Stardock[.]Curtains-1[.]19[.]1[.]exe

Sharing

Copy URL Twitter E-mail

General

Target

Stardock.Curtains-1.19.1.exe
Size

27.6MB
MD5

1e81138e7c931be46628a3e346a64d02
SHA1

4ead8016c3ee255f1557f1004f17c9cfe9a8b609
SHA256

fd4447512e616f7b9b72889fb32012c7e80bb32744e9220932ef006d55006a02
SHA512

13d9700c81577001e89d3c991cb2af62f233212c4e2fe362bcd933bd859da69a087fa86cfac5268d5f31eb0d616de5694ce849ac7c5997e294256f225ebb479d
SSDEEP

786432:LnxtjAmOaFIeL8Hhi3zi9Z3Tv6VPqxy86xXId1ESm:Ln/sQFvehSO91v6ViXJdw

Score

7^/10

upx

Malware Config

Signatures

ACProtect 1.3x - 1.4x DLL software 1 IoCs

Detects file using ACProtect software.

resource	yara_rule
static1/unpack001/$PLUGINSDIR/md5dll.dll	acprotect

UPX packed file 1 IoCs

Detects executables packed with UPX/modified UPX open source packer.

upx

resource	yara_rule
static1/unpack001/$PLUGINSDIR/md5dll.dll	upx

Unsigned PE 10 IoCs

Checks for missing Authenticode signature.

resource
Stardock.Curtains-1.19.1.exe
unpack001/$PLUGINSDIR/BrandingURL.dll
unpack001/$PLUGINSDIR/md5dll.dll
unpack002/out.upx
unpack001/$PLUGINSDIR/nsDialogs.dll
unpack001/$WINDIR/womtrust.dll
unpack001/$WINDIR/wontrust.dll
unpack001/Curtains64.dll
unpack001/CurtainsConfig.exe
unpack001/ CurtainsConfig.exe

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/ CurtainsConfig.exe	nsis_installer_1
static1/unpack001/ CurtainsConfig.exe	nsis_installer_2

Files

Stardock.Curtains-1.19.1.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 411KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$DOCUMENTS/Stardock/Curtains/Cairo Dark/Cairo Dark.CURTAINSTYLE
$DOCUMENTS/Stardock/Curtains/Cairo Dark/desktop-bg.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Dark/fluent green_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Dark/fluent green_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Dark/fluent green_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Dark/fluent green_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Dark/frame-bottom.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Dark/frame-left.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Dark/frame-right.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Dark/frame-top.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Dark/glyph-bg-active.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Dark/glyph-bg-inactive.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Dark/start-button.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Dark/start-menu-bg.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Dark/taskbar-button.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Dark/taskbar-horiz.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Dark/taskbar-vert.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Dark/window-fill.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/Cairo Green-Blue.CURTAINSTYLE
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/desktop-bg.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/fluent green-blue_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/fluent green-blue_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/fluent green-blue_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/fluent green-blue_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/fluent green_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/fluent green_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/fluent green_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/fluent green_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/frame-bottom.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/frame-left.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/frame-right.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/frame-top.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/glyph-bg-active.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/glyph-bg-inactive.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/start-button.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/start-menu-bg.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/taskbar-button.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/taskbar-horiz.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/taskbar-vert.png
.png
$DOCUMENTS/Stardock/Curtains/Cairo Green-Blue/window-fill.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/Crystal.CURTAINSTYLE
$DOCUMENTS/Stardock/Curtains/Crystal/crystal_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/crystal_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/crystal_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/crystal_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/desktop-bg.jpg
.jpg
$DOCUMENTS/Stardock/Curtains/Crystal/frame-bottom.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/frame-left.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/frame-right.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/frame-top.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/start-button.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/start-menu-bg.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/taskbar-button.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/taskbar-horiz-l1.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/taskbar-horiz.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/taskbar-vert.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/yosemite_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/yosemite_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/yosemite_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/Crystal/yosemite_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/Dark Waters/Dark Waters.CURTAINSTYLE
$DOCUMENTS/Stardock/Curtains/Dark Waters/dark waters_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/Dark Waters/dark waters_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/Dark Waters/dark waters_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/Dark Waters/dark waters_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/Dark Waters/desktop-bg.jpg
.jpg
$DOCUMENTS/Stardock/Curtains/Dark Waters/frame-bottom.png
.png
$DOCUMENTS/Stardock/Curtains/Dark Waters/frame-left.png
.png
$DOCUMENTS/Stardock/Curtains/Dark Waters/frame-right.png
.png
$DOCUMENTS/Stardock/Curtains/Dark Waters/frame-top.png
.png
$DOCUMENTS/Stardock/Curtains/Dark Waters/start-button.png
.png
$DOCUMENTS/Stardock/Curtains/Dark Waters/start-menu-bg.png
.png
$DOCUMENTS/Stardock/Curtains/Dark Waters/taskbar-button.png
.png
$DOCUMENTS/Stardock/Curtains/Dark Waters/taskbar-horiz.png
.png
$DOCUMENTS/Stardock/Curtains/Dark Waters/taskbar-vert.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Graphite/Fluent Graphite.CURTAINSTYLE
$DOCUMENTS/Stardock/Curtains/Fluent Graphite/desktop-bg.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Graphite/fluent green_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Graphite/fluent green_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Graphite/fluent green_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Graphite/fluent green_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Graphite/frame-bottom.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Graphite/frame-left.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Graphite/frame-right.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Graphite/frame-top.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Graphite/glyph-bg-active.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Graphite/glyph-bg-inactive.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Graphite/start-button.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Graphite/taskbar-button.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Graphite/taskbar-horiz.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Graphite/taskbar-vert.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Graphite/window-fill.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Peach/Fluent Peach.CURTAINSTYLE
$DOCUMENTS/Stardock/Curtains/Fluent Peach/desktop-bg.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Peach/fluent green_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Peach/fluent green_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Peach/fluent green_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Peach/fluent green_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Peach/frame-bottom.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Peach/frame-left.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Peach/frame-right.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Peach/frame-top.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Peach/glyph-bg-active.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Peach/glyph-bg-inactive.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Peach/start-button.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Peach/start-menu-bg.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Peach/taskbar-button.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Peach/taskbar-horiz.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Peach/taskbar-vert.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Peach/window-fill.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/Fluent Sky.CURTAINSTYLE
$DOCUMENTS/Stardock/Curtains/Fluent Sky/desktop-bg.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/fluent green_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/fluent green_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/fluent green_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/fluent green_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/fluent sky_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/fluent sky_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/fluent sky_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/fluent sky_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/frame-bottom.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/frame-left.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/frame-right.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/frame-top.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/glyph-bg-active.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/glyph-bg-inactive.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/start-button.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/start-menu-bg.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/taskbar-button.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/taskbar-horiz.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/taskbar-vert.png
.png
$DOCUMENTS/Stardock/Curtains/Fluent Sky/window-fill.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/MacMono.CURTAINSTYLE
$DOCUMENTS/Stardock/Curtains/MacMono/desktop-bg.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/frame-bottom.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/frame-left.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/frame-right.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/frame-top.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/glyph-bg-active.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/glyph-bg-inactive.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/glyph-close.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/MacMono/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/MacMono/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/MacMono/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/MacMono/glyph-max.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/MacMono/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/MacMono/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/MacMono/glyph-min.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/MacMono/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/MacMono/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/MacMono/macos monochrome_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/macos monochrome_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/macos monochrome_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/macos monochrome_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/start-button.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/start-menu-bg.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/taskbar-button.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/taskbar-horiz.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/taskbar-vert.png
.png
$DOCUMENTS/Stardock/Curtains/MacMono/window-fill.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/Midnight.CURTAINSTYLE
$DOCUMENTS/Stardock/Curtains/Midnight/desktop-bg.jpg
.jpg
$DOCUMENTS/Stardock/Curtains/Midnight/frame-bottom.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/frame-left.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/frame-right.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/frame-top.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/glyph-bg-active.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/glyph-bg-close-inactive.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/glyph-bg-close.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/glyph-bg-inactive.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/glyph-bg-max-inactive.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/glyph-bg-max.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/glyph-bg-min-inactive.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/glyph-bg-min.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/glyph-close.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Midnight/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Midnight/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Midnight/glyph-max.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Midnight/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Midnight/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Midnight/glyph-min.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Midnight/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Midnight/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Midnight/glyph-rest.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Midnight/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Midnight/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Midnight/midnight_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/midnight_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/midnight_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/midnight_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/start-button.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/start-menu-bg.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/taskbar-button.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/taskbar-horiz.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/taskbar-vert.png
.png
$DOCUMENTS/Stardock/Curtains/Midnight/window-fill.png
.png
$DOCUMENTS/Stardock/Curtains/Splash Green/Splash Green.CURTAINSTYLE
$DOCUMENTS/Stardock/Curtains/Splash Green/desktop-bg.jpg
.jpg
$DOCUMENTS/Stardock/Curtains/Splash Green/frame-bottom.png
.png
$DOCUMENTS/Stardock/Curtains/Splash Green/frame-left.png
.png
$DOCUMENTS/Stardock/Curtains/Splash Green/frame-right.png
.png
$DOCUMENTS/Stardock/Curtains/Splash Green/frame-top.png
.png
$DOCUMENTS/Stardock/Curtains/Splash Green/splash green_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/Splash Green/splash green_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/Splash Green/splash green_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/Splash Green/splash green_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/Splash Green/start-menu-bg.png
.png
$DOCUMENTS/Stardock/Curtains/Splash Green/taskbar-horiz.png
.png
$DOCUMENTS/Stardock/Curtains/Splash Green/taskbar-vert.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/Toy.CURTAINSTYLE
$DOCUMENTS/Stardock/Curtains/Toy/desktop-bg.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/frame-bottom.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/frame-left.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/frame-right.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/frame-top.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/gb color - yellow_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/gb color - yellow_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/gb color - yellow_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/gb color - yellow_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/glyph-bg-active.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/glyph-bg-inactive.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/glyph-close.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Toy/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Toy/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Toy/glyph-max.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Toy/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Toy/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Toy/glyph-min.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Toy/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Toy/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Toy/start-button.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/start-menu-bg.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/taskbar-button.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/taskbar-horiz.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/taskbar-vert.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/toy_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/toy_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/toy_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/toy_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/Toy/window-fill.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/WarpOS.CURTAINSTYLE
$DOCUMENTS/Stardock/Curtains/WarpOS/desktop-bg.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/frame-bottom.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/frame-left.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/frame-right.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/frame-top-l1-tool-window.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/frame-top.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/frame-top2.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/glyph-bg-active.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/glyph-bg-inactive.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/glyph-close.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/glyph-max.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/glyph-min.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/os 2 warp_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/os 2 warp_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/os 2 warp_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/os 2 warp_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/start-button.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/start-menu-bg.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/taskbar-button.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/taskbar-horiz.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/taskbar-vert.png
.png
$DOCUMENTS/Stardock/Curtains/WarpOS/window-fill.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/Workbench.CURTAINSTYLE
$DOCUMENTS/Stardock/Curtains/Workbench/amiga workbench_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/amiga workbench_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/amiga workbench_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/amiga workbench_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/desktop-bg.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/frame-bottom.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/frame-left.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/frame-right.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/frame-top.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/glyph-bg-active.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/glyph-bg-inactive.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/glyph-close.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Workbench/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Workbench/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Workbench/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Workbench/glyph-max.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Workbench/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Workbench/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Workbench/glyph-min.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Workbench/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Workbench/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/Workbench/start-button.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/start-menu-bg.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/taskbar-button.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/taskbar-horiz.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/taskbar-vert.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/window-fill.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/workbench_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/workbench_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/workbench_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/Workbench/workbench_CustomTop.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/XP Luna.CURTAINSTYLE
$DOCUMENTS/Stardock/Curtains/XP Luna/desktop-bg.jpg
.jpg
$DOCUMENTS/Stardock/Curtains/XP Luna/frame-bottom.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/frame-left.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/frame-right.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/frame-top-tool.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/frame-top.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/glyph-bg-active.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/glyph-bg-inactive.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/glyph-close.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/glyph-max.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/glyph-min.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/[email protected]
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/start-button.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/start-menu-bg.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/taskbar-button.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/taskbar-horiz-l1.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/taskbar-horiz.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/taskbar-vert-l1.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/taskbar-vert.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/window-fill.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/xp luna_CustomBottom.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/xp luna_CustomLeft.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/xp luna_CustomRight.png
.png
$DOCUMENTS/Stardock/Curtains/XP Luna/xp luna_CustomTop.png
.png
$PLUGINSDIR/Aero.dll
.dll windows:6 windows x86 arch:x86

3863c2a1ff3d5db5d3cecc7c23714e97

Code Sign

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

Issuer

CN=diakov.soft

Not Before

10/10/2020, 10:39

Not After

08/01/2021, 21:00

Subject

CN=diakov.soft

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

05:3a:61:03:d8:aa:8d:41:12:7c:e3:d0:f6:25:21:f4:96:ae:f7:e5
Signer

Actual PE Digest

05:3a:61:03:d8:aa:8d:41:12:7c:e3:d0:f6:25:21:f4:96:ae:f7:e5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

WideCharToMultiByte
lstrcpyA
lstrcpynA
MultiByteToWideChar
LoadLibraryA
lstrlenA
lstrcmpiA
GlobalFree
GlobalAlloc
GetProcAddress
GetVersion

user32

SetWindowTextA
GetWindowTextW
GetWindowTextLengthA
GetClientRect
GetWindowRect
MapWindowPoints
GetSysColorBrush
FillRect
GetWindowLongA
SetWindowLongA
EnumChildWindows
wsprintfA
GetPropA
SetPropA
InvalidateRect
EndPaint
BeginPaint
GetDlgItem
SetWindowPos
ShowWindow
IsWindow
CallWindowProcA
SendMessageA
SetWindowTextW

gdi32

CreateCompatibleDC
CreateSolidBrush
DeleteDC
DeleteObject
PatBlt
RestoreDC
SaveDC
SelectObject
SetLayout
CreateDIBSection
BitBlt

Exports

Exports

Apply

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 288B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 832B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/BrandingURL.dll
.dll windows:4 windows x86 arch:x86

135de77644e2add2fd9dd8176740e7e0

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GlobalFree

user32

GetWindowRect
SetCapture
InvalidateRect
SendMessageA
GetCapture
ClientToScreen
EnableWindow
LoadImageA
SetPropA
SetWindowLongA
GetWindowLongA
GetDlgItem
PtInRect
ReleaseCapture
SetCursor
GetPropA
CallWindowProcA
RedrawWindow

gdi32

GetObjectA
SetTextColor
CreateFontIndirectA

shell32

ShellExecuteA

Exports

Exports

Set
Unload

Sections

.text
Size: 1024B - Virtual size: 992B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 839B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 220B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/LangDLL.dll
.dll windows:4 windows x86 arch:x86

9b6b6a7858e17fb0b17e1c1428330343

Code Sign

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

Issuer

CN=diakov.soft

Not Before

10/10/2020, 10:39

Not After

08/01/2021, 21:00

Subject

CN=diakov.soft

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:ef:07:d4:8b:79:f8:26:5d:fc:1f:a4:84:09:f7:98:4e:20:66:18
Signer

Actual PE Digest

0c:ef:07:d4:8b:79:f8:26:5d:fc:1f:a4:84:09:f7:98:4e:20:66:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalFree
GetACP
lstrlenA
lstrcmpA
lstrcpynA
GetModuleHandleA
MulDiv
lstrcpyA
GlobalAlloc

user32

SetWindowTextA
SetDlgItemTextA
SendDlgItemMessageA
EndDialog
DialogBoxParamA
LoadIconA
SendMessageA
ShowWindow
GetDC

gdi32

CreateFontIndirectA
GetDeviceCaps
DeleteObject

Exports

Exports

LangDialog

Sections

.text
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 697B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 352B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 320B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Code Sign

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

Issuer

CN=diakov.soft

Not Before

10/10/2020, 10:39

Not After

08/01/2021, 21:00

Subject

CN=diakov.soft

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7
Signer

Actual PE Digest

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/md5dll.dll
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Exports

Exports

GetFileMD5
GetMD5
GetMD5File
GetMD5Random
GetMD5String

Sections

UPX0
Size: - Virtual size: 24KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

UPX1
Size: 3KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
out.upx
.dll windows:4 windows x86 arch:x86

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Sections

.text
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 912B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 144B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsDialogs.dll
.dll windows:4 windows x86 arch:x86

1e2884056e655f2b7bc5a904e352fc80

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

lstrcpyA
GetFileAttributesA
lstrcmpiA
MulDiv
lstrlenA
HeapFree
GetCurrentDirectoryA
HeapAlloc
HeapReAlloc
GlobalFree
lstrcpynA
GlobalAlloc
GetProcessHeap
SetCurrentDirectoryA

user32

GetPropA
DestroyWindow
CallWindowProcA
SetCursor
LoadCursorA
RemovePropA
CharPrevA
GetWindowLongA
DrawTextA
GetWindowTextA
GetDlgItem
SetWindowLongA
SetWindowPos
CreateDialogParamA
MapWindowPoints
GetWindowRect
SetPropA
CreateWindowExA
IsWindow
SetTimer
KillTimer
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
ShowWindow
wsprintfA
MapDialogRect
GetClientRect
CharNextA
SendMessageA
DrawFocusRect

gdi32

SetTextColor

shell32

SHBrowseForFolderA
SHGetPathFromIDListA

comdlg32

GetSaveFileNameA
GetOpenFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

Create
CreateControl
CreateItem
CreateTimer
GetUserData
KillTimer
OnBack
OnChange
OnClick
OnNotify
SelectFileDialog
SelectFolderDialog
SetRTL
SetUserData
Show

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/tem/comp.exe
.exe windows:4 windows x86 arch:x86

da401ef5e9d5c4599673c26d95fa6029

Code Sign

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

Issuer

CN=diakov.soft

Not Before

10/10/2020, 10:39

Not After

08/01/2021, 21:00

Subject

CN=diakov.soft

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

57:40:66:75:13:66:bc:93:5d:a0:3e:e1:86:4f:3c:74:58:7f:25:18
Signer

Actual PE Digest

57:40:66:75:13:66:bc:93:5d:a0:3e:e1:86:4f:3c:74:58:7f:25:18

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE

Imports

oleaut32

SysFreeString
SysAllocStringLen
SysAllocString
VariantClear
SysStringLen

ole32

CoCreateInstance
CoInitialize
CoUninitialize
OleInitialize

user32

CheckDlgButton
IsDlgButtonChecked
EndDialog
SetDlgItemTextW
GetFocus
SetFocus
GetKeyState
InvalidateRect
SetWindowTextW
EnableWindow
PostMessageW
MessageBoxW
SetTimer
DialogBoxParamW
SetWindowLongW
GetWindowLongW
ShowWindow
MoveWindow
ScreenToClient
GetDlgItem
GetWindowRect
MapDialogRect
SystemParametersInfoW
GetWindowTextLengthW
GetWindowTextW
SendMessageW
LoadStringW
CharUpperW
LoadIconW
GetParent
SetCursor
LoadCursorW
KillTimer

shell32

SHGetPathFromIDListW
SHBrowseForFolderW
SHGetFileInfoW
SHGetMalloc

msvcrt

wcsstr
wcscmp
_beginthreadex
_except_handler3
??1type_info@@UAE@XZ
?terminate@@YAXXZ
__dllonexit
_onexit
_exit
_XcptFilter
exit
_acmdln
__getmainargs
_initterm
__setusermatherr
_adjust_fdiv
__p__commode
__p__fmode
__set_app_type
_controlfp
_CxxThrowException
malloc
memcpy
memmove
memset
_purecall
memcmp
__CxxFrameHandler
free

kernel32

GetStartupInfoA
InitializeCriticalSection
ResetEvent
SetEvent
CreateEventW
WaitForSingleObject
lstrlenW
lstrcatW
VirtualFree
VirtualAlloc
SetPriorityClass
DeleteCriticalSection
Sleep
EnterCriticalSection
LeaveCriticalSection
WaitForMultipleObjects
GetFileInformationByHandle
GetStdHandle
GlobalMemoryStatus
GetSystemInfo
GetCurrentProcess
GetProcessAffinityMask
FileTimeToLocalFileTime
FileTimeToSystemTime
CompareFileTime
SetEndOfFile
WriteFile
ReadFile
SetFilePointer
GetFileSize
GetLogicalDriveStringsW
GetFileAttributesW
GetModuleHandleA
FindNextFileW
FindFirstFileW
FindClose
GetTickCount
GetCurrentDirectoryW
SetLastError
DeleteFileW
CreateDirectoryW
GetModuleHandleW
MoveFileW
RemoveDirectoryW
SetFileAttributesW
CreateFileW
SetFileTime
CloseHandle
GetSystemDirectoryW
FormatMessageW
LocalFree
GetModuleFileNameW
MultiByteToWideChar
GetLastError
GetVersionExW
LoadLibraryW
GetProcAddress
FreeLibrary
GetCommandLineW
LoadLibraryExW

Sections

.text
Size: 165KB - Virtual size: 164KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 25KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.sxdata
Size: 512B - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$WINDIR/womtrust.dll
.dll regsvr32 windows:6 windows x64 arch:x64

804df78f28d79db45ff0710e86813c0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsW

kernel32

CreateFileW
LoadLibraryA
GetProcAddress
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedFlushSList
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
RaiseException
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW

Exports

Exports

AddPersonalTrustDBPages
CatalogCompactHashDatabase
ComputeFirstPageHash
ConfigCiFinalPolicy
CryptCATAdminAcquireContext
CryptCATAdminAcquireContext2
CryptCATAdminAddCatalog
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminCalcHashFromFileHandle2
CryptCATAdminEnumCatalogFromHash
CryptCATAdminPauseServiceForBackup
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminRemoveCatalog
CryptCATAdminResolveCatalogPath
CryptCATAllocSortedMemberInfo
CryptCATCDFClose
CryptCATCDFEnumAttributes
CryptCATCDFEnumAttributesWithCDFTag
CryptCATCDFEnumCatAttributes
CryptCATCDFEnumMembers
CryptCATCDFEnumMembersByCDFTag
CryptCATCDFEnumMembersByCDFTagEx
CryptCATCDFOpen
CryptCATCatalogInfoFromContext
CryptCATClose
CryptCATEnumerateAttr
CryptCATEnumerateCatAttr
CryptCATEnumerateMember
CryptCATFreeSortedMemberInfo
CryptCATGetAttrInfo
CryptCATGetCatAttrInfo
CryptCATGetMemberInfo
CryptCATHandleFromStore
CryptCATOpen
CryptCATPersistStore
CryptCATPutAttrInfo
CryptCATPutCatAttrInfo
CryptCATPutMemberInfo
CryptCATStoreFromHandle
CryptCATVerifyMember
CryptSIPCreateIndirectData
CryptSIPGetCaps
CryptSIPGetInfo
CryptSIPGetRegWorkingFlags
CryptSIPGetSealedDigest
CryptSIPGetSignedDataMsg
CryptSIPPutSignedDataMsg
CryptSIPRemoveSignedDataMsg
CryptSIPVerifyIndirectData
DllRegisterServer
DllUnregisterServer
DriverCleanupPolicy
DriverFinalPolicy
DriverInitializePolicy
FindCertsByIssuer
GenericChainCertificateTrust
GenericChainFinalProv
HTTPSCertificateTrust
HTTPSFinalProv
IsCatalogFile
MsCatConstructHashTag
MsCatFreeHashTag
OfficeCleanupPolicy
OfficeInitializePolicy
OpenPersonalTrustDBDialog
OpenPersonalTrustDBDialogEx
SoftpubAuthenticode
SoftpubCheckCert
SoftpubCleanup
SoftpubDefCertInit
SoftpubDllRegisterServer
SoftpubDllUnregisterServer
SoftpubDumpStructure
SoftpubFreeDefUsageCallData
SoftpubInitialize
SoftpubLoadDefUsageCallData
SoftpubLoadMessage
SoftpubLoadSignature
TrustDecode
TrustFindIssuerCertificate
TrustFreeDecode
TrustIsCertificateSelfSigned
TrustOpenStores
WTGetSignatureInfo
WTHelperCertCheckValidSignature
WTHelperCertFindIssuerCertificate
WTHelperCertIsSelfSigned
WTHelperCheckCertUsage
WTHelperGetAgencyInfo
WTHelperGetFileHandle
WTHelperGetFileHash
WTHelperGetFileName
WTHelperGetKnownUsages
WTHelperGetProvCertFromChain
WTHelperGetProvPrivateDataFromChain
WTHelperGetProvSignerFromChain
WTHelperIsChainedToMicrosoft
WTHelperIsChainedToMicrosoftFromStateData
WTHelperIsInRootStore
WTHelperOpenKnownStores
WTHelperProvDataFromStateData
WVTAsn1CatMemberInfo2Decode
WVTAsn1CatMemberInfo2Encode
WVTAsn1CatMemberInfoDecode
WVTAsn1CatMemberInfoEncode
WVTAsn1CatNameValueDecode
WVTAsn1CatNameValueEncode
WVTAsn1IntentToSealAttributeDecode
WVTAsn1IntentToSealAttributeEncode
WVTAsn1SealingSignatureAttributeDecode
WVTAsn1SealingSignatureAttributeEncode
WVTAsn1SealingTimestampAttributeDecode
WVTAsn1SealingTimestampAttributeEncode
WVTAsn1SpcFinancialCriteriaInfoDecode
WVTAsn1SpcFinancialCriteriaInfoEncode
WVTAsn1SpcIndirectDataContentDecode
WVTAsn1SpcIndirectDataContentEncode
WVTAsn1SpcLinkDecode
WVTAsn1SpcLinkEncode
WVTAsn1SpcMinimalCriteriaInfoDecode
WVTAsn1SpcMinimalCriteriaInfoEncode
WVTAsn1SpcPeImageDataDecode
WVTAsn1SpcPeImageDataEncode
WVTAsn1SpcSigInfoDecode
WVTAsn1SpcSigInfoEncode
WVTAsn1SpcSpAgencyInfoDecode
WVTAsn1SpcSpAgencyInfoEncode
WVTAsn1SpcSpOpusInfoDecode
WVTAsn1SpcSpOpusInfoEncode
WVTAsn1SpcStatementTypeDecode
WVTAsn1SpcStatementTypeEncode
WinVerifyTrust
WintrustAddActionID
WintrustAddDefaultForUsage
WintrustCertificateTrust
WintrustGetDefaultForUsage
WintrustGetRegPolicyFlags
WintrustLoadFunctionPointers
WintrustRemoveActionID
WintrustSetDefaultIncludePEPageHashes
WintrustSetRegPolicyFlags
mscat32DllRegisterServer
mscat32DllUnregisterServer
mssip32DllRegisterServer
mssip32DllUnregisterServer

Sections

.text
Size: 39KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.gfids
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$WINDIR/wontrust.dll
.dll regsvr32 windows:5 windows x86 arch:x86

9b16a1bf9bedd42ddef7c3eff3d83502

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

shlwapi

PathFileExistsW

kernel32

CreateFileW
LoadLibraryA
GetProcAddress
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
RaiseException
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
DecodePointer

Exports

Exports

AddPersonalTrustDBPages
CatalogCompactHashDatabase
ComputeFirstPageHash
ConfigCiFinalPolicy
CryptCATAdminAcquireContext
CryptCATAdminAcquireContext2
CryptCATAdminAddCatalog
CryptCATAdminCalcHashFromFileHandle
CryptCATAdminCalcHashFromFileHandle2
CryptCATAdminEnumCatalogFromHash
CryptCATAdminPauseServiceForBackup
CryptCATAdminReleaseCatalogContext
CryptCATAdminReleaseContext
CryptCATAdminRemoveCatalog
CryptCATAdminResolveCatalogPath
CryptCATAllocSortedMemberInfo
CryptCATCDFClose
CryptCATCDFEnumAttributes
CryptCATCDFEnumAttributesWithCDFTag
CryptCATCDFEnumCatAttributes
CryptCATCDFEnumMembers
CryptCATCDFEnumMembersByCDFTag
CryptCATCDFEnumMembersByCDFTagEx
CryptCATCDFOpen
CryptCATCatalogInfoFromContext
CryptCATClose
CryptCATEnumerateAttr
CryptCATEnumerateCatAttr
CryptCATEnumerateMember
CryptCATFreeSortedMemberInfo
CryptCATGetAttrInfo
CryptCATGetCatAttrInfo
CryptCATGetMemberInfo
CryptCATHandleFromStore
CryptCATOpen
CryptCATPersistStore
CryptCATPutAttrInfo
CryptCATPutCatAttrInfo
CryptCATPutMemberInfo
CryptCATStoreFromHandle
CryptCATVerifyMember
CryptSIPCreateIndirectData
CryptSIPGetCaps
CryptSIPGetInfo
CryptSIPGetRegWorkingFlags
CryptSIPGetSealedDigest
CryptSIPGetSignedDataMsg
CryptSIPPutSignedDataMsg
CryptSIPRemoveSignedDataMsg
CryptSIPVerifyIndirectData
DllRegisterServer
DllUnregisterServer
DriverCleanupPolicy
DriverFinalPolicy
DriverInitializePolicy
FindCertsByIssuer
GenericChainCertificateTrust
GenericChainFinalProv
HTTPSCertificateTrust
HTTPSFinalProv
IsCatalogFile
MsCatConstructHashTag
MsCatFreeHashTag
OfficeCleanupPolicy
OfficeInitializePolicy
OpenPersonalTrustDBDialog
OpenPersonalTrustDBDialogEx
SoftpubAuthenticode
SoftpubCheckCert
SoftpubCleanup
SoftpubDefCertInit
SoftpubDllRegisterServer
SoftpubDllUnregisterServer
SoftpubDumpStructure
SoftpubFreeDefUsageCallData
SoftpubInitialize
SoftpubLoadDefUsageCallData
SoftpubLoadMessage
SoftpubLoadSignature
TrustDecode
TrustFindIssuerCertificate
TrustFreeDecode
TrustIsCertificateSelfSigned
TrustOpenStores
WTGetSignatureInfo
WTHelperCertCheckValidSignature
WTHelperCertFindIssuerCertificate
WTHelperCertIsSelfSigned
WTHelperCheckCertUsage
WTHelperGetAgencyInfo
WTHelperGetFileHandle
WTHelperGetFileHash
WTHelperGetFileName
WTHelperGetKnownUsages
WTHelperGetProvCertFromChain
WTHelperGetProvPrivateDataFromChain
WTHelperGetProvSignerFromChain
WTHelperIsChainedToMicrosoft
WTHelperIsChainedToMicrosoftFromStateData
WTHelperIsInRootStore
WTHelperOpenKnownStores
WTHelperProvDataFromStateData
WVTAsn1CatMemberInfo2Decode
WVTAsn1CatMemberInfo2Encode
WVTAsn1CatMemberInfoDecode
WVTAsn1CatMemberInfoEncode
WVTAsn1CatNameValueDecode
WVTAsn1CatNameValueEncode
WVTAsn1IntentToSealAttributeDecode
WVTAsn1IntentToSealAttributeEncode
WVTAsn1SealingSignatureAttributeDecode
WVTAsn1SealingSignatureAttributeEncode
WVTAsn1SealingTimestampAttributeDecode
WVTAsn1SealingTimestampAttributeEncode
WVTAsn1SpcFinancialCriteriaInfoDecode
WVTAsn1SpcFinancialCriteriaInfoEncode
WVTAsn1SpcIndirectDataContentDecode
WVTAsn1SpcIndirectDataContentEncode
WVTAsn1SpcLinkDecode
WVTAsn1SpcLinkEncode
WVTAsn1SpcMinimalCriteriaInfoDecode
WVTAsn1SpcMinimalCriteriaInfoEncode
WVTAsn1SpcPeImageDataDecode
WVTAsn1SpcPeImageDataEncode
WVTAsn1SpcSigInfoDecode
WVTAsn1SpcSigInfoEncode
WVTAsn1SpcSpAgencyInfoDecode
WVTAsn1SpcSpAgencyInfoEncode
WVTAsn1SpcSpOpusInfoDecode
WVTAsn1SpcSpOpusInfoEncode
WVTAsn1SpcStatementTypeDecode
WVTAsn1SpcStatementTypeEncode
WinVerifyTrust
WintrustAddActionID
WintrustAddDefaultForUsage
WintrustCertificateTrust
WintrustGetDefaultForUsage
WintrustGetRegPolicyFlags
WintrustLoadFunctionPointers
WintrustRemoveActionID
WintrustSetDefaultIncludePEPageHashes
WintrustSetRegPolicyFlags
mscat32DllRegisterServer
mscat32DllUnregisterServer
mssip32DllRegisterServer
mssip32DllUnregisterServer

Sections

.text
Size: 40KB - Virtual size: 39KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 32KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 512B - Virtual size: 160B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 512B - Virtual size: 480B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Curtains64.dll
.dll windows:6 windows x64 arch:x64

dcde49777b72bec35ff4be51061461ce

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

F:\Project Curtains\modified uxhook - ShadowFX\Release\uxhook.pdb

Imports

kernel32

GetPrivateProfileStringW
Sleep
GetTickCount64
GetLastError
GlobalSize
CreateFileA
SetEvent
GetCurrentThread
LoadLibraryA
TlsAlloc
LockResource
GlobalAlloc
GlobalFree
HeapReAlloc
CloseHandle
RaiseException
LoadLibraryW
FindResourceExW
LoadResource
FindResourceW
GlobalFindAtomW
HeapAlloc
DecodePointer
HeapDestroy
GetProcAddress
GlobalLock
DeleteCriticalSection
GetCurrentProcessId
GetProcessHeap
GetModuleHandleW
FreeLibrary
WideCharToMultiByte
WinExec
TlsGetValue
QueryFullProcessImageNameW
TlsFree
GlobalFindAtomA
IsBadReadPtr
GetTickCount
GlobalUnlock
VirtualQuery
SwitchToThread
WriteConsoleW
SetEndOfFile
GetStringTypeW
SetStdHandle
GetTimeZoneInformation
ReadConsoleW
GetFileSizeEx
SetFilePointerEx
GetConsoleMode
GetConsoleCP
FlushFileBuffers
DeleteFileW
SetEnvironmentVariableW
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
MultiByteToWideChar
FindFirstFileExW
GetStdHandle
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetLocaleInfoW
LCMapStringW
CompareStringW
GetTimeFormatW
GetDateFormatW
GetFileType
ExitProcess
GetModuleHandleExW
ResumeThread
ExitThread
CreateThread
LoadLibraryExW
EncodePointer
InterlockedFlushSList
InterlockedPushEntrySList
RtlPcToFileHeader
RtlUnwindEx
OutputDebugStringW
QueryPerformanceFrequency
lstrlenA
lstrcmpA
GetComputerNameA
FreeLibraryAndExitThread
GetComputerNameW
AddAtomA
ReleaseMutex
CreateMutexW
FileTimeToSystemTime
FindClose
FindFirstFileW
LocalFree
LocalAlloc
GetModuleHandleExA
CreateDirectoryW
GetFileAttributesA
CreateProcessA
SetHandleInformation
CreatePipe
RtlUnwind
InitializeSListHead
GetSystemTimeAsFileTime
QueryPerformanceCounter
GetStartupInfoW
IsDebuggerPresent
IsProcessorFeaturePresent
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
RtlVirtualUnwind
RtlLookupFunctionEntry
RtlCaptureContext
WaitForSingleObjectEx
ResetEvent
InitializeCriticalSectionAndSpinCount
LoadLibraryExA
GetSystemInfo
ProcessIdToSessionId
CreateEventW
HeapSize
OpenProcess
GlobalAddAtomW
FreeResource
DisconnectNamedPipe
GetModuleHandleA
GlobalDeleteAtom
GetSystemDirectoryW
GetPrivateProfileSectionNamesW
GetCurrentThreadId
CreateFileW
WaitForSingleObject
InitializeCriticalSectionEx
InitializeCriticalSection
LeaveCriticalSection
SetThreadPriority
WaitForMultipleObjects
GetModuleFileNameW
GetPrivateProfileIntW
WriteFile
GetCommandLineW
EnterCriticalSection
HeapFree
TlsSetValue
WaitNamedPipeA
IsBadWritePtr
WriteProcessMemory
SizeofResource
GetModuleFileNameA
ReadFile
FlushInstructionCache
IsBadCodePtr
VirtualAlloc
GetCurrentProcess
VirtualFree
SetLastError
FindNextFileW
VirtualProtect

user32

GetWindowLongW
GetWindowThreadProcessId
GetMessageW
GetSystemMenu
GetMenuState
GetKeyState
RemovePropA
SetPropA
CallWindowProcW
PostMessageW
GetWindow
FindWindowExW
GetWindowRect
SendMessageTimeoutW
DestroyWindow
GetDC
IsWindowVisible
SetWindowPos
GetPropW
CopyImage
MonitorFromWindow
EnumChildWindows
SetWindowLongPtrW
SetWindowRgn
FillRect
ScreenToClient
SendMessageW
CallNextHookEx
RemovePropW
GetSystemMetrics
CreatePopupMenu
NotifyWinEvent
GetClassNameA
GetWindowLongPtrW
WindowFromPoint
TrackPopupMenu
ShowWindow
IsWindow
RegisterWindowMessageA
DispatchMessageW
SetTimer
RedrawWindow
GetMonitorInfoW
ClientToScreen
GetLayeredWindowAttributes
PeekMessageW
WindowFromDC
MapWindowPoints
InternalGetWindowText
TrackMouseEvent
BlockInput
EqualRect
GetForegroundWindow
MoveWindow
UnhookWindowsHookEx
GetPropA
EnumWindows
GetTitleBarInfo
DestroyMenu
CreateWindowExA
GetWindowRgnBox
SetLayeredWindowAttributes
BroadcastSystemMessageW
SetPropW
TranslateMessage
LoadIconW
FindWindowW
SetCapture
GetWindowDC
SetWindowsHookExW
wsprintfW
SetWindowLongW
GetClientRect
IsZoomed
AppendMenuW
UpdateLayeredWindow
DrawTextW
PostThreadMessageW
KillTimer
GetDesktopWindow
SystemParametersInfoW
SetWinEventHook
GetParent
RegisterWindowMessageW
FindWindowA
PtInRect
UpdateWindow
UnhookWinEvent
ReleaseCapture
SetForegroundWindow
InvalidateRect
GetAncestor
IsIconic
ReleaseDC
GetCursorPos
BeginPaint
EndPaint
EnableWindow
MsgWaitForMultipleObjects
PostQuitMessage
CallMsgFilterW
GetLastInputInfo
SendInput
GetSysColor

gdi32

SetRectRgn
SelectObject
CreateDIBSection
GetDCPenColor
CreateCompatibleDC
GdiAlphaBlend
StretchBlt
GetClipRgn
StretchDIBits
CreateFontW
GetStockObject
GetDCBrushColor
GetDIBits
GetWindowOrgEx
GetDeviceCaps
GetPixel
GetTextAlign
CreateRectRgn
DeleteDC
SetTextColor
SetBkMode
SetDIBitsToDevice
SelectClipRgn
GetObjectW
GetTextColor
SetStretchBltMode
DeleteObject
ExtSelectClipRgn
CreateFontIndirectW
GetCurrentObject
CombineRgn
SetDCPenColor
ExtTextOutW
GetRgnBox
GetViewportOrgEx
GetBkColor
BitBlt

Exports

Exports

DoesPartExistTiles
DrawSkinGroupy
DrawSkinTiles
FreeSkinGroupy
FreeSkinTiles
GetColourGroupy
GetGroupyTitle
GetGroupyTitleAvg
GroupyColourMap
GroupyModifyRect
GroupyPartExists
IsFeatureEnabled
LoadSkinGroupy
LoadSkinTiles
NBString
NBString2
PaintStart
RenderTaskbar
XHook
XHook2
XHook3

Sections

.text
Size: 919KB - Virtual size: 920KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 305KB - Virtual size: 308KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 27KB - Virtual size: 120KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 38KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 10KB - Virtual size: 12KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 9KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Curtains64.exe
.exe windows:6 windows x64 arch:x64

9934942a2cd12d79cf0466b162851458

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:16:3c:4a:24:38:b0:3a:43:e1:70:f4:83:b7:b8:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/04/2019, 00:00

Not After

20/04/2022, 23:59

Subject

CN=STARDOCK SYSTEMS\, INC.,O=STARDOCK SYSTEMS\, INC.,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:16:3c:4a:24:38:b0:3a:43:e1:70:f4:83:b7:b8:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/04/2019, 00:00

Not After

20/04/2022, 23:59

Subject

CN=STARDOCK SYSTEMS\, INC.,O=STARDOCK SYSTEMS\, INC.,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

a0:c7:f0:32:b4:c2:d6:ac:fc:1c:98:ce:d4:49:f7:38:74:de:a2:4b:26:ac:46:fc:6d:f2:15:b4:07:6a:3c:a7
Signer

Actual PE Digest

a0:c7:f0:32:b4:c2:d6:ac:fc:1c:98:ce:d4:49:f7:38:74:de:a2:4b:26:ac:46:fc:6d:f2:15:b4:07:6a:3c:a7

Digest Algorithm

sha256

PE Digest Matches

true

f6:93:42:23:90:b6:7c:39:92:1b:9e:90:a7:d2:1b:c3:9f:1d:e5:77
Signer

Actual PE Digest

f6:93:42:23:90:b6:7c:39:92:1b:9e:90:a7:d2:1b:c3:9f:1d:e5:77

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

Imports

wtsapi32

WTSFreeMemoryExW
WTSQueryUserToken
WTSRegisterSessionNotification
WTSEnumerateProcessesExW

dwmapi

DwmGetColorizationColor

kernel32

ReadFile
DisconnectNamedPipe
ExitThread
WriteFile
FlushFileBuffers
SetThreadPriority
GetCurrentThread
WTSGetActiveConsoleSessionId
CreateNamedPipeA
ConnectNamedPipe
CreateThread
LoadLibraryA
GetTickCount
GlobalAddAtomW
K32EmptyWorkingSet
SetProcessWorkingSetSize
GetConsoleCP
HeapReAlloc
HeapSize
GetStringTypeW
SetStdHandle
GetFileType
GetProcessHeap
FreeEnvironmentStringsW
GetEnvironmentStringsW
WideCharToMultiByte
MultiByteToWideChar
GetCurrentThreadId
GetCommandLineA
GetCPInfo
GetOEMCP
GetACP
IsValidCodePage
FindNextFileW
FindFirstFileExW
FindClose
LCMapStringW
HeapFree
HeapAlloc
GetStdHandle
GetModuleFileNameW
FreeLibraryAndExitThread
ResumeThread
GetModuleHandleExW
ExitProcess
LoadLibraryExW
FreeLibrary
TlsFree
TlsSetValue
TlsGetValue
GetCurrentProcessId
ProcessIdToSessionId
GetModuleFileNameA
Sleep
WaitForSingleObject
OpenProcess
CloseHandle
VirtualFreeEx
RtlUnwind
GetLastError
CreateRemoteThread
GetProcAddress
GetCurrentProcess
DuplicateHandle
GetModuleHandleA
WriteProcessMemory
VirtualAllocEx
GetConsoleMode
SetFilePointerEx
CreateFileW
WriteConsoleW
GetCommandLineW
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
QueryPerformanceCounter
GetSystemTimeAsFileTime
InitializeSListHead
RtlUnwindEx
RtlPcToFileHeader
RaiseException
SetLastError
EncodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc

user32

PostQuitMessage
RedrawWindow
GetPropW
KillTimer
DefWindowProcW
EndPaint
BeginPaint
CreateWindowExW
RegisterClassExW
DispatchMessageW
TranslateMessage
GetMessageW
SetTimer
SetWinEventHook
FindWindowW
ChangeWindowMessageFilterEx
LoadStringW
ChangeWindowMessageFilter
RegisterWindowMessageW
IsWindow
GetPropA
GetClassNameA
GetWindowLongW
SetWindowPos
PostMessageW
SetWindowsHookExW
UnhookWindowsHookEx
GetSystemMetrics
SendMessageW
FindWindowA
GetWindowThreadProcessId

advapi32

RegOpenKeyA
RegOpenKeyW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
RegOpenCurrentUser
RevertToSelf
ImpersonateLoggedOnUser
RegQueryValueExW
RegCreateKeyW
RegCloseKey
RegQueryValueExA
RegCreateKeyA
AdjustTokenPrivileges
LookupPrivilegeValueW
OpenProcessToken

Sections

.text
Size: 64KB - Virtual size: 63KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 42KB - Virtual size: 41KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
CurtainsConfig.exe
.exe windows:6 windows x86 arch:x86

4c2d2010e8f4d2c248707849106103da

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DEBUG_STRIPPED

Imports

kernel32

GetModuleHandleA
GetProcAddress

gdiplus

GdipFree

uxtheme

IsAppThemed

version

VerQueryValueA

wininet

InternetOpenA

dwmapi

DwmSetWindowAttribute

user32

GetDC

gdi32

PatBlt

comdlg32

ChooseColorW

winspool.drv

ClosePrinter

advapi32

IsValidSid

shell32

DragFinish

shlwapi

UrlEscapeA

ole32

DoDragDrop

oleaut32

VariantClear

oledlg

OleUIBusyW

urlmon

UrlMkSetSessionOption

crypt32

CertGetNameStringW

oleacc

LresultFromObject

imm32

ImmGetContext

winmm

PlaySoundW

Sections

Size: 1.3MB - Virtual size: 3.5MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 418KB - Virtual size: 417KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE
CurtainsSrv64.exe
.exe windows:6 windows x64 arch:x64

880f01af7a3fa9a5cba353b46e9c854b

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:16:3c:4a:24:38:b0:3a:43:e1:70:f4:83:b7:b8:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/04/2019, 00:00

Not After

20/04/2022, 23:59

Subject

CN=STARDOCK SYSTEMS\, INC.,O=STARDOCK SYSTEMS\, INC.,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0c:16:3c:4a:24:38:b0:3a:43:e1:70:f4:83:b7:b8:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/04/2019, 00:00

Not After

20/04/2022, 23:59

Subject

CN=STARDOCK SYSTEMS\, INC.,O=STARDOCK SYSTEMS\, INC.,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

61:19:93:e4:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Code Verification Root,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

22/02/2011, 19:25

Not After

22/02/2021, 19:35

Subject

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

7b:05:b1:d4:49:68:51:44:f7:c9:89:d2:9c:19:9d:12
Certificate

Issuer

CN=VeriSign Universal Root Certification Authority,OU=VeriSign Trust Network+OU=(c) 2008 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

12/01/2016, 00:00

Not After

11/01/2031, 23:59

Subject

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

7b:d4:e5:af:ba:cc:07:3f:a1:01:23:04:22:41:4d:12
Certificate

Issuer

CN=Symantec SHA256 TimeStamping CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

23/12/2017, 00:00

Not After

22/03/2029, 23:59

Subject

CN=Symantec SHA256 TimeStamping Signer - G3,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

6c:7f:21:2f:17:32:de:f7:5e:23:44:8a:1e:d3:a2:59:70:44:ea:55:83:ef:b8:19:3c:b9:91:c7:41:be:8a:46
Signer

Actual PE Digest

6c:7f:21:2f:17:32:de:f7:5e:23:44:8a:1e:d3:a2:59:70:44:ea:55:83:ef:b8:19:3c:b9:91:c7:41:be:8a:46

Digest Algorithm

sha256

PE Digest Matches

true

37:c9:da:7f:8b:39:42:6d:37:aa:11:be:63:4e:17:09:37:94:72:bd
Signer

Actual PE Digest

37:c9:da:7f:8b:39:42:6d:37:aa:11:be:63:4e:17:09:37:94:72:bd

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE

PDB Paths

F:\Project Curtains\iconservice_src - Curtains\Release\MultiSrv.pdb

Imports

shlwapi

SHDeleteKeyA

kernel32

CreateFileW
CreateEventA
SetProcessWorkingSetSize
WTSGetActiveConsoleSessionId
LocalFree
GetProcAddress
CloseHandle
SetEvent
CreateFileA
GetLastError
Sleep
GetModuleHandleA
K32EmptyWorkingSet
WaitForSingleObject
GetCurrentProcess
GetModuleFileNameA
WriteConsoleW
SetLastError
RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
RtlUnwindEx
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
LoadLibraryExW
EncodePointer
RaiseException
RtlPcToFileHeader
GetStdHandle
WriteFile
GetModuleFileNameW
ExitProcess
GetModuleHandleExW
GetCommandLineA
GetCommandLineW
HeapAlloc
HeapFree
GetDateFormatW
GetTimeFormatW
CompareStringW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
GetFileType
GetCurrentThread
OutputDebugStringW
FindClose
FindFirstFileExW
FindNextFileW
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
MultiByteToWideChar
WideCharToMultiByte
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
SetStdHandle
GetStringTypeW
GetProcessHeap
SetConsoleCtrlHandler
FlushFileBuffers
GetConsoleCP
GetConsoleMode
GetFileSizeEx
SetFilePointerEx
HeapSize
HeapReAlloc
ReadFile
ReadConsoleW

advapi32

GetLengthSid
RegCreateKeyA
CreateServiceA
AdjustTokenPrivileges
CreateProcessAsUserA
RegCloseKey
StartServiceCtrlDispatcherA
QueryServiceStatus
RegDeleteKeyA
CloseServiceHandle
SetTokenInformation
LookupPrivilegeValueA
SetServiceStatus
OpenSCManagerA
RegisterServiceCtrlHandlerExA
DeleteService
ConvertStringSidToSidW
ControlService
OpenServiceA
ChangeServiceConfig2A
DuplicateTokenEx
RegSetValueExA
OpenProcessToken
StartServiceA

Sections

.text
Size: 305KB - Virtual size: 305KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 68KB - Virtual size: 67KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Default.spak
SasUpgrade.exe
.exe windows:5 windows x86 arch:x86

bd45a764d50130c518fb75a09da7e1db

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

52:89:e3:7a:80:c2:a8:a6:8b:8d:96:4e:15:3a:ae:38
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

14/03/2016, 00:00

Not After

13/04/2019, 23:59

Subject

CN=Stardock Corporation,O=Stardock Corporation,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

77:cd:45:be:9e:c2:1c:a7:bb:dd:dd:4d:74:74:c8:64:ee:6d:9d:04
Signer

Actual PE Digest

77:cd:45:be:9e:c2:1c:a7:bb:dd:dd:4d:74:74:c8:64:ee:6d:9d:04

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\projects\netdev-application-sdappservices\trunk\Binary\Release\SasUpgrade.pdb

Imports

kernel32

GetCommandLineW
GetLastError
QueryPerformanceCounter
MultiByteToWideChar
WideCharToMultiByte
ReleaseMutex
WaitForSingleObject
CreateMutexW
lstrlenA
lstrcmpA
GetComputerNameA
CloseHandle
GetProcAddress
CreateFileW
GetModuleFileNameW
SetEndOfFile
OutputDebugStringW
ReadConsoleW
WriteConsoleW
SetStdHandle
LoadLibraryW
FreeLibrary
GetModuleHandleExA
LoadLibraryExW
FreeEnvironmentStringsW
EncodePointer
DecodePointer
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
GetStringTypeW
IsDebuggerPresent
IsProcessorFeaturePresent
HeapFree
GetSystemTimeAsFileTime
HeapReAlloc
HeapAlloc
RaiseException
RtlUnwind
GetCPInfo
UnhandledExceptionFilter
SetUnhandledExceptionFilter
SetLastError
InitializeCriticalSectionAndSpinCount
Sleep
GetCurrentProcess
TerminateProcess
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetStartupInfoW
GetModuleHandleW
LCMapStringW
GetLocaleInfoW
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetACP
GetOEMCP
GetCurrentThreadId
ExitProcess
GetModuleHandleExW
AreFileApisANSI
HeapSize
GetProcessHeap
GetStdHandle
GetFileType
WriteFile
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
FlushFileBuffers
GetCurrentProcessId
GetEnvironmentStringsW

advapi32

GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountNameA

shell32

SHGetFolderPathW

imagehlp

ImageGetCertificateHeader
ImageGetCertificateData

crypt32

CertGetNameStringW
CryptVerifyMessageSignature
CertFreeCertificateContext

shlwapi

PathAppendW

Sections

.text
Size: 317KB - Virtual size: 316KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 66KB - Virtual size: 66KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 14KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 18KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SdAppServices.dll
.dll windows:6 windows x86 arch:x86

18b7b12662160895695144f9f049e4a6

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:16:3c:4a:24:38:b0:3a:43:e1:70:f4:83:b7:b8:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/04/2019, 00:00

Not After

20/04/2022, 23:59

Subject

CN=STARDOCK SYSTEMS\, INC.,O=STARDOCK SYSTEMS\, INC.,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

8b:29:ec:3f:c8:d5:cf:8e:19:a0:65:c5:4b:cd:1c:a7:3e:e2:38:d1
Signer

Actual PE Digest

8b:29:ec:3f:c8:d5:cf:8e:19:a0:65:c5:4b:cd:1c:a7:3e:e2:38:d1

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\Jenkins\SAS Redistributable\workspace\src\Binary\Release\SdAppServices.pdb

Imports

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

kernel32

GetLastError
GetTickCount
GlobalFree
AddAtomA
Sleep
WaitForMultipleObjects
VerSetConditionMask
VerifyVersionInfoW
LoadLibraryW
GetProcAddress
QueryPerformanceCounter
QueryPerformanceFrequency
SetEndOfFile
WriteConsoleW
SetEnvironmentVariableA
FreeEnvironmentStringsW
GetEnvironmentStringsW
ReadFile
GetCommandLineA
CreateProcessA
SetHandleInformation
CreatePipe
GetCurrentProcessId
ResetEvent
SetEvent
CreateEventW
FreeLibraryAndExitThread
MultiByteToWideChar
WideCharToMultiByte
lstrlenW
ReleaseMutex
WaitForSingleObject
GetComputerNameW
CreateMutexW
lstrlenA
lstrcmpA
GetComputerNameA
FileTimeToSystemTime
FindClose
FindFirstFileW
LocalFree
LocalAlloc
GetModuleFileNameW
GetModuleHandleExA
CreateDirectoryW
HeapFree
GetOEMCP
IsValidCodePage
FindNextFileA
FindFirstFileExA
GetProcessHeap
HeapSize
HeapReAlloc
HeapAlloc
GetModuleHandleExW
ExitThread
CreateThread
MoveFileExW
ReadConsoleW
SetFilePointerEx
SetStdHandle
CloseHandle
GetFileAttributesA
ExitProcess
GetCommandLineW
EnumSystemLocalesW
GetUserDefaultLCID
IsValidLocale
GetTimeFormatW
GetDateFormatW
GetFullPathNameW
GetCurrentDirectoryW
DeleteFileW
GetConsoleMode
GetConsoleCP
WriteFile
FlushFileBuffers
GetTimeZoneInformation
GetStdHandle
GetACP
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
EncodePointer
DecodePointer
GetCPInfo
SetLastError
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
GetSystemTimeAsFileTime
GetModuleHandleW
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
WaitForSingleObjectEx
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetCurrentThreadId
InterlockedPushEntrySList
InterlockedFlushSList
RtlUnwind
RaiseException
FreeLibrary
LoadLibraryExW
CreateFileW
GetDriveTypeW
GetFileType
PeekNamedPipe
SystemTimeToTzSpecificLocalTime
GetModuleFileNameA

user32

GetLastInputInfo
DispatchMessageW
TranslateMessage
CallMsgFilterW
EnableWindow
PostQuitMessage
MsgWaitForMultipleObjects
PeekMessageW

advapi32

RegQueryValueExW
GetNamedSecurityInfoW
CryptGenRandom
CryptAcquireContextA
CryptEncrypt
CryptDecrypt
CryptSetKeyParam
CryptImportKey
CryptAcquireContextW
CryptReleaseContext
CryptDestroyKey
RegSetValueExW
RegCreateKeyExW
RegCloseKey
CreateWellKnownSid
RegOpenKeyExW
SetSecurityDescriptorSacl
GetSecurityDescriptorSacl
ConvertStringSecurityDescriptorToSecurityDescriptorW
SetSecurityDescriptorDacl
InitializeSecurityDescriptor
GetSidSubAuthority
GetSidSubAuthorityCount
GetSidIdentifierAuthority
IsValidSid
LookupAccountNameA
SetNamedSecurityInfoW
SetEntriesInAclW

shell32

SHGetFolderPathW
SHFileOperationW
ShellExecuteW
ShellExecuteExW

ole32

CoUninitialize
CoCreateInstance
CoSetProxyBlanket
CoInitializeEx

oleaut32

VariantChangeType
VariantClear
VariantInit
SysFreeString
SysAllocString

shlwapi

PathRemoveFileSpecW
PathFileExistsW
PathAppendW

iphlpapi

GetAdaptersInfo

crypt32

CryptStringToBinaryW
CryptBinaryToStringW

winhttp

WinHttpCreateUrl
WinHttpCrackUrl
WinHttpGetIEProxyConfigForCurrentUser
WinHttpOpen
WinHttpSetTimeouts
WinHttpConnect
WinHttpOpenRequest
WinHttpGetProxyForUrl
WinHttpSetOption
WinHttpAddRequestHeaders
WinHttpSendRequest
WinHttpReceiveResponse
WinHttpQueryHeaders
WinHttpQueryDataAvailable
WinHttpReadData
WinHttpCloseHandle

Exports

Exports

sas_AAAA
sas_AAAB
sas_AAAC
sas_AAAD
sas_AAAE

Sections

.text
Size: 837KB - Virtual size: 836KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 183KB - Virtual size: 183KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 31KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.gfids
Size: 1024B - Virtual size: 820B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 44KB - Virtual size: 43KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SdDisplay.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:16:3c:4a:24:38:b0:3a:43:e1:70:f4:83:b7:b8:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/04/2019, 00:00

Not After

20/04/2022, 23:59

Subject

CN=STARDOCK SYSTEMS\, INC.,O=STARDOCK SYSTEMS\, INC.,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

df:4b:de:99:34:26:c2:28:93:6b:71:e2:40:69:ea:fb:31:91:cb:17
Signer

Actual PE Digest

df:4b:de:99:34:26:c2:28:93:6b:71:e2:40:69:ea:fb:31:91:cb:17

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

mscoree

_CorExeMain

Sections

.text
Size: 49KB - Virtual size: 48KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
SdDisplay.exe.config
.xml
Stardock.ApplicationServices.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21/12/2012, 00:00

Not After

30/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18/10/2012, 00:00

Not After

29/12/2020, 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

0c:16:3c:4a:24:38:b0:3a:43:e1:70:f4:83:b7:b8:c8
Certificate

Issuer

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Not Before

08/04/2019, 00:00

Not After

20/04/2022, 23:59

Subject

CN=STARDOCK SYSTEMS\, INC.,O=STARDOCK SYSTEMS\, INC.,L=Plymouth,ST=Michigan,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

3d:78:d7:f9:76:49:60:b2:61:7d:f4:f0:1e:ca:86:2a
Certificate

Issuer

CN=VeriSign Class 3 Public Primary Certification Authority - G5,OU=VeriSign Trust Network+OU=(c) 2006 VeriSign\, Inc. - For authorized use only,O=VeriSign\, Inc.,C=US

Not Before

10/12/2013, 00:00

Not After

09/12/2023, 23:59

Subject

CN=Symantec Class 3 SHA256 Code Signing CA,OU=Symantec Trust Network,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageClientAuth
ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

24:96:6a:c0:5e:5d:fb:2d:95:78:98:b6:92:1a:75:e9:c8:15:a9:4b
Signer

Actual PE Digest

24:96:6a:c0:5e:5d:fb:2d:95:78:98:b6:92:1a:75:e9:c8:15:a9:4b

Digest Algorithm

sha1

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 25KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lang/de.lng
.vbs
lang/en.lng
.vbs
lang/es.lng
.vbs
lang/fr.lng
.vbs
lang/ko.lng
.vbs
lang/ru.lng
.vbs
lang/zh-cn.lng
lang/zh-tw.lng
lua5.1.dll
.dll windows:5 windows x86 arch:x86

15d95afb470c5f82193b2d9e98fc96d1

Code Sign

16:88:f0:39:25:5e:63:8e:69:14:39:07:e6:33:0b
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-1 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

83:be:82:48:d6:37:ee:d3:5d:ad:4d:bf:af:36:63:15
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/01/2016, 00:00

Not After

02/06/2019, 23:59

Subject

CN=Indigo Rose Software Design Corporation,O=Indigo Rose Software Design Corporation,POSTALCODE=R3B 0R3,STREET=123 Bannatyne Ave,L=Winnipeg,ST=MB,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

83:be:82:48:d6:37:ee:d3:5d:ad:4d:bf:af:36:63:15
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

25/01/2016, 00:00

Not After

02/06/2019, 23:59

Subject

CN=Indigo Rose Software Design Corporation,O=Indigo Rose Software Design Corporation,POSTALCODE=R3B 0R3,STREET=123 Bannatyne Ave,L=Winnipeg,ST=MB,C=CA

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09/05/2013, 00:00

Not After

08/05/2028, 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

4e:b0:87:8f:cc:24:35:36:b2:d8:c9:f7:bf:39:55:77
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

31/12/2015, 00:00

Not After

09/07/2019, 18:40

Subject

CN=COMODO SHA-256 Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

f0:e8:4e:54:90:bb:de:82:e5:e8:7d:0f:81:18:60:87:bd:32:73:ea:86:7b:38:74:71:85:57:eb:bf:54:e6:58
Signer

Actual PE Digest

f0:e8:4e:54:90:bb:de:82:e5:e8:7d:0f:81:18:60:87:bd:32:73:ea:86:7b:38:74:71:85:57:eb:bf:54:e6:58

Digest Algorithm

sha256

PE Digest Matches

true

bf:7d:e1:e7:00:96:8e:8d:48:1f:91:19:cc:66:c9:bd:bb:6c:90:47
Signer

Actual PE Digest

bf:7d:e1:e7:00:96:8e:8d:48:1f:91:19:cc:66:c9:bd:bb:6c:90:47

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleFileNameA
FormatMessageA
GetLastError
FreeLibrary
LoadLibraryA
GetProcAddress
EnterCriticalSection
LeaveCriticalSection
HeapReAlloc
HeapAlloc
HeapFree
GetModuleHandleW
Sleep
ExitProcess
RtlUnwind
CloseHandle
CreateProcessA
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
DeleteFileA
MoveFileA
GetTimeFormatA
GetDateFormatA
InterlockedIncrement
InterlockedDecrement
GetCurrentThreadId
GetCommandLineA
GetModuleHandleA
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
MultiByteToWideChar
ReadFile
TlsGetValue
TlsAlloc
TlsSetValue
TlsFree
SetLastError
SetHandleCount
GetStdHandle
GetFileType
GetStartupInfoA
DeleteCriticalSection
HeapCreate
HeapDestroy
VirtualFree
VirtualAlloc
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
WriteFile
InitializeCriticalSectionAndSpinCount
GetFileAttributesA
CreatePipe
GetExitCodeProcess
WaitForSingleObject
GetCurrentProcessId
CreateFileA
WideCharToMultiByte
GetConsoleCP
GetConsoleMode
SetFilePointer
FlushFileBuffers
RaiseException
GetTimeZoneInformation
GetUserDefaultLCID
GetLocaleInfoA
EnumSystemLocalesA
IsValidLocale
GetStringTypeA
GetStringTypeW
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
FreeEnvironmentStringsA
GetEnvironmentStrings
FreeEnvironmentStringsW
GetEnvironmentStringsW
QueryPerformanceCounter
GetTickCount
SetStdHandle
HeapSize
GetLocaleInfoW
SetEndOfFile
GetProcessHeap
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
SetEnvironmentVariableA

Exports

Exports

luaD_growstack
luaF_newproto
luaL_addlstring
luaL_addstring
luaL_addvalue
luaL_argerror
luaL_buffinit
luaL_callmeta
luaL_checkany
luaL_checkinteger
luaL_checklstring
luaL_checknumber
luaL_checkoption
luaL_checkstack
luaL_checktype
luaL_checkudata
luaL_error
luaL_findtable
luaL_getmetafield
luaL_gsub
luaL_loadbuffer
luaL_loadfile
luaL_loadstring
luaL_newmetatable
luaL_newstate
luaL_openlib
luaL_openlibs
luaL_optinteger
luaL_optlstring
luaL_optnumber
luaL_prepbuffer
luaL_pushresult
luaL_ref
luaL_register
luaL_typerror
luaL_unref
luaL_where
luaM_realloc_
luaM_toobig
luaS_newlstr
luaU_dump
lua_atpanic
lua_call
lua_checkstack
lua_close
lua_concat
lua_cpcall
lua_createtable
lua_dump
lua_equal
lua_error
lua_gc
lua_getallocf
lua_getfenv
lua_getfield
lua_gethook
lua_gethookcount
lua_gethookmask
lua_getinfo
lua_getlocal
lua_getmetatable
lua_getstack
lua_gettable
lua_gettop
lua_getupvalue
lua_insert
lua_iscfunction
lua_isnumber
lua_isstring
lua_isuserdata
lua_lessthan
lua_load
lua_newstate
lua_newthread
lua_newuserdata
lua_next
lua_objlen
lua_pcall
lua_pushboolean
lua_pushcclosure
lua_pushfstring
lua_pushinteger
lua_pushlightuserdata
lua_pushlstring
lua_pushnil
lua_pushnumber
lua_pushstring
lua_pushthread
lua_pushvalue
lua_pushvfstring
lua_rawequal
lua_rawget
lua_rawgeti
lua_rawset
lua_rawseti
lua_remove
lua_replace
lua_resume
lua_setallocf
lua_setfenv
lua_setfield
lua_sethook
lua_setlocal
lua_setmetatable
lua_settable
lua_settop
lua_setupvalue
lua_status
lua_toboolean
lua_tocfunction
lua_tointeger
lua_tolstring
lua_tonumber
lua_topointer
lua_tothread
lua_touserdata
lua_type
lua_typename
lua_xmove
lua_yield
luaopen_base
luaopen_debug
luaopen_io
luaopen_math
luaopen_os
luaopen_package
luaopen_string
luaopen_table

Sections

.text
Size: 223KB - Virtual size: 222KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 74KB - Virtual size: 73KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 6KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 10KB - Virtual size: 9KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
 CurtainsConfig.exe
.exe windows:4 windows x86 arch:x86

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

CompareFileTime
SearchPathA
GetShortPathNameA
GetFullPathNameA
MoveFileA
SetCurrentDirectoryA
GetFileAttributesA
GetLastError
CreateDirectoryA
SetFileAttributesA
Sleep
GetTickCount
CreateFileA
GetFileSize
GetModuleFileNameA
GetCurrentProcess
CopyFileA
ExitProcess
SetFileTime
GetTempPathA
GetCommandLineA
SetErrorMode
LoadLibraryA
lstrcpynA
GetDiskFreeSpaceA
GlobalUnlock
GlobalLock
CreateThread
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
lstrlenA
lstrcatA
GetSystemDirectoryA
GetVersion
CloseHandle
lstrcmpiA
lstrcmpA
ExpandEnvironmentStringsA
GlobalFree
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GetModuleHandleA
LoadLibraryExA
GetProcAddress
FreeLibrary
MultiByteToWideChar
WritePrivateProfileStringA
GetPrivateProfileStringA
WriteFile
ReadFile
MulDiv
SetFilePointer
FindClose
FindNextFileA
FindFirstFileA
DeleteFileA
GetWindowsDirectoryA

user32

EndDialog
ScreenToClient
GetWindowRect
EnableMenuItem
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
RegisterClassA
TrackPopupMenu
AppendMenuA
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
DestroyWindow
CreateDialogParamA
SetTimer
SetWindowTextA
PostQuitMessage
SetForegroundWindow
wsprintfA
SendMessageTimeoutA
FindWindowExA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
OpenClipboard
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongA
LoadImageA
GetDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndPaint
ShowWindow

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectA
SetBkMode
SetTextColor
SelectObject

shell32

SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
ShellExecuteA
SHFileOperationA
SHGetSpecialFolderLocation

advapi32

RegQueryValueExA
RegSetValueExA
RegEnumKeyA
RegEnumValueA
RegOpenKeyExA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegCreateKeyExA

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeA
GetFileVersionInfoA
VerQueryValueA

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 107KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 76KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 411KB - Virtual size: 410KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

2017f2acbdaa42ab3e4adeb8b4c37e7b

Code Sign

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

Issuer

CN=diakov.soft

Not Before

10/10/2020, 10:39

Not After

08/01/2021, 21:00

Subject

CN=diakov.soft

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

Issuer

CN=GlobalSign Root CA,OU=Root CA,O=GlobalSign nv-sa,C=BE

Not Before

13/04/2011, 10:00

Not After

28/01/2028, 12:00

Subject

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

Issuer

CN=GlobalSign Timestamping CA - G2,O=GlobalSign nv-sa,C=BE

Not Before

24/05/2016, 00:00

Not After

24/06/2027, 00:00

Subject

CN=GlobalSign TSA for MS Authenticode - G2,O=GMO GlobalSign Pte Ltd,C=SG

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7
Signer

Actual PE Digest

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GlobalAlloc
GlobalFree
GlobalSize
GetLastError
lstrcpyA
lstrcpynA
FreeLibrary
lstrcatA
GetProcAddress
LoadLibraryA
GetModuleHandleA
MultiByteToWideChar
lstrlenA
WideCharToMultiByte
VirtualAlloc
VirtualProtect

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store

Sections

.text
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 784B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 100B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 520B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/modern-header.bmp

Sharing

General

Malware Config

Signatures

Files

099c0646ea7282d232219f8807883be0

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 23KB - Virtual size: 22KB

.rdata Size: 4KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 107KB

.ndata Size: - Virtual size: 76KB

.rsrc Size: 411KB - Virtual size: 410KB

3863c2a1ff3d5db5d3cecc7c23714e97

Code Sign

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aaCertificate

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

05:3a:61:03:d8:aa:8d:41:12:7c:e3:d0:f6:25:21:f4:96:ae:f7:e5Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 7KB

.rdata Size: 2KB - Virtual size: 1KB

.data Size: 512B - Virtual size: 288B

.rsrc Size: 1024B - Virtual size: 832B

.reloc Size: 1KB - Virtual size: 1KB

135de77644e2add2fd9dd8176740e7e0

Headers

File Characteristics

Imports

kernel32

user32

gdi32

shell32

Exports

Exports

Sections

.text Size: 1024B - Virtual size: 992B

.rdata Size: 1024B - Virtual size: 839B

.data Size: 512B - Virtual size: 336B

.reloc Size: 512B - Virtual size: 220B

9b6b6a7858e17fb0b17e1c1428330343

Code Sign

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aaCertificate

04:00:00:00:00:01:2f:4e:e1:52:d7Certificate

Key Usages

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14Certificate

Extended Key Usages

Key Usages

0c:ef:07:d4:8b:79:f8:26:5d:fc:1f:a4:84:09:f7:98:4e:20:66:18Signer

Headers

File Characteristics

Imports

kernel32

user32

gdi32

Exports

Exports

.text
Size: 23KB - Virtual size: 22KB

.rdata
Size: 4KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 107KB

.ndata
Size: - Virtual size: 76KB

.rsrc
Size: 411KB - Virtual size: 410KB

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

05:3a:61:03:d8:aa:8d:41:12:7c:e3:d0:f6:25:21:f4:96:ae:f7:e5
Signer

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 288B

.rsrc
Size: 1024B - Virtual size: 832B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 1024B - Virtual size: 992B

.rdata
Size: 1024B - Virtual size: 839B

.data
Size: 512B - Virtual size: 336B

.reloc
Size: 512B - Virtual size: 220B

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

0c:ef:07:d4:8b:79:f8:26:5d:fc:1f:a4:84:09:f7:98:4e:20:66:18
Signer

.text
Size: 2KB - Virtual size: 1KB

.rdata
Size: 1024B - Virtual size: 697B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 512B - Virtual size: 352B

.reloc
Size: 512B - Virtual size: 320B

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate

ef:57:50:85:4a:2b:8d:e7:3a:4d:39:1e:27:77:6a:19:aa:e6:d3:c7
Signer

.text
Size: 7KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 784B

.data
Size: 512B - Virtual size: 100B

.reloc
Size: 1024B - Virtual size: 520B

UPX0
Size: - Virtual size: 24KB

UPX1
Size: 3KB - Virtual size: 4KB

.rsrc
Size: 2KB - Virtual size: 4KB

.text
Size: 3KB - Virtual size: 3KB

.rdata
Size: 1024B - Virtual size: 912B

.data
Size: 512B - Virtual size: 3KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 144B

.text
Size: 4KB - Virtual size: 4KB

.rdata
Size: 2KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 4KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1024B - Virtual size: 572B

33:30:0c:1c:03:b2:50:bf:53:e2:3d:da:31:bd:aa
Certificate

04:00:00:00:00:01:2f:4e:e1:52:d7
Certificate

11:21:d6:99:a7:64:97:3e:f1:f8:42:7e:e9:19:cc:53:41:14
Certificate