRestInt32@@QEAAAEAV0@AEBV0@@Z
?assignValue@RTCRestInt32@@QEAAXH@Z
??0RTCRestDouble@@QEAA@AEBV0@@Z
??0RTCRestDouble@@QEAA@N@Z
??1RTCRestDouble@@UEAA@XZ
??4RTCRestDouble@@QEAAAEAV0@AEBV0@@Z
?assignValue@RTCRestDouble@@QEAAXN@Z
RTHttpAddHeader
?assignNoThrow@RTCString@@QEAAHPEBD_K@Z
??0RTCRestBool@@QEAA@XZ
??0RTCRestInt32@@QEAA@XZ
?assignCopy@RTCRestString@@QEAAHPEBD@Z
??0RTCRestClientRequestBase@@QEAA@XZ
??1RTCRestClientRequestBase@@UEAA@XZ
?doPathParameters@RTCRestClientRequestBase@@IEBAHPEAVRTCString@@PEBD_KPEBUPATHPARAMDESC@1@PEAUPATHPARAMSTATE@1@2@Z
?doQueryParameters@RTCRestClientRequestBase@@IEBAHPEAVRTCString@@PEBUQUERYPARAMDESC@1@PEAPEBVRTCRestObjectBase@@_K@Z
?doHeaderParameters@RTCRestClientRequestBase@@IEBAHPEAURTHTTPINTERNAL@@PEBUHEADERPARAMDESC@1@PEAPEBVRTCRestObjectBase@@_K@Z
??0RTCRestOutputToString@@QEAA@PEAVRTCString@@_N@Z
??1RTCRestOutputToString@@UEAA@XZ
?finalize@RTCRestOutputToString@@UEAAPEAVRTCString@@XZ
RTStrNICmpAscii
??0RTCRestClientResponseBase@@QEAA@XZ
??1RTCRestClientResponseBase@@UEAA@XZ
?reset@RTCRestClientResponseBase@@UEAAXXZ
?receivePrepare@RTCRestClientResponseBase@@UEAAHPEAURTHTTPINTERNAL@@@Z
?receiveComplete@RTCRestClientResponseBase@@UEAAXHPEAURTHTTPINTERNAL@@@Z
?addError@RTCRestClientResponseBase@@IEAAHHPEBDZZ
?deserializeHeader@RTCRestClientResponseBase@@IEAAHPEAVRTCRestObjectBase@@PEBD_KI1@Z
?deserializeBody@RTCRestClientResponseBase@@IEAAXPEBD_K0@Z
?consumeHeader@RTCRestClientResponseBase@@MEAAHIPEBD_K01@Z
?baseClone@RTCRestInt32@@UEBAPEAVRTCRestObjectBase@@XZ
?deserializeFromJson@RTCRestInt32@@UEAAHAEBURTCRestJsonCursor@@@Z
?fromString@RTCRestInt32@@UEAAHAEBVRTCString@@PEBDPEAURTERRINFO@@I@Z
?receiveFinal@RTCRestClientResponseBase@@UEAAXXZ
?resetToDefault@RTCRestInt32@@UEAAHXZ
?serializeAsJson@RTCRestInt32@@UEBAAEAVRTCRestOutputBase@@AEAV2@@Z
?toString@RTCRestInt32@@UEBAHPEAVRTCString@@I@Z
?typeClass@RTCRestInt32@@UEBA?AW4kTypeClass@RTCRestObjectBase@@XZ
?typeName@RTCRestInt32@@UEBAPEBDXZ
??0RTCRestClientApiBase@@QEAA@XZ
??1RTCRestClientApiBase@@UEAA@XZ
?ociSignRequest@RTCRestClientApiBase@@IEAAHPEAURTHTTPINTERNAL@@AEBVRTCString@@W4RTHTTPMETHOD@@1IPEAURTCRKEYINT@@1@Z
?doCall@RTCRestClientApiBase@@MEAAHAEBVRTCRestClientRequestBase@@W4RTHTTPMETHOD@@PEAVRTCRestClientResponseBase@@PEBDI@Z
?reinitHttpInstance@RTCRestClientApiBase@@MEAAHXZ
?copyArrayWorkerNoThrow@RTCRestArrayBase@@IEAAHAEBV1@@Z
?insertCopyWorker@RTCRestArrayBase@@IEAAH_KAEBVRTCRestObjectBase@@_N@Z
RTStrFree
RTJsonValueGetType
RTJsonValueQueryStringByName
??0RTCRestPolyDataObject@@QEAA@XZ
??1RTCRestPolyDataObject@@UEAA@XZ
?resetToDefault@RTCRestPolyDataObject@@UEAAHXZ
?isChild@RTCRestPolyDataObject@@UEBA_NXZ
?deserializeInstanceFromJson@RTCRestInt32@@SAHAEBURTCRestJsonCursor@@PEAPEAVRTCRestObjectBase@@@Z
?assignCopy@RTCRestInt32@@QEAAHAEBV1@@Z
??0RTCRestInt64@@QEAA@XZ
??4RTCRestString@@QEAAAEAV0@PEBD@Z
?deserializeHeaderIntoMap@RTCRestClientResponseBase@@IEAAHPEAVRTCRestStringMapBase@@PEBD_K12I1@Z
?baseClone@RTCRestBool@@UEBAPEAVRTCRestObjectBase@@XZ
?baseClone@RTCRestDate@@UEBAPEAVRTCRestObjectBase@@XZ
?baseClone@RTCRestInt64@@UEBAPEAVRTCRestObjectBase@@XZ
?deserializeFromJson@RTCRestBool@@UEAAHAEBURTCRestJsonCursor@@@Z
?deserializeFromJson@RTCRestDate@@UEAAHAEBURTCRestJsonCursor@@@Z
?deserializeFromJson@RTCRestInt64@@UEAAHAEBURTCRestJsonCursor@@@Z
?fromString@RTCRestBool@@UEAAHAEBVRTCString@@PEBDPEAURTERRINFO@@I@Z
?fromString@RTCRestDate@@UEAAHAEBVRTCString@@PEBDPEAURTERRINFO@@I@Z
?fromString@RTCRestInt64@@UEAAHAEBVRTCString@@PEBDPEAURTERRINFO@@I@Z
?resetToDefault@RTCRestBool@@UEAAHXZ
?resetToDefault@RTCRestDate@@UEAAHXZ
?resetToDefault@RTCRestInt64@@UEAAHXZ
?serializeAsJson@RTCRestBool@@UEBAAEAVRTCRestOutputBase@@AEAV2@@Z
?serializeAsJson@RTCRestDate@@UEBAAEAVRTCRestOutputBase@@AEAV2@@Z
?serializeAsJson@RTCRestInt64@@UEBAAEAVRTCRestOutputBase@@AEAV2@@Z
?toString@RTCRestBool@@UEBAHPEAVRTCString@@I@Z
?toString@RTCRestDate@@UEBAHPEAVRTCString@@I@Z
?toString@RTCRestInt64@@UEBAHPEAVRTCString@@I@Z
?typeClass@RTCRestBool@@UEBA?AW4kTypeClass@RTCRestObjectBase@@XZ
?typeClass@RTCRestDate@@UEBA?AW4kTypeClass@RTCRestObjectBase@@XZ
?typeClass@RTCRestInt64@@UEBA?AW4kTypeClass@RTCRestObjectBase@@XZ
?typeName@RTCRestBool@@UEBAPEBDXZ
?typeName@RTCRestDate@@UEBAPEBDXZ
?typeName@RTCRestInt64@@UEBAPEBDXZ
RTUtf16Len
RTStrFormatV
RTStrToUtf16ExTag
RTStrCalcUtf16LenEx
RTCritSectRwGetWriteRecursion
RTCritSectRwIsReadOwner
RTCritSectRwIsWriteOwner
RTCritSectRwDelete
RTCritSectRwInitEx
?printfV@RTCString@@QEAAAEAV1@PEBDPEAD@Z
??0RTCString@@QEAA@PEBD@Z
RTCrKeyRelease
RTCrKeyRetain
RTCrKeyCreateFromFile
?npos@RTCString@@2_KB
?substrCP@RTCString@@QEBA?AV1@_K0@Z
??8RTCString@@QEBA_NAEBV0@@Z
?equals@RTCString@@QEBA_NAEBV1@@Z
?c_str@RTCString@@QEBAPEBDXZ
?printf@RTCString@@QEAAAEAV1@PEBDZZ
??4RTCString@@QEAAAEAV0@AEBV0@@Z
??4RTCString@@QEAAAEAV0@PEBD@Z
?setNull@RTCString@@QEAAXXZ
??1RTCString@@UEAA@XZ
??0RTCString@@QEAA@AEBV0@@Z
??0RTCString@@QEAA@XZ
RTStrUniLen
RTLogLoggerEx
RTLogRelGetDefaultInstanceEx
RTCritSectDelete
RTCritSectLeave
RTCritSectEnter
RTCritSectInit
RTUuidCompare
RTErrInfoSetF
RTUtf16ToUtf8ExTag
RTEnvGetEx
RTDirCreateFullPath
RTPathAbs
RTSemEventSignal
RTDirExists

api-ms-win-crt-runtime-l1-1-0

_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_cexit
_initialize_onexit_table
_register_onexit_function
_initterm
_initterm_e
_invalid_parameter_noinfo_noreturn
_crt_atexit
_execute_onexit_table

api-ms-win-crt-heap-l1-1-0

malloc
_callnewh
free

kernel32

RtlLookupFunctionEntry
RtlVirtualUnwind
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlCaptureContext
IsProcessorFeaturePresent
InitializeSListHead
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentThreadId
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentProcessId

advapi32

RegOpenKeyExW
RegQueryValueExW
RegCloseKey

ole32

StringFromIID
CoTaskMemFree
CoCreateFreeThreadedMarshaler

oleaut32

SysReAllocStringLen
SysAllocStringLen
SafeArrayGetVartype
GetErrorInfo
LoadRegTypeLi
SysAllocString
SafeArrayCreate
SafeArrayDestroy
SafeArrayRedim
SafeArrayAccessData
SafeArrayUnaccessData
SetErrorInfo
SysFreeString
SysStringLen
SysAllocStringByteLen
SafeArrayCreateEx

Exports

Exports

VBoxExtPackRegister

Sections

.text
Size: 769KB - Virtual size: 768KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 260KB - Virtual size: 259KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 22KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win.amd64/VBoxPuelMainVM.dll
.dll windows:6 windows x64 arch:x64

b1151b4fb8e2fdc32b411bd96391eb59

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09-03-2023 00:00

Not After

11-03-2025 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

9e:21:74:e2:f7:36:65:f9:ca:c8:a7:84:a2:97:83:b7:a8:87:a2:df:f7:d2:8e:c6:23:52:68:bb:65:71:86:54
Signer

Actual PE Digest

9e:21:74:e2:f7:36:65:f9:ca:c8:a7:84:a2:97:83:b7:a8:87:a2:df:f7:d2:8e:c6:23:52:68:bb:65:71:86:54

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\extpacks-7.0\out\win.amd64\release\obj\VBoxPuelMainVM\VBoxPuelMainVM.pdb

Imports

vboxrt

RTLdrIsLoadable
RTLogLoggerEx
RTLogRelGetDefaultInstanceEx
RTErrInfoSetF
RTStrPrintf
RTPathStripFilename

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_seh_filter_dll
_initterm_e
_initterm
_execute_onexit_table
_cexit
_configure_narrow_argv

kernel32

RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
UnhandledExceptionFilter

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memset

Exports

Exports

VBoxExtPackVMRegister

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 512B - Virtual size: 504B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1024B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 44B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win.amd64/VBoxUsbCardReaderR3.dll
.dll windows:6 windows x64 arch:x64

bd1e4a4f38e882d6b69ffcf3ae02c386

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09-03-2023 00:00

Not After

11-03-2025 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

36:87:13:d7:de:f4:72:10:a3:01:d7:0e:10:0e:71:7d:40:6f:7b:61:99:d5:14:8a:5b:64:7d:9a:53:70:4d:a2
Signer

Actual PE Digest

36:87:13:d7:de:f4:72:10:a3:01:d7:0e:10:0e:71:7d:40:6f:7b:61:99:d5:14:8a:5b:64:7d:9a:53:70:4d:a2

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\extpacks-7.0\out\win.amd64\release\obj\VBoxUsbCardReaderR3\VBoxUsbCardReaderR3.pdb

Imports

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memcpy
memcmp
memset

vboxrt

RTSemEventDestroy
RTSemEventSignal
RTMemFree
RTStrDupTag
RTUuidCompare2Strs
RTStrFormat
RTStrFormatTypeRegister
RTMemReallocTag
RTMemAllocZTag
RTMemAllocTag
RTLogLoggerEx
RTSemEventCreate
RTLogRelGetDefaultInstanceEx
RTTimeMilliTS
RTCritSectDelete
RTCritSectLeave
RTCritSectEnter
RTCritSectInit
RTThreadSleep
RTSemEventWait

api-ms-win-crt-string-l1-1-0

strcmp

api-ms-win-crt-runtime-l1-1-0

_initialize_narrow_environment
_cexit
_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

kernel32

DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
RtlLookupFunctionEntry
IsProcessorFeaturePresent
RtlCaptureContext
InitializeSListHead
QueryPerformanceCounter
GetCurrentProcessId
RtlVirtualUnwind

Exports

Exports

VBoxUsbRegister

Sections

.text
Size: 34KB - Virtual size: 33KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win.amd64/VBoxUsbWebcamR3.dll
.dll windows:6 windows x64 arch:x64

7147c881398313aa6abe0166f7a1d481

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09-03-2023 00:00

Not After

11-03-2025 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f7:48:cd:6f:33:2f:6a:f1:9c:b1:1e:49:60:c4:43:c7:1b:0d:d9:39:cd:d2:62:2e:dd:21:35:d0:11:f8:a8:6b
Signer

Actual PE Digest

f7:48:cd:6f:33:2f:6a:f1:9c:b1:1e:49:60:c4:43:c7:1b:0d:d9:39:cd:d2:62:2e:dd:21:35:d0:11:f8:a8:6b

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\extpacks-7.0\out\win.amd64\release\obj\VBoxUsbWebcamR3\VBoxUsbWebcamR3.pdb

Imports

vcruntime140

__std_exception_copy
__std_exception_destroy
_CxxThrowException
__std_type_info_destroy_list
__C_specific_handler
memmove
memset
memcpy
_purecall

vboxrt

RTReqQueueCallEx
RTReqRelease
RTSemEventCreate
RTSemEventDestroy
RTSemEventSignal
RTSemEventWait
RTTimerLRCreateEx
RTTimerLRDestroy
RTReqQueueCall
RTTimerLRStop
RTUuidCompare2Strs
RTUuidFromStr
RTCritSectInit
RTCritSectEnter
RTCritSectLeave
RTCritSectDelete
RTLogRelGetDefaultInstanceEx
RTLogLoggerEx
RTMemAllocZTag
RTMemReallocTag
RTStrCopy
RTStrCat
RTReqQueueProcess
RTReqQueueDestroy
RTReqQueueCreate
RTMemFree
RTMemDupTag
RTMemAllocTag
RTFileQuerySize
RTReqQueueCallVoid
RTFileRead
RTFileClose
RTFileOpen
RTTimeMilliTS
RTTimerLRStart

api-ms-win-crt-heap-l1-1-0

malloc
free
_callnewh

api-ms-win-crt-runtime-l1-1-0

_execute_onexit_table
_cexit
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_initialize_onexit_table

kernel32

TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
InitializeSListHead
IsDebuggerPresent
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
RtlCaptureContext
RtlLookupFunctionEntry
DisableThreadLibraryCalls

Exports

Exports

VBoxUsbRegister

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 1016B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 368B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win.amd64/VBoxVRDP.dll
.dll windows:6 windows x64 arch:x64

6353985de95d7b18ff9e1ecdd5cbb3e9

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09-03-2023 00:00

Not After

11-03-2025 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

98:fd:7e:d5:3d:70:b4:2b:55:28:ea:79:60:0d:1f:93:cc:af:23:c0:f1:e3:23:48:e1:46:94:75:70:45:c1:dc
Signer

Actual PE Digest

98:fd:7e:d5:3d:70:b4:2b:55:28:ea:79:60:0d:1f:93:cc:af:23:c0:f1:e3:23:48:e1:46:94:75:70:45:c1:dc

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\extpacks-7.0\out\win.amd64\release\obj\VBoxVRDP\VBoxVRDP.pdb

Imports

vcruntime140

__std_exception_destroy
__std_exception_copy
__C_specific_handler
memcpy
_CxxThrowException
__std_type_info_destroy_list
longjmp
memmove
__std_terminate
memset
memcmp
_purecall
__intrinsic_setjmp

vcruntime140_1

__CxxFrameHandler4

vboxrt

RTStrCopy
RTStrICmp
RTLogRelGetDefaultInstanceEx
RTLogLoggerEx
RTSemEventCreate
RTSemEventDestroy
RTSemEventSignal
RTSemEventMultiCreate
RTSemEventMultiDestroy
RTSemEventMultiSignal
RTStrFree
RTStrPrintf
RTStrToUInt32Full
RTTimeNanoTS
RTPathJoinA
RTBigNumInit
RTBigNumInitZero
RTBigNumDestroy
RTBigNumToBytesBigEndian
RTBigNumModExp
RTMd5
RTMd5Init
RTMd5Update
RTMd5Final
RTSha1Init
RTSha1Update
RTSha1Final
RTAsn1ObjId_CompareWithString
RTAsn1EncodePrepare
RTAsn1EncodeToBuffer
RTCrX509Certificate_Delete
RTCrX509Certificate_ReadFromFile
RTCrKeyCreateFromFile
RTCrKeyCreateNewRsa
RTCrKeyRelease
RTCrKeyGetType
RTCrKeyQueryRsaModulus
RTCrKeyQueryRsaPrivateExponent
RTCrRandBytes
RTCrRc4SetKey
RTCrRc4
RTThreadUserSignal
RTAssertMsg1Weak
RTAssertShouldPanic
RTStrCmp
RTUtf16Len
RTUtf16ToUtf8Tag
RTUtf16ToUtf8ExTag
RTThreadSleep
RTCritSectInitEx
RTCritSectEnter
RTCritSectLeave
RTCritSectDelete
RTEnvExist
RTTimeNow
RTTimeMilliTS
RTMemReallocTag
RTCrc64Start
RTCrc64Process
RTCrc64Finish
RTHeapSimpleInit
RTHeapSimpleAlloc
RTHeapSimpleFree
ASMBitFirstClear
RTSemEventMultiReset
RTSemEventMultiWait
RTCrSslCreate
RTCrSslRelease
RTCrSslSetCertificateFile
RTCrSslSetPrivateKeyFile
RTCrSslLoadTrustedRootCerts
RTCrSslSetNoPeerVerify
RTCrSslCreateSessionForNativeSocket
RTCrSslSessionRelease
RTCrSslSessionAccept
RTCrSslSessionGetVersion
RTThreadWait
RTCrSslSessionPending
RTCrSslSessionRead
RTCrSslSessionWrite
ASMAtomicXchgU8
RTSemEventWaitNoResume
RTUuidCreate
RTUuidToStr
RTThreadUserWaitNoResume
RTThreadUserReset
RTStrCalcUtf16LenEx
RTStrToUtf16ExTag
RTUtf16CalcUtf8LenEx
RTMemDupTag
RTCrc64
RTStrToInt64Full
RTUuidClear
RTThreadCreate
RTThreadSelf
RTMemAllocZTag
RTMemFree
RTMemAllocTag
RTThreadUserWait
g_RTAsn1DefaultAllocator
RTCrSslSessionGetCertIssuerNameAsString

api-ms-win-crt-stdio-l1-1-0

fclose
fwrite
fseek
fopen
__stdio_common_vfprintf
__stdio_common_vsscanf
__acrt_iob_func
__stdio_common_vsprintf

api-ms-win-crt-math-l1-1-0

sqrt

api-ms-win-crt-heap-l1-1-0

_callnewh
free
malloc

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_initialize_narrow_environment
_execute_onexit_table
_cexit
exit
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

api-ms-win-crt-environment-l1-1-0

getenv_s

kernel32

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
IsDebuggerPresent
InitializeSListHead
DisableThreadLibraryCalls
GetSystemTimeAsFileTime
GetCurrentThreadId

ws2_32

freeaddrinfo
getaddrinfo
WSAGetLastError
WSASetLastError
WSACleanup
WSAStartup
socket
shutdown
setsockopt
send
select
recv
listen
getsockopt
ioctlsocket
closesocket
bind
accept
__WSAFDIsSet

Exports

Exports

VRDECreateServer
VRDESupportedProperties

Sections

.text
Size: 455KB - Virtual size: 454KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 286KB - Virtual size: 286KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 19KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 936B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win.amd64/VDPluginCrypt.dll
.dll windows:6 windows x64 arch:x64

ea57c0ce1f60ef1efa71b6ab696c280e

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29-04-2021 00:00

Not After

28-04-2036 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09-03-2023 00:00

Not After

11-03-2025 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14-07-2023 00:00

Not After

13-10-2034 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23-03-2022 00:00

Not After

22-03-2037 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01-08-2022 00:00

Not After

09-11-2031 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

90:3e:52:ba:95:68:af:f2:83:22:4c:c0:6d:4a:51:7b:58:0b:f7:08:b1:b7:91:f6:7f:f5:c4:7f:ef:ca:a0:7c
Signer

Actual PE Digest

90:3e:52:ba:95:68:af:f2:83:22:4c:c0:6d:4a:51:7b:58:0b:f7:08:b1:b7:91:f6:7f:f5:c4:7f:ef:ca:a0:7c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\extpacks-7.0\out\win.amd64\release\obj\VDPluginCrypt\VDPluginCrypt.pdb

Imports

vcruntime140

__std_type_info_destroy_list
__C_specific_handler
memset
memcmp
memcpy

vboxrt

RTCrCipherEncrypt
RTCrCipherDecrypt
RTCrRandBytes
RTBase64Decode
RTCrCipherOpenByType
RTBase64Encode
RTStrDupNTag
RTStrCopy
RTMemTmpAllocZTag
RTMemTmpFree
RTTimeMilliTS
RTCrDigestTypeToHashSize
RTCrPkcs5Pbkdf2Hmac
RTMemSaferFree
RTMemSaferAllocZTag
RTMemSaferAllocZExTag
RTLogLoggerEx
RTCrCipherRelease
RTLogRelGetDefaultInstanceEx
RTMemWipeThoroughly
RTMemFree
RTMemAllocZTag
RTMemAllocTag
RTStrToUInt64Full
RTStrCmp
RTStrFree
RTBase64EncodedLength

api-ms-win-crt-string-l1-1-0

strncmp

api-ms-win-crt-runtime-l1-1-0

_initialize_onexit_table
_cexit
_execute_onexit_table
_initterm_e
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm

kernel32

GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
DisableThreadLibraryCalls
InitializeSListHead
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
RtlCaptureContext
RtlLookupFunctionEntry
QueryPerformanceCounter

Exports

Exports

VDPluginLoad

Sections

.text
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1024B - Virtual size: 976B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 76B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
win.amd64/vboxextpackpuel.cat

Sharing

General

Malware Config

Signatures

Files

270bd663ee39ee9234e754958d09abac

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

79:8e:46:74:a1:2b:43:d1:f5:ba:0a:44:76:fd:3e:e9:e1:5e:6c:6c:e6:de:f4:df:45:03:2e:b5:71:2c:36:a1Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vcruntime140

vcruntime140_1

vboxrt

api-ms-win-crt-string-l1-1-0

api-ms-win-crt-heap-l1-1-0

api-ms-win-crt-runtime-l1-1-0

api-ms-win-crt-stdio-l1-1-0

api-ms-win-crt-environment-l1-1-0

kernel32

user32

ole32

oleaut32

Exports

Exports

Sections

.text Size: 233KB - Virtual size: 232KB

.rdata Size: 253KB - Virtual size: 253KB

.data Size: 512B - Virtual size: 1KB

.pdata Size: 5KB - Virtual size: 4KB

.rsrc Size: 1024B - Virtual size: 1024B

.reloc Size: 512B - Virtual size: 372B

6a756423db02f0014d7ac747a93259b6

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

vmmr0.r0

Exports

Exports

Sections

.text Size: 3KB - Virtual size: 3KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 512B - Virtual size: 64B

.pdata Size: 512B - Virtual size: 192B

.edata Size: 512B - Virtual size: 131B

INIT Size: 512B - Virtual size: 326B

.rsrc Size: 1024B - Virtual size: 1008B

.reloc Size: 512B - Virtual size: 120B

068dd613766dbaf64e0a91026aca1866

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

79:8e:46:74:a1:2b:43:d1:f5:ba:0a:44:76:fd:3e:e9:e1:5e:6c:6c:e6:de:f4:df:45:03:2e:b5:71:2c:36:a1
Signer

.text
Size: 233KB - Virtual size: 232KB

.rdata
Size: 253KB - Virtual size: 253KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 1024B - Virtual size: 1024B

.reloc
Size: 512B - Virtual size: 372B

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 512B - Virtual size: 64B

.pdata
Size: 512B - Virtual size: 192B

.edata
Size: 512B - Virtual size: 131B

INIT
Size: 512B - Virtual size: 326B

.rsrc
Size: 1024B - Virtual size: 1008B

.reloc
Size: 512B - Virtual size: 120B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

10:e1:44:fd:6d:48:6b:10:26:bc:88:ec:cd:2e:5c:e5:8a:68:d0:d7:32:76:b8:16:d8:29:51:60:87:17:f9:d3
Signer

.text
Size: 35KB - Virtual size: 34KB

.rdata
Size: 16KB - Virtual size: 15KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 2KB - Virtual size: 1KB

.rsrc
Size: 1024B - Virtual size: 1000B

.reloc
Size: 512B - Virtual size: 204B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

72:34:f6:3b:b9:1a:44:c4:b9:34:78:d7:38:62:bb:25:18:14:7c:62:a3:9c:10:39:18:b2:c7:32:c2:46:ad:de
Signer

.text
Size: 16KB - Virtual size: 16KB

.rdata
Size: 8KB - Virtual size: 7KB

.data
Size: 512B - Virtual size: 1KB

.pdata
Size: 1KB - Virtual size: 1KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 124B

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate