w:\p4\sprt\project\rang\v70\output\Release\Win32\saslib.pdb
Overview
overview
10Static
static
106ee09985aa...0N.exe
windows7-x64
106ee09985aa...0N.exe
windows10-2004-x64
10$0.dll
windows7-x64
3$0.dll
windows10-2004-x64
3$2.exe
windows7-x64
3$2.exe
windows10-2004-x64
3$3.exe
windows7-x64
3$3.exe
windows10-2004-x64
3$COMMONFIL...st.exe
windows7-x64
3$COMMONFIL...st.exe
windows10-2004-x64
3$COMMONFIL...64.exe
windows7-x64
1$COMMONFIL...64.exe
windows10-2004-x64
1$COMMONFIL...dr.dll
windows7-x64
1$COMMONFIL...dr.dll
windows10-2004-x64
1$COMMONFIL...dr.sys
windows7-x64
1$COMMONFIL...dr.sys
windows10-2004-x64
1$COMMONFIL...dr.dll
windows7-x64
3$COMMONFIL...dr.dll
windows10-2004-x64
3$COMMONFIL...dr.sys
windows7-x64
1$COMMONFIL...dr.sys
windows10-2004-x64
1$PLUGINSDI...em.dll
windows7-x64
3$PLUGINSDI...em.dll
windows10-2004-x64
3ssranghk.dll
windows7-x64
3ssranghk.dll
windows10-2004-x64
3Behavioral task
behavioral1
Sample
6ee09985aad01926c5ec335e48c36950N.exe
Resource
win7-20240704-en
windows7-x64
17 signatures
120 seconds
Behavioral task
behavioral2
Sample
6ee09985aad01926c5ec335e48c36950N.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
18 signatures
120 seconds
Behavioral task
behavioral3
Sample
$0.dll
Resource
win7-20240708-en
windows7-x64
2 signatures
120 seconds
Behavioral task
behavioral4
Sample
$0.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
2 signatures
120 seconds
Behavioral task
behavioral5
Sample
$2.exe
Resource
win7-20240705-en
windows7-x64
1 signatures
120 seconds
Behavioral task
behavioral6
Sample
$2.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
1 signatures
120 seconds
Behavioral task
behavioral7
Sample
$3.exe
Resource
win7-20240704-en
windows7-x64
2 signatures
120 seconds
Behavioral task
behavioral8
Sample
$3.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
2 signatures
120 seconds
Behavioral task
behavioral9
Sample
$COMMONFILES/supportdotcom/rang/driverinst.exe
Resource
win7-20240704-en
windows7-x64
1 signatures
120 seconds
Behavioral task
behavioral10
Sample
$COMMONFILES/supportdotcom/rang/driverinst.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
1 signatures
120 seconds
Behavioral task
behavioral11
Sample
$COMMONFILES/supportdotcom/rang/driverinst64.exe
Resource
win7-20240708-en
windows7-x64
0 signatures
120 seconds
Behavioral task
behavioral12
Sample
$COMMONFILES/supportdotcom/rang/driverinst64.exe
Resource
win10v2004-20240709-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral13
Sample
$COMMONFILES/supportdotcom/rang/nt_amd64/ssmirrdr.dll
Resource
win7-20240708-en
windows7-x64
0 signatures
120 seconds
Behavioral task
behavioral14
Sample
$COMMONFILES/supportdotcom/rang/nt_amd64/ssmirrdr.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral15
Sample
$COMMONFILES/supportdotcom/rang/nt_amd64/ssmirrdr.sys
Resource
win7-20240705-en
windows7-x64
0 signatures
120 seconds
Behavioral task
behavioral16
Sample
$COMMONFILES/supportdotcom/rang/nt_amd64/ssmirrdr.sys
Resource
win10v2004-20240709-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral17
Sample
$COMMONFILES/supportdotcom/rang/nt_x86/ssmirrdr.dll
Resource
win7-20240704-en
windows7-x64
2 signatures
120 seconds
Behavioral task
behavioral18
Sample
$COMMONFILES/supportdotcom/rang/nt_x86/ssmirrdr.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
2 signatures
120 seconds
Behavioral task
behavioral19
Sample
$COMMONFILES/supportdotcom/rang/nt_x86/ssmirrdr.sys
Resource
win7-20240704-en
windows7-x64
0 signatures
120 seconds
Behavioral task
behavioral20
Sample
$COMMONFILES/supportdotcom/rang/nt_x86/ssmirrdr.sys
Resource
win10v2004-20240709-en
windows10-2004-x64
0 signatures
120 seconds
Behavioral task
behavioral21
Sample
$PLUGINSDIR/System.dll
Resource
win7-20240708-en
windows7-x64
3 signatures
120 seconds
Behavioral task
behavioral22
Sample
$PLUGINSDIR/System.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
3 signatures
120 seconds
Behavioral task
behavioral23
Sample
ssranghk.dll
Resource
win7-20240704-en
windows7-x64
2 signatures
120 seconds
Behavioral task
behavioral24
Sample
ssranghk.dll
Resource
win10v2004-20240709-en
windows10-2004-x64
2 signatures
120 seconds
General
-
Target
6ee09985aad01926c5ec335e48c36950N.exe
-
Size
1.9MB
-
MD5
6ee09985aad01926c5ec335e48c36950
-
SHA1
e21abc81cb0516782168eda2bc1706f7bf1a3614
-
SHA256
49a7d26eb8022c5edc59707b013f38d41ba8838f987e676f6385c3d46c7ab998
-
SHA512
dafa5a6b7a4408f2e3d9b920ce4e03e45638ca767cb9dd585d7417bb6ce11b092287f08c7b97e9f8c9d2af7cdb6585dcb3c2bec36afdc22c460a5f0299e36a1a
-
SSDEEP
49152:Q8t9VWdeTu1rsEJHCPwVmb8AKe3kAIugoiau0zZEjafp:Q8qeTUsRP+AKSZzJR
Score
10/10
Malware Config
Signatures
-
Detects Strela Stealer payload 1 IoCs
resource yara_rule static1/unpack001/$2 family_strela -
Strela family
-
Unsigned PE 4 IoCs
Checks for missing Authenticode signature.
resource 6ee09985aad01926c5ec335e48c36950N.exe unpack001/$0 unpack001/$PLUGINSDIR/System.dll unpack001/ssranghk.dll -
NSIS installer 2 IoCs
resource yara_rule sample nsis_installer_1 sample nsis_installer_2
Files
-
6ee09985aad01926c5ec335e48c36950N.exe.exe windows:4 windows x86 arch:x86
7fa974366048f9c551ef45714595665e
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
Imports
kernel32
CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
GetWindowsDirectoryA
SetFileTime
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
CreateFileA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetTempPathA
user32
EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow
gdi32
SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject
shell32
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation
advapi32
RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA
comctl32
ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create
ole32
CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance
version
GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA
Sections
.text Size: 22KB - Virtual size: 22KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 1024B - Virtual size: 107KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.ndata Size: - Virtual size: 36KB
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 6KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$0.dll windows:5 windows x86 arch:x86
54a1203b834a3658d206b4bfdb68eb75
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
Imports
kernel32
GetCurrentThreadId
DecodePointer
GetCommandLineA
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
GetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
FreeLibrary
LoadLibraryW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
TerminateProcess
GetCurrentProcess
WriteFile
GetModuleFileNameW
RtlUnwind
LCMapStringW
MultiByteToWideChar
GetStringTypeW
HeapSize
IsProcessorFeaturePresent
LoadLibraryA
GetProcessHeap
FlushFileBuffers
CloseHandle
CreateFileW
WriteConsoleW
SetStdHandle
GetConsoleMode
GetConsoleCP
SetFilePointer
rpcrt4
RpcStringBindingComposeW
RpcBindingFromStringBindingW
RpcBindingSetAuthInfoExW
RpcStringFreeW
RpcBindingFree
I_RpcExceptionFilter
NdrClientCall2
Exports
Exports
SimulateSAS
Sections
.text Size: 29KB - Virtual size: 28KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 10KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 10KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$2.exe windows:5 windows x86 arch:x86
f3d825e2432d022e9373693a98004b28
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-11-2006 00:00Not After16-07-2036 23:59SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
50:79:2d:13:1d:6f:0f:90:32:15:c1:cc:23:26:a5:0cCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before08-07-2013 00:00Not After06-08-2016 23:59SubjectCN=Support.com\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Support.com\, Inc.,L=Redwood City,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-02-2010 00:00Not After07-02-2020 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
w:\p4\sprt\project\rang\v70\output\Release\Win32\ssrangsv.pdb
Imports
ws2_32
htonl
WSAConnect
WSACloseEvent
inet_ntoa
inet_addr
WSASetEvent
gethostname
ioctlsocket
listen
accept
recvfrom
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent
WSACleanup
WSAStartup
WSASetLastError
__WSAFDIsSet
WSAGetLastError
select
recv
send
WSAIoctl
setsockopt
getsockname
ntohs
bind
htons
getsockopt
getpeername
closesocket
socket
connect
sendto
getaddrinfo
freeaddrinfo
shutdown
gethostbyname
version
GetFileVersionInfoSizeW
VerQueryValueW
GetFileVersionInfoW
iphlpapi
GetBestRoute
shell32
DoEnvironmentSubstA
SHGetFolderPathW
rpcrt4
UuidFromStringA
RpcStringFreeA
UuidToStringA
powrprof
ReadGlobalPwrPolicy
ReadPwrScheme
SetActivePwrScheme
GetActivePwrScheme
psapi
GetModuleFileNameExW
EnumProcesses
GetProcessImageFileNameW
netapi32
NetUserEnum
NetApiBufferFree
winhttp
WinHttpGetDefaultProxyConfiguration
kernel32
OpenEventW
ExitProcess
GetCommandLineW
CreateMutexW
lstrlenW
SetCurrentDirectoryW
SetSystemTime
ReleaseMutex
GetTickCount
FreeLibrary
ExpandEnvironmentStringsA
LoadLibraryA
LocalFree
FormatMessageA
TlsGetValue
TlsSetValue
TlsAlloc
TlsFree
GetThreadTimes
ResumeThread
GetSystemTimeAsFileTime
InterlockedDecrement
SetFilePointerEx
GetFileAttributesExW
OutputDebugStringA
CreateFileA
GetFileSizeEx
SetLastError
SleepEx
VerifyVersionInfoA
VerSetConditionMask
PeekNamedPipe
GetFileType
GetStdHandle
FindNextFileA
SetHandleInformation
MoveFileW
FlushFileBuffers
WritePrivateProfileStringW
GetFileAttributesW
FormatMessageW
GetCurrentThread
OutputDebugStringW
CreateDirectoryW
FreeConsole
SetUnhandledExceptionFilter
VirtualQuery
SetFilePointer
GetFileSize
GetDateFormatW
FileTimeToLocalFileTime
FindClose
GlobalFree
FindFirstFileA
CreateFileW
WriteFile
FileTimeToDosDateTime
Sleep
DeleteCriticalSection
EnterCriticalSection
LeaveCriticalSection
InitializeCriticalSection
CreateThread
GetLocalTime
WaitForMultipleObjects
TerminateProcess
WaitForSingleObjectEx
SetEvent
WaitForSingleObject
GetSystemTime
CloseHandle
CreateEventW
ResetEvent
GetProcAddress
GetLastError
MultiByteToWideChar
LoadLibraryW
OpenProcess
SystemTimeToFileTime
GetModuleFileNameW
WideCharToMultiByte
GetModuleHandleW
CancelIo
ReadConsoleInputA
GetVersionExW
CopyFileW
CreateProcessW
ExpandEnvironmentStringsW
LocalAlloc
DuplicateHandle
GetCurrentProcess
SetFileAttributesW
GetPrivateProfileStringW
GetEnvironmentVariableW
LockResource
GetCurrentDirectoryW
LoadResource
FindResourceW
FreeResource
DeleteFileW
FindNextFileW
GetTempPathW
ReadFile
FileTimeToSystemTime
FindFirstFileW
GetCurrentProcessId
GetExitCodeProcess
SetProcessShutdownParameters
GlobalLock
GlobalAlloc
GlobalUnlock
GetComputerNameW
SizeofResource
CreateEventA
GetOverlappedResult
WaitNamedPipeA
SetNamedPipeHandleState
ConnectNamedPipe
DisconnectNamedPipe
CreateNamedPipeA
Process32First
Thread32First
Thread32Next
Module32First
Process32Next
CreateToolhelp32Snapshot
Module32Next
SuspendThread
CreateDirectoryA
GetCurrentDirectoryA
InterlockedIncrement
InterlockedCompareExchange
InterlockedExchange
EncodePointer
DecodePointer
GetLocaleInfoW
GetStringTypeW
HeapFree
HeapAlloc
GetCPInfo
GetTimeFormatA
GetDateFormatA
GetTimeZoneInformation
HeapSetInformation
GetStartupInfoW
RaiseException
MoveFileA
DeleteFileA
HeapReAlloc
ExitThread
GetFileInformationByHandle
GetDriveTypeA
FindFirstFileExA
RtlUnwind
LCMapStringW
CompareStringW
UnhandledExceptionFilter
IsDebuggerPresent
IsProcessorFeaturePresent
InitializeCriticalSectionAndSpinCount
HeapSize
HeapCreate
GetACP
GetOEMCP
IsValidCodePage
GetConsoleCP
GetConsoleMode
SetHandleCount
SetConsoleCtrlHandler
GetFileAttributesA
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
SetStdHandle
GetFullPathNameA
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
WriteConsoleW
CreateProcessA
SetEnvironmentVariableA
GetDriveTypeW
SetEndOfFile
GetProcessHeap
lstrlenA
GetModuleHandleA
GetVersion
GlobalMemoryStatus
GetVersionExA
FlushConsoleInputBuffer
GetCurrentThreadId
IsBadWritePtr
SetConsoleMode
GetTimeFormatW
user32
GetWindowRect
ClientToScreen
GetCursorPos
SetClipboardData
OpenClipboard
EmptyClipboard
GetClipboardData
CloseClipboard
GetIconInfo
CopyImage
DrawIconEx
mouse_event
GetWindow
AdjustWindowRect
ShowWindow
SetWindowPos
SetRect
FillRect
SetTimer
EnumWindows
SetClipboardViewer
ChangeClipboardChain
PostThreadMessageA
DispatchMessageA
PeekMessageA
GetUserObjectInformationW
GetDesktopWindow
MessageBoxA
EnumDesktopsW
CloseDesktop
GetClassNameW
WaitForInputIdle
GetClipboardOwner
LoadCursorW
GetClientRect
IsWindowVisible
IsRectEmpty
ToAsciiEx
VkKeyScanExW
VkKeyScanExA
GetKeyboardLayout
GetAsyncKeyState
SendMessageTimeoutW
GetKeyboardLayoutList
DefWindowProcW
keybd_event
MapVirtualKeyW
GetThreadDesktop
OpenInputDesktop
SetThreadDesktop
GetDC
ReleaseDC
PostMessageW
EnumDisplaySettingsA
SystemParametersInfoW
FindWindowW
DestroyWindow
UnregisterClassW
GetWindowLongW
SetWindowLongW
CreateWindowExW
RegisterClassW
wsprintfW
SendMessageW
GetMessageW
RegisterClipboardFormatW
IsIconic
EnumDesktopWindows
GetProcessWindowStation
OpenDesktopW
CharNextW
CharPrevW
TranslateMessage
GetSystemMetrics
LoadStringA
LoadStringW
MessageBoxW
wvsprintfW
GetWindowThreadProcessId
PeekMessageW
GetWindowTextW
GetForegroundWindow
ExitWindowsEx
DispatchMessageW
IsWindow
PostThreadMessageW
MsgWaitForMultipleObjects
advapi32
GetAclInformation
MakeSelfRelativeSD
SetSecurityDescriptorOwner
SetSecurityDescriptorGroup
IsValidSecurityDescriptor
RegCreateKeyExW
RegQueryValueExW
ReportEventW
GetSecurityDescriptorLength
AccessCheck
OpenThreadToken
RegisterEventSourceW
RegQueryInfoKeyW
RegDeleteKeyW
LogonUserA
CryptGenRandom
CryptAcquireContextA
RegDeleteValueW
RegEnumValueW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegCloseKey
RegSetValueExW
CreateProcessAsUserW
GetLengthSid
GetUserNameW
ImpersonateLoggedOnUser
RevertToSelf
CreateServiceW
CloseServiceHandle
DeleteService
StartServiceCtrlDispatcherW
EqualSid
StartServiceW
QueryServiceStatus
SetServiceStatus
RegisterServiceCtrlHandlerW
CopySid
LookupAccountSidW
AllocateAndInitializeSid
IsValidSid
FreeSid
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
InitializeAcl
AddAccessAllowedAce
LookupPrivilegeValueA
AdjustTokenPrivileges
LookupPrivilegeValueW
SetTokenInformation
ControlService
OpenServiceW
OpenSCManagerW
DuplicateTokenEx
GetTokenInformation
OpenProcessToken
LogonUserW
CryptGetHashParam
CryptAcquireContextW
CryptReleaseContext
CryptCreateHash
CryptDestroyHash
CryptHashData
DeregisterEventSource
ReportEventA
RegisterEventSourceA
ole32
CoMarshalInterThreadInterfaceInStream
OleSetClipboard
CoTaskMemAlloc
ReleaseStgMedium
CLSIDFromProgID
CoInitializeEx
CoUninitialize
CoCreateGuid
CoCreateInstance
CoInitializeSecurity
CoInitialize
OleInitialize
OleUninitialize
OleGetClipboard
CoSetProxyBlanket
CoGetInterfaceAndReleaseStream
oleaut32
SysAllocString
VariantInit
SysAllocStringLen
SysFreeString
VariantClear
VariantChangeType
VariantCopy
userenv
DestroyEnvironmentBlock
CreateEnvironmentBlock
gdi32
GetDeviceCaps
BitBlt
GetBitmapBits
GetStockObject
SetDIBColorTable
CreateDIBSection
DeleteDC
GdiFlush
CreateCompatibleBitmap
CreateCompatibleDC
GetDIBits
CreateDCW
GetClipBox
GetSystemPaletteEntries
DeleteObject
GetObjectW
SelectObject
ExtEscape
Sections
.text Size: 1.6MB - Virtual size: 1.6MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 545KB - Virtual size: 545KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 65KB - Virtual size: 86KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 7KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$3.exe windows:5 windows x86 arch:x86
a9fde5b82d6295006ba4a2831b5cad4a
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-11-2006 00:00Not After16-07-2036 23:59SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
50:79:2d:13:1d:6f:0f:90:32:15:c1:cc:23:26:a5:0cCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before08-07-2013 00:00Not After06-08-2016 23:59SubjectCN=Support.com\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Support.com\, Inc.,L=Redwood City,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-02-2010 00:00Not After07-02-2020 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
w:\p4\sprt\project\rang\v70\output\Release\Win32\ssrangui.pdb
Imports
netapi32
NetUserEnum
NetApiBufferFree
psapi
GetProcessImageFileNameW
EnumProcesses
kernel32
InitializeCriticalSection
CreateProcessW
WaitForSingleObject
GetTickCount
FileTimeToSystemTime
FindFirstFileW
GetLogicalDriveStringsW
TerminateThread
FindClose
OpenThread
GetPrivateProfileStringW
CreateFileW
WritePrivateProfileStringW
GetExitCodeProcess
TerminateProcess
Process32FirstW
Process32NextW
CreateToolhelp32Snapshot
EnterCriticalSection
GetDriveTypeW
GetCurrentDirectoryW
GetFullPathNameA
SetConsoleMode
ReadConsoleInputA
FindFirstFileExA
GetDriveTypeA
GetFileInformationByHandle
FileTimeToLocalFileTime
ExitThread
CreateNamedPipeA
DisconnectNamedPipe
ConnectNamedPipe
SetNamedPipeHandleState
WaitNamedPipeA
GetOverlappedResult
CreateEventA
FlushConsoleInputBuffer
GetVersionExA
GlobalMemoryStatus
GetVersion
GetModuleHandleA
ExpandEnvironmentStringsA
LoadLibraryA
Sleep
VerSetConditionMask
VerifyVersionInfoA
SleepEx
GetProcAddress
SetLastError
RaiseException
FlushInstructionCache
GlobalUnlock
lstrlenW
MultiByteToWideChar
lstrcmpW
MulDiv
LeaveCriticalSection
SizeofResource
InitializeCriticalSectionAndSpinCount
GlobalAlloc
SetEvent
OpenProcess
ExpandEnvironmentStringsW
WriteFile
LocalFree
lstrlenA
GetFileAttributesExW
SetFilePointerEx
InterlockedPopEntrySList
VirtualAlloc
VirtualFree
InterlockedPushEntrySList
InterlockedCompareExchange
SetEnvironmentVariableA
CompareStringW
GetProcessHeap
WriteConsoleW
GetTimeZoneInformation
SetFilePointer
SetStdHandle
SetConsoleCtrlHandler
GetStringTypeW
FlushFileBuffers
GetConsoleMode
GetConsoleCP
QueryPerformanceCounter
GetFileType
SetHandleCount
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetModuleFileNameA
IsValidCodePage
GetOEMCP
GetACP
HeapReAlloc
SetEndOfFile
CreateFileA
GetCurrentProcessId
ReleaseMutex
OpenMutexW
OutputDebugStringW
CreateDirectoryW
CreateMutexW
GetCommandLineW
ExitProcess
GetCurrentThread
CloseHandle
GetCurrentThreadId
DeleteCriticalSection
lstrcmpiW
CreateEventW
PeekNamedPipe
ResetEvent
GlobalLock
GetCurrentProcess
InterlockedDecrement
InterlockedIncrement
LoadLibraryExW
LoadResource
FreeLibrary
FindResourceW
GlobalAddAtomW
GetLastError
GetModuleFileNameW
WideCharToMultiByte
GetModuleHandleW
FormatMessageA
HeapCreate
GetStdHandle
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCPInfo
LCMapStringW
RtlUnwind
DeleteFileA
MoveFileA
TlsGetValue
GetStartupInfoW
HeapSetInformation
GetCommandLineA
HeapAlloc
HeapFree
DecodePointer
EncodePointer
GetFileSizeEx
ReadFile
OutputDebugStringA
GetSystemTimeAsFileTime
LoadLibraryW
WaitForMultipleObjects
CreateThread
ResumeThread
TlsFree
GetThreadTimes
TlsAlloc
TlsSetValue
SetHandleInformation
user32
MoveWindow
GetWindowThreadProcessId
DefWindowProcW
RegisterHotKey
SetWindowTextW
GetDlgCtrlID
ShowWindow
SendMessageW
SetDlgItemTextW
RegisterClassW
PostThreadMessageW
CreateWindowExW
PostThreadMessageA
DispatchMessageA
PeekMessageA
WaitForInputIdle
IsDialogMessageW
GetActiveWindow
SendDlgItemMessageW
IsDlgButtonChecked
GetDlgItemTextW
EnableWindow
EndPaint
GetWindowTextLengthW
DestroyAcceleratorTable
MessageBoxW
ScreenToClient
CharNextW
RegisterWindowMessageW
IsChild
SetCapture
MsgWaitForMultipleObjects
GetFocus
GetParent
InvalidateRgn
CreateAcceleratorTableW
DrawEdge
ModifyMenuW
BeginPaint
GetClassInfoExW
GetDC
TranslateMessage
RegisterClassExW
BringWindowToTop
GetWindowLongW
GetWindowTextW
PeekMessageW
GetClassNameW
ReleaseDC
SetWindowLongW
UnregisterClassA
GetUserObjectInformationW
GetProcessWindowStation
MessageBoxA
RedrawWindow
GetDesktopWindow
GetSysColor
IsWindow
ReleaseCapture
GetSystemMetrics
IsWindowVisible
CallWindowProcW
GetWindow
DispatchMessageW
ClientToScreen
KillTimer
SetTimer
GetWindowRect
SetActiveWindow
PostQuitMessage
TrackPopupMenu
CreateDialogParamW
PostMessageW
FillRect
GetSystemMenu
DestroyWindow
LoadBitmapW
LoadStringW
SetWindowPos
GetDlgItem
SystemParametersInfoW
AppendMenuW
InvalidateRect
LoadIconW
GetForegroundWindow
wsprintfW
SetFocus
CreateMenu
GetClientRect
LoadCursorW
AttachThreadInput
SetForegroundWindow
DrawIconEx
GetSubMenu
GetWindowDC
gdi32
DeleteObject
CreateCompatibleBitmap
CreateSolidBrush
BitBlt
GetTextExtentPoint32W
SetTextColor
DeleteDC
CreateFontIndirectW
StretchBlt
SetBkMode
SelectObject
CreateCompatibleDC
GetObjectW
GetClipBox
IntersectClipRect
GetStockObject
GetDeviceCaps
advapi32
EqualSid
RegisterEventSourceA
AddAccessAllowedAce
InitializeAcl
SetSecurityDescriptorDacl
LookupAccountSidW
RegQueryValueExW
GetTokenInformation
LogonUserW
OpenThreadToken
OpenProcessToken
RegSetValueExW
RegCloseKey
RegEnumKeyExW
RegOpenKeyExW
RegDeleteValueW
RegDeleteKeyW
RegQueryInfoKeyW
RegCreateKeyExW
GetLengthSid
CopySid
ReportEventA
AllocateAndInitializeSid
IsValidSid
FreeSid
DeregisterEventSource
InitializeSecurityDescriptor
shell32
ShellExecuteW
ShellExecuteExW
SHGetFolderPathW
ole32
OleUninitialize
CoMarshalInterThreadInterfaceInStream
CoTaskMemFree
CoGetInterfaceAndReleaseStream
CoGetClassObject
CoTaskMemAlloc
CoInitializeEx
GetRunningObjectTable
CreateBindCtx
CreateItemMoniker
OleInitialize
StringFromGUID2
CreateStreamOnHGlobal
CLSIDFromString
CLSIDFromProgID
CoTaskMemRealloc
CoUninitialize
OleLockRunning
CoCreateInstance
CoReleaseMarshalData
oleaut32
LoadRegTypeLi
SysStringByteLen
VarUI4FromStr
OleCreateFontIndirect
SysAllocStringLen
VariantInit
SysAllocStringByteLen
VariantCopy
LoadTypeLi
VariantClear
SysStringLen
SysAllocString
SysFreeString
comctl32
InitCommonControlsEx
ws2_32
recvfrom
accept
listen
ioctlsocket
gethostname
shutdown
sendto
getaddrinfo
freeaddrinfo
connect
socket
closesocket
getpeername
getsockopt
htons
bind
ntohs
getsockname
setsockopt
WSAIoctl
send
recv
select
WSAGetLastError
__WSAFDIsSet
WSASetLastError
WSAStartup
WSACleanup
WSASetEvent
WSACloseEvent
WSAEnumNetworkEvents
WSAEventSelect
WSACreateEvent
inet_addr
WSAConnect
inet_ntoa
htonl
gethostbyname
Sections
.text Size: 1.2MB - Virtual size: 1.2MB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 407KB - Virtual size: 407KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 48KB - Virtual size: 65KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 72KB - Virtual size: 71KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$COMMONFILES/supportdotcom/rang/driverinst.exe.exe windows:5 windows x86 arch:x86
96bcdb3992dedb6fee0000a67d8b862b
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-11-2006 00:00Not After16-07-2036 23:59SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
50:79:2d:13:1d:6f:0f:90:32:15:c1:cc:23:26:a5:0cCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before08-07-2013 00:00Not After06-08-2016 23:59SubjectCN=Support.com\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Support.com\, Inc.,L=Redwood City,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-02-2010 00:00Not After07-02-2020 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
w:\p4\sprt\project\rang\v70\output\Release\Win32\drvinst.pdb
Imports
setupapi
SetupDiEnumDriverInfoA
SetupDiGetClassDevsA
SetupDiCreateDeviceInfoA
SetupDiBuildDriverInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDriverInfoDetailA
SetupDiGetDeviceInstallParamsA
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoList
SetupDiCallClassInstaller
SetupDiDestroyDriverInfoList
SetupDiSetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
newdev
UpdateDriverForPlugAndPlayDevicesA
kernel32
WideCharToMultiByte
LocalFree
GetModuleFileNameA
LocalAlloc
lstrcmpiA
GetLastError
lstrlenA
GetCommandLineW
ExitProcess
user32
wsprintfA
advapi32
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
shell32
CommandLineToArgvW
Sections
.text Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 212B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$COMMONFILES/supportdotcom/rang/driverinst64.exe.exe windows:5 windows x64 arch:x64
96bcdb3992dedb6fee0000a67d8b862b
Code Sign
7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before21-12-2012 00:00Not After30-12-2020 23:59SubjectCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate
IssuerCN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=USNot Before18-10-2012 00:00Not After29-12-2020 23:59SubjectCN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
18:da:d1:9e:26:7d:e8:bb:4a:21:58:cd:cc:6b:3b:4aCertificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-11-2006 00:00Not After16-07-2036 23:59SubjectCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USKey Usages
KeyUsageCertSign
KeyUsageCRLSign
50:79:2d:13:1d:6f:0f:90:32:15:c1:cc:23:26:a5:0cCertificate
IssuerCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USNot Before08-07-2013 00:00Not After06-08-2016 23:59SubjectCN=Support.com\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=Support.com\, Inc.,L=Redwood City,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate
IssuerCN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=USNot Before08-02-2010 00:00Not After07-02-2020 23:59SubjectCN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE
File Characteristics
IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
w:\p4\sprt\project\rang\v70\output\Release\x64\drvinst.pdb
Imports
setupapi
SetupDiEnumDriverInfoA
SetupDiGetClassDevsA
SetupDiCreateDeviceInfoA
SetupDiBuildDriverInfoList
SetupDiGetDeviceRegistryPropertyA
SetupDiGetDriverInfoDetailA
SetupDiGetDeviceInstallParamsA
SetupDiEnumDeviceInfo
SetupDiCreateDeviceInfoList
SetupDiCallClassInstaller
SetupDiDestroyDriverInfoList
SetupDiSetDeviceRegistryPropertyA
SetupDiDestroyDeviceInfoList
newdev
UpdateDriverForPlugAndPlayDevicesA
kernel32
WideCharToMultiByte
LocalFree
GetModuleFileNameA
LocalAlloc
lstrcmpiA
GetLastError
lstrlenA
GetCommandLineW
ExitProcess
user32
wsprintfA
advapi32
RegCloseKey
RegQueryValueExA
RegSetValueExA
RegOpenKeyExA
RegDeleteValueA
RegCreateKeyExA
shell32
CommandLineToArgvW
Sections
.text Size: 3KB - Virtual size: 3KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 2KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 232B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 180B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
-
$COMMONFILES/supportdotcom/rang/nt_amd64/ssmirrdr.dll.dll windows:6 windows x64 arch:x64
9535822323dc9440ba9b40cf9f71dd74
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
49:32:98:ee:fe:01:b1:d6:b8:f3:9a:e0:a1:ed:1c:8fCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before02-07-2009 00:00Not After01-07-2010 23:59SubjectCN=support.com\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=support.com\, Inc.,L=Redwood City,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21-05-2009 00:00Not After20-05-2019 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL
PDB Paths
d:\sprt\project\rang\trunk\win\rang\ssmirrdr\ssmirrdr.dll\objfre_wlh_amd64\amd64\ssmirrdr.pdb
Imports
win32k.sys
EngDeleteSurface
EngAssociateSurface
EngCreateDeviceSurface
EngCreatePalette
EngDeleteSemaphore
EngDeletePalette
PATHOBJ_vGetBounds
EngCreateSemaphore
CLIPOBJ_cEnumStart
CLIPOBJ_bEnum
EngUnmapEvent
EngReleaseSemaphore
EngSetEvent
EngMapEvent
EngAcquireSemaphore
EngAllocMem
EngFreeMem
EngBugCheckEx
Sections
.text Size: 14KB - Virtual size: 14KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 5KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 1024B - Virtual size: 588B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 1024B - Virtual size: 548B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 150B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$COMMONFILES/supportdotcom/rang/nt_amd64/ssmirrdr.sys.sys windows:6 windows x64 arch:x64
8201f3349e7fca04a64640d8bac5a3a6
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
49:32:98:ee:fe:01:b1:d6:b8:f3:9a:e0:a1:ed:1c:8fCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before02-07-2009 00:00Not After01-07-2010 23:59SubjectCN=support.com\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=support.com\, Inc.,L=Redwood City,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21-05-2009 00:00Not After20-05-2019 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
PDB Paths
d:\sprt\project\rang\trunk\win\rang\ssmirrdr\ssmirrdr.sys\objfre_wlh_amd64\amd64\ssmirrdr.pdb
Imports
ntoskrnl.exe
KeBugCheckEx
videoprt.sys
VideoPortInitialize
VideoPortZeroMemory
Sections
.text Size: 512B - Virtual size: 352B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 228B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 272B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.pdata Size: 512B - Virtual size: 36B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
INIT Size: 512B - Virtual size: 320B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$COMMONFILES/supportdotcom/rang/nt_x86/ssmirrdr.dll.dll windows:6 windows x86 arch:x86
2c31acb0b376130ca2719a3f93993560
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
49:32:98:ee:fe:01:b1:d6:b8:f3:9a:e0:a1:ed:1c:8fCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before02-07-2009 00:00Not After01-07-2010 23:59SubjectCN=support.com\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=support.com\, Inc.,L=Redwood City,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21-05-2009 00:00Not After20-05-2019 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
d:\sprt\project\rang\trunk\win\rang\ssmirrdr\ssmirrdr.dll\objfre_wlh_x86\i386\ssmirrdr.pdb
Imports
win32k.sys
EngDeletePalette
PATHOBJ_vGetBounds
EngCreatePalette
EngCreateSemaphore
EngDeleteSemaphore
EngDeleteSurface
EngAssociateSurface
EngCreateDeviceSurface
CLIPOBJ_bEnum
CLIPOBJ_cEnumStart
EngAcquireSemaphore
EngReleaseSemaphore
EngUnmapEvent
EngMapEvent
EngSetEvent
EngAllocMem
EngFreeMem
EngBugCheckEx
Sections
.text Size: 13KB - Virtual size: 12KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 527B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 4KB - Virtual size: 4KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 472B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 428B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$COMMONFILES/supportdotcom/rang/nt_x86/ssmirrdr.sys.sys windows:6 windows x86 arch:x86
518167d6aeefde1975592d28cbae7110
Code Sign
38:25:d7:fa:f8:61:af:9e:f4:90:e7:26:b5:d6:5a:d5Certificate
IssuerCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USNot Before15-06-2007 00:00Not After14-06-2012 23:59SubjectCN=VeriSign Time Stamping Services Signer - G2,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageDigitalSignature
KeyUsageContentCommitment
47:bf:19:95:df:8d:52:46:43:f7:db:6d:48:0d:31:a4Certificate
IssuerCN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZANot Before04-12-2003 00:00Not After03-12-2013 23:59SubjectCN=VeriSign Time Stamping Services CA,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageTimeStamping
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
49:32:98:ee:fe:01:b1:d6:b8:f3:9a:e0:a1:ed:1c:8fCertificate
IssuerCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USNot Before02-07-2009 00:00Not After01-07-2010 23:59SubjectCN=support.com\, Inc.,OU=Digital ID Class 3 - Microsoft Software Validation v2,O=support.com\, Inc.,L=Redwood City,ST=California,C=USExtended Key Usages
ExtKeyUsageCodeSigning
Key Usages
KeyUsageDigitalSignature
65:52:26:e1:b2:2e:18:e1:59:0f:29:85:ac:22:e7:5cCertificate
IssuerOU=Class 3 Public Primary Certification Authority,O=VeriSign\, Inc.,C=USNot Before21-05-2009 00:00Not After20-05-2019 23:59SubjectCN=VeriSign Class 3 Code Signing 2009-2 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)09,O=VeriSign\, Inc.,C=USExtended Key Usages
ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning
Key Usages
KeyUsageCertSign
KeyUsageCRLSign
Signer
Actual PE DigestDigest AlgorithmPE Digest MatchesfalseHeaders
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NO_SEH
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
PDB Paths
d:\sprt\project\rang\trunk\win\rang\ssmirrdr\ssmirrdr.sys\objfre_wlh_x86\i386\ssmirrdr.pdb
Imports
ntoskrnl.exe
KeTickCount
videoprt.sys
VideoPortZeroMemory
VideoPortInitialize
Sections
.text Size: 512B - Virtual size: 188B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 512B - Virtual size: 175B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 8B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
INIT Size: 512B - Virtual size: 246B
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1024B - Virtual size: 1008B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
.reloc Size: 512B - Virtual size: 86B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$COMMONFILES/supportdotcom/rang/ssmirrdr-nt_amd64.cat
-
$COMMONFILES/supportdotcom/rang/ssmirrdr-nt_x86.cat
-
$COMMONFILES/supportdotcom/rang/ssmirrdr.inf
-
$PLUGINSDIR/System.dll.dll windows:4 windows x86 arch:x86
2017f2acbdaa42ab3e4adeb8b4c37e7b
Headers
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
Imports
kernel32
GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect
user32
wsprintfA
ole32
StringFromGUID2
CLSIDFromString
Exports
Exports
Alloc
Call
Copy
Free
Get
Int64Op
Store
Sections
.text Size: 7KB - Virtual size: 7KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 1024B - Virtual size: 784B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 512B - Virtual size: 100B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.reloc Size: 1024B - Virtual size: 520B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
$PROGRAMFILES/supportdotcom/rang/uninst.exe.nsis
-
ca-bundle.crt
-
ssranghk.dll.dll windows:5 windows x86 arch:x86
c2377f538bc52f5952f778901a3684bc
Headers
DLL Characteristics
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
File Characteristics
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL
PDB Paths
w:\p4\sprt\project\rang\v70\output\Release\Win32\ssranghk.pdb
Imports
kernel32
GetLastError
GetCurrentThreadId
GlobalAddAtomA
HeapSize
GetStringTypeW
MultiByteToWideChar
LCMapStringW
RtlUnwind
GetModuleFileNameW
WriteFile
LoadLibraryW
DecodePointer
GetCommandLineA
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
EncodePointer
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
InterlockedIncrement
GetModuleHandleW
SetLastError
InterlockedDecrement
GetProcAddress
HeapFree
Sleep
ExitProcess
SetHandleCount
GetStdHandle
InitializeCriticalSectionAndSpinCount
GetFileType
GetStartupInfoW
DeleteCriticalSection
GetModuleFileNameA
FreeEnvironmentStringsW
WideCharToMultiByte
GetEnvironmentStringsW
HeapCreate
HeapDestroy
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
GetSystemTimeAsFileTime
LeaveCriticalSection
EnterCriticalSection
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
HeapAlloc
HeapReAlloc
IsProcessorFeaturePresent
user32
RegisterWindowMessageA
SetWindowsHookExA
UnhookWindowsHookEx
CallNextHookEx
IsWindowVisible
GetWindowRect
GetPropA
SetPropA
GetCursor
PostThreadMessageA
Exports
Exports
WM_Hooks_CursorChanged
WM_Hooks_EnableCursorShape
WM_Hooks_EnableRealInputs
WM_Hooks_EnableRealInputs1
WM_Hooks_EnableSynthInputs
WM_Hooks_Install
WM_Hooks_RectangleChanged
WM_Hooks_Remove
WM_Hooks_WindowBorderChanged
WM_Hooks_WindowChanged
WM_Hooks_WindowClientAreaChanged
Sections
.text Size: 21KB - Virtual size: 20KB
IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
.rdata Size: 9KB - Virtual size: 9KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.data Size: 3KB - Virtual size: 6KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.WM_Hook Size: 512B - Virtual size: 47B
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
.rsrc Size: 1KB - Virtual size: 1KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
.reloc Size: 2KB - Virtual size: 2KB
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
-
support.ico