f8cddd2d8600e38fc9684aa470933915df4b57ba879e5383b604e90b475447ae

Sharing

Copy URL

Twitter E-mail

General

Target

f8cddd2d8600e38fc9684aa470933915df4b57ba879e5383b604e90b475447ae
Size

9.6MB
MD5

64058bbf343b0a29979b8124ddedcdb6
SHA1

574330813ed635f16b54e66a14d0308b9def46e9
SHA256

f8cddd2d8600e38fc9684aa470933915df4b57ba879e5383b604e90b475447ae
SHA512

da323bed35d15a2a7b505c642ad7a60af093ef8a772cc5206592b026593238eeb08666d748776c867cbb64893a3101b317bb7880d255804c165f4bd5172f2be4
SSDEEP

196608:OuehyNwgqsnaDDwy9+RvCMnLDarwtHWn6itGBWGkeibXf5EQki:Ouec99py9+RvCMyEtc6XBVKhEQki

Score

3^/10

Malware Config

Signatures

Unsigned PE 30 IoCs

Checks for missing Authenticode signature.

resource
f8cddd2d8600e38fc9684aa470933915df4b57ba879e5383b604e90b475447ae
unpack001/$0/VBoxGuest/VBoxControl.exe
unpack001/$0/VBoxGuest/VBoxGuest.sys
unpack001/$0/VBoxGuest/VBoxTray.exe
unpack001/$0/VBoxMouse/VBoxMouse.sys
unpack001/$0/VBoxSF/VBoxSF.sys
unpack001/$0/VBoxVideo/VBoxDisp.dll
unpack001/$0/VBoxWddm/VBoxDX.dll
unpack001/$0/VBoxWddm/VBoxDispD3D.dll
unpack001/$0/VBoxWddm/VBoxGL.dll
unpack001/$0/VBoxWddm/VBoxNine.dll
unpack001/$0/VBoxWddm/VBoxSVGA.dll
unpack001/$0/VBoxWddm/VBoxWddm.sys
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$SYSDIR/VBoxControl.exe
unpack001/$SYSDIR/VBoxDisp.dll
unpack001/$SYSDIR/VBoxTray.exe
unpack001/$SYSDIR/drivers/VBoxGuest.sys
unpack001/VBoxControl.exe
unpack001/VBoxDX.dll
unpack001/VBoxDisp.dll
unpack001/VBoxDispD3D.dll
unpack001/VBoxGL.dll
unpack001/VBoxGuest.sys
unpack001/VBoxMouse.sys
unpack001/VBoxNine.dll
unpack001/VBoxSVGA.dll
unpack001/VBoxTray.exe
unpack001/VBoxWddm.sys

Files

f8cddd2d8600e38fc9684aa470933915df4b57ba879e5383b604e90b475447ae
.exe windows:4 windows x86 arch:x86

59b8ea9c7392c40cfbac34d0d968ab59

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

advapi32

RegCreateKeyExW
RegEnumKeyW
RegQueryValueExW
RegSetValueExW
RegCloseKey
RegDeleteValueW
RegDeleteKeyW
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken
SetFileSecurityW
RegOpenKeyExW
RegEnumValueW

shell32

SHGetFileInfoW
SHBrowseForFolderW
SHFileOperationW
ShellExecuteExW
SHGetSpecialFolderLocation
SHGetPathFromIDListW

ole32

OleInitialize
OleUninitialize
CoCreateInstance
IIDFromString
CoTaskMemFree

comctl32

ord17
ImageList_Create
ImageList_Destroy
ImageList_AddMasked

user32

DispatchMessageW
wsprintfA
IsWindowVisible
PeekMessageW
wvsprintfW
MessageBoxIndirectW
CharNextA
CharPrevW
GetSystemMetrics
GetDlgItemTextW
SetDlgItemTextW
TrackPopupMenu
CreatePopupMenu
FillRect
CloseClipboard
OpenClipboard
EndPaint
IsDlgButtonChecked
CallWindowProcW
GetMessagePos
LoadCursorW
GetAsyncKeyState
CheckDlgButton
SetWindowPos
SetCursor
GetSysColor
SetClassLongW
GetWindowLongW
IsWindowEnabled
GetWindowRect
GetSystemMenu
EnableMenuItem
RegisterClassW
ScreenToClient
EndDialog
GetClassInfoW
SystemParametersInfoW
CreateWindowExW
ExitWindowsEx
DialogBoxParamW
CharNextW
SetTimer
DestroyWindow
CreateDialogParamW
SetForegroundWindow
SetWindowTextW
PostQuitMessage
SendMessageTimeoutW
ShowWindow
wsprintfW
GetDlgItem
FindWindowExW
IsWindow
GetDC
SetWindowLongW
LoadImageW
InvalidateRect
ReleaseDC
EnableWindow
BeginPaint
SendMessageW
DefWindowProcW
GetClientRect
DrawTextW
SetClipboardData
EmptyClipboard
AppendMenuW

gdi32

SetBkMode
SetBkColor
GetDeviceCaps
CreateFontIndirectW
CreateBrushIndirect
DeleteObject
SetTextColor
SelectObject

kernel32

GetExitCodeProcess
WaitForSingleObject
GetModuleHandleA
GetProcAddress
GetSystemDirectoryW
MoveFileExW
GetTempFileNameW
CreateFileW
WriteFile
RemoveDirectoryW
CreateProcessW
lstrcmpiA
CreateThread
GlobalLock
CreateDirectoryW
GetDiskFreeSpaceW
WideCharToMultiByte
GlobalUnlock
lstrlenW
SetErrorMode
lstrcpynW
GetCommandLineW
GetTempPathW
GetVersionExW
SetEnvironmentVariableW
CopyFileW
GetWindowsDirectoryW
GetCurrentProcess
GetModuleFileNameW
ExitProcess
GetTickCount
Sleep
GetFileSize
GetFileAttributesW
SetCurrentDirectoryW
SetFileAttributesW
MoveFileW
GetFullPathNameW
GetLastError
SearchPathW
CompareFileTime
GetShortPathNameW
CloseHandle
lstrcmpiW
SetFileTime
ExpandEnvironmentStringsW
GlobalFree
lstrcmpW
GetModuleHandleW
LoadLibraryExW
GlobalAlloc
WritePrivateProfileStringW
GetPrivateProfileStringW
FreeLibrary
lstrcpyA
lstrcatW
ReadFile
MultiByteToWideChar
lstrlenA
FindClose
FindNextFileW
SetFilePointer
DeleteFileW
MulDiv
FindFirstFileW

Sections

.text
Size: 28KB - Virtual size: 28KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 182KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 244KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 199KB - Virtual size: 198KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0/Bin/VBoxService.exe
.exe windows:1 windows x86 arch:x86

b8051d3dfa09094899f51f3c0cdf914b

Code Sign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/03/2023, 00:00

Not After

11/03/2025, 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:8e:84:76:55:c2:1c:8b:c5:b5:0e:45:3e:b5:52:20:27:b9:e5:0e:f8:02:6b:5f:78:3b:e2:af:70:1a:7a:23
Signer

Actual PE Digest

18:8e:84:76:55:c2:1c:8b:c5:b5:0e:45:3e:b5:52:20:27:b9:e5:0e:f8:02:6b:5f:78:3b:e2:af:70:1a:7a:23

Digest Algorithm

sha256

PE Digest Matches

false

ad:f6:1b:eb:88:8f:d4:c9:54:1d:f6:9e:79:be:84:82:98:83:07:97
Signer

Actual PE Digest

ad:f6:1b:eb:88:8f:d4:c9:54:1d:f6:9e:79:be:84:82:98:83:07:97

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxService\VBoxService.pdb

Imports

mpr

WNetOpenEnumA
WNetCancelConnection2W
WNetEnumResourceW
WNetAddConnection2W

kernel32

GetModuleHandleA
HeapReAlloc
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
SetSystemTime
FileTimeToSystemTime
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
DuplicateHandle
DeviceIoControl
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
MoveFileExW
GetConsoleMode
PeekNamedPipe
GetNamedPipeInfo
GetOverlappedResult
ResetEvent
CreateEventA
CreateNamedPipeA
GetNamedPipeHandleStateA
WaitForMultipleObjectsEx
WaitForSingleObjectEx
TerminateProcess
GetExitCodeProcess
ResumeThread
CreateProcessW
ReadProcessMemory
WriteProcessMemory
VirtualProtect
GetFileType
LocalAlloc
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
GetACP
SetThreadPriority
GetCommandLineW
OutputDebugStringA
SetEnvironmentVariableW
GetSystemDirectoryW
LoadLibraryExW
DeleteFileW
CreateEventW
VirtualAlloc
VirtualFree
RtlUnwind
GetStdHandle
SystemTimeToFileTime
GetProcAddress
GetModuleHandleW
GetTickCount
GetVersion
GetSystemTime
GetModuleFileNameA
LocalFree
GetWindowsDirectoryA
GetProcessHeap
HeapFree
HeapAlloc
QueryDosDeviceW
GetVolumeInformationW
LoadLibraryExA
FreeLibrary
VirtualQuery
GetSystemDirectoryA
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetSystemInfo
Sleep
SetConsoleCtrlHandler
CreateMutexW
SetLastError
GetLastError
CloseHandle
CreateFileA
SetEvent

user32

SetProcessWindowStation
OpenWindowStationA
CloseDesktop
GetProcessWindowStation
OpenDesktopA

advapi32

InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorDacl
GetAclInformation
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfigA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
LookupAccountNameW
LookupAccountSidA
IsValidSid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetLengthSid
FreeSid
EqualSid
CopySid
AllocateAndInitializeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
SetSecurityDescriptorDacl
LookupAccountSidW
InitiateSystemShutdownW
RegOpenKeyExW
RegQueryValueExW
AddAce
GetAce
OpenThreadToken

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ntdll

NtClose
NtWaitForSingleObject
NtCreateEvent
NtSetEvent
NtCreateFile
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtOpenDirectoryObject
NtQueryDirectoryObject
NtResetEvent
NtSetInformationFile
NtQueryObject
RtlAcquirePebLock
RtlReleasePebLock
NtCancelIoFile
NtQueryInformationProcess
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
RtlGetNtProductType
RtlFreeUnicodeString
NtOpenProcess

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/Tools/DIFxAPI.dll
.dll windows:6 windows x86 arch:x86

bced6390751f7df672767c6c60fd16dc

Code Sign

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:15:23:0f:00:00:00:00:00:0a
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 21:57

Not After

07/03/2011, 21:57

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

b4:3a:2e:c6:32:74:1f:7f:5a:ac:1d:1e:5f:70:f7:d0:71:69:58:ba
Signer

Actual PE Digest

b4:3a:2e:c6:32:74:1f:7f:5a:ac:1d:1e:5f:70:f7:d0:71:69:58:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

difxapi.pdb

Imports

ntdll

RtlNtStatusToDosError
VerSetConditionMask
RtlUnwind

kernel32

VerifyVersionInfoW
GetVersionExW
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteFileW
SetFileAttributesW
GetEnvironmentVariableW
CompareStringW
GetFileAttributesW
MoveFileExW
GetTempFileNameW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
GetSystemWindowsDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryW
GetFullPathNameW
CopyFileW
LocalFree
RemoveDirectoryW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
CreateDirectoryW
LocalReAlloc
LocalAlloc
GetProcessHeap
ReleaseMutex
DeviceIoControl
WaitForSingleObject
CreateMutexW
GetSystemTimeAsFileTime
Sleep
RaiseException
GetVersionExA
HeapSize
GetCommandLineA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleHandleA
ExitProcess
TlsGetValue
SetLastError
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
LoadLibraryExA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetThreadLocale
WaitForMultipleObjectsEx
InterlockedCompareExchange
WaitForSingleObjectEx
SetEvent
CreateEventW
SetEndOfFile
InterlockedExchange
lstrcmpiW
GetLastError
InterlockedIncrement
InterlockedDecrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
HeapFree
HeapReAlloc
EnterCriticalSection
HeapAlloc
LeaveCriticalSection
HeapDestroy
GetModuleHandleW
DeleteCriticalSection
GetModuleFileNameA
OutputDebugStringA
HeapCreate
InitializeCriticalSection
TlsAlloc
CreateFileA

user32

UnregisterClassA
CharLowerW

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupQueueCopyIndirectW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetSelectedDevice
SetupDiOpenDeviceInfoW
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiSetClassInstallParamsW
SetupDiClassNameFromGuidW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_IDW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Query_And_Remove_SubTreeW
SetupDiOpenClassRegKey
SetupGetTargetPathW
SetupInstallFilesFromInfSectionW
SetupPromptReboot
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupDiGetActualSectionToInstallW
SetupFindNextLine
SetupFindNextMatchLineW
SetupOpenInfFileW
SetupOpenFileQueue
SetupCommitFileQueueW
SetupQueueCopyW
SetupCloseFileQueue
SetupFindFirstLineW
SetupCopyOEMInfW
SetupCloseInfFile
SetupGetLineCountW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupOpenAppendInfFileW
CM_Enumerate_Classes
CM_Setup_DevNode
SetupGetIntField
SetupGetFieldCount
pSetupGetGlobalFlags
pSetupSetGlobalFlags
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupDefaultQueueCallbackW
SetupGetStringFieldW

advapi32

RegCloseKey
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetEntriesInAclW
QueryServiceStatus
DeleteService
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
FreeSid

ole32

StringFromCLSID
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

wintrust

WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle

crypt32

CertFreeCertificateContext
CertGetCTLContextProperty
CryptQueryObject
CertFreeCTLContext

Exports

Exports

DIFXAPISetLogCallbackA
DIFXAPISetLogCallbackW
DriverPackageGetPathA
DriverPackageGetPathW
DriverPackageInstallA
DriverPackageInstallW
DriverPackagePreinstallA
DriverPackagePreinstallW
DriverPackageUninstallA
DriverPackageUninstallW
SetDifxLogCallbackA
SetDifxLogCallbackW

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/Tools/VBoxDrvInst.exe
.exe windows:1 windows x86 arch:x86

3a91ded5f4f065bda473d09076ea80b9

Code Sign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/03/2023, 00:00

Not After

11/03/2025, 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:f6:db:c6:80:48:ab:25:df:4e:3f:48:d6:22:d5:fb:2e:ce:0b:65:e8:6a:09:47:81:a6:1b:c7:89:1b:14:39
Signer

Actual PE Digest

3a:f6:db:c6:80:48:ab:25:df:4e:3f:48:d6:22:d5:fb:2e:ce:0b:65:e8:6a:09:47:81:a6:1b:c7:89:1b:14:39

Digest Algorithm

sha256

PE Digest Matches

false

52:0f:00:d4:da:77:26:ce:87:84:23:29:cc:39:90:5e:d2:b9:cf:d9
Signer

Actual PE Digest

52:0f:00:d4:da:77:26:ce:87:84:23:29:cc:39:90:5e:d2:b9:cf:d9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxDrvInst\VBoxDrvInst.pdb

Imports

setupapi

SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiInstallDevice
SetupDiSetDeviceInstallParamsW
SetupDiGetDriverInfoDetailW
SetupDiSetSelectedDriverW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiDestroyDriverInfoList
SetupDiRegisterDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupInstallServicesFromInfSectionW
SetupInstallFromInfSectionW
SetupDefaultQueueCallbackW
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallback
SetupGetStringFieldW
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW

kernel32

RtlUnwind
GetStdHandle
CreateFileW
GetFullPathNameW
WriteFile
CloseHandle
GetLastError
SetLastError
GetSystemTime
GetVersionExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadLibraryW
FormatMessageW
lstrcmpiW
GetConsoleMode
WriteConsoleW
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
GetACP
GetCurrentProcess
TerminateProcess
GetVersion

advapi32

UnlockServiceDatabase
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxGuest/VBoxControl.exe
.exe windows:1 windows x86 arch:x86

ced5918094f14d654d9d523c2935d5bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxControl\VBoxControl.pdb

Imports

kernel32

GetFileType
GetLastError
GetConsoleMode
SetErrorMode
GetVersion
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
GetACP
CreateFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
WriteFile
CloseHandle
DuplicateHandle
SetLastError
DeviceIoControl
GetCurrentProcess
FileTimeToSystemTime
SystemTimeToFileTime
GetFileAttributesW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFullPathNameW
MoveFileExW
TerminateProcess
GetCurrentProcessId
OutputDebugStringA
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetSystemTime
GetTickCount
GetTimeZoneInformation
SetThreadPriority
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
GetNamedPipeInfo
CreateDirectoryW
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
CreateFileA
PeekNamedPipe
GetOverlappedResult
ResetEvent
CreateEventA
GetNamedPipeHandleStateA
VirtualAlloc
VirtualFree
RtlUnwind
GetStdHandle
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetProcAddress
GetCommandLineW
GetModuleHandleA

user32

EnumDisplayDevicesA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExW
RegSetValueExA
RegOpenKeyExW

ntdll

RtlGetNtProductType
NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtSetInformationFile
NtQueryObject
NtQueryDirectoryFile
NtQueryDirectoryObject
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenDirectoryObject
NtOpenProcess
NtQueryInformationProcess
RtlFreeUnicodeString
NtCancelIoFile

Exports

Exports

g_abRTZero16K
g_abRTZero32K
g_abRTZero4K
g_abRTZero64K
g_abRTZero8K
g_abRTZeroPage

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zero
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxGuest/VBoxGuest.cat
$0/VBoxGuest/VBoxGuest.inf
$0/VBoxGuest/VBoxGuest.sys
.sys windows:6 windows x86 arch:x86

87f400735742d99e416c11acd9ff13ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxGuest\VBoxGuest.pdb

Imports

ntoskrnl.exe

KeSetEvent
KeWaitForSingleObject
KeInitializeSpinLock
ExFreePool
MmMapIoSpace
MmUnmapIoSpace
IoConnectInterrupt
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoDetachDevice
IoDisconnectInterrupt
ZwClose
ZwQueryInformationToken
ZwOpenProcessToken
KeGetCurrentThread
KeDelayExecutionThread
KeInitializeTimer
KeSetTimer
IoGetCurrentProcess
MmIsAddressValid
KeInitializeEvent
KeRemoveQueueDpc
KeNumberProcessors
KeResetEvent
KeCancelTimer
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryTickCount
ExAllocatePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
RtlUnwind
KeInsertQueueDpc
KeInitializeDpc
RtlInitUnicodeString
DbgPrint
RtlQueryRegistryValues

hal

HalTranslateBusAddress
HalGetInterruptVector
KeGetCurrentIrql
HalGetBusData

Exports

Exports

@InterlockedExchange@8
@IofCallDriver@8
@IofCompleteRequest@8
@KefAcquireSpinLockAtDpcLevel@4
@KefReleaseSpinLockFromDpcLevel@4
@KfAcquireSpinLock@4
@KfLowerIrql@4
@KfRaiseIrql@4
@KfReleaseSpinLock@8
@Nt3Fb_ExAcquireFastMutex@4
@Nt3Fb_ExReleaseFastMutex@4
@ObfDereferenceObject@4
ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTCritSectRwDelete
RTCritSectRwEnterExcl
RTCritSectRwEnterExclDebug
RTCritSectRwEnterShared
RTCritSectRwEnterSharedDebug
RTCritSectRwGetReadCount
RTCritSectRwGetWriteRecursion
RTCritSectRwGetWriterReadRecursion
RTCritSectRwInit
RTCritSectRwInitEx
RTCritSectRwIsReadOwner
RTCritSectRwIsWriteOwner
RTCritSectRwLeaveExcl
RTCritSectRwLeaveShared
RTCritSectRwSetSubClass
RTCritSectRwTryEnterExcl
RTCritSectRwTryEnterExclDebug
RTCritSectRwTryEnterShared
RTCritSectRwTryEnterSharedDebug
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0MemObjZeroInitialize
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNCmp
RTStrNICmpAscii
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTTimerCanDoHighResolution
RTTimerChangeInterval
RTTimerCreateEx
RTTimerDestroy
RTTimerReleaseSystemGranularity
RTTimerRequestSystemGranularity
RTTimerStart
RTTimerStop
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16ICmpAscii
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16NICmpAscii
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
_Nt3Fb_IoAttachDeviceToDeviceStack@8
_Nt3Fb_KeInitializeTimerEx@8
_Nt3Fb_KeSetTimerEx@20
_Nt3Fb_PsGetCurrentProcessId@0
_Nt3Fb_PsGetVersion@16
_Nt3Fb_ZwQuerySystemInformation@16
_Nt3Fb_ZwYieldExecution@0
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcpy
memmove
memset
strchr
strcmp

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxGuest/VBoxGuestEarlyNT.cat
$0/VBoxGuest/VBoxGuestEarlyNT.inf
$0/VBoxGuest/VBoxHook.dll
.dll windows:5 windows x86 arch:x86

2bb4371343f058a7dbda0e6f4e711f71

Code Sign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/03/2023, 00:00

Not After

11/03/2025, 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:2e:8e:4c:59:59:c6:f5:c9:80:70:e4:71:41:08:59:7a:d4:8d:40:72:37:5c:89:77:11:31:4c:75:c8:3a:1c
Signer

Actual PE Digest

6d:2e:8e:4c:59:59:c6:f5:c9:80:70:e4:71:41:08:59:7a:d4:8d:40:72:37:5c:89:77:11:31:4c:75:c8:3a:1c

Digest Algorithm

sha256

PE Digest Matches

false

5c:5f:77:4d:b9:35:ca:e9:6d:7d:83:31:d1:7b:af:cf:af:85:6c:81
Signer

Actual PE Digest

5c:5f:77:4d:b9:35:ca:e9:6d:7d:83:31:d1:7b:af:cf:af:85:6c:81

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxHook\VBoxHook.pdb

Imports

kernel32

SetEvent
OpenEventA
GetCurrentProcess
TerminateProcess
GetLastError
GetVersion
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetStdHandle
WriteFile
HeapAlloc
HeapFree
GetProcessHeap
RtlUnwind

user32

SetWinEventHook
UnhookWinEvent
GetWindowLongA

ole32

CoUninitialize
CoInitialize

Exports

Exports

VBoxHookInstallActiveDesktopTracker
VBoxHookInstallWindowTracker
VBoxHookRemoveActiveDesktopTracker
VBoxHookRemoveWindowTracker

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxGuest/VBoxTray.exe
.exe windows:1 windows x86 arch:x86

41a3468e074cbdda6d4734c050bf5fb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxTray\VBoxTray.pdb

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
RaiseException
GetCurrentProcess
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
CreateFileW
ReadFile
WriteFile
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
CreateNamedPipeW
GetOverlappedResult
ResetEvent
LocalAlloc
LocalFree
GetStdHandle
TerminateProcess
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetVersion
GetFileSize
GetFileType
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
SetErrorMode
GetModuleFileNameW
GetCommandLineW
OutputDebugStringA
GetEnvironmentVariableW
GetSystemDirectoryW
LoadLibraryExW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
MoveFileExW
GetConsoleMode
CreateFileA
CreateDirectoryW
RemoveDirectoryW
RtlUnwind
GetSystemTime
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
GetStartupInfoW
CreateProcessW
GetCurrentProcessId
SetEnvironmentVariableW
SetLastError
lstrlenW
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
GetCurrentThreadId
GetTickCount
GetProcAddress
GetModuleHandleA
CreateThread
Sleep
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleW
SetThreadPriority
GetCurrentThread
SystemTimeToFileTime
CreateEventA
CreateMutexA
SetEvent
GetLastError
FlushFileBuffers
CloseHandle

user32

EnumDisplayDevicesA
AttachThreadInput
MessageBoxW
ShowCursor
WindowFromPoint
GetWindowThreadProcessId
SetWindowPos
GetClipboardOwner
SetClipboardData
GetClipboardData
RegisterClipboardFormatA
SendMessageTimeoutA
SendMessageCallbackA
OpenClipboard
CloseClipboard
SetClipboardViewer
GetClipboardViewer
ChangeClipboardChain
EnumClipboardFormats
GetClipboardFormatNameA
EmptyClipboard
TrackMouseEvent
ShowWindow
GetSystemMetrics
ClientToScreen
SetWindowLongA
GetClipboardFormatNameW
ChangeDisplaySettingsA
SystemParametersInfoA
GetClassNameA
EnumWindows
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowRgn
EnumDisplaySettingsA
ReleaseDC
GetDC
GetClassInfoExA
PostQuitMessage
PostThreadMessageA
GetMessageA
DestroyIcon
LoadIconA
LoadCursorA
FindWindowExA
FindWindowA
GetDesktopWindow
GetCursorPos
MessageBoxA
SetForegroundWindow
TrackPopupMenu
InsertMenuW
DestroyMenu
CreatePopupMenu
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
PostMessageA
SendMessageA
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
TranslateMessage

gdi32

CreateDCA
CreateSolidBrush
SetRectRgn
ExtEscape
DeleteDC
GetRegionData
DeleteObject
CreateRectRgn
CombineRgn
OffsetRgn

advapi32

GetUserNameW
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
RegCloseKey
RegEnumValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
InitializeAcl

shell32

DragQueryFileA
DragQueryFileW
Shell_NotifyIconA

ole32

OleDuplicateData
DoDragDrop
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoTaskMemFree
CoTaskMemAlloc
ReleaseStgMedium
OleSetClipboard
OleUninitialize
OleInitialize

ntdll

NtOpenProcess
RtlFreeUnicodeString
RtlGetNtProductType
NtSetInformationFile
NtQueryDirectoryObject
NtOpenDirectoryObject
NtQueryVolumeInformationFile
NtQueryInformationFile
NtQueryDirectoryFile
NtCancelIoFile
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
NtQueryInformationProcess
NtClose
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtCreateFile

Sections

.text
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxGuest/vboxguest.cat
$0/VBoxMouse/NT4/VBoxMouseNT.sys
.sys windows:6 windows x86 arch:x86

882e79b0f335cf2aad7b5f4ef7612a31

Code Sign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/03/2023, 00:00

Not After

11/03/2025, 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:eb:de:ab:fb:96:d5:16:27:72:48:8e:f6:61:4c:5f:02:34:17:1f:b5:ee:08:c5:89:76:cc:06:72:4c:b1:9c
Signer

Actual PE Digest

b8:eb:de:ab:fb:96:d5:16:27:72:48:8e:f6:61:4c:5f:02:34:17:1f:b5:ee:08:c5:89:76:cc:06:72:4c:b1:9c

Digest Algorithm

sha256

PE Digest Matches

true

13:7e:58:70:32:33:3f:06:9c:a6:d4:10:de:7d:9c:d5:be:da:e2:5d
Signer

Actual PE Digest

13:7e:58:70:32:33:3f:06:9c:a6:d4:10:de:7d:9c:d5:be:da:e2:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxMouseNT\VBoxMouseNT.pdb

Imports

ntoskrnl.exe

RtlAppendUnicodeToString
RtlFreeAnsiString
KeInitializeDpc
KeInsertQueueDpc
KeSynchronizeExecution
KeInitializeTimer
KeCancelTimer
KeSetTimer
KeInitializeSpinLock
KeQueryTimeIncrement
ExAllocatePool
ExFreePool
MmMapIoSpace
MmUnmapIoSpace
IoAcquireCancelSpinLock
IoConnectInterrupt
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoDisconnectInterrupt
IoReleaseCancelSpinLock
IoStartNextPacket
IoStartPacket
RtlAppendUnicodeStringToString
IoReportResourceUsage
KeGetCurrentThread
KeSetEvent
KeDelayExecutionThread
KeWaitForSingleObject
IoGetCurrentProcess
MmIsAddressValid
DbgPrint
KeNumberProcessors
KeRemoveQueueDpc
KeInitializeEvent
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
KeQuerySystemTime
KeQueryTickCount
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
RtlUnwind
IoBuildPartialMdl
RtlCopyUnicodeString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlIntegerToUnicodeString
RtlWriteRegistryValue
RtlQueryRegistryValues
IoQueryDeviceDescription
strstr
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
IoAllocateMdl
IoFreeMdl

hal

HalGetBusData
HalTranslateBusAddress
HalGetInterruptVector
KeStallExecutionProcessor
WRITE_PORT_UCHAR
READ_PORT_UCHAR
KeGetCurrentIrql

Exports

Exports

@InterlockedExchange@8
@IofCallDriver@8
@IofCompleteRequest@8
@KefAcquireSpinLockAtDpcLevel@4
@KefReleaseSpinLockFromDpcLevel@4
@KfAcquireSpinLock@4
@KfLowerIrql@4
@KfRaiseIrql@4
@KfReleaseSpinLock@8
@Nt3Fb_ExAcquireFastMutex@4
@Nt3Fb_ExReleaseFastMutex@4
@ObfDereferenceObject@4
ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0MemObjZeroInitialize
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16NICmpAscii
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
_Nt3Fb_IoAttachDeviceToDeviceStack@8
_Nt3Fb_KeInitializeTimerEx@8
_Nt3Fb_KeSetTimerEx@20
_Nt3Fb_PsGetCurrentProcessId@0
_Nt3Fb_PsGetVersion@16
_Nt3Fb_ZwQuerySystemInformation@16
_Nt3Fb_ZwYieldExecution@0
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcpy
memmove
memset
strchr
strcmp

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxMouse/VBoxMouse.cat
$0/VBoxMouse/VBoxMouse.inf
$0/VBoxMouse/VBoxMouse.sys
.sys windows:6 windows x86 arch:x86

e588dd3f3269ad9c2700c6ead2e9dd5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxMouse\VBoxMouse.pdb

Imports

ntoskrnl.exe

IoAcquireRemoveLockEx
IoReleaseRemoveLockAndWaitEx
PoCallDriver
PoStartNextPowerIrp
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedCompareExchange
KeInitializeSpinLock
IoReleaseRemoveLockEx
IoGetDeviceProperty
ObfReferenceObject
ObfDereferenceObject
IoDetachDevice
IoDeleteDevice
IoCreateDevice
IoInitializeRemoveLockEx
DbgPrint
PsGetVersion
MmIsAddressValid
_except_handler3
KeNumberProcessors
ZwQuerySystemInformation
IofCompleteRequest
KeInsertQueueDpc
KeRemoveQueueDpc
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
KeGetCurrentThread
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
strchr
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryTickCount
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoGetCurrentProcess
PsGetCurrentProcessId
KeDelayExecutionThread
ZwYieldExecution
RtlInitUnicodeString
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
IofCallDriver
IoAttachDeviceToDeviceStack
KeInitializeDpc
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
memset

hal

ExReleaseFastMutex
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql
KfReleaseSpinLock
KfAcquireSpinLock
ExAcquireFastMutex

Exports

Exports

ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0MemObjZeroInitialize
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcpy
memmove

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxMouse/vboxmouse.cat
$0/VBoxSF/VBoxSF.sys
.sys windows:6 windows x86 arch:x86

7e9e5332cc5863258e066a8ac761a678

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxSF\VBoxSF.pdb

Imports

hal

ExAcquireFastMutex
ExReleaseFastMutex
ExTryToAcquireFastMutex
KfReleaseSpinLock
KfAcquireSpinLock
KeGetCurrentIrql
KfRaiseIrql
KfLowerIrql

ntoskrnl.exe

IoCreateSymbolicLink
IoDeleteSymbolicLink
ObReferenceObjectByHandle
ObReferenceObjectByPointer
ObfDereferenceObject
ZwCreateFile
ZwClose
_except_handler3
IoFileObjectType
IoGetCurrentProcess
CcPurgeCacheSection
CcFlushCache
ExAcquireResourceExclusiveLite
ExReleaseResourceLite
MmCanFileBeTruncated
CcSetFileSizes
ExIsResourceAcquiredExclusiveLite
ExAllocatePoolWithTag
ExFreePoolWithTag
MmGetSystemRoutineAddress
KeWaitForSingleObject
KeSetEvent
ExInterlockedPopEntrySList
ExInterlockedPushEntrySList
KeGetCurrentThread
DbgPrint
IoIsOperationSynchronous
ExIsResourceAcquiredSharedLite
KeReleaseMutex
ExReleaseResourceForThreadLite
ExAcquireResourceSharedLite
ExRaiseStatus
ExAcquireSharedWaitForExclusive
ExAcquireSharedStarveExclusive
ExInitializeResourceLite
FsRtlInitializeFileLock
SeQuerySessionIdToken
SeQueryAuthenticationIdToken
SeTokenIsRestricted
SeQueryInformationToken
ExDeleteResourceLite
FsRtlUninitializeFileLock
KeInitializeSpinLock
KeInitializeQueue
PsCreateSystemThread
KeInsertQueue
PsTerminateSystemThread
KeRemoveQueue
PsThreadType
ZwQuerySystemInformation
MmQuerySystemSize
KeRundownQueue
PsIsThreadTerminating
KeResetEvent
FsRtlIsNtstatusExpected
IoFreeMdl
MmProbeAndLockPages
IoAllocateMdl
MmMapLockedPagesSpecifyCache
ExReleaseFastMutexUnsafe
ExAcquireFastMutexUnsafe
MmUnlockPages
MmForceSectionClosed
MmFlushImageSection
RtlGetCallersAddress
KeQueryTimeIncrement
KeTickCount
RtlUpcaseUnicodeChar
ExConvertExclusiveToSharedLite
RtlEqualUnicodeString
IoFreeIrp
IoCancelIrp
IoSetTopLevelIrp
IoGetTopLevelIrp
IoAllocateIrp
IofCallDriver
KeCancelTimer
KeSetTimer
KefReleaseSpinLockFromDpcLevel
KefAcquireSpinLockAtDpcLevel
KeInitializeTimer
KeInitializeDpc
IoDeleteDevice
IoUnregisterFileSystem
FsRtlDeregisterUncProvider
IoRegisterFileSystem
FsRtlRegisterUncProvider
IoCreateDevice
KeInitializeEvent
SeCaptureSubjectContext
IoGetStackLimits
KeLeaveCriticalRegion
KeEnterCriticalRegion
ZwOpenKey
ZwQueryValueKey
KeInitializeMutex
ExInitializeNPagedLookasideList
ExFreePool
IoWMIRegistrationControl
ExDeleteNPagedLookasideList
ExQueueWorkItem
RtlLengthSecurityDescriptor
RtlAppendUnicodeStringToString
RtlIntegerToUnicodeString
RtlCopyUnicodeString
FsRtlDoesNameContainWildCards
IoUpdateShareAccess
IoSetShareAccess
IoCheckShareAccess
_stricmp
IoGetRequestorProcess
FsRtlFastUnlockSingle
ExSetResourceOwnerPointer
FsRtlProcessFileLock
KeBugCheckEx
IoReleaseCancelSpinLock
IoWriteErrorLogEntry
IoAllocateErrorLogEntry
KeQuerySystemTime
IoRaiseInformationalHardError
IoCheckEaBufferValidity
CcUninitializeCacheMap
IoRemoveShareAccess
FsRtlFastUnlockAll
RtlCreateUnicodeString
RtlPrefixUnicodeString
ZwQuerySymbolicLinkObject
ZwOpenSymbolicLinkObject
ZwOpenDirectoryObject
wcschr
RtlFreeUnicodeString
ProbeForWrite
ProbeForRead
RtlCompareMemory
CcInitializeCacheMap
FsRtlNormalizeNtstatus
ExfInterlockedAddUlong
CcPrepareMdlWrite
CcCopyWrite
CcSetReadAheadGranularity
FsRtlCheckLockForWriteAccess
CcDeferWrite
CcCanIWrite
CcMdlRead
CcCopyRead
CcSetAdditionalCacheAttributes
FsRtlCheckLockForReadAccess
FsRtlPostStackOverflow
CcMdlReadComplete
CcMdlWriteComplete
KeClearEvent
FsRtlFastCheckLockForWrite
FsRtlFastCheckLockForRead
CcFastCopyRead
IoGetRelatedDeviceObject
CcFastCopyWrite
CcZeroData
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
KeQueryTickCount
MmIsAddressValid
strchr
KeReadStateMutex
PsGetVersion
KeNumberProcessors
PsGetCurrentProcessId
KeDelayExecutionThread
ZwYieldExecution
ExAllocatePool
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
MmAllocateContiguousMemory
MmFreeContiguousMemory
IoBuildPartialMdl
KeInsertQueueDpc
KeRemoveQueueDpc
KeSetPriorityThread
MmGetPhysicalAddress
RtlUnwind
IofCompleteRequest
InterlockedCompareExchange
RtlInitUnicodeString
SeReleaseSubjectContext
LsaFreeReturnBuffer

ksecdd.sys

GetSecurityUserInfo

Exports

Exports

ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelLogger
RTLogRelLoggerV
RTLogRelPrintf
RTLogRelPrintfV
RTLogRelSetBuffering
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemAreKrnlAndUsrDifferent
RTR0MemKernelCopyFrom
RTR0MemKernelCopyTo
RTR0MemKernelIsValidAddr
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0MemObjZeroInitialize
RTR0MemUserCopyFrom
RTR0MemUserCopyTo
RTR0MemUserIsValidAddr
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
_PsGetProcessImageFileName@4
_RtlGetVersion@4
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcpy
memmove
memset

Sections

.text
Size: 152KB - Virtual size: 152KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 36KB - Virtual size: 35KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 59KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 78KB - Virtual size: 77KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxVideo/VBoxDisp.dll
.dll windows:6 windows x86 arch:x86

7d169efd38bae25431ee9dc7d4dd657e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxDisp\VBoxDisp.pdb

Imports

win32k.sys

EngCreateBitmap
EngCreateDeviceSurface
EngDeleteSurface
EngLockSurface
EngUnlockSurface
EngAssociateSurface
EngAllocMem
EngFreeMem
EngDeviceIoControl
EngCopyBits
PALOBJ_cGetColors
EngCreatePalette
EngDeletePalette
PATHOBJ_vGetBounds
EngBitBlt
EngLineTo
EngStretchBlt
EngTextOut
EngStrokePath
EngFillPath
EngPaint
BRUSHOBJ_pvAllocRbrush
BRUSHOBJ_pvGetRbrush
CLIPOBJ_cEnumStart
CLIPOBJ_bEnum
PATHOBJ_vEnumStart
PATHOBJ_bEnum
FONTOBJ_vGetInfo
STROBJ_vEnumStart
STROBJ_bEnum

Exports

Exports

ASMAtomicCmpXchgU8
RTCrc64
RTCrc64Finish
RTCrc64Process
RTCrc64Start
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogFormatV
RTLogWriteUser
RTStrCopy
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrNLen
memcpy
memmove
memset

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 745B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxVideo/VBoxVideo.cat
$0/VBoxVideo/VBoxVideo.inf
$0/VBoxVideo/VBoxVideo.sys
.dll windows:6 windows x86 arch:x86

d95401d202098158823a9cb75d782593

Code Sign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/03/2023, 00:00

Not After

11/03/2025, 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:64:15:4a:6a:9b:56:90:a6:9e:9c:64:87:2f:ff:d5:1b:99:60:d2:64:10:12:05:b1:09:e8:81:31:78:a9:72
Signer

Actual PE Digest

ee:64:15:4a:6a:9b:56:90:a6:9e:9c:64:87:2f:ff:d5:1b:99:60:d2:64:10:12:05:b1:09:e8:81:31:78:a9:72

Digest Algorithm

sha256

PE Digest Matches

true

01:96:19:63:91:4e:3f:0b:29:2a:09:14:47:03:49:87:8d:01:e5:ec
Signer

Actual PE Digest

01:96:19:63:91:4e:3f:0b:29:2a:09:14:47:03:49:87:8d:01:e5:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxVideo\VBoxVideo.pdb

Imports

videoprt.sys

VideoPortGetRegistryParameters
VideoPortMapMemory
VideoPortZeroMemory
VideoPortUnmapMemory
VideoPortWritePortUchar
VideoPortSynchronizeExecution
VideoPortWritePortUlong
VideoPortWritePortUshort
VideoPortSetRegistryParameters
VideoPortReadPortUlong
VideoPortReadPortUshort
VideoPortInitialize
VideoPortMoveMemory
VideoPortGetAccessRanges

ntoskrnl.exe

ObfDereferenceObject
strchr
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
DbgPrint
MmIsAddressValid
KeNumberProcessors
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoGetCurrentProcess
IofCallDriver
KeGetCurrentThread
KeDelayExecutionThread
ZwYieldExecution
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryTickCount
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
ZwQuerySystemInformation
KeInitializeDpc
KeInsertQueueDpc
KeRemoveQueueDpc
KeSetEvent
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
KeInitializeSpinLock
RtlUnwind
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
KeInitializeEvent
RtlInitUnicodeString
IoGetDeviceObjectPointer
PsGetVersion
PsGetCurrentProcessId

hal

KfRaiseIrql
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock
KfLowerIrql

Exports

Exports

ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0MemObjZeroInitialize
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16Printf
RTUtf16PrintfEx
RTUtf16PrintfExV
RTUtf16PrintfV
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memmove

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 727B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxVideo/VBoxVideoEarlyNT.cat
$0/VBoxVideo/VBoxVideoEarlyNT.inf
$0/VBoxWddm/VBoxDX.dll
.dll windows:6 windows x86 arch:x86

5b205ef05f13c31f9db3c3f052a542e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxDX\VBoxDX.pdb

Imports

kernel32

GetProcessHeap
GetCurrentProcessId
Sleep
GetCurrentThreadId
SetErrorMode
GetVersion
GetModuleHandleW
GetProcAddress
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetCommandLineW
OutputDebugStringA
GetStdHandle
WriteFile
CloseHandle
RaiseException
GetCurrentProcess
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemTime
GetTickCount
SystemTimeToFileTime
GetEnvironmentVariableW
SetLastError
CreateFileW
FlushFileBuffers
HeapReAlloc
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
TerminateProcess
GetConsoleMode
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
WideCharToMultiByte
GetACP
RtlUnwind
HeapFree
GetFileSize
HeapAlloc

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

RtlGetNtProductType
NtQueryDirectoryFile
NtQueryInformationFile
NtClose
NtQueryVolumeInformationFile
NtQueryDirectoryObject
NtCreateFile
NtSetInformationFile
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenProcess
NtQueryInformationProcess
NtOpenDirectoryObject
RtlFreeUnicodeString

Exports

Exports

OpenAdapter10
OpenAdapter10_2

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxDispD3D.dll
.dll windows:6 windows x86 arch:x86

6687fa397df54777db9acca4f10a3802

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxDispD3D\VBoxDispD3D.pdb

Imports

psapi

GetModuleInformation

kernel32

GetLastError
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
SetLastError
LoadLibraryA
GetSystemDirectoryA
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
SetErrorMode
GetVersion
GetModuleHandleW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
WriteFile
GetCommandLineW
CloseHandle
RaiseException
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetSystemTime
GetTickCount
SystemTimeToFileTime
GetEnvironmentVariableW
CreateFileW
FlushFileBuffers
GetFileSize
GetStdHandle
SetFileAttributesW
SetFilePointer
DeviceIoControl
GetConsoleMode
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
LoadLibraryExW
WideCharToMultiByte
GetACP
RtlUnwind
SetEndOfFile

user32

GetCursorPos
EnumDisplayDevicesW

gdi32

CreateDCW
DeleteDC

ntdll

RtlGetNtProductType
NtQueryDirectoryFile
NtQueryInformationFile
NtClose
NtQueryVolumeInformationFile
NtQueryDirectoryObject
NtCreateFile
NtSetInformationFile
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenProcess
NtQueryInformationProcess
NtOpenDirectoryObject
RtlFreeUnicodeString

Exports

Exports

OpenAdapter

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxGL.dll
.dll windows:6 windows x86 arch:x86

1997ada4494f66716c6264408bd61ebf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxGL\VBoxGL.pdb

Imports

kernel32

GetLastError
GetConsoleMode
GetEnvironmentVariableW
SetLastError
GetVersion
GetCurrentProcess
TerminateProcess
SetErrorMode
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
WideCharToMultiByte
GetACP
CreateFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
WriteFile
CloseHandle
DuplicateHandle
DeviceIoControl
GetCommandLineW
OutputDebugStringA
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
GetThreadTimes
Sleep
GetSystemTime
GetStdHandle
GetTickCount
SystemTimeToFileTime
TlsFree
SetThreadPriority
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
RtlUnwind
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetEnvironmentVariableA
IsDebuggerPresent
GetSystemInfo
GetConsoleWindow
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCommandLineA
SetThreadAffinityMask
GetCurrentProcessorNumber
GetProcessTimes
GetFileType
GetCurrentProcessId
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc

user32

GetDC
CallNextHookEx
ClientToScreen
GetWindowRect
GetClientRect
LoadIconA
LoadCursorA
AdjustWindowRectEx
DestroyWindow
CreateWindowExA
RegisterClassA
DefWindowProcA
UnhookWindowsHookEx
WindowFromDC
EnumDisplayDevicesA
EnumDisplaySettingsA
SetWindowsHookExA
ReleaseDC

gdi32

GetGlyphOutlineA
DeleteDC
DescribePixelFormat
GetPixelFormat
SetPixelFormat
CreateDCA

ntdll

NtOpenProcess
NtQueryInformationProcess
RtlFreeUnicodeString
NtOpenDirectoryObject
NtResetEvent
NtCreateEvent
NtWaitForSingleObject
NtQueryDirectoryObject
NtQueryDirectoryFile
NtSetInformationFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtCreateFile
NtClose
RtlGetNtProductType
NtSetEvent

Exports

Exports

DrvCopyContext
DrvCreateContext
DrvCreateLayerContext
DrvDeleteContext
DrvDescribeLayerPlane
DrvDescribePixelFormat
DrvGetLayerPaletteEntries
DrvGetProcAddress
DrvPresentBuffers
DrvRealizeLayerPalette
DrvReleaseContext
DrvSetCallbackProcs
DrvSetContext
DrvSetLayerPaletteEntries
DrvSetPixelFormat
DrvShareLists
DrvSwapBuffers
DrvSwapLayerBuffers
DrvValidateVersion
glAccum
glAlphaFunc
glAreTexturesResident
glArrayElement
glBegin
glBindTexture
glBitmap
glBlendFunc
glCallList
glCallLists
glClear
glClearAccum
glClearColor
glClearDepth
glClearIndex
glClearStencil
glClipPlane
glColor3b
glColor3bv
glColor3d
glColor3dv
glColor3f
glColor3fv
glColor3i
glColor3iv
glColor3s
glColor3sv
glColor3ub
glColor3ubv
glColor3ui
glColor3uiv
glColor3us
glColor3usv
glColor4b
glColor4bv
glColor4d
glColor4dv
glColor4f
glColor4fv
glColor4i
glColor4iv
glColor4s
glColor4sv
glColor4ub
glColor4ubv
glColor4ui
glColor4uiv
glColor4us
glColor4usv
glColorMask
glColorMaterial
glColorPointer
glCopyPixels
glCopyTexImage1D
glCopyTexImage2D
glCopyTexSubImage1D
glCopyTexSubImage2D
glCullFace
glDeleteLists
glDeleteTextures
glDepthFunc
glDepthMask
glDepthRange
glDisable
glDisableClientState
glDrawArrays
glDrawBuffer
glDrawElements
glDrawPixels
glEdgeFlag
glEdgeFlagPointer
glEdgeFlagv
glEnable
glEnableClientState
glEnd
glEndList
glEvalCoord1d
glEvalCoord1dv
glEvalCoord1f
glEvalCoord1fv
glEvalCoord2d
glEvalCoord2dv
glEvalCoord2f
glEvalCoord2fv
glEvalMesh1
glEvalMesh2
glEvalPoint1
glEvalPoint2
glFeedbackBuffer
glFinish
glFlush
glFogf
glFogfv
glFogi
glFogiv
glFrontFace
glFrustum
glGenLists
glGenTextures
glGetBooleanv
glGetClipPlane
glGetDoublev
glGetError
glGetFloatv
glGetIntegerv
glGetLightfv
glGetLightiv
glGetMapdv
glGetMapfv
glGetMapiv
glGetMaterialfv
glGetMaterialiv
glGetPixelMapfv
glGetPixelMapuiv
glGetPixelMapusv
glGetPointerv
glGetPolygonStipple
glGetString
glGetTexEnvfv
glGetTexEnviv
glGetTexGendv
glGetTexGenfv
glGetTexGeniv
glGetTexImage
glGetTexLevelParameterfv
glGetTexLevelParameteriv
glGetTexParameterfv
glGetTexParameteriv
glHint
glIndexMask
glIndexPointer
glIndexd
glIndexdv
glIndexf
glIndexfv
glIndexi
glIndexiv
glIndexs
glIndexsv
glIndexub
glIndexubv
glInitNames
glInterleavedArrays
glIsEnabled
glIsList
glIsTexture
glLightModelf
glLightModelfv
glLightModeli
glLightModeliv
glLightf
glLightfv
glLighti
glLightiv
glLineStipple
glLineWidth
glListBase
glLoadIdentity
glLoadMatrixd
glLoadMatrixf
glLoadName
glLogicOp
glMap1d
glMap1f
glMap2d
glMap2f
glMapGrid1d
glMapGrid1f
glMapGrid2d
glMapGrid2f
glMaterialf
glMaterialfv
glMateriali
glMaterialiv
glMatrixMode
glMultMatrixd
glMultMatrixf
glNewList
glNormal3b
glNormal3bv
glNormal3d
glNormal3dv
glNormal3f
glNormal3fv
glNormal3i
glNormal3iv
glNormal3s
glNormal3sv
glNormalPointer
glOrtho
glPassThrough
glPixelMapfv
glPixelMapuiv
glPixelMapusv
glPixelStoref
glPixelStorei
glPixelTransferf
glPixelTransferi
glPixelZoom
glPointSize
glPolygonMode
glPolygonOffset
glPolygonStipple
glPopAttrib
glPopClientAttrib
glPopMatrix
glPopName
glPrioritizeTextures
glPushAttrib
glPushClientAttrib
glPushMatrix
glPushName
glRasterPos2d
glRasterPos2dv
glRasterPos2f
glRasterPos2fv
glRasterPos2i
glRasterPos2iv
glRasterPos2s
glRasterPos2sv
glRasterPos3d
glRasterPos3dv
glRasterPos3f
glRasterPos3fv
glRasterPos3i
glRasterPos3iv
glRasterPos3s
glRasterPos3sv
glRasterPos4d
glRasterPos4dv
glRasterPos4f
glRasterPos4fv
glRasterPos4i
glRasterPos4iv
glRasterPos4s
glRasterPos4sv
glReadBuffer
glReadPixels
glRectd
glRectdv
glRectf
glRectfv
glRecti
glRectiv
glRects
glRectsv
glRenderMode
glRotated
glRotatef
glScaled
glScalef
glScissor
glSelectBuffer
glShadeModel
glStencilFunc
glStencilMask
glStencilOp
glTexCoord1d
glTexCoord1dv
glTexCoord1f
glTexCoord1fv
glTexCoord1i
glTexCoord1iv
glTexCoord1s
glTexCoord1sv
glTexCoord2d
glTexCoord2dv
glTexCoord2f
glTexCoord2fv
glTexCoord2i
glTexCoord2iv
glTexCoord2s
glTexCoord2sv
glTexCoord3d
glTexCoord3dv
glTexCoord3f
glTexCoord3fv
glTexCoord3i
glTexCoord3iv
glTexCoord3s
glTexCoord3sv
glTexCoord4d
glTexCoord4dv
glTexCoord4f
glTexCoord4fv
glTexCoord4i
glTexCoord4iv
glTexCoord4s
glTexCoord4sv
glTexCoordPointer
glTexEnvf
glTexEnvfv
glTexEnvi
glTexEnviv
glTexGend
glTexGendv
glTexGenf
glTexGenfv
glTexGeni
glTexGeniv
glTexImage1D
glTexImage2D
glTexParameterf
glTexParameterfv
glTexParameteri
glTexParameteriv
glTexSubImage1D
glTexSubImage2D
glTranslated
glTranslatef
glVertex2d
glVertex2dv
glVertex2f
glVertex2fv
glVertex2i
glVertex2iv
glVertex2s
glVertex2sv
glVertex3d
glVertex3dv
glVertex3f
glVertex3fv
glVertex3i
glVertex3iv
glVertex3s
glVertex3sv
glVertex4d
glVertex4dv
glVertex4f
glVertex4fv
glVertex4i
glVertex4iv
glVertex4s
glVertex4sv
glVertexPointer
glViewport
wglChoosePixelFormat
wglCopyContext
wglCreateContext
wglCreateLayerContext
wglDeleteContext
wglDescribeLayerPlane
wglDescribePixelFormat
wglGetCurrentContext
wglGetCurrentDC
wglGetLayerPaletteEntries
wglGetPixelFormat
wglGetProcAddress
wglMakeCurrent
wglRealizeLayerPalette
wglSetLayerPaletteEntries
wglSetPixelFormat
wglShareLists
wglSwapBuffers
wglSwapLayerBuffers
wglSwapMultipleBuffers
wglUseFontBitmapsA
wglUseFontBitmapsW
wglUseFontOutlinesA
wglUseFontOutlinesW

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxNine.dll
.dll windows:6 windows x86 arch:x86

38d07638ab674f5ab93dd47e1886a20f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxNine\VBoxNine.pdb

Imports

kernel32

DeleteCriticalSection
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetCurrentProcessId
GetStdHandle
GetLastError
GetConsoleMode
GetEnvironmentVariableW
SetLastError
GetVersion
SetErrorMode
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
WideCharToMultiByte
GetACP
CreateFileW
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFileAttributesW
SetFilePointer
WriteFile
CloseHandle
DuplicateHandle
DeviceIoControl
GetCurrentProcess
TerminateProcess
GetCommandLineW
OutputDebugStringA
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
LeaveCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
GetThreadTimes
Sleep
GetSystemTime
GetTickCount
SystemTimeToFileTime
TlsFree
SetThreadPriority
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
RtlUnwind
VirtualAlloc
VirtualFree
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetEnvironmentVariableA
IsDebuggerPresent
GetSystemInfo
GetConsoleWindow
GetCommandLineA
SetThreadAffinityMask
EnterCriticalSection
ExitThread
InitializeCriticalSection
GetProcessTimes

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtSetInformationFile
NtQueryDirectoryFile
NtQueryDirectoryObject
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtQueryVolumeInformationFile
NtOpenDirectoryObject
NtOpenProcess
NtQueryInformationProcess
RtlFreeUnicodeString
NtClose
RtlGetNtProductType
NtQueryInformationFile
NtSetEvent
NtCreateFile

Exports

Exports

GaNineD3DAdapter9Create
GaNineFlush
GaNineGetContextId
GaNineGetSurfaceId

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxSVGA.dll
.dll windows:6 windows x86 arch:x86

897738c508e80600874d93fd39d8ed55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxSVGA\VBoxSVGA.pdb

Imports

kernel32

GetProcessHeap
GetStdHandle
GetLastError
GetConsoleMode
GetEnvironmentVariableW
SetLastError
GetVersion
GetCurrentProcessId
WideCharToMultiByte
GetACP
CreateFileW
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFileAttributesW
SetFilePointer
WriteFile
CloseHandle
DuplicateHandle
DeviceIoControl
GetCurrentProcess
TerminateProcess
SetErrorMode
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
RaiseException
GetCurrentThread
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
HeapFree
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetCommandLineW
OutputDebugStringA
GetSystemTime
GetTickCount
SystemTimeToFileTime
TlsFree
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
RtlUnwind
VirtualAlloc
VirtualFree
GetEnvironmentVariableA
IsDebuggerPresent
GetSystemInfo
GetConsoleWindow
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitOnceExecuteOnce
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
SetThreadAffinityMask
HeapReAlloc
GetCurrentDirectoryW
HeapAlloc
GetCommandLineA

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtSetInformationFile
RtlGetNtProductType
NtWaitForSingleObject
NtCreateEvent
NtSetEvent
NtOpenDirectoryObject
NtQueryVolumeInformationFile
NtQueryDirectoryObject
NtResetEvent
RtlFreeUnicodeString
NtOpenProcess
NtQueryInformationProcess
NtClose
NtQueryInformationFile
NtQueryDirectoryFile
NtCreateFile

Exports

Exports

GaDrvContextFlush
GaDrvGetContextId
GaDrvGetSurfaceId
GaDrvGetWDDMEnv
GaDrvScreenCreate
GaDrvScreenDestroy

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/VBoxWddm.cat
$0/VBoxWddm/VBoxWddm.inf
$0/VBoxWddm/VBoxWddm.sys
.sys windows:6 windows x86 arch:x86

74e4781dfac5a5a7019dd3a4f2e69af7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxWddm\VBoxWddm.pdb

Imports

ntoskrnl.exe

memcpy
memset
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
_except_handler3
KeSetEvent
ObReferenceObjectByHandle
ObfDereferenceObject
ExEventObjectType
RtlInitializeBitMap
RtlClearBits
KeInitializeDpc
KeInitializeEvent
KeDelayExecutionThread
KeInitializeTimer
KeCancelTimer
KeSetTimerEx
KeQuerySystemTime
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
PsCreateSystemThread
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
ZwSetValueKey
_alldiv
_allmul
_allrem
_aulldiv
KeWaitForSingleObject
IoAllocateWorkItem
IoFreeWorkItem
IoQueueWorkItemEx
DbgPrint
IoOpenDeviceRegistryKey
IoGetDeviceProperty
PsGetVersion
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwClose
IofCallDriver
IoAllocateMdl
ZwLoadDriver
IoGetDeviceObjectPointer
ZwUnloadDriver
IoFreeMdl
RtlGetVersion
IoBuildDeviceIoControlRequest
strchr
KeGetCurrentThread
ZwYieldExecution
KeQueryTimeIncrement
KeQueryTickCount
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
IoGetCurrentProcess
PsGetCurrentProcessId
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
MmIsAddressValid
KeNumberProcessors
MmBuildMdlForNonPagedPool
MmMapLockedPages
IoBuildPartialMdl
ZwQuerySystemInformation
KeInsertQueueDpc
KeRemoveQueueDpc
KeSetPriorityThread
KeResetEvent
KeBugCheckEx
RtlUnwind
KeInitializeSpinLock
RtlInitUnicodeString

hal

ExReleaseFastMutex
KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql
ExAcquireFastMutex
KfReleaseSpinLock
KfAcquireSpinLock

Exports

Exports

?CrSaAdd@@YAHPAUCR_SORTARRAY@@_K@Z
?CrSaCleanup@@YAXPAUCR_SORTARRAY@@@Z
?CrSaClone@@YAHPBUCR_SORTARRAY@@PAU1@@Z
?CrSaCmp@@YAHPBUCR_SORTARRAY@@0@Z
?CrSaContains@@YA_NPBUCR_SORTARRAY@@_K@Z
?CrSaCovers@@YA_NPBUCR_SORTARRAY@@0@Z
?CrSaInit@@YAHPAUCR_SORTARRAY@@I@Z
?CrSaIntersect@@YAXPAUCR_SORTARRAY@@PBU1@@Z
?CrSaIntersected@@YAHPAUCR_SORTARRAY@@PBU1@0@Z
?CrSaRemove@@YAHPAUCR_SORTARRAY@@_K@Z
?CrSaUnited@@YAHPBUCR_SORTARRAY@@0PAU1@@Z
ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTAvlU32Destroy
RTAvlU32DoWithAll
RTAvlU32Get
RTAvlU32GetBestFit
RTAvlU32Insert
RTAvlU32Remove
RTAvlU32RemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0MemObjZeroInitialize
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16Printf
RTUtf16PrintfEx
RTUtf16PrintfExV
RTUtf16PrintfV
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memmove

Sections

.text
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$0/VBoxWddm/vboxwddm.cat
$0/license.rtf
.rtf
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

fc0224e99e736751432961db63a41b76

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleW
GlobalFree
GlobalSize
lstrcpynW
lstrcpyW
GetProcAddress
WideCharToMultiByte
VirtualFree
FreeLibrary
lstrlenW
LoadLibraryW
GlobalAlloc
MultiByteToWideChar
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfW

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 662B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

6b5c4f7d679059f68f1269aad3a5cecd

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetFileAttributesW
lstrcpyW
MulDiv
lstrlenW
HeapFree
GetCurrentDirectoryW
lstrcmpiW
GetProcessHeap
HeapReAlloc
GlobalFree
lstrcpynW
GlobalAlloc
SetCurrentDirectoryW
HeapAlloc

user32

DestroyWindow
CallWindowProcW
SetCursor
LoadCursorW
GetPropW
CharPrevW
DrawFocusRect
GetWindowLongW
DrawTextW
GetClientRect
SetWindowLongW
GetDlgItem
GetSysColor
SetWindowPos
CreateDialogParamW
MapDialogRect
GetWindowRect
SetPropW
CreateWindowExW
IsWindow
SetTimer
KillTimer
DispatchMessageW
TranslateMessage
GetMessageW
IsDialogMessageW
ShowWindow
wsprintfW
CharNextW
SendMessageW
MapWindowPoints
RemovePropW
GetWindowTextW

gdi32

SetTextColor

shell32

SHBrowseForFolderW
SHGetPathFromIDListW

comdlg32

GetSaveFileNameW
GetOpenFileNameW
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 638B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$R0
.dll windows:5 windows x86 arch:x86

2bb4371343f058a7dbda0e6f4e711f71

Code Sign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/03/2023, 00:00

Not After

11/03/2025, 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:2e:8e:4c:59:59:c6:f5:c9:80:70:e4:71:41:08:59:7a:d4:8d:40:72:37:5c:89:77:11:31:4c:75:c8:3a:1c
Signer

Actual PE Digest

6d:2e:8e:4c:59:59:c6:f5:c9:80:70:e4:71:41:08:59:7a:d4:8d:40:72:37:5c:89:77:11:31:4c:75:c8:3a:1c

Digest Algorithm

sha256

PE Digest Matches

false

5c:5f:77:4d:b9:35:ca:e9:6d:7d:83:31:d1:7b:af:cf:af:85:6c:81
Signer

Actual PE Digest

5c:5f:77:4d:b9:35:ca:e9:6d:7d:83:31:d1:7b:af:cf:af:85:6c:81

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxHook\VBoxHook.pdb

Imports

kernel32

SetEvent
OpenEventA
GetCurrentProcess
TerminateProcess
GetLastError
GetVersion
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetStdHandle
WriteFile
HeapAlloc
HeapFree
GetProcessHeap
RtlUnwind

user32

SetWinEventHook
UnhookWinEvent
GetWindowLongA

ole32

CoUninitialize
CoInitialize

Exports

Exports

VBoxHookInstallActiveDesktopTracker
VBoxHookInstallWindowTracker
VBoxHookRemoveActiveDesktopTracker
VBoxHookRemoveWindowTracker

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/VBoxControl.exe
.exe windows:1 windows x86 arch:x86

ced5918094f14d654d9d523c2935d5bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxControl\VBoxControl.pdb

Imports

kernel32

GetFileType
GetLastError
GetConsoleMode
SetErrorMode
GetVersion
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
GetACP
CreateFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
WriteFile
CloseHandle
DuplicateHandle
SetLastError
DeviceIoControl
GetCurrentProcess
FileTimeToSystemTime
SystemTimeToFileTime
GetFileAttributesW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFullPathNameW
MoveFileExW
TerminateProcess
GetCurrentProcessId
OutputDebugStringA
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetSystemTime
GetTickCount
GetTimeZoneInformation
SetThreadPriority
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
GetNamedPipeInfo
CreateDirectoryW
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
CreateFileA
PeekNamedPipe
GetOverlappedResult
ResetEvent
CreateEventA
GetNamedPipeHandleStateA
VirtualAlloc
VirtualFree
RtlUnwind
GetStdHandle
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetProcAddress
GetCommandLineW
GetModuleHandleA

user32

EnumDisplayDevicesA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExW
RegSetValueExA
RegOpenKeyExW

ntdll

RtlGetNtProductType
NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtSetInformationFile
NtQueryObject
NtQueryDirectoryFile
NtQueryDirectoryObject
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenDirectoryObject
NtOpenProcess
NtQueryInformationProcess
RtlFreeUnicodeString
NtCancelIoFile

Exports

Exports

g_abRTZero16K
g_abRTZero32K
g_abRTZero4K
g_abRTZero64K
g_abRTZero8K
g_abRTZeroPage

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zero
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/VBoxDisp.dll
.dll windows:6 windows x86 arch:x86

7d169efd38bae25431ee9dc7d4dd657e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxDisp\VBoxDisp.pdb

Imports

win32k.sys

EngCreateBitmap
EngCreateDeviceSurface
EngDeleteSurface
EngLockSurface
EngUnlockSurface
EngAssociateSurface
EngAllocMem
EngFreeMem
EngDeviceIoControl
EngCopyBits
PALOBJ_cGetColors
EngCreatePalette
EngDeletePalette
PATHOBJ_vGetBounds
EngBitBlt
EngLineTo
EngStretchBlt
EngTextOut
EngStrokePath
EngFillPath
EngPaint
BRUSHOBJ_pvAllocRbrush
BRUSHOBJ_pvGetRbrush
CLIPOBJ_cEnumStart
CLIPOBJ_bEnum
PATHOBJ_vEnumStart
PATHOBJ_bEnum
FONTOBJ_vGetInfo
STROBJ_vEnumStart
STROBJ_bEnum

Exports

Exports

ASMAtomicCmpXchgU8
RTCrc64
RTCrc64Finish
RTCrc64Process
RTCrc64Start
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogFormatV
RTLogWriteUser
RTStrCopy
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrNLen
memcpy
memmove
memset

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 745B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/VBoxHook.dll
.dll windows:5 windows x86 arch:x86

2bb4371343f058a7dbda0e6f4e711f71

Code Sign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/03/2023, 00:00

Not After

11/03/2025, 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

6d:2e:8e:4c:59:59:c6:f5:c9:80:70:e4:71:41:08:59:7a:d4:8d:40:72:37:5c:89:77:11:31:4c:75:c8:3a:1c
Signer

Actual PE Digest

6d:2e:8e:4c:59:59:c6:f5:c9:80:70:e4:71:41:08:59:7a:d4:8d:40:72:37:5c:89:77:11:31:4c:75:c8:3a:1c

Digest Algorithm

sha256

PE Digest Matches

false

5c:5f:77:4d:b9:35:ca:e9:6d:7d:83:31:d1:7b:af:cf:af:85:6c:81
Signer

Actual PE Digest

5c:5f:77:4d:b9:35:ca:e9:6d:7d:83:31:d1:7b:af:cf:af:85:6c:81

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxHook\VBoxHook.pdb

Imports

kernel32

SetEvent
OpenEventA
GetCurrentProcess
TerminateProcess
GetLastError
GetVersion
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
GetStdHandle
WriteFile
HeapAlloc
HeapFree
GetProcessHeap
RtlUnwind

user32

SetWinEventHook
UnhookWinEvent
GetWindowLongA

ole32

CoUninitialize
CoInitialize

Exports

Exports

VBoxHookInstallActiveDesktopTracker
VBoxHookInstallWindowTracker
VBoxHookRemoveActiveDesktopTracker
VBoxHookRemoveWindowTracker

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 14KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

SHARED
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 384B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/VBoxService.exe
.exe windows:1 windows x86 arch:x86

b8051d3dfa09094899f51f3c0cdf914b

Code Sign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/03/2023, 00:00

Not After

11/03/2025, 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:8e:84:76:55:c2:1c:8b:c5:b5:0e:45:3e:b5:52:20:27:b9:e5:0e:f8:02:6b:5f:78:3b:e2:af:70:1a:7a:23
Signer

Actual PE Digest

18:8e:84:76:55:c2:1c:8b:c5:b5:0e:45:3e:b5:52:20:27:b9:e5:0e:f8:02:6b:5f:78:3b:e2:af:70:1a:7a:23

Digest Algorithm

sha256

PE Digest Matches

false

ad:f6:1b:eb:88:8f:d4:c9:54:1d:f6:9e:79:be:84:82:98:83:07:97
Signer

Actual PE Digest

ad:f6:1b:eb:88:8f:d4:c9:54:1d:f6:9e:79:be:84:82:98:83:07:97

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxService\VBoxService.pdb

Imports

mpr

WNetOpenEnumA
WNetCancelConnection2W
WNetEnumResourceW
WNetAddConnection2W

kernel32

GetModuleHandleA
HeapReAlloc
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
SetSystemTime
FileTimeToSystemTime
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
DuplicateHandle
DeviceIoControl
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
MoveFileExW
GetConsoleMode
PeekNamedPipe
GetNamedPipeInfo
GetOverlappedResult
ResetEvent
CreateEventA
CreateNamedPipeA
GetNamedPipeHandleStateA
WaitForMultipleObjectsEx
WaitForSingleObjectEx
TerminateProcess
GetExitCodeProcess
ResumeThread
CreateProcessW
ReadProcessMemory
WriteProcessMemory
VirtualProtect
GetFileType
LocalAlloc
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
GetACP
SetThreadPriority
GetCommandLineW
OutputDebugStringA
SetEnvironmentVariableW
GetSystemDirectoryW
LoadLibraryExW
DeleteFileW
CreateEventW
VirtualAlloc
VirtualFree
RtlUnwind
GetStdHandle
SystemTimeToFileTime
GetProcAddress
GetModuleHandleW
GetTickCount
GetVersion
GetSystemTime
GetModuleFileNameA
LocalFree
GetWindowsDirectoryA
GetProcessHeap
HeapFree
HeapAlloc
QueryDosDeviceW
GetVolumeInformationW
LoadLibraryExA
FreeLibrary
VirtualQuery
GetSystemDirectoryA
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetSystemInfo
Sleep
SetConsoleCtrlHandler
CreateMutexW
SetLastError
GetLastError
CloseHandle
CreateFileA
SetEvent

user32

SetProcessWindowStation
OpenWindowStationA
CloseDesktop
GetProcessWindowStation
OpenDesktopA

advapi32

InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorDacl
GetAclInformation
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfigA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
LookupAccountNameW
LookupAccountSidA
IsValidSid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetLengthSid
FreeSid
EqualSid
CopySid
AllocateAndInitializeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
SetSecurityDescriptorDacl
LookupAccountSidW
InitiateSystemShutdownW
RegOpenKeyExW
RegQueryValueExW
AddAce
GetAce
OpenThreadToken

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ntdll

NtClose
NtWaitForSingleObject
NtCreateEvent
NtSetEvent
NtCreateFile
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtOpenDirectoryObject
NtQueryDirectoryObject
NtResetEvent
NtSetInformationFile
NtQueryObject
RtlAcquirePebLock
RtlReleasePebLock
NtCancelIoFile
NtQueryInformationProcess
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
RtlGetNtProductType
RtlFreeUnicodeString
NtOpenProcess

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/VBoxTray.exe
.exe windows:1 windows x86 arch:x86

41a3468e074cbdda6d4734c050bf5fb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxTray\VBoxTray.pdb

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
RaiseException
GetCurrentProcess
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
CreateFileW
ReadFile
WriteFile
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
CreateNamedPipeW
GetOverlappedResult
ResetEvent
LocalAlloc
LocalFree
GetStdHandle
TerminateProcess
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetVersion
GetFileSize
GetFileType
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
SetErrorMode
GetModuleFileNameW
GetCommandLineW
OutputDebugStringA
GetEnvironmentVariableW
GetSystemDirectoryW
LoadLibraryExW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
MoveFileExW
GetConsoleMode
CreateFileA
CreateDirectoryW
RemoveDirectoryW
RtlUnwind
GetSystemTime
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
GetStartupInfoW
CreateProcessW
GetCurrentProcessId
SetEnvironmentVariableW
SetLastError
lstrlenW
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
GetCurrentThreadId
GetTickCount
GetProcAddress
GetModuleHandleA
CreateThread
Sleep
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleW
SetThreadPriority
GetCurrentThread
SystemTimeToFileTime
CreateEventA
CreateMutexA
SetEvent
GetLastError
FlushFileBuffers
CloseHandle

user32

EnumDisplayDevicesA
AttachThreadInput
MessageBoxW
ShowCursor
WindowFromPoint
GetWindowThreadProcessId
SetWindowPos
GetClipboardOwner
SetClipboardData
GetClipboardData
RegisterClipboardFormatA
SendMessageTimeoutA
SendMessageCallbackA
OpenClipboard
CloseClipboard
SetClipboardViewer
GetClipboardViewer
ChangeClipboardChain
EnumClipboardFormats
GetClipboardFormatNameA
EmptyClipboard
TrackMouseEvent
ShowWindow
GetSystemMetrics
ClientToScreen
SetWindowLongA
GetClipboardFormatNameW
ChangeDisplaySettingsA
SystemParametersInfoA
GetClassNameA
EnumWindows
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowRgn
EnumDisplaySettingsA
ReleaseDC
GetDC
GetClassInfoExA
PostQuitMessage
PostThreadMessageA
GetMessageA
DestroyIcon
LoadIconA
LoadCursorA
FindWindowExA
FindWindowA
GetDesktopWindow
GetCursorPos
MessageBoxA
SetForegroundWindow
TrackPopupMenu
InsertMenuW
DestroyMenu
CreatePopupMenu
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
PostMessageA
SendMessageA
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
TranslateMessage

gdi32

CreateDCA
CreateSolidBrush
SetRectRgn
ExtEscape
DeleteDC
GetRegionData
DeleteObject
CreateRectRgn
CombineRgn
OffsetRgn

advapi32

GetUserNameW
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
RegCloseKey
RegEnumValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
InitializeAcl

shell32

DragQueryFileA
DragQueryFileW
Shell_NotifyIconA

ole32

OleDuplicateData
DoDragDrop
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoTaskMemFree
CoTaskMemAlloc
ReleaseStgMedium
OleSetClipboard
OleUninitialize
OleInitialize

ntdll

NtOpenProcess
RtlFreeUnicodeString
RtlGetNtProductType
NtSetInformationFile
NtQueryDirectoryObject
NtOpenDirectoryObject
NtQueryVolumeInformationFile
NtQueryInformationFile
NtQueryDirectoryFile
NtCancelIoFile
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
NtQueryInformationProcess
NtClose
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtCreateFile

Sections

.text
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/drivers/VBoxGuest.sys
.sys windows:6 windows x86 arch:x86

87f400735742d99e416c11acd9ff13ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxGuest\VBoxGuest.pdb

Imports

ntoskrnl.exe

KeSetEvent
KeWaitForSingleObject
KeInitializeSpinLock
ExFreePool
MmMapIoSpace
MmUnmapIoSpace
IoConnectInterrupt
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoDetachDevice
IoDisconnectInterrupt
ZwClose
ZwQueryInformationToken
ZwOpenProcessToken
KeGetCurrentThread
KeDelayExecutionThread
KeInitializeTimer
KeSetTimer
IoGetCurrentProcess
MmIsAddressValid
KeInitializeEvent
KeRemoveQueueDpc
KeNumberProcessors
KeResetEvent
KeCancelTimer
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryTickCount
ExAllocatePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
RtlUnwind
KeInsertQueueDpc
KeInitializeDpc
RtlInitUnicodeString
DbgPrint
RtlQueryRegistryValues

hal

HalTranslateBusAddress
HalGetInterruptVector
KeGetCurrentIrql
HalGetBusData

Exports

Exports

@InterlockedExchange@8
@IofCallDriver@8
@IofCompleteRequest@8
@KefAcquireSpinLockAtDpcLevel@4
@KefReleaseSpinLockFromDpcLevel@4
@KfAcquireSpinLock@4
@KfLowerIrql@4
@KfRaiseIrql@4
@KfReleaseSpinLock@8
@Nt3Fb_ExAcquireFastMutex@4
@Nt3Fb_ExReleaseFastMutex@4
@ObfDereferenceObject@4
ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTCritSectRwDelete
RTCritSectRwEnterExcl
RTCritSectRwEnterExclDebug
RTCritSectRwEnterShared
RTCritSectRwEnterSharedDebug
RTCritSectRwGetReadCount
RTCritSectRwGetWriteRecursion
RTCritSectRwGetWriterReadRecursion
RTCritSectRwInit
RTCritSectRwInitEx
RTCritSectRwIsReadOwner
RTCritSectRwIsWriteOwner
RTCritSectRwLeaveExcl
RTCritSectRwLeaveShared
RTCritSectRwSetSubClass
RTCritSectRwTryEnterExcl
RTCritSectRwTryEnterExclDebug
RTCritSectRwTryEnterShared
RTCritSectRwTryEnterSharedDebug
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0MemObjZeroInitialize
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNCmp
RTStrNICmpAscii
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTTimerCanDoHighResolution
RTTimerChangeInterval
RTTimerCreateEx
RTTimerDestroy
RTTimerReleaseSystemGranularity
RTTimerRequestSystemGranularity
RTTimerStart
RTTimerStop
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16ICmpAscii
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16NICmpAscii
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
_Nt3Fb_IoAttachDeviceToDeviceStack@8
_Nt3Fb_KeInitializeTimerEx@8
_Nt3Fb_KeSetTimerEx@20
_Nt3Fb_PsGetCurrentProcessId@0
_Nt3Fb_PsGetVersion@16
_Nt3Fb_ZwQuerySystemInformation@16
_Nt3Fb_ZwYieldExecution@0
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcpy
memmove
memset
strchr
strcmp

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/drivers/VBoxMouseNT.sys
.sys windows:6 windows x86 arch:x86

882e79b0f335cf2aad7b5f4ef7612a31

Code Sign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/03/2023, 00:00

Not After

11/03/2025, 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

b8:eb:de:ab:fb:96:d5:16:27:72:48:8e:f6:61:4c:5f:02:34:17:1f:b5:ee:08:c5:89:76:cc:06:72:4c:b1:9c
Signer

Actual PE Digest

b8:eb:de:ab:fb:96:d5:16:27:72:48:8e:f6:61:4c:5f:02:34:17:1f:b5:ee:08:c5:89:76:cc:06:72:4c:b1:9c

Digest Algorithm

sha256

PE Digest Matches

true

13:7e:58:70:32:33:3f:06:9c:a6:d4:10:de:7d:9c:d5:be:da:e2:5d
Signer

Actual PE Digest

13:7e:58:70:32:33:3f:06:9c:a6:d4:10:de:7d:9c:d5:be:da:e2:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxMouseNT\VBoxMouseNT.pdb

Imports

ntoskrnl.exe

RtlAppendUnicodeToString
RtlFreeAnsiString
KeInitializeDpc
KeInsertQueueDpc
KeSynchronizeExecution
KeInitializeTimer
KeCancelTimer
KeSetTimer
KeInitializeSpinLock
KeQueryTimeIncrement
ExAllocatePool
ExFreePool
MmMapIoSpace
MmUnmapIoSpace
IoAcquireCancelSpinLock
IoConnectInterrupt
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoDisconnectInterrupt
IoReleaseCancelSpinLock
IoStartNextPacket
IoStartPacket
RtlAppendUnicodeStringToString
IoReportResourceUsage
KeGetCurrentThread
KeSetEvent
KeDelayExecutionThread
KeWaitForSingleObject
IoGetCurrentProcess
MmIsAddressValid
DbgPrint
KeNumberProcessors
KeRemoveQueueDpc
KeInitializeEvent
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
KeQuerySystemTime
KeQueryTickCount
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
RtlUnwind
IoBuildPartialMdl
RtlCopyUnicodeString
RtlUnicodeStringToAnsiString
RtlInitUnicodeString
RtlIntegerToUnicodeString
RtlWriteRegistryValue
RtlQueryRegistryValues
IoQueryDeviceDescription
strstr
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
IoAllocateMdl
IoFreeMdl

hal

HalGetBusData
HalTranslateBusAddress
HalGetInterruptVector
KeStallExecutionProcessor
WRITE_PORT_UCHAR
READ_PORT_UCHAR
KeGetCurrentIrql

Exports

Exports

@InterlockedExchange@8
@IofCallDriver@8
@IofCompleteRequest@8
@KefAcquireSpinLockAtDpcLevel@4
@KefReleaseSpinLockFromDpcLevel@4
@KfAcquireSpinLock@4
@KfLowerIrql@4
@KfRaiseIrql@4
@KfReleaseSpinLock@8
@Nt3Fb_ExAcquireFastMutex@4
@Nt3Fb_ExReleaseFastMutex@4
@ObfDereferenceObject@4
ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0MemObjZeroInitialize
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16NICmpAscii
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
_Nt3Fb_IoAttachDeviceToDeviceStack@8
_Nt3Fb_KeInitializeTimerEx@8
_Nt3Fb_KeSetTimerEx@20
_Nt3Fb_PsGetCurrentProcessId@0
_Nt3Fb_PsGetVersion@16
_Nt3Fb_ZwQuerySystemInformation@16
_Nt3Fb_ZwYieldExecution@0
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcpy
memmove
memset
strchr
strcmp

Sections

.text
Size: 113KB - Virtual size: 113KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 34KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$SYSDIR/drivers/VBoxVideo.sys
.dll windows:6 windows x86 arch:x86

d95401d202098158823a9cb75d782593

Code Sign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/03/2023, 00:00

Not After

11/03/2025, 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:64:15:4a:6a:9b:56:90:a6:9e:9c:64:87:2f:ff:d5:1b:99:60:d2:64:10:12:05:b1:09:e8:81:31:78:a9:72
Signer

Actual PE Digest

ee:64:15:4a:6a:9b:56:90:a6:9e:9c:64:87:2f:ff:d5:1b:99:60:d2:64:10:12:05:b1:09:e8:81:31:78:a9:72

Digest Algorithm

sha256

PE Digest Matches

true

01:96:19:63:91:4e:3f:0b:29:2a:09:14:47:03:49:87:8d:01:e5:ec
Signer

Actual PE Digest

01:96:19:63:91:4e:3f:0b:29:2a:09:14:47:03:49:87:8d:01:e5:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxVideo\VBoxVideo.pdb

Imports

videoprt.sys

VideoPortGetRegistryParameters
VideoPortMapMemory
VideoPortZeroMemory
VideoPortUnmapMemory
VideoPortWritePortUchar
VideoPortSynchronizeExecution
VideoPortWritePortUlong
VideoPortWritePortUshort
VideoPortSetRegistryParameters
VideoPortReadPortUlong
VideoPortReadPortUshort
VideoPortInitialize
VideoPortMoveMemory
VideoPortGetAccessRanges

ntoskrnl.exe

ObfDereferenceObject
strchr
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
DbgPrint
MmIsAddressValid
KeNumberProcessors
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoGetCurrentProcess
IofCallDriver
KeGetCurrentThread
KeDelayExecutionThread
ZwYieldExecution
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryTickCount
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
ZwQuerySystemInformation
KeInitializeDpc
KeInsertQueueDpc
KeRemoveQueueDpc
KeSetEvent
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
KeInitializeSpinLock
RtlUnwind
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
KeInitializeEvent
RtlInitUnicodeString
IoGetDeviceObjectPointer
PsGetVersion
PsGetCurrentProcessId

hal

KfRaiseIrql
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock
KfLowerIrql

Exports

Exports

ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0MemObjZeroInitialize
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16Printf
RTUtf16PrintfEx
RTUtf16PrintfExV
RTUtf16PrintfV
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memmove

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 727B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_51_/$0
.exe windows:1 windows x86 arch:x86

b8051d3dfa09094899f51f3c0cdf914b

Code Sign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/03/2023, 00:00

Not After

11/03/2025, 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:8e:84:76:55:c2:1c:8b:c5:b5:0e:45:3e:b5:52:20:27:b9:e5:0e:f8:02:6b:5f:78:3b:e2:af:70:1a:7a:23
Signer

Actual PE Digest

18:8e:84:76:55:c2:1c:8b:c5:b5:0e:45:3e:b5:52:20:27:b9:e5:0e:f8:02:6b:5f:78:3b:e2:af:70:1a:7a:23

Digest Algorithm

sha256

PE Digest Matches

false

ad:f6:1b:eb:88:8f:d4:c9:54:1d:f6:9e:79:be:84:82:98:83:07:97
Signer

Actual PE Digest

ad:f6:1b:eb:88:8f:d4:c9:54:1d:f6:9e:79:be:84:82:98:83:07:97

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxService\VBoxService.pdb

Imports

mpr

WNetOpenEnumA
WNetCancelConnection2W
WNetEnumResourceW
WNetAddConnection2W

kernel32

GetModuleHandleA
HeapReAlloc
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
SetSystemTime
FileTimeToSystemTime
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
DuplicateHandle
DeviceIoControl
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
MoveFileExW
GetConsoleMode
PeekNamedPipe
GetNamedPipeInfo
GetOverlappedResult
ResetEvent
CreateEventA
CreateNamedPipeA
GetNamedPipeHandleStateA
WaitForMultipleObjectsEx
WaitForSingleObjectEx
TerminateProcess
GetExitCodeProcess
ResumeThread
CreateProcessW
ReadProcessMemory
WriteProcessMemory
VirtualProtect
GetFileType
LocalAlloc
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
GetACP
SetThreadPriority
GetCommandLineW
OutputDebugStringA
SetEnvironmentVariableW
GetSystemDirectoryW
LoadLibraryExW
DeleteFileW
CreateEventW
VirtualAlloc
VirtualFree
RtlUnwind
GetStdHandle
SystemTimeToFileTime
GetProcAddress
GetModuleHandleW
GetTickCount
GetVersion
GetSystemTime
GetModuleFileNameA
LocalFree
GetWindowsDirectoryA
GetProcessHeap
HeapFree
HeapAlloc
QueryDosDeviceW
GetVolumeInformationW
LoadLibraryExA
FreeLibrary
VirtualQuery
GetSystemDirectoryA
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetSystemInfo
Sleep
SetConsoleCtrlHandler
CreateMutexW
SetLastError
GetLastError
CloseHandle
CreateFileA
SetEvent

user32

SetProcessWindowStation
OpenWindowStationA
CloseDesktop
GetProcessWindowStation
OpenDesktopA

advapi32

InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorDacl
GetAclInformation
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfigA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
LookupAccountNameW
LookupAccountSidA
IsValidSid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetLengthSid
FreeSid
EqualSid
CopySid
AllocateAndInitializeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
SetSecurityDescriptorDacl
LookupAccountSidW
InitiateSystemShutdownW
RegOpenKeyExW
RegQueryValueExW
AddAce
GetAce
OpenThreadToken

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ntdll

NtClose
NtWaitForSingleObject
NtCreateEvent
NtSetEvent
NtCreateFile
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtOpenDirectoryObject
NtQueryDirectoryObject
NtResetEvent
NtSetInformationFile
NtQueryObject
RtlAcquirePebLock
RtlReleasePebLock
NtCancelIoFile
NtQueryInformationProcess
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
RtlGetNtProductType
RtlFreeUnicodeString
NtOpenProcess

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$_51_/VBoxService.exe
.exe windows:1 windows x86 arch:x86

b8051d3dfa09094899f51f3c0cdf914b

Code Sign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/03/2023, 00:00

Not After

11/03/2025, 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

18:8e:84:76:55:c2:1c:8b:c5:b5:0e:45:3e:b5:52:20:27:b9:e5:0e:f8:02:6b:5f:78:3b:e2:af:70:1a:7a:23
Signer

Actual PE Digest

18:8e:84:76:55:c2:1c:8b:c5:b5:0e:45:3e:b5:52:20:27:b9:e5:0e:f8:02:6b:5f:78:3b:e2:af:70:1a:7a:23

Digest Algorithm

sha256

PE Digest Matches

false

ad:f6:1b:eb:88:8f:d4:c9:54:1d:f6:9e:79:be:84:82:98:83:07:97
Signer

Actual PE Digest

ad:f6:1b:eb:88:8f:d4:c9:54:1d:f6:9e:79:be:84:82:98:83:07:97

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxService\VBoxService.pdb

Imports

mpr

WNetOpenEnumA
WNetCancelConnection2W
WNetEnumResourceW
WNetAddConnection2W

kernel32

GetModuleHandleA
HeapReAlloc
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
SetSystemTime
FileTimeToSystemTime
CreateDirectoryW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFilePointer
WriteFile
DuplicateHandle
DeviceIoControl
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
MoveFileExW
GetConsoleMode
PeekNamedPipe
GetNamedPipeInfo
GetOverlappedResult
ResetEvent
CreateEventA
CreateNamedPipeA
GetNamedPipeHandleStateA
WaitForMultipleObjectsEx
WaitForSingleObjectEx
TerminateProcess
GetExitCodeProcess
ResumeThread
CreateProcessW
ReadProcessMemory
WriteProcessMemory
VirtualProtect
GetFileType
LocalAlloc
SetErrorMode
GetModuleFileNameW
WideCharToMultiByte
GetACP
SetThreadPriority
GetCommandLineW
OutputDebugStringA
SetEnvironmentVariableW
GetSystemDirectoryW
LoadLibraryExW
DeleteFileW
CreateEventW
VirtualAlloc
VirtualFree
RtlUnwind
GetStdHandle
SystemTimeToFileTime
GetProcAddress
GetModuleHandleW
GetTickCount
GetVersion
GetSystemTime
GetModuleFileNameA
LocalFree
GetWindowsDirectoryA
GetProcessHeap
HeapFree
HeapAlloc
QueryDosDeviceW
GetVolumeInformationW
LoadLibraryExA
FreeLibrary
VirtualQuery
GetSystemDirectoryA
OpenProcess
GetCurrentProcessId
GetCurrentProcess
GetSystemInfo
Sleep
SetConsoleCtrlHandler
CreateMutexW
SetLastError
GetLastError
CloseHandle
CreateFileA
SetEvent

user32

SetProcessWindowStation
OpenWindowStationA
CloseDesktop
GetProcessWindowStation
OpenDesktopA

advapi32

InitializeSecurityDescriptor
InitializeAcl
GetSecurityDescriptorDacl
GetAclInformation
StartServiceCtrlDispatcherA
SetServiceStatus
RegisterServiceCtrlHandlerA
OpenServiceA
OpenSCManagerA
DeleteService
CreateServiceA
CloseServiceHandle
ChangeServiceConfigA
RegOpenKeyExA
RegDeleteKeyA
RegCloseKey
LookupAccountNameW
LookupAccountSidA
IsValidSid
GetTokenInformation
GetSidSubAuthorityCount
GetSidSubAuthority
GetLengthSid
FreeSid
EqualSid
CopySid
AllocateAndInitializeSid
LookupPrivilegeValueA
AdjustTokenPrivileges
OpenProcessToken
SetSecurityDescriptorDacl
LookupAccountSidW
InitiateSystemShutdownW
RegOpenKeyExW
RegQueryValueExW
AddAce
GetAce
OpenThreadToken

version

GetFileVersionInfoA
VerQueryValueA
GetFileVersionInfoSizeA

ntdll

NtClose
NtWaitForSingleObject
NtCreateEvent
NtSetEvent
NtCreateFile
NtQueryDirectoryFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtOpenDirectoryObject
NtQueryDirectoryObject
NtResetEvent
NtSetInformationFile
NtQueryObject
RtlAcquirePebLock
RtlReleasePebLock
NtCancelIoFile
NtQueryInformationProcess
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
RtlGetNtProductType
RtlFreeUnicodeString
NtOpenProcess

Sections

.text
Size: 324KB - Virtual size: 323KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 267KB - Virtual size: 266KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 51KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
DIFxAPI.dll
.dll windows:6 windows x86 arch:x86

bced6390751f7df672767c6c60fd16dc

Code Sign

61:03:dc:f6:00:00:00:00:00:0c
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

25/07/2008, 19:12

Not After

25/07/2011, 19:22

Subject

CN=Microsoft Time-Stamp Service,OU=MOPR+OU=nCipher DSE ESN:159C-A3F7-2570,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:15:23:0f:00:00:00:00:00:0a
Certificate

Issuer

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

07/12/2009, 21:57

Not After

07/03/2011, 21:57

Subject

CN=Microsoft Windows,OU=MOPR,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:07:02:dc:00:00:00:00:00:0b
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

15/09/2005, 21:55

Not After

15/03/2016, 22:05

Subject

CN=Microsoft Windows Verification PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment
KeyUsageCertSign
KeyUsageCRLSign

b4:3a:2e:c6:32:74:1f:7f:5a:ac:1d:1e:5f:70:f7:d0:71:69:58:ba
Signer

Actual PE Digest

b4:3a:2e:c6:32:74:1f:7f:5a:ac:1d:1e:5f:70:f7:d0:71:69:58:ba

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

difxapi.pdb

Imports

ntdll

RtlNtStatusToDosError
VerSetConditionMask
RtlUnwind

kernel32

VerifyVersionInfoW
GetVersionExW
lstrlenW
FreeLibrary
GetProcAddress
LoadLibraryW
DeleteFileW
SetFileAttributesW
GetEnvironmentVariableW
CompareStringW
GetFileAttributesW
MoveFileExW
GetTempFileNameW
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingW
GetFileSize
CreateFileW
GetSystemWindowsDirectoryW
MultiByteToWideChar
WideCharToMultiByte
GetSystemDirectoryW
GetFullPathNameW
CopyFileW
LocalFree
RemoveDirectoryW
FindClose
FindNextFileW
lstrcmpW
FindFirstFileW
CreateDirectoryW
LocalReAlloc
LocalAlloc
GetProcessHeap
ReleaseMutex
DeviceIoControl
WaitForSingleObject
CreateMutexW
GetSystemTimeAsFileTime
Sleep
RaiseException
GetVersionExA
HeapSize
GetCommandLineA
VirtualProtect
VirtualAlloc
GetSystemInfo
VirtualQuery
GetModuleHandleA
ExitProcess
TlsGetValue
SetLastError
TlsSetValue
TlsFree
GetCurrentThreadId
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
VirtualFree
QueryPerformanceCounter
GetTickCount
GetCurrentProcessId
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
WriteFile
GetCPInfo
GetACP
GetOEMCP
LCMapStringA
LCMapStringW
LoadLibraryExA
SetFilePointer
GetConsoleCP
GetConsoleMode
GetStringTypeA
GetStringTypeW
GetLocaleInfoA
SetStdHandle
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
FlushFileBuffers
GetThreadLocale
WaitForMultipleObjectsEx
InterlockedCompareExchange
WaitForSingleObjectEx
SetEvent
CreateEventW
SetEndOfFile
InterlockedExchange
lstrcmpiW
GetLastError
InterlockedIncrement
InterlockedDecrement
FindResourceExW
FindResourceW
LoadResource
LockResource
SizeofResource
HeapFree
HeapReAlloc
EnterCriticalSection
HeapAlloc
LeaveCriticalSection
HeapDestroy
GetModuleHandleW
DeleteCriticalSection
GetModuleFileNameA
OutputDebugStringA
HeapCreate
InitializeCriticalSection
TlsAlloc
CreateFileA

user32

UnregisterClassA
CharLowerW

setupapi

SetupDiSetDeviceRegistryPropertyW
SetupQueueCopyIndirectW
SetupDiCallClassInstaller
SetupDiBuildDriverInfoList
SetupDiSetDeviceInstallParamsW
SetupDiGetDeviceInstallParamsW
SetupDiSetSelectedDevice
SetupDiOpenDeviceInfoW
SetupDiOpenDevRegKey
SetupDiGetDeviceInstanceIdW
SetupDiCreateDeviceInfoList
SetupDiGetDriverInfoDetailW
SetupDiGetSelectedDriverW
SetupDiSetClassInstallParamsW
SetupDiClassNameFromGuidW
SetupDiEnumDeviceInfo
SetupDiGetDeviceRegistryPropertyW
CM_Get_Device_IDW
CM_Get_Device_ID_ListW
CM_Get_Device_ID_List_SizeW
CM_Locate_DevNodeW
CM_Get_DevNode_Status
CM_Query_And_Remove_SubTreeW
SetupDiOpenClassRegKey
SetupGetTargetPathW
SetupInstallFilesFromInfSectionW
SetupPromptReboot
SetupInstallFromInfSectionW
SetupInstallServicesFromInfSectionW
SetupDiGetActualSectionToInstallW
SetupFindNextLine
SetupFindNextMatchLineW
SetupOpenInfFileW
SetupOpenFileQueue
SetupCommitFileQueueW
SetupQueueCopyW
SetupCloseFileQueue
SetupFindFirstLineW
SetupCopyOEMInfW
SetupCloseInfFile
SetupGetLineCountW
SetupDiDestroyDeviceInfoList
SetupDiGetClassDevsW
SetupOpenAppendInfFileW
CM_Enumerate_Classes
CM_Setup_DevNode
SetupGetIntField
SetupGetFieldCount
pSetupGetGlobalFlags
pSetupSetGlobalFlags
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallbackEx
SetupDefaultQueueCallbackW
SetupGetStringFieldW

advapi32

RegCloseKey
CheckTokenMembership
AllocateAndInitializeSid
RegDeleteKeyW
RegSetValueExW
RegCreateKeyExW
RegOpenKeyExW
RegDeleteValueW
RegQueryValueExW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
AddAccessAllowedAce
InitializeAcl
GetLengthSid
SetEntriesInAclW
QueryServiceStatus
DeleteService
ControlService
CloseServiceHandle
OpenServiceW
OpenSCManagerW
StartServiceW
FreeSid

ole32

StringFromCLSID
CoTaskMemFree
CoInitialize
CoUninitialize
CoCreateInstance

wintrust

WinVerifyTrust
CryptCATAdminCalcHashFromFileHandle

crypt32

CertFreeCertificateContext
CertGetCTLContextProperty
CryptQueryObject
CertFreeCTLContext

Exports

Exports

DIFXAPISetLogCallbackA
DIFXAPISetLogCallbackW
DriverPackageGetPathA
DriverPackageGetPathW
DriverPackageInstallA
DriverPackageInstallW
DriverPackagePreinstallA
DriverPackagePreinstallW
DriverPackageUninstallA
DriverPackageUninstallW
SetDifxLogCallbackA
SetDifxLogCallbackW

Sections

.text
Size: 283KB - Virtual size: 282KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxControl.exe
.exe windows:1 windows x86 arch:x86

ced5918094f14d654d9d523c2935d5bb

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxControl\VBoxControl.pdb

Imports

kernel32

GetFileType
GetLastError
GetConsoleMode
SetErrorMode
GetVersion
GetModuleHandleW
GetModuleFileNameW
WideCharToMultiByte
GetACP
CreateFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
SetFileTime
WriteFile
CloseHandle
DuplicateHandle
SetLastError
DeviceIoControl
GetCurrentProcess
FileTimeToSystemTime
SystemTimeToFileTime
GetFileAttributesW
GetEnvironmentVariableW
GetCurrentDirectoryW
GetFullPathNameW
MoveFileExW
TerminateProcess
GetCurrentProcessId
OutputDebugStringA
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetSystemTime
GetTickCount
GetTimeZoneInformation
SetThreadPriority
ReleaseMutex
WaitForSingleObjectEx
CreateMutexA
GetNamedPipeInfo
CreateDirectoryW
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
CreateFileA
PeekNamedPipe
GetOverlappedResult
ResetEvent
CreateEventA
GetNamedPipeHandleStateA
VirtualAlloc
VirtualFree
RtlUnwind
GetStdHandle
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc
GetProcAddress
GetCommandLineW
GetModuleHandleA

user32

EnumDisplayDevicesA

advapi32

RegQueryValueExA
RegOpenKeyExA
RegDeleteValueA
RegCloseKey
RegQueryValueExW
RegSetValueExA
RegOpenKeyExW

ntdll

RtlGetNtProductType
NtClose
NtCreateFile
NtQueryVolumeInformationFile
NtQueryInformationFile
NtSetInformationFile
NtQueryObject
NtQueryDirectoryFile
NtQueryDirectoryObject
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenDirectoryObject
NtOpenProcess
NtQueryInformationProcess
RtlFreeUnicodeString
NtCancelIoFile

Exports

Exports

g_abRTZero16K
g_abRTZero32K
g_abRTZero4K
g_abRTZero64K
g_abRTZero8K
g_abRTZeroPage

Sections

.text
Size: 308KB - Virtual size: 307KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.zero
Size: - Virtual size: 64KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rdata
Size: 226KB - Virtual size: 225KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 15KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxDX.dll
.dll windows:6 windows x86 arch:x86

5b205ef05f13c31f9db3c3f052a542e1

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxDX\VBoxDX.pdb

Imports

kernel32

GetProcessHeap
GetCurrentProcessId
Sleep
GetCurrentThreadId
SetErrorMode
GetVersion
GetModuleHandleW
GetProcAddress
GetLastError
GetModuleFileNameW
GetModuleHandleA
GetCommandLineW
OutputDebugStringA
GetStdHandle
WriteFile
CloseHandle
RaiseException
GetCurrentProcess
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
GetSystemTime
GetTickCount
SystemTimeToFileTime
GetEnvironmentVariableW
SetLastError
CreateFileW
FlushFileBuffers
HeapReAlloc
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
TerminateProcess
GetConsoleMode
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
WideCharToMultiByte
GetACP
RtlUnwind
HeapFree
GetFileSize
HeapAlloc

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

RtlGetNtProductType
NtQueryDirectoryFile
NtQueryInformationFile
NtClose
NtQueryVolumeInformationFile
NtQueryDirectoryObject
NtCreateFile
NtSetInformationFile
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenProcess
NtQueryInformationProcess
NtOpenDirectoryObject
RtlFreeUnicodeString

Exports

Exports

OpenAdapter10
OpenAdapter10_2

Sections

.text
Size: 182KB - Virtual size: 182KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 186KB - Virtual size: 186KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxDisp.dll
.dll windows:6 windows x86 arch:x86

7d169efd38bae25431ee9dc7d4dd657e

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxDisp\VBoxDisp.pdb

Imports

win32k.sys

EngCreateBitmap
EngCreateDeviceSurface
EngDeleteSurface
EngLockSurface
EngUnlockSurface
EngAssociateSurface
EngAllocMem
EngFreeMem
EngDeviceIoControl
EngCopyBits
PALOBJ_cGetColors
EngCreatePalette
EngDeletePalette
PATHOBJ_vGetBounds
EngBitBlt
EngLineTo
EngStretchBlt
EngTextOut
EngStrokePath
EngFillPath
EngPaint
BRUSHOBJ_pvAllocRbrush
BRUSHOBJ_pvGetRbrush
CLIPOBJ_cEnumStart
CLIPOBJ_bEnum
PATHOBJ_vEnumStart
PATHOBJ_bEnum
FONTOBJ_vGetInfo
STROBJ_vEnumStart
STROBJ_bEnum

Exports

Exports

ASMAtomicCmpXchgU8
RTCrc64
RTCrc64Finish
RTCrc64Process
RTCrc64Start
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogFormatV
RTLogWriteUser
RTStrCopy
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrNLen
memcpy
memmove
memset

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 1024B - Virtual size: 745B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 1024B - Virtual size: 724B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxDispD3D.dll
.dll windows:6 windows x86 arch:x86

6687fa397df54777db9acca4f10a3802

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxDispD3D\VBoxDispD3D.pdb

Imports

psapi

GetModuleInformation

kernel32

GetLastError
GetModuleHandleA
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetCurrentProcessId
GetCurrentThreadId
OutputDebugStringA
InterlockedIncrement
InterlockedDecrement
FreeLibrary
GetProcAddress
SetLastError
LoadLibraryA
GetSystemDirectoryA
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
SetErrorMode
GetVersion
GetModuleHandleW
GetModuleFileNameW
TerminateProcess
GetCurrentProcess
WriteFile
GetCommandLineW
CloseHandle
RaiseException
GetCurrentThread
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
GetSystemTime
GetTickCount
SystemTimeToFileTime
GetEnvironmentVariableW
CreateFileW
FlushFileBuffers
GetFileSize
GetStdHandle
SetFileAttributesW
SetFilePointer
DeviceIoControl
GetConsoleMode
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
LoadLibraryExW
WideCharToMultiByte
GetACP
RtlUnwind
SetEndOfFile

user32

GetCursorPos
EnumDisplayDevicesW

gdi32

CreateDCW
DeleteDC

ntdll

RtlGetNtProductType
NtQueryDirectoryFile
NtQueryInformationFile
NtClose
NtQueryVolumeInformationFile
NtQueryDirectoryObject
NtCreateFile
NtSetInformationFile
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtOpenProcess
NtQueryInformationProcess
NtOpenDirectoryObject
RtlFreeUnicodeString

Exports

Exports

OpenAdapter

Sections

.text
Size: 164KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 181KB - Virtual size: 181KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 19KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxDrvInst.exe
.exe windows:1 windows x86 arch:x86

3a91ded5f4f065bda473d09076ea80b9

Code Sign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/03/2023, 00:00

Not After

11/03/2025, 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

3a:f6:db:c6:80:48:ab:25:df:4e:3f:48:d6:22:d5:fb:2e:ce:0b:65:e8:6a:09:47:81:a6:1b:c7:89:1b:14:39
Signer

Actual PE Digest

3a:f6:db:c6:80:48:ab:25:df:4e:3f:48:d6:22:d5:fb:2e:ce:0b:65:e8:6a:09:47:81:a6:1b:c7:89:1b:14:39

Digest Algorithm

sha256

PE Digest Matches

false

52:0f:00:d4:da:77:26:ce:87:84:23:29:cc:39:90:5e:d2:b9:cf:d9
Signer

Actual PE Digest

52:0f:00:d4:da:77:26:ce:87:84:23:29:cc:39:90:5e:d2:b9:cf:d9

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxDrvInst\VBoxDrvInst.pdb

Imports

setupapi

SetupDiGetDeviceInstallParamsW
SetupDiSetDeviceRegistryPropertyW
SetupDiGetDeviceRegistryPropertyW
SetupDiInstallDevice
SetupDiSetDeviceInstallParamsW
SetupDiGetDriverInfoDetailW
SetupDiSetSelectedDriverW
SetupDiEnumDriverInfoW
SetupDiBuildDriverInfoList
SetupDiDestroyDriverInfoList
SetupDiRegisterDeviceInfo
SetupDiDestroyDeviceInfoList
SetupDiOpenDeviceInfoW
SetupDiCreateDeviceInfoW
SetupDiCreateDeviceInfoList
SetupInstallServicesFromInfSectionW
SetupInstallFromInfSectionW
SetupDefaultQueueCallbackW
SetupTermDefaultQueueCallback
SetupInitDefaultQueueCallback
SetupGetStringFieldW
SetupFindFirstLineW
SetupCloseInfFile
SetupOpenInfFileW

kernel32

RtlUnwind
GetStdHandle
CreateFileW
GetFullPathNameW
WriteFile
CloseHandle
GetLastError
SetLastError
GetSystemTime
GetVersionExW
GetModuleFileNameW
GetModuleHandleW
GetProcAddress
LoadLibraryExW
LoadLibraryW
FormatMessageW
lstrcmpiW
GetConsoleMode
WriteConsoleW
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
WideCharToMultiByte
GetACP
GetCurrentProcess
TerminateProcess
GetVersion

advapi32

UnlockServiceDatabase
OpenServiceW
OpenSCManagerW
LockServiceDatabase
DeleteService
CreateServiceW
CloseServiceHandle
ChangeServiceConfigW
RegSetValueExW
RegQueryValueExW
RegOpenKeyExW
RegDeleteValueW
RegCreateKeyExW
RegCloseKey

Sections

.text
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxGL.dll
.dll windows:6 windows x86 arch:x86

1997ada4494f66716c6264408bd61ebf

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxGL\VBoxGL.pdb

Imports

kernel32

GetLastError
GetConsoleMode
GetEnvironmentVariableW
SetLastError
GetVersion
GetCurrentProcess
TerminateProcess
SetErrorMode
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
WideCharToMultiByte
GetACP
CreateFileW
FlushFileBuffers
GetFileSize
ReadFile
SetEndOfFile
SetFileAttributesW
SetFilePointer
WriteFile
CloseHandle
DuplicateHandle
DeviceIoControl
GetCommandLineW
OutputDebugStringA
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
GetThreadTimes
Sleep
GetSystemTime
GetStdHandle
GetTickCount
SystemTimeToFileTime
TlsFree
SetThreadPriority
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
RtlUnwind
VirtualAlloc
VirtualFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
CreateToolhelp32Snapshot
Thread32First
Thread32Next
GetEnvironmentVariableA
IsDebuggerPresent
GetSystemInfo
GetConsoleWindow
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetCommandLineA
SetThreadAffinityMask
GetCurrentProcessorNumber
GetProcessTimes
GetFileType
GetCurrentProcessId
GetProcessHeap
HeapFree
HeapReAlloc
HeapAlloc

user32

GetDC
CallNextHookEx
ClientToScreen
GetWindowRect
GetClientRect
LoadIconA
LoadCursorA
AdjustWindowRectEx
DestroyWindow
CreateWindowExA
RegisterClassA
DefWindowProcA
UnhookWindowsHookEx
WindowFromDC
EnumDisplayDevicesA
EnumDisplaySettingsA
SetWindowsHookExA
ReleaseDC

gdi32

GetGlyphOutlineA
DeleteDC
DescribePixelFormat
GetPixelFormat
SetPixelFormat
CreateDCA

ntdll

NtOpenProcess
NtQueryInformationProcess
RtlFreeUnicodeString
NtOpenDirectoryObject
NtResetEvent
NtCreateEvent
NtWaitForSingleObject
NtQueryDirectoryObject
NtQueryDirectoryFile
NtSetInformationFile
NtQueryInformationFile
NtQueryVolumeInformationFile
NtCreateFile
NtClose
RtlGetNtProductType
NtSetEvent

Exports

Exports

DrvCopyContext
DrvCreateContext
DrvCreateLayerContext
DrvDeleteContext
DrvDescribeLayerPlane
DrvDescribePixelFormat
DrvGetLayerPaletteEntries
DrvGetProcAddress
DrvPresentBuffers
DrvRealizeLayerPalette
DrvReleaseContext
DrvSetCallbackProcs
DrvSetContext
DrvSetLayerPaletteEntries
DrvSetPixelFormat
DrvShareLists
DrvSwapBuffers
DrvSwapLayerBuffers
DrvValidateVersion
glAccum
glAlphaFunc
glAreTexturesResident
glArrayElement
glBegin
glBindTexture
glBitmap
glBlendFunc
glCallList
glCallLists
glClear
glClearAccum
glClearColor
glClearDepth
glClearIndex
glClearStencil
glClipPlane
glColor3b
glColor3bv
glColor3d
glColor3dv
glColor3f
glColor3fv
glColor3i
glColor3iv
glColor3s
glColor3sv
glColor3ub
glColor3ubv
glColor3ui
glColor3uiv
glColor3us
glColor3usv
glColor4b
glColor4bv
glColor4d
glColor4dv
glColor4f
glColor4fv
glColor4i
glColor4iv
glColor4s
glColor4sv
glColor4ub
glColor4ubv
glColor4ui
glColor4uiv
glColor4us
glColor4usv
glColorMask
glColorMaterial
glColorPointer
glCopyPixels
glCopyTexImage1D
glCopyTexImage2D
glCopyTexSubImage1D
glCopyTexSubImage2D
glCullFace
glDeleteLists
glDeleteTextures
glDepthFunc
glDepthMask
glDepthRange
glDisable
glDisableClientState
glDrawArrays
glDrawBuffer
glDrawElements
glDrawPixels
glEdgeFlag
glEdgeFlagPointer
glEdgeFlagv
glEnable
glEnableClientState
glEnd
glEndList
glEvalCoord1d
glEvalCoord1dv
glEvalCoord1f
glEvalCoord1fv
glEvalCoord2d
glEvalCoord2dv
glEvalCoord2f
glEvalCoord2fv
glEvalMesh1
glEvalMesh2
glEvalPoint1
glEvalPoint2
glFeedbackBuffer
glFinish
glFlush
glFogf
glFogfv
glFogi
glFogiv
glFrontFace
glFrustum
glGenLists
glGenTextures
glGetBooleanv
glGetClipPlane
glGetDoublev
glGetError
glGetFloatv
glGetIntegerv
glGetLightfv
glGetLightiv
glGetMapdv
glGetMapfv
glGetMapiv
glGetMaterialfv
glGetMaterialiv
glGetPixelMapfv
glGetPixelMapuiv
glGetPixelMapusv
glGetPointerv
glGetPolygonStipple
glGetString
glGetTexEnvfv
glGetTexEnviv
glGetTexGendv
glGetTexGenfv
glGetTexGeniv
glGetTexImage
glGetTexLevelParameterfv
glGetTexLevelParameteriv
glGetTexParameterfv
glGetTexParameteriv
glHint
glIndexMask
glIndexPointer
glIndexd
glIndexdv
glIndexf
glIndexfv
glIndexi
glIndexiv
glIndexs
glIndexsv
glIndexub
glIndexubv
glInitNames
glInterleavedArrays
glIsEnabled
glIsList
glIsTexture
glLightModelf
glLightModelfv
glLightModeli
glLightModeliv
glLightf
glLightfv
glLighti
glLightiv
glLineStipple
glLineWidth
glListBase
glLoadIdentity
glLoadMatrixd
glLoadMatrixf
glLoadName
glLogicOp
glMap1d
glMap1f
glMap2d
glMap2f
glMapGrid1d
glMapGrid1f
glMapGrid2d
glMapGrid2f
glMaterialf
glMaterialfv
glMateriali
glMaterialiv
glMatrixMode
glMultMatrixd
glMultMatrixf
glNewList
glNormal3b
glNormal3bv
glNormal3d
glNormal3dv
glNormal3f
glNormal3fv
glNormal3i
glNormal3iv
glNormal3s
glNormal3sv
glNormalPointer
glOrtho
glPassThrough
glPixelMapfv
glPixelMapuiv
glPixelMapusv
glPixelStoref
glPixelStorei
glPixelTransferf
glPixelTransferi
glPixelZoom
glPointSize
glPolygonMode
glPolygonOffset
glPolygonStipple
glPopAttrib
glPopClientAttrib
glPopMatrix
glPopName
glPrioritizeTextures
glPushAttrib
glPushClientAttrib
glPushMatrix
glPushName
glRasterPos2d
glRasterPos2dv
glRasterPos2f
glRasterPos2fv
glRasterPos2i
glRasterPos2iv
glRasterPos2s
glRasterPos2sv
glRasterPos3d
glRasterPos3dv
glRasterPos3f
glRasterPos3fv
glRasterPos3i
glRasterPos3iv
glRasterPos3s
glRasterPos3sv
glRasterPos4d
glRasterPos4dv
glRasterPos4f
glRasterPos4fv
glRasterPos4i
glRasterPos4iv
glRasterPos4s
glRasterPos4sv
glReadBuffer
glReadPixels
glRectd
glRectdv
glRectf
glRectfv
glRecti
glRectiv
glRects
glRectsv
glRenderMode
glRotated
glRotatef
glScaled
glScalef
glScissor
glSelectBuffer
glShadeModel
glStencilFunc
glStencilMask
glStencilOp
glTexCoord1d
glTexCoord1dv
glTexCoord1f
glTexCoord1fv
glTexCoord1i
glTexCoord1iv
glTexCoord1s
glTexCoord1sv
glTexCoord2d
glTexCoord2dv
glTexCoord2f
glTexCoord2fv
glTexCoord2i
glTexCoord2iv
glTexCoord2s
glTexCoord2sv
glTexCoord3d
glTexCoord3dv
glTexCoord3f
glTexCoord3fv
glTexCoord3i
glTexCoord3iv
glTexCoord3s
glTexCoord3sv
glTexCoord4d
glTexCoord4dv
glTexCoord4f
glTexCoord4fv
glTexCoord4i
glTexCoord4iv
glTexCoord4s
glTexCoord4sv
glTexCoordPointer
glTexEnvf
glTexEnvfv
glTexEnvi
glTexEnviv
glTexGend
glTexGendv
glTexGenf
glTexGenfv
glTexGeni
glTexGeniv
glTexImage1D
glTexImage2D
glTexParameterf
glTexParameterfv
glTexParameteri
glTexParameteriv
glTexSubImage1D
glTexSubImage2D
glTranslated
glTranslatef
glVertex2d
glVertex2dv
glVertex2f
glVertex2fv
glVertex2i
glVertex2iv
glVertex2s
glVertex2sv
glVertex3d
glVertex3dv
glVertex3f
glVertex3fv
glVertex3i
glVertex3iv
glVertex3s
glVertex3sv
glVertex4d
glVertex4dv
glVertex4f
glVertex4fv
glVertex4i
glVertex4iv
glVertex4s
glVertex4sv
glVertexPointer
glViewport
wglChoosePixelFormat
wglCopyContext
wglCreateContext
wglCreateLayerContext
wglDeleteContext
wglDescribeLayerPlane
wglDescribePixelFormat
wglGetCurrentContext
wglGetCurrentDC
wglGetLayerPaletteEntries
wglGetPixelFormat
wglGetProcAddress
wglMakeCurrent
wglRealizeLayerPalette
wglSetLayerPaletteEntries
wglSetPixelFormat
wglShareLists
wglSwapBuffers
wglSwapLayerBuffers
wglSwapMultipleBuffers
wglUseFontBitmapsA
wglUseFontBitmapsW
wglUseFontOutlinesA
wglUseFontOutlinesW

Sections

.text
Size: 5.0MB - Virtual size: 5.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4.5MB - Virtual size: 4.5MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 227KB - Virtual size: 227KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxGuest.cat
VBoxGuest.inf
VBoxGuest.sys
.sys windows:6 windows x86 arch:x86

87f400735742d99e416c11acd9ff13ee

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxGuest\VBoxGuest.pdb

Imports

ntoskrnl.exe

KeSetEvent
KeWaitForSingleObject
KeInitializeSpinLock
ExFreePool
MmMapIoSpace
MmUnmapIoSpace
IoConnectInterrupt
IoCreateDevice
IoCreateSymbolicLink
IoDeleteDevice
IoDeleteSymbolicLink
IoDetachDevice
IoDisconnectInterrupt
ZwClose
ZwQueryInformationToken
ZwOpenProcessToken
KeGetCurrentThread
KeDelayExecutionThread
KeInitializeTimer
KeSetTimer
IoGetCurrentProcess
MmIsAddressValid
KeInitializeEvent
KeRemoveQueueDpc
KeNumberProcessors
KeResetEvent
KeCancelTimer
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryTickCount
ExAllocatePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
RtlUnwind
KeInsertQueueDpc
KeInitializeDpc
RtlInitUnicodeString
DbgPrint
RtlQueryRegistryValues

hal

HalTranslateBusAddress
HalGetInterruptVector
KeGetCurrentIrql
HalGetBusData

Exports

Exports

@InterlockedExchange@8
@IofCallDriver@8
@IofCompleteRequest@8
@KefAcquireSpinLockAtDpcLevel@4
@KefReleaseSpinLockFromDpcLevel@4
@KfAcquireSpinLock@4
@KfLowerIrql@4
@KfRaiseIrql@4
@KfReleaseSpinLock@8
@Nt3Fb_ExAcquireFastMutex@4
@Nt3Fb_ExReleaseFastMutex@4
@ObfDereferenceObject@4
ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTCritSectRwDelete
RTCritSectRwEnterExcl
RTCritSectRwEnterExclDebug
RTCritSectRwEnterShared
RTCritSectRwEnterSharedDebug
RTCritSectRwGetReadCount
RTCritSectRwGetWriteRecursion
RTCritSectRwGetWriterReadRecursion
RTCritSectRwInit
RTCritSectRwInitEx
RTCritSectRwIsReadOwner
RTCritSectRwIsWriteOwner
RTCritSectRwLeaveExcl
RTCritSectRwLeaveShared
RTCritSectRwSetSubClass
RTCritSectRwTryEnterExcl
RTCritSectRwTryEnterExclDebug
RTCritSectRwTryEnterShared
RTCritSectRwTryEnterSharedDebug
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0MemObjZeroInitialize
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNCmp
RTStrNICmpAscii
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTTimerCanDoHighResolution
RTTimerChangeInterval
RTTimerCreateEx
RTTimerDestroy
RTTimerReleaseSystemGranularity
RTTimerRequestSystemGranularity
RTTimerStart
RTTimerStop
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16ICmpAscii
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16NICmpAscii
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
_Nt3Fb_IoAttachDeviceToDeviceStack@8
_Nt3Fb_KeInitializeTimerEx@8
_Nt3Fb_KeSetTimerEx@20
_Nt3Fb_PsGetCurrentProcessId@0
_Nt3Fb_PsGetVersion@16
_Nt3Fb_ZwQuerySystemInformation@16
_Nt3Fb_ZwYieldExecution@0
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcpy
memmove
memset
strchr
strcmp

Sections

.text
Size: 143KB - Virtual size: 142KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 54KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxGuestEarlyNT.cat
VBoxGuestEarlyNT.inf
VBoxMouse.cat
VBoxMouse.inf
VBoxMouse.sys
.sys windows:6 windows x86 arch:x86

e588dd3f3269ad9c2700c6ead2e9dd5f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxMouse\VBoxMouse.pdb

Imports

ntoskrnl.exe

IoAcquireRemoveLockEx
IoReleaseRemoveLockAndWaitEx
PoCallDriver
PoStartNextPowerIrp
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedCompareExchange
KeInitializeSpinLock
IoReleaseRemoveLockEx
IoGetDeviceProperty
ObfReferenceObject
ObfDereferenceObject
IoDetachDevice
IoDeleteDevice
IoCreateDevice
IoInitializeRemoveLockEx
DbgPrint
PsGetVersion
MmIsAddressValid
_except_handler3
KeNumberProcessors
ZwQuerySystemInformation
IofCompleteRequest
KeInsertQueueDpc
KeRemoveQueueDpc
KeInitializeEvent
KeSetEvent
KeWaitForSingleObject
KeGetCurrentThread
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
strchr
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryTickCount
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoGetCurrentProcess
PsGetCurrentProcessId
KeDelayExecutionThread
ZwYieldExecution
RtlInitUnicodeString
IoBuildDeviceIoControlRequest
IoGetDeviceObjectPointer
IofCallDriver
IoAttachDeviceToDeviceStack
KeInitializeDpc
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
memset

hal

ExReleaseFastMutex
KfRaiseIrql
KfLowerIrql
KeGetCurrentIrql
KfReleaseSpinLock
KfAcquireSpinLock
ExAcquireFastMutex

Exports

Exports

ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0MemObjZeroInitialize
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memcpy
memmove

Sections

.text
Size: 106KB - Virtual size: 105KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 30KB - Virtual size: 30KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.edata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxNine.dll
.dll windows:6 windows x86 arch:x86

38d07638ab674f5ab93dd47e1886a20f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxNine\VBoxNine.pdb

Imports

kernel32

DeleteCriticalSection
HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
GetCurrentProcessId
GetStdHandle
GetLastError
GetConsoleMode
GetEnvironmentVariableW
SetLastError
GetVersion
SetErrorMode
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
WideCharToMultiByte
GetACP
CreateFileW
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFileAttributesW
SetFilePointer
WriteFile
CloseHandle
DuplicateHandle
DeviceIoControl
GetCurrentProcess
TerminateProcess
GetCommandLineW
OutputDebugStringA
RaiseException
WaitForSingleObject
CreateThread
GetCurrentThread
GetCurrentThreadId
LeaveCriticalSection
TlsAlloc
TlsGetValue
TlsSetValue
GetThreadTimes
Sleep
GetSystemTime
GetTickCount
SystemTimeToFileTime
TlsFree
SetThreadPriority
GetCurrentDirectoryW
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
RtlUnwind
VirtualAlloc
VirtualFree
InitOnceExecuteOnce
InitializeConditionVariable
WakeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
GetEnvironmentVariableA
IsDebuggerPresent
GetSystemInfo
GetConsoleWindow
GetCommandLineA
SetThreadAffinityMask
EnterCriticalSection
ExitThread
InitializeCriticalSection
GetProcessTimes

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtSetInformationFile
NtQueryDirectoryFile
NtQueryDirectoryObject
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtQueryVolumeInformationFile
NtOpenDirectoryObject
NtOpenProcess
NtQueryInformationProcess
RtlFreeUnicodeString
NtClose
RtlGetNtProductType
NtQueryInformationFile
NtSetEvent
NtCreateFile

Exports

Exports

GaNineD3DAdapter9Create
GaNineFlush
GaNineGetContextId
GaNineGetSurfaceId

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 15KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 72KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxSVGA.dll
.dll windows:6 windows x86 arch:x86

897738c508e80600874d93fd39d8ed55

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxSVGA\VBoxSVGA.pdb

Imports

kernel32

GetProcessHeap
GetStdHandle
GetLastError
GetConsoleMode
GetEnvironmentVariableW
SetLastError
GetVersion
GetCurrentProcessId
WideCharToMultiByte
GetACP
CreateFileW
FlushFileBuffers
GetFileSize
SetEndOfFile
SetFileAttributesW
SetFilePointer
WriteFile
CloseHandle
DuplicateHandle
DeviceIoControl
GetCurrentProcess
TerminateProcess
SetErrorMode
GetModuleHandleW
GetProcAddress
GetModuleFileNameW
GetModuleHandleA
RaiseException
GetCurrentThread
GetCurrentThreadId
TlsAlloc
TlsGetValue
TlsSetValue
Sleep
HeapFree
GetFullPathNameW
GetFileAttributesW
MoveFileExW
GetCommandLineW
OutputDebugStringA
GetSystemTime
GetTickCount
SystemTimeToFileTime
TlsFree
GetSystemDirectoryW
FreeLibrary
LoadLibraryExW
RtlUnwind
VirtualAlloc
VirtualFree
GetEnvironmentVariableA
IsDebuggerPresent
GetSystemInfo
GetConsoleWindow
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitOnceExecuteOnce
InitializeConditionVariable
WakeAllConditionVariable
SleepConditionVariableCS
QueryPerformanceCounter
QueryPerformanceFrequency
GetSystemTimeAsFileTime
SetThreadAffinityMask
HeapReAlloc
GetCurrentDirectoryW
HeapAlloc
GetCommandLineA

user32

EnumDisplayDevicesA

gdi32

CreateDCA
DeleteDC

ntdll

NtSetInformationFile
RtlGetNtProductType
NtWaitForSingleObject
NtCreateEvent
NtSetEvent
NtOpenDirectoryObject
NtQueryVolumeInformationFile
NtQueryDirectoryObject
NtResetEvent
RtlFreeUnicodeString
NtOpenProcess
NtQueryInformationProcess
NtClose
NtQueryInformationFile
NtQueryDirectoryFile
NtCreateFile

Exports

Exports

GaDrvContextFlush
GaDrvGetContextId
GaDrvGetSurfaceId
GaDrvGetWDDMEnv
GaDrvScreenCreate
GaDrvScreenDestroy

Sections

.text
Size: 1.5MB - Virtual size: 1.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 3.6MB - Virtual size: 3.6MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 48KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 55KB - Virtual size: 55KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxTray.exe
.exe windows:1 windows x86 arch:x86

41a3468e074cbdda6d4734c050bf5fb4

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxTray\VBoxTray.pdb

Imports

kernel32

HeapAlloc
HeapReAlloc
HeapFree
GetProcessHeap
RaiseException
GetCurrentProcess
ExitThread
TlsAlloc
TlsGetValue
TlsSetValue
CreateFileW
ReadFile
WriteFile
ConnectNamedPipe
DisconnectNamedPipe
PeekNamedPipe
CreateNamedPipeW
GetOverlappedResult
ResetEvent
LocalAlloc
LocalFree
GetStdHandle
TerminateProcess
MultiByteToWideChar
WideCharToMultiByte
GetACP
GetVersion
GetFileSize
GetFileType
SetEndOfFile
SetFileAttributesW
SetFilePointer
DeviceIoControl
SetErrorMode
GetModuleFileNameW
GetCommandLineW
OutputDebugStringA
GetEnvironmentVariableW
GetSystemDirectoryW
LoadLibraryExW
GetCurrentDirectoryW
GetFileAttributesW
GetFullPathNameW
MoveFileExW
GetConsoleMode
CreateFileA
CreateDirectoryW
RemoveDirectoryW
RtlUnwind
GetSystemTime
LoadLibraryA
FreeLibrary
GetSystemDirectoryA
GetStartupInfoW
CreateProcessW
GetCurrentProcessId
SetEnvironmentVariableW
SetLastError
lstrlenW
GlobalFree
GlobalLock
GlobalUnlock
GlobalSize
GlobalAlloc
GetCurrentThreadId
GetTickCount
GetProcAddress
GetModuleHandleA
CreateThread
Sleep
WaitForSingleObject
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
GetModuleHandleW
SetThreadPriority
GetCurrentThread
SystemTimeToFileTime
CreateEventA
CreateMutexA
SetEvent
GetLastError
FlushFileBuffers
CloseHandle

user32

EnumDisplayDevicesA
AttachThreadInput
MessageBoxW
ShowCursor
WindowFromPoint
GetWindowThreadProcessId
SetWindowPos
GetClipboardOwner
SetClipboardData
GetClipboardData
RegisterClipboardFormatA
SendMessageTimeoutA
SendMessageCallbackA
OpenClipboard
CloseClipboard
SetClipboardViewer
GetClipboardViewer
ChangeClipboardChain
EnumClipboardFormats
GetClipboardFormatNameA
EmptyClipboard
TrackMouseEvent
ShowWindow
GetSystemMetrics
ClientToScreen
SetWindowLongA
GetClipboardFormatNameW
ChangeDisplaySettingsA
SystemParametersInfoA
GetClassNameA
EnumWindows
GetWindowLongA
GetWindowRect
GetWindowTextA
GetWindowRgn
EnumDisplaySettingsA
ReleaseDC
GetDC
GetClassInfoExA
PostQuitMessage
PostThreadMessageA
GetMessageA
DestroyIcon
LoadIconA
LoadCursorA
FindWindowExA
FindWindowA
GetDesktopWindow
GetCursorPos
MessageBoxA
SetForegroundWindow
TrackPopupMenu
InsertMenuW
DestroyMenu
CreatePopupMenu
KillTimer
SetTimer
MsgWaitForMultipleObjectsEx
DestroyWindow
CreateWindowExA
RegisterClassExA
UnregisterClassA
DefWindowProcA
PostMessageA
SendMessageA
PeekMessageA
DispatchMessageA
RegisterWindowMessageA
TranslateMessage

gdi32

CreateDCA
CreateSolidBrush
SetRectRgn
ExtEscape
DeleteDC
GetRegionData
DeleteObject
CreateRectRgn
CombineRgn
OffsetRgn

advapi32

GetUserNameW
GetSecurityDescriptorSacl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
SetSecurityDescriptorSacl
RegCloseKey
RegEnumValueW
RegOpenKeyExA
RegOpenKeyExW
RegQueryValueExW
RegSetValueExW
InitializeAcl

shell32

DragQueryFileA
DragQueryFileW
Shell_NotifyIconA

ole32

OleDuplicateData
DoDragDrop
RevokeDragDrop
RegisterDragDrop
CoLockObjectExternal
CoTaskMemFree
CoTaskMemAlloc
ReleaseStgMedium
OleSetClipboard
OleUninitialize
OleInitialize

ntdll

NtOpenProcess
RtlFreeUnicodeString
RtlGetNtProductType
NtSetInformationFile
NtQueryDirectoryObject
NtOpenDirectoryObject
NtQueryVolumeInformationFile
NtQueryInformationFile
NtQueryDirectoryFile
NtCancelIoFile
RtlAddAccessAllowedAce
RtlInitializeSid
RtlSubAuthoritySid
RtlAddAccessDeniedAce
NtQueryInformationProcess
NtClose
NtWaitForSingleObject
NtCreateEvent
NtResetEvent
NtSetEvent
NtCreateFile

Sections

.text
Size: 362KB - Virtual size: 361KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 266KB - Virtual size: 265KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 34KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 195KB - Virtual size: 194KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxVideo.cat
VBoxVideo.inf
VBoxVideo.sys
.dll windows:6 windows x86 arch:x86

d95401d202098158823a9cb75d782593

Code Sign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

Issuer

CN=VirtualBox for Legacy Windows Only Timestamp CA SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Not Before

01/01/2014, 00:00

Not After

31/12/2014, 23:59

Subject

CN=VirtualBox for Legacy Windows Only Timestamp Kludge 2014 SHA1,O=Oracle Deutschland B.V. & Co. KG,L=Munich,ST=Bavaria,C=DE

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

Issuer

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Not Before

23/12/2013, 00:00

Not After

22/12/2016, 23:59

Subject

CN=Oracle Corporation,OU=Digital ID Class 3 - Microsoft Software Validation v2+OU=VirtualBox,O=Oracle Corporation,L=Redwood Shores,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

08/02/2010, 00:00

Not After

07/02/2020, 23:59

Subject

CN=VeriSign Class 3 Code Signing 2010 CA,OU=VeriSign Trust Network+OU=Terms of use at https://www.verisign.com/rpa (c)10,O=VeriSign\, Inc.,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

09/03/2023, 00:00

Not After

11/03/2025, 23:59

Subject

CN=Oracle America\, Inc.,O=Oracle America\, Inc.,L=Redwood City,ST=California,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ee:64:15:4a:6a:9b:56:90:a6:9e:9c:64:87:2f:ff:d5:1b:99:60:d2:64:10:12:05:b1:09:e8:81:31:78:a9:72
Signer

Actual PE Digest

ee:64:15:4a:6a:9b:56:90:a6:9e:9c:64:87:2f:ff:d5:1b:99:60:d2:64:10:12:05:b1:09:e8:81:31:78:a9:72

Digest Algorithm

sha256

PE Digest Matches

true

01:96:19:63:91:4e:3f:0b:29:2a:09:14:47:03:49:87:8d:01:e5:ec
Signer

Actual PE Digest

01:96:19:63:91:4e:3f:0b:29:2a:09:14:47:03:49:87:8d:01:e5:ec

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxVideo\VBoxVideo.pdb

Imports

videoprt.sys

VideoPortGetRegistryParameters
VideoPortMapMemory
VideoPortZeroMemory
VideoPortUnmapMemory
VideoPortWritePortUchar
VideoPortSynchronizeExecution
VideoPortWritePortUlong
VideoPortWritePortUshort
VideoPortSetRegistryParameters
VideoPortReadPortUlong
VideoPortReadPortUshort
VideoPortInitialize
VideoPortMoveMemory
VideoPortGetAccessRanges

ntoskrnl.exe

ObfDereferenceObject
strchr
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
DbgPrint
MmIsAddressValid
KeNumberProcessors
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
IoGetCurrentProcess
IofCallDriver
KeGetCurrentThread
KeDelayExecutionThread
ZwYieldExecution
KeQuerySystemTime
KeQueryTimeIncrement
KeQueryTickCount
MmProbeAndLockPages
MmUnlockPages
MmBuildMdlForNonPagedPool
MmMapLockedPages
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
IoAllocateMdl
IoBuildPartialMdl
IoFreeMdl
ZwQuerySystemInformation
KeInitializeDpc
KeInsertQueueDpc
KeRemoveQueueDpc
KeSetEvent
KeSetPriorityThread
PsCreateSystemThread
ObReferenceObjectByHandle
ZwClose
KeResetEvent
KeInitializeSpinLock
RtlUnwind
IoBuildDeviceIoControlRequest
KeWaitForSingleObject
KeInitializeEvent
RtlInitUnicodeString
IoGetDeviceObjectPointer
PsGetVersion
PsGetCurrentProcessId

hal

KfRaiseIrql
KeGetCurrentIrql
ExAcquireFastMutex
ExReleaseFastMutex
KfAcquireSpinLock
KfReleaseSpinLock
KfLowerIrql

Exports

Exports

ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0MemObjZeroInitialize
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16Printf
RTUtf16PrintfEx
RTUtf16PrintfExV
RTUtf16PrintfV
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memmove

Sections

.text
Size: 120KB - Virtual size: 120KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 31KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 60KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 727B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
VBoxVideoEarlyNT.cat
VBoxVideoEarlyNT.inf
VBoxWddm.cat
VBoxWddm.inf
VBoxWddm.sys
.sys windows:6 windows x86 arch:x86

74e4781dfac5a5a7019dd3a4f2e69af7

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_FORCE_INTEGRITY
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\tinderbox\add\out\win.x86\release\obj\VBoxWddm\VBoxWddm.pdb

Imports

ntoskrnl.exe

memcpy
memset
KefAcquireSpinLockAtDpcLevel
KefReleaseSpinLockFromDpcLevel
_except_handler3
KeSetEvent
ObReferenceObjectByHandle
ObfDereferenceObject
ExEventObjectType
RtlInitializeBitMap
RtlClearBits
KeInitializeDpc
KeInitializeEvent
KeDelayExecutionThread
KeInitializeTimer
KeCancelTimer
KeSetTimerEx
KeQuerySystemTime
MmProbeAndLockPages
MmUnlockPages
MmMapLockedPagesSpecifyCache
MmUnmapLockedPages
MmMapIoSpace
MmUnmapIoSpace
PsCreateSystemThread
ZwOpenKey
ZwEnumerateKey
ZwQueryValueKey
ZwSetValueKey
_alldiv
_allmul
_allrem
_aulldiv
KeWaitForSingleObject
IoAllocateWorkItem
IoFreeWorkItem
IoQueueWorkItemEx
DbgPrint
IoOpenDeviceRegistryKey
IoGetDeviceProperty
PsGetVersion
ExFreePoolWithTag
ExAllocatePoolWithTag
ZwClose
IofCallDriver
IoAllocateMdl
ZwLoadDriver
IoGetDeviceObjectPointer
ZwUnloadDriver
IoFreeMdl
RtlGetVersion
IoBuildDeviceIoControlRequest
strchr
KeGetCurrentThread
ZwYieldExecution
KeQueryTimeIncrement
KeQueryTickCount
KeInitializeMutex
KeReadStateMutex
KeReleaseMutex
IoGetCurrentProcess
PsGetCurrentProcessId
ExAllocatePool
ExFreePool
MmAllocateContiguousMemory
MmFreeContiguousMemory
MmGetPhysicalAddress
MmIsAddressValid
KeNumberProcessors
MmBuildMdlForNonPagedPool
MmMapLockedPages
IoBuildPartialMdl
ZwQuerySystemInformation
KeInsertQueueDpc
KeRemoveQueueDpc
KeSetPriorityThread
KeResetEvent
KeBugCheckEx
RtlUnwind
KeInitializeSpinLock
RtlInitUnicodeString

hal

ExReleaseFastMutex
KfLowerIrql
KeGetCurrentIrql
KfRaiseIrql
ExAcquireFastMutex
KfReleaseSpinLock
KfAcquireSpinLock

Exports

Exports

?CrSaAdd@@YAHPAUCR_SORTARRAY@@_K@Z
?CrSaCleanup@@YAXPAUCR_SORTARRAY@@@Z
?CrSaClone@@YAHPBUCR_SORTARRAY@@PAU1@@Z
?CrSaCmp@@YAHPBUCR_SORTARRAY@@0@Z
?CrSaContains@@YA_NPBUCR_SORTARRAY@@_K@Z
?CrSaCovers@@YA_NPBUCR_SORTARRAY@@0@Z
?CrSaInit@@YAHPAUCR_SORTARRAY@@I@Z
?CrSaIntersect@@YAXPAUCR_SORTARRAY@@PBU1@@Z
?CrSaIntersected@@YAHPAUCR_SORTARRAY@@PBU1@0@Z
?CrSaRemove@@YAHPAUCR_SORTARRAY@@_K@Z
?CrSaUnited@@YAHPBUCR_SORTARRAY@@0PAU1@@Z
ASMAtomicCmpXchgU8
RTAssertAreQuiet
RTAssertMayPanic
RTAssertMsg1
RTAssertMsg1Weak
RTAssertMsg2AddV
RTAssertMsg2V
RTAssertMsg2Weak
RTAssertMsg2WeakV
RTAssertSetMayPanic
RTAssertSetQuiet
RTAssertShouldPanic
RTAvlPVDestroy
RTAvlPVDoWithAll
RTAvlPVGet
RTAvlPVGetBestFit
RTAvlPVInsert
RTAvlPVRemove
RTAvlPVRemoveBestFit
RTAvlU32Destroy
RTAvlU32DoWithAll
RTAvlU32Get
RTAvlU32GetBestFit
RTAvlU32Insert
RTAvlU32Remove
RTAvlU32RemoveBestFit
RTCrc32
RTCrc32Finish
RTCrc32Process
RTCrc32Start
RTErrConvertFromNtStatus
RTErrInfoAdd
RTErrInfoAddF
RTErrInfoAddV
RTErrInfoSet
RTErrInfoSetF
RTErrInfoSetV
RTErrVarsAreEqual
RTErrVarsHaveChanged
RTErrVarsRestore
RTErrVarsSave
RTLatin1CalcUtf8Len
RTLatin1CalcUtf8LenEx
RTLatin1ToUtf8ExTag
RTLatin1ToUtf8Tag
RTLogAssert
RTLogAssertV
RTLogBackdoorPrintf
RTLogBackdoorPrintfV
RTLogBulkNestedWrite
RTLogBulkUpdate
RTLogBulkWrite
RTLogChangeDestinations
RTLogChangeFlags
RTLogCheckGroupFlags
RTLogClearFileDelayFlag
RTLogComPrintf
RTLogComPrintfV
RTLogCreate
RTLogCreateExV
RTLogDefaultInit
RTLogDefaultInstance
RTLogDefaultInstanceEx
RTLogDestinations
RTLogDestroy
RTLogDumpPrintfV
RTLogFlags
RTLogFlush
RTLogFormatV
RTLogGetDefaultInstance
RTLogGetDefaultInstanceEx
RTLogGetDestinations
RTLogGetFlags
RTLogGroupSettings
RTLogLogger
RTLogLoggerEx
RTLogLoggerExV
RTLogLoggerV
RTLogPrintf
RTLogPrintfV
RTLogQueryBulk
RTLogQueryDestinations
RTLogQueryFlags
RTLogQueryGroupSettings
RTLogRelGetDefaultInstance
RTLogRelGetDefaultInstanceEx
RTLogRelSetDefaultInstance
RTLogSetBuffering
RTLogSetCustomPrefixCallback
RTLogSetDefaultInstance
RTLogSetDefaultInstanceThread
RTLogSetFlushCallback
RTLogSetGroupLimit
RTLogSetR0ProgramStart
RTLogSetR0ThreadNameV
RTLogWriteCom
RTLogWriteDebugger
RTLogWriteStdErr
RTLogWriteStdOut
RTLogWriteUser
RTLogWriteVmm
RTMemAllocExTag
RTMemAllocTag
RTMemAllocVarTag
RTMemAllocZTag
RTMemAllocZVarTag
RTMemContAlloc
RTMemContFree
RTMemFree
RTMemFreeEx
RTMemFreeZ
RTMemReallocTag
RTMemTmpAllocTag
RTMemTmpAllocZTag
RTMemTmpFree
RTMemTmpFreeZ
RTMpCpuId
RTMpCpuIdFromSetIndex
RTMpCpuIdToSetIndex
RTMpCurSetIndex
RTMpCurSetIndexAndId
RTMpGetCount
RTMpGetCpuGroupCounts
RTMpGetMaxCpuGroupCount
RTMpGetMaxCpuId
RTMpGetOnlineCoreCount
RTMpGetOnlineCount
RTMpGetOnlineSet
RTMpGetPresentCoreCount
RTMpGetPresentCount
RTMpGetPresentSet
RTMpGetSet
RTMpIsCpuOnline
RTMpIsCpuPossible
RTMpIsCpuPresent
RTMpIsCpuWorkPending
RTMpNotificationDeregister
RTMpNotificationRegister
RTMpOnAll
RTMpOnAllIsConcurrentSafe
RTMpOnOthers
RTMpOnPair
RTMpOnPairIsConcurrentExecSupported
RTMpOnSpecific
RTMpPokeCpu
RTMpSetIndexFromCpuGroupMember
RTProcSelf
RTR0AssertPanicSystem
RTR0DbgKrnlInfoGetSymbol
RTR0DbgKrnlInfoOpen
RTR0DbgKrnlInfoQueryMember
RTR0DbgKrnlInfoQuerySize
RTR0DbgKrnlInfoQuerySymbol
RTR0DbgKrnlInfoRelease
RTR0DbgKrnlInfoRetain
RTR0Init
RTR0MemObjAddress
RTR0MemObjAddressR3
RTR0MemObjAllocContTag
RTR0MemObjAllocLargeTag
RTR0MemObjAllocLowTag
RTR0MemObjAllocPageTag
RTR0MemObjAllocPhysExTag
RTR0MemObjAllocPhysNCTag
RTR0MemObjAllocPhysTag
RTR0MemObjEnterPhysTag
RTR0MemObjFree
RTR0MemObjGetPagePhysAddr
RTR0MemObjIsMapping
RTR0MemObjLockKernelTag
RTR0MemObjLockUserTag
RTR0MemObjMapKernelExTag
RTR0MemObjMapKernelTag
RTR0MemObjMapUserExTag
RTR0MemObjMapUserTag
RTR0MemObjProtect
RTR0MemObjReserveKernelTag
RTR0MemObjReserveUserTag
RTR0MemObjSize
RTR0MemObjWasZeroInitialized
RTR0MemObjZeroInitialize
RTR0ProcHandleSelf
RTR0Term
RTR0TermForced
RTSemEventCreate
RTSemEventCreateEx
RTSemEventDestroy
RTSemEventIsSignalSafe
RTSemEventMultiCreate
RTSemEventMultiCreateEx
RTSemEventMultiDestroy
RTSemEventMultiIsSignalSafe
RTSemEventMultiReset
RTSemEventMultiSignal
RTSemEventMultiWait
RTSemEventMultiWaitEx
RTSemEventMultiWaitExDebug
RTSemEventMultiWaitNoResume
RTSemEventSignal
RTSemEventWait
RTSemEventWaitEx
RTSemEventWaitExDebug
RTSemFastMutexCreate
RTSemFastMutexDestroy
RTSemFastMutexRelease
RTSemFastMutexRequest
RTSemMutexCreate
RTSemMutexCreateEx
RTSemMutexDestroy
RTSemMutexIsOwned
RTSemMutexRelease
RTSemMutexRequest
RTSemMutexRequestDebug
RTSemMutexRequestNoResume
RTSemMutexRequestNoResumeDebug
RTSemSpinMutexCreate
RTSemSpinMutexDestroy
RTSemSpinMutexRelease
RTSemSpinMutexRequest
RTSemSpinMutexTryRequest
RTSpinlockAcquire
RTSpinlockCreate
RTSpinlockDestroy
RTSpinlockRelease
RTStrAAppendNTag
RTStrAAppendTag
RTStrATruncateTag
RTStrAllocExTag
RTStrAllocTag
RTStrCalcLatin1Len
RTStrCalcLatin1LenEx
RTStrCalcUtf16Len
RTStrCalcUtf16LenEx
RTStrCat
RTStrCmp
RTStrConvertHexBytes
RTStrConvertHexBytesEx
RTStrCopy
RTStrCopyEx
RTStrCopyP
RTStrDupExTag
RTStrDupNExTag
RTStrDupNTag
RTStrDupTag
RTStrEnd
RTStrFormat
RTStrFormatNumber
RTStrFormatTypeDeregister
RTStrFormatTypeRegister
RTStrFormatTypeSetUser
RTStrFormatU128
RTStrFormatU16
RTStrFormatU256
RTStrFormatU32
RTStrFormatU512
RTStrFormatU64
RTStrFormatU8
RTStrFormatV
RTStrFree
RTStrGetCpExInternal
RTStrGetCpInternal
RTStrGetCpNExInternal
RTStrICmpAscii
RTStrIsValidEncoding
RTStrNLen
RTStrPrevCp
RTStrPrintf
RTStrPrintf2ExV
RTStrPrintf2V
RTStrPrintfEx
RTStrPrintfExV
RTStrPrintfV
RTStrPurgeComplementSet
RTStrPurgeEncoding
RTStrPutCpInternal
RTStrReallocTag
RTStrToInt16
RTStrToInt16Ex
RTStrToInt16Full
RTStrToInt32
RTStrToInt32Ex
RTStrToInt32Full
RTStrToInt64
RTStrToInt64Ex
RTStrToInt64Full
RTStrToInt8
RTStrToInt8Ex
RTStrToInt8Full
RTStrToLatin1ExTag
RTStrToLatin1Tag
RTStrToUInt16
RTStrToUInt16Ex
RTStrToUInt16Full
RTStrToUInt32
RTStrToUInt32Ex
RTStrToUInt32Full
RTStrToUInt64
RTStrToUInt64Ex
RTStrToUInt64Full
RTStrToUInt8
RTStrToUInt8Ex
RTStrToUInt8Full
RTStrToUni
RTStrToUniEx
RTStrToUtf16BigExTag
RTStrToUtf16BigTag
RTStrToUtf16ExTag
RTStrToUtf16Tag
RTStrUniLen
RTStrUniLenEx
RTStrValidateEncoding
RTStrValidateEncodingEx
RTThreadCreate
RTThreadCreateF
RTThreadCreateV
RTThreadFromNative
RTThreadGetName
RTThreadGetNative
RTThreadGetType
RTThreadIsInInterrupt
RTThreadIsInitialized
RTThreadIsMain
RTThreadIsSelfAlive
RTThreadIsSelfKnown
RTThreadNativeSelf
RTThreadPreemptDisable
RTThreadPreemptIsEnabled
RTThreadPreemptIsPending
RTThreadPreemptIsPendingTrusty
RTThreadPreemptIsPossible
RTThreadPreemptRestore
RTThreadQueryTerminationStatus
RTThreadSelf
RTThreadSelfName
RTThreadSetName
RTThreadSetType
RTThreadSleep
RTThreadUserReset
RTThreadUserSignal
RTThreadUserWait
RTThreadUserWaitNoResume
RTThreadWait
RTThreadWaitNoResume
RTThreadYield
RTTimeCompare
RTTimeConvertToZulu
RTTimeExplode
RTTimeFromRfc2822
RTTimeFromString
RTTimeImplode
RTTimeIsLeapYear
RTTimeLocalNormalize
RTTimeMilliTS
RTTimeNanoTS
RTTimeNormalize
RTTimeNow
RTTimeSpecFromString
RTTimeSpecToString
RTTimeSystemMilliTS
RTTimeSystemNanoTS
RTTimeToRfc2822
RTTimeToString
RTTimeToStringEx
RTUtf16AllocTag
RTUtf16BigCalcUtf8Len
RTUtf16BigCalcUtf8LenEx
RTUtf16BigGetCpExInternal
RTUtf16BigToUtf8ExTag
RTUtf16BigToUtf8Tag
RTUtf16CalcUtf8Len
RTUtf16CalcUtf8LenEx
RTUtf16Cmp
RTUtf16CmpUtf8
RTUtf16DupExTag
RTUtf16DupTag
RTUtf16Free
RTUtf16GetCpExInternal
RTUtf16GetCpInternal
RTUtf16GetCpNExInternal
RTUtf16IsValidEncoding
RTUtf16Len
RTUtf16LittleCalcUtf8Len
RTUtf16LittleCalcUtf8LenEx
RTUtf16LittleToUtf8ExTag
RTUtf16LittleToUtf8Tag
RTUtf16Printf
RTUtf16PrintfEx
RTUtf16PrintfExV
RTUtf16PrintfV
RTUtf16PurgeComplementSet
RTUtf16PutCpInternal
RTUtf16ReallocTag
RTUtf16ToUtf8ExTag
RTUtf16ToUtf8Tag
RTUtf16ValidateEncoding
RTUtf16ValidateEncodingEx
g_pszRTAssertExpr
g_pszRTAssertFile
g_pszRTAssertFunction
g_szRTAssertMsg1
g_szRTAssertMsg2
g_u32RTAssertLine
memchr
memmove

Sections

.text
Size: 217KB - Virtual size: 217KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 58KB - Virtual size: 58KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 57KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

PAGE
Size: 1024B - Virtual size: 688B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.edata
Size: 12KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

INIT
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

.reloc
Size: 12KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
vboxguest.cat
vboxmouse.cat
vboxwddm.cat

Sharing

General

Malware Config

Signatures

Files

59b8ea9c7392c40cfbac34d0d968ab59

Headers

DLL Characteristics

File Characteristics

Imports

advapi32

shell32

ole32

comctl32

user32

gdi32

kernel32

Sections

.text Size: 28KB - Virtual size: 28KB

.rdata Size: 5KB - Virtual size: 5KB

.data Size: 6KB - Virtual size: 182KB

.ndata Size: - Virtual size: 244KB

.rsrc Size: 199KB - Virtual size: 198KB

b8051d3dfa09094899f51f3c0cdf914b

Code Sign

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ecCertificate

Extended Key Usages

Key Usages

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3eCertificate

Extended Key Usages

Key Usages

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7Certificate

Extended Key Usages

Key Usages

61:19:93:e4:00:00:00:00:00:1cCertificate

Key Usages

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1Certificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

18:8e:84:76:55:c2:1c:8b:c5:b5:0e:45:3e:b5:52:20:27:b9:e5:0e:f8:02:6b:5f:78:3b:e2:af:70:1a:7a:23Signer

ad:f6:1b:eb:88:8f:d4:c9:54:1d:f6:9e:79:be:84:82:98:83:07:97Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

mpr

kernel32

user32

advapi32

version

ntdll

Sections

.text Size: 324KB - Virtual size: 323KB

.rdata Size: 267KB - Virtual size: 266KB

.data Size: 5KB - Virtual size: 51KB

.idata Size: 5KB - Virtual size: 4KB

.rsrc Size: 195KB - Virtual size: 194KB

.reloc Size: 20KB - Virtual size: 20KB

bced6390751f7df672767c6c60fd16dc

Code Sign

61:03:dc:f6:00:00:00:00:00:0cCertificate

Extended Key Usages

Key Usages

61:15:23:0f:00:00:00:00:00:0aCertificate

Extended Key Usages

Key Usages

61:16:68:34:00:00:00:00:00:1cCertificate

Extended Key Usages

.text
Size: 28KB - Virtual size: 28KB

.rdata
Size: 5KB - Virtual size: 5KB

.data
Size: 6KB - Virtual size: 182KB

.ndata
Size: - Virtual size: 244KB

.rsrc
Size: 199KB - Virtual size: 198KB

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

18:8e:84:76:55:c2:1c:8b:c5:b5:0e:45:3e:b5:52:20:27:b9:e5:0e:f8:02:6b:5f:78:3b:e2:af:70:1a:7a:23
Signer

ad:f6:1b:eb:88:8f:d4:c9:54:1d:f6:9e:79:be:84:82:98:83:07:97
Signer

.text
Size: 324KB - Virtual size: 323KB

.rdata
Size: 267KB - Virtual size: 266KB

.data
Size: 5KB - Virtual size: 51KB

.idata
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 195KB - Virtual size: 194KB

.reloc
Size: 20KB - Virtual size: 20KB

61:03:dc:f6:00:00:00:00:00:0c
Certificate

61:15:23:0f:00:00:00:00:00:0a
Certificate

61:16:68:34:00:00:00:00:00:1c
Certificate

61:07:02:dc:00:00:00:00:00:0b
Certificate

b4:3a:2e:c6:32:74:1f:7f:5a:ac:1d:1e:5f:70:f7:d0:71:69:58:ba
Signer

.text
Size: 283KB - Virtual size: 282KB

.data
Size: 5KB - Virtual size: 13KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 17KB - Virtual size: 17KB

20:da:c0:e5:de:9a:96:a5:13:21:09:0d:b2:7e:0b:a1:e1:f7:92:ec
Certificate

51:ca:00:98:16:fd:bd:80:f1:20:e0:15:ee:75:82:3e
Certificate

52:00:e5:aa:25:56:fc:1a:86:ed:96:c9:d4:4b:33:c7
Certificate

61:19:93:e4:00:00:00:00:00:1c
Certificate

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

06:0e:2f:8f:9e:1b:8b:e5:18:d5:fe:2b:69:cf:cc:b1
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

3a:f6:db:c6:80:48:ab:25:df:4e:3f:48:d6:22:d5:fb:2e:ce:0b:65:e8:6a:09:47:81:a6:1b:c7:89:1b:14:39
Signer

52:0f:00:d4:da:77:26:ce:87:84:23:29:cc:39:90:5e:d2:b9:cf:d9
Signer

.text
Size: 40KB - Virtual size: 40KB

.rdata
Size: 12KB - Virtual size: 12KB

.data
Size: 1024B - Virtual size: 15KB

.idata
Size: 2KB - Virtual size: 2KB

.rsrc
Size: 2KB - Virtual size: 1KB

.reloc
Size: 3KB - Virtual size: 2KB