arc3107_249[.]7z

Sharing

Copy URL Twitter E-mail

General

Target

arc3107_249.7z
Size

10.7MB
MD5

08b4318be990989e0b5a49ad84463fc7
SHA1

e7c96e4e5aa8d72871edda64a5aa952caaafa141
SHA256

2a7c8879e2acce2cc8a53ae65b00040053b4cbaab587680c6c825c397ad055fa
SHA512

976857f99937288a549d50fa9d87371f2361a27091ce21480595bba7a4980d96e6faff543ad39b71fe5db9f981c7c8db440466e1ed74e4ca03820a57cd000ffb
SSDEEP

196608:h6TsRNnER7VeEnxUD3EhZ/fxHnCw78q3dAXjQtXrN0OuFTfX40Zn2DRe:ysHyvnxA3EhZXxHnpcaBdKT/00

Score

3^/10

Malware Config

Signatures

Unsigned PE 8 IoCs

Checks for missing Authenticode signature.

resource
unpack002/updates/Cache_Data/certmgr.dll
unpack002/updates/dll/SettingsHandlers_OneDriveBackup.dll
unpack002/updates/dll/System.AddIn.dll
unpack002/updates/dll/System.Speech.dll
unpack002/updates/dll/System.Transactions.dll
unpack002/updates/dll/System.Web.DynamicData.Design.dll
unpack002/updates/dll/WindowsBase.resources.dll
unpack002/updates/res_mods/GdiPlus.dll

Files

arc3107_249.7z
.7z

Password: 1234
archive.7z
.7z

Password: 1234
setup.exe
.exe windows:5 windows x86 arch:x86

Password: 1234

be41bf7b8cc010b614bd36bbca606973

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

29/04/2021, 00:00

Not After

28/04/2036, 23:59

Subject

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

07:a6:1e:cf:a7:4c:c7:b2:ce:b4:20:35:c7:72:be:1d
Certificate

Issuer

CN=DigiCert Trusted G4 Code Signing RSA4096 SHA384 2021 CA1,O=DigiCert\, Inc.,C=US

Not Before

22/05/2024, 00:00

Not After

21/05/2027, 23:59

Subject

CN=Gen Digital Inc.,O=Gen Digital Inc.,L=Tempe,ST=Arizona,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

Issuer

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Not Before

14/07/2023, 00:00

Not After

13/10/2034, 23:59

Subject

CN=DigiCert Timestamp 2023,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

Issuer

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

23/03/2022, 00:00

Not After

22/03/2037, 23:59

Subject

CN=DigiCert Trusted G4 RSA4096 SHA256 TimeStamping CA,O=DigiCert\, Inc.,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

Issuer

CN=DigiCert Assured ID Root CA,OU=www.digicert.com,O=DigiCert Inc,C=US

Not Before

01/08/2022, 00:00

Not After

09/11/2031, 23:59

Subject

CN=DigiCert Trusted Root G4,OU=www.digicert.com,O=DigiCert Inc,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cd:47:8d:2b:83:9b:58:d4:f6:84:e6:74:df:e4:1b:39:24:91:bc:59:dc:f8:9d:e9:91:9a:46:60:d9:b4:06:f2
Signer

Actual PE Digest

cd:47:8d:2b:83:9b:58:d4:f6:84:e6:74:df:e4:1b:39:24:91:bc:59:dc:f8:9d:e9:91:9a:46:60:d9:b4:06:f2

Digest Algorithm

sha256

PE Digest Matches

false

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetFileTime
CompareFileTime
SearchPathW
GetShortPathNameW
GetFullPathNameW
MoveFileW
SetCurrentDirectoryW
GetFileAttributesW
GetLastError
CreateDirectoryW
SetFileAttributesW
Sleep
GetTickCount
GetFileSize
GetModuleFileNameW
GetCurrentProcess
CopyFileW
ExitProcess
GetWindowsDirectoryW
GetTempPathW
GetCommandLineW
SetErrorMode
lstrcpynA
CloseHandle
lstrcpynW
GetDiskFreeSpaceW
GlobalUnlock
GlobalLock
CreateThread
LoadLibraryW
CreateProcessW
lstrcmpiA
CreateFileW
GetTempFileNameW
lstrcatW
GetProcAddress
LoadLibraryA
GetModuleHandleA
OpenProcess
lstrcpyW
GetVersionExW
GetSystemDirectoryW
GetVersion
lstrcpyA
RemoveDirectoryW
lstrcmpA
lstrcmpiW
lstrcmpW
ExpandEnvironmentStringsW
GlobalAlloc
WaitForSingleObject
GetExitCodeProcess
GlobalFree
GetModuleHandleW
LoadLibraryExW
FreeLibrary
WritePrivateProfileStringW
GetPrivateProfileStringW
WideCharToMultiByte
lstrlenA
MulDiv
WriteFile
ReadFile
MultiByteToWideChar
SetFilePointer
FindClose
FindNextFileW
FindFirstFileW
DeleteFileW
lstrlenW

user32

GetAsyncKeyState
IsDlgButtonChecked
ScreenToClient
GetMessagePos
CallWindowProcW
IsWindowVisible
LoadBitmapW
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
TrackPopupMenu
GetWindowRect
AppendMenuW
CreatePopupMenu
GetSystemMetrics
EndDialog
EnableMenuItem
GetSystemMenu
SetClassLongW
IsWindowEnabled
SetWindowPos
DialogBoxParamW
CheckDlgButton
CreateWindowExW
SystemParametersInfoW
RegisterClassW
SetDlgItemTextW
GetDlgItemTextW
MessageBoxIndirectW
CharNextA
CharUpperW
CharPrevW
wvsprintfW
DispatchMessageW
PeekMessageW
wsprintfA
DestroyWindow
CreateDialogParamW
SetTimer
SetWindowTextW
PostQuitMessage
SetForegroundWindow
ShowWindow
wsprintfW
SendMessageTimeoutW
LoadCursorW
SetCursor
GetWindowLongW
GetSysColor
CharNextW
GetClassInfoW
ExitWindowsEx
IsWindow
GetDlgItem
SetWindowLongW
LoadImageW
GetDC
EnableWindow
InvalidateRect
SendMessageW
DefWindowProcW
BeginPaint
GetClientRect
FillRect
DrawTextW
EndPaint
FindWindowExW

gdi32

SetBkColor
GetDeviceCaps
DeleteObject
CreateBrushIndirect
CreateFontIndirectW
SetBkMode
SetTextColor
SelectObject

shell32

SHBrowseForFolderW
SHGetPathFromIDListW
SHGetFileInfoW
ShellExecuteW
SHFileOperationW
SHGetSpecialFolderLocation

advapi32

RegEnumKeyW
RegOpenKeyExW
RegCloseKey
RegDeleteKeyW
RegDeleteValueW
RegCreateKeyExW
RegSetValueExW
RegQueryValueExW
RegEnumValueW

comctl32

ImageList_AddMasked
ImageList_Destroy
ord17
ImageList_Create

ole32

CoTaskMemFree
OleInitialize
OleUninitialize
CoCreateInstance

version

GetFileVersionInfoSizeW
GetFileVersionInfoW
VerQueryValueW

Sections

.text
Size: 27KB - Virtual size: 27KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 415KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 516KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 126KB - Virtual size: 126KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$TEMP/Abandoned
$TEMP/Albany
$TEMP/Alerts
$TEMP/Baking
$TEMP/Ban
$TEMP/Children
$TEMP/Chorus
$TEMP/Cod
$TEMP/Dock
$TEMP/Egypt
$TEMP/Karaoke
$TEMP/Mozilla
$TEMP/Resources
$TEMP/Scuba
$TEMP/Terrace
SoldiersRr/Able
SoldiersRr/Blues
SoldiersRr/Bon
SoldiersRr/Burlington
SoldiersRr/Campbell
SoldiersRr/Camps
SoldiersRr/Chance
SoldiersRr/Combo
SoldiersRr/Delivers
SoldiersRr/Elections
SoldiersRr/Eliminate
SoldiersRr/Enables
SoldiersRr/Jason
SoldiersRr/Kennedy
SoldiersRr/Login
SoldiersRr/Math
SoldiersRr/Nevertheless
SoldiersRr/Ons
SoldiersRr/Ordinance
SoldiersRr/Pins
SoldiersRr/Powerseller
SoldiersRr/Present
SoldiersRr/Quantum
SoldiersRr/Responsibility
SoldiersRr/Runner
SoldiersRr/Sb
SoldiersRr/Scott
SoldiersRr/Seasons
SoldiersRr/Separated
SoldiersRr/Speed
SoldiersRr/Suck
SoldiersRr/Trace
updates/Cache_Data/AudioEng.dll
.dll regsvr32 windows:10 windows x86 arch:x86

Password: 1234

40e63787dbd8b01e488b84c1b879e331

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/11/2023, 19:20

Not After

14/11/2024, 19:20

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

f1:01:e3:e1:c5:ee:48:ab:ed:e3:6c:68:fb:4c:1e:a9:e4:95:a9:75:79:c0:94:fe:bd:90:3a:6f:29:ba:77:15
Signer

Actual PE Digest

f1:01:e3:e1:c5:ee:48:ab:ed:e3:6c:68:fb:4c:1e:a9:e4:95:a9:75:79:c0:94:fe:bd:90:3a:6f:29:ba:77:15

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

AUDIOENG.pdb

Imports

oleaut32

VarUI4FromStr

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
GetLastError
RaiseException
SetUnhandledExceptionFilter

api-ms-win-core-heap-l1-1-0

GetProcessHeap
HeapReAlloc
HeapSize
HeapAlloc
HeapDestroy
HeapFree

api-ms-win-core-com-l1-1-0

StringFromGUID2
StringFromCLSID
CoCreateFreeThreadedMarshaler
CoDisconnectObject
CoTaskMemAlloc
CoTaskMemFree
CoCreateInstance
CoTaskMemRealloc
CoCreateGuid
PropVariantClear
IIDFromString
StringFromIID

api-ms-win-core-string-l1-1-0

CompareStringOrdinal
MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-localization-l1-2-0

GetThreadLocale
SetThreadLocale
FormatMessageW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoTransformError
RoOriginateError

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
ReleaseMutex
InitializeCriticalSectionEx
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
InitializeCriticalSection
CreateSemaphoreExW
CreateWaitableTimerExW
CancelWaitableTimer
ReleaseSRWLockExclusive
CreateEventExW
SetWaitableTimer
WaitForSingleObjectEx
AcquireSRWLockShared
ReleaseSRWLockShared
InitializeSRWLock
AcquireSRWLockExclusive
ResetEvent
WaitForSingleObject
OpenSemaphoreW
CreateEventA
CreateEventW
WaitForMultipleObjectsEx
EnterCriticalSection
SetEvent
CreateMutexExW

api-ms-win-core-util-l1-1-0

DecodePointer

api-ms-win-core-processthreads-l1-1-0

TlsSetValue
GetCurrentProcess
GetCurrentProcessId
GetCurrentThread
SetThreadPriority
GetCurrentThreadId
TerminateProcess
TlsGetValue
CreateThread

api-ms-win-core-libraryloader-l1-2-0

SizeofResource
LoadResource
GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleExW
LockResource
GetProcAddress
GetModuleHandleW
FreeLibrary
DisableThreadLibraryCalls
LoadLibraryExW
FindResourceExW

api-ms-win-core-debug-l1-1-0

OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-eventing-provider-l1-1-0

EventSetInformation
EventWriteTransfer
EventActivityIdControl
EventProviderEnabled
EventRegister
EventUnregister

api-ms-win-core-string-l2-1-0

CharNextW

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCreateKeyExA
RegQueryValueExA
RegQueryValueExW
RegGetValueW
RegCreateKeyExW
RegQueryInfoKeyW
RegDeleteKeyExW
RegNotifyChangeKeyValue
RegOpenKeyExW
RegDeleteValueW
RegCloseKey
RegSetValueExW

ntdll

RtlAllocateMemoryBlockLookaside
EtwLogTraceEvent
RtlPublishWnfStateData
RtlSubscribeWnfStateChangeNotification
RtlUnsubscribeWnfStateChangeNotification
NtQueryInformationProcess
RtlUnlockMemoryBlockLookaside
RtlCreateMemoryBlockLookaside
RtlLockModuleSection
RtlUnlockModuleSection
RtlLockMemoryBlockLookaside
RtlUnlockCurrentThread
RtlFreeMemoryBlockLookaside
RtlLockCurrentThread
RtlReportException
RtlNtStatusToDosError
RtlDestroyMemoryBlockLookaside
RtlExtendMemoryBlockLookaside
EtwRegisterTraceGuidsW
EtwGetTraceEnableLevel
NtSetTimerResolution
EtwGetTraceLoggerHandle
EtwGetTraceEnableFlags
EtwUnregisterTraceGuids
NtClose

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-eventing-classicprovider-l1-1-0

RegisterTraceGuidsW
GetTraceEnableFlags
GetTraceEnableLevel
GetTraceLoggerHandle
TraceMessage
TraceEvent
UnregisterTraceGuids

rpcrt4

RpcStringBindingComposeW
NdrClientCall4
RpcStringFreeW
RpcBindingFromStringBindingW
I_RpcExceptionFilter
RpcBindingFree

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
InitOnceBeginInitialize
InitOnceComplete
WakeByAddressAll
WaitOnAddress
InitOnceInitialize
Sleep

propsys

PropVariantToString
PropVariantToBuffer
PropVariantGetElementCount

api-ms-win-crt-math-l1-1-0

_isnan
_finite

api-ms-win-crt-string-l1-1-0

memmove_s
strnlen
memset
strncmp

api-ms-win-crt-runtime-l1-1-0

_initterm
_initterm_e

api-ms-win-crt-private-l1-1-0

_o__errno
_o__execute_onexit_table
_o__get_errno
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__recalloc
_o__register_onexit_function
_o__resetstkoflw
_o__seh_filter_dll
_o__wcsicmp
_o__wfopen_s
_o__wmkdir
_o__wstat32
_o__wtof
_o_atoi
_o_calloc
_o_ceil
_o_fclose
_o_fgets
_o_floor
_o_fopen
_o_fread
_o_free
_o_fseek
_o_fwrite
_o_malloc
_o_memcpy_s
_o_qsort
_o_realloc
_o_strcat_s
_o_strcpy_s
_o_strncpy_s
_o_strtod
_o_terminate
_o_toupper
_o_wcscat_s
_o_wcscpy_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstombs_s
strchr
strstr
_except_handler4_common
_o__configure_narrow_argv
_o__CItan
_o__CIsqrt
_o__CIsin
_o__CIpow
_o__CIlog10
_o__CIlog
_o__CIfmod
_o__CIexp
_CxxThrowException
_o__aligned_malloc
memcmp
_o__CIcos
_o__CIatan2
memcpy
_o__aligned_free
_o__CIasin
_o__CIacos
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf_s
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___acrt_iob_func
__std_terminate
_o___stdio_common_vsprintf
__CxxFrameHandler3
_o__crt_atexit
_o___stdio_common_vsnprintf_s
_o___stdio_common_vfwprintf
_o___stdio_common_vfprintf_s
_o__cexit
_o___stdio_common_vfprintf
_o___std_type_info_destroy_list
_o___std_exception_destroy
_o___std_exception_copy
memmove

api-ms-win-core-threadpool-l1-2-0

CreateThreadpoolWork
CloseThreadpoolWait
WaitForThreadpoolWaitCallbacks
SetThreadpoolTimer
SubmitThreadpoolWork
CloseThreadpoolWork
CreateThreadpoolWait
SetThreadpoolWait
CloseThreadpoolTimer
CreateThreadpoolCleanupGroup
SetThreadpoolThreadMaximum
CloseThreadpoolCleanupGroupMembers
CloseThreadpoolCleanupGroup
SetThreadpoolThreadMinimum
CreateThreadpool
CloseThreadpool
CreateThreadpoolTimer

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-winrt-string-l1-1-0

WindowsDuplicateString
WindowsDeleteString
WindowsCreateString
WindowsCreateStringReference
WindowsGetStringRawBuffer
WindowsCompareStringOrdinal
WindowsConcatString

api-ms-win-core-winrt-l1-1-0

RoActivateInstance
RoGetActivationFactory

api-ms-win-core-shlwapi-legacy-l1-1-0

PathFileExistsW
PathFindFileNameW

api-ms-win-core-processenvironment-l1-1-0

GetEnvironmentVariableW

api-ms-win-core-path-l1-1-0

PathCchRenameExtension

api-ms-win-core-threadpool-legacy-l1-1-0

CreateTimerQueueTimer
DeleteTimerQueueEx
CreateTimerQueue

api-ms-win-core-file-l1-1-0

ReadFile
WriteFile
GetFileSize
CreateFileA

api-ms-win-core-libraryloader-l1-2-1

LoadLibraryA

api-ms-win-core-synch-l1-2-1

WaitForMultipleObjects

api-ms-win-core-memory-l1-1-1

SetProcessWorkingSetSizeEx
GetProcessWorkingSetSizeEx

api-ms-win-core-heap-l2-1-0

LocalAlloc

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

avrt

AvRevertMmThreadCharacteristics
AvTaskIndexYield
AvTaskIndexYieldCancel
AvThreadOpenTaskIndex
AvQuerySystemResponsiveness
AvSetMmThreadCharacteristicsA
AvSetMmThreadPriority
AvSetMultimediaMode

api-ms-win-core-apiquery-l1-1-0

ApiSetQueryApiSetPresence

Exports

Exports

AERT_Allocate
AERT_Free
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 1.7MB - Virtual size: 1.7MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_CODE
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

RT_BSS
Size: - Virtual size: 40B

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.data
Size: 16KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 120B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_DATA
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

RT_CONST
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 50KB - Virtual size: 50KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/Cache_Data/CbsCore.dll
.dll windows:10 windows x86 arch:x86

Password: 1234

f6f01a36a4d540ac399445a36f5e9173

Code Sign

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

15/12/2020, 21:29

Not After

02/12/2021, 21:29

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

77:0a:c0:ca:0a:e2:c6:60:fe:a7:a0:4e:c6:66:a6:87:2a:4f:c7:08:16:f8:35:d1:f4:e3:f4:75:6d:43:3e:3c
Signer

Actual PE Digest

77:0a:c0:ca:0a:e2:c6:60:fe:a7:a0:4e:c6:66:a6:87:2a:4f:c7:08:16:f8:35:d1:f4:e3:f4:75:6d:43:3e:3c

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

cbscore.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__itow_s
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o__set_errno
_o__stricmp
_o__strnicmp
_o__ui64tow_s
_o__wcsnicmp
_o__wtoi
_o__wtol
memmove
_o_free
_o_isdigit
_o_isspace
_o_malloc
_o_memcpy_s
_o_strncpy_s
_o_strtol
_o_toupper
_o_towlower
_o_wcscat_s
_o_wcsncpy_s
_o_wcstok_s
_o_wcstoul
_o_wmemcpy_s
wcsstr
wcsrchr
wcschr
_except_handler4_common
_o__crt_atexit
_o__configure_narrow_argv
_o__initialize_onexit_table
_o__initialize_narrow_environment
_o__cexit
_o__callnewh
_o__aligned_malloc
_o__aligned_free
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsscanf
_o___stdio_common_vsprintf_s
_o___stdio_common_vsprintf
_o___stdio_common_vsnwprintf_s
_o___stdio_common_vsnprintf_s
_o___std_type_info_destroy_list
_o__execute_onexit_table
_o__invalid_parameter_noinfo
_o__errno
_o__wcsicmp
__CxxFrameHandler3
strrchr
strchr
strstr
memcmp
memcpy

api-ms-win-crt-string-l1-1-0

wcsncmp
strncmp
wcsnlen
memset

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
ReleaseSemaphore
InitializeCriticalSectionEx
ReleaseMutex
ReleaseSRWLockExclusive
AcquireSRWLockExclusive
OpenSemaphoreW
ReleaseSRWLockShared
CreateMutexExW
AcquireSRWLockShared
CreateMutexW
InitializeCriticalSectionAndSpinCount
LeaveCriticalSection
InitializeCriticalSection
DeleteCriticalSection
WaitForMultipleObjectsEx
EnterCriticalSection
WaitForSingleObject
ResetEvent
OpenEventW
WaitForSingleObjectEx
SetEvent
TryEnterCriticalSection
CreateEventW

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
CompareStringOrdinal
MultiByteToWideChar

api-ms-win-core-libraryloader-l1-1-0

GetModuleHandleExW
LoadStringW
GetModuleFileNameW
GetProcAddress
LoadLibraryExW
GetModuleHandleW
FreeLibrary
LoadLibraryExA
GetModuleFileNameA

api-ms-win-core-registry-l1-1-0

RegEnumKeyExW
RegCreateKeyExW
RegOpenKeyExW
RegSetKeySecurity
RegLoadKeyW
RegUnLoadKeyW
RegEnumValueW
RegQueryValueExW
RegRestoreKeyW
RegSetValueExW
RegDeleteValueW
RegGetKeySecurity
RegQueryInfoKeyW
RegSaveKeyExW
RegCloseKey
RegFlushKey

api-ms-win-core-localization-obsolete-l1-2-0

EnumUILanguagesW
CompareStringA

api-ms-win-core-processenvironment-l1-1-0

ExpandEnvironmentStringsW
GetEnvironmentVariableW

api-ms-win-core-file-l1-1-0

WriteFile
SetFileAttributesW
DeleteFileW
GetFileInformationByHandle
SetEndOfFile
CreateDirectoryW
FindClose
GetVolumePathNameW
CreateFileW
ReadFile
GetFileTime
FindNextFileW
FindFirstFileW
CompareFileTime
GetFileSizeEx
GetFullPathNameW
GetFileAttributesW
GetFileSize
GetFinalPathNameByHandleW
SetFileTime
FlushFileBuffers
GetFileAttributesExW
GetDiskFreeSpaceExW
SetFileInformationByHandle
SetFilePointer

api-ms-win-core-synch-l1-2-0

InitOnceExecuteOnce
Sleep

api-ms-win-core-sysinfo-l1-1-0

GetTickCount64
GetWindowsDirectoryW
GetSystemTime
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetVersionExW
GetTickCount
GetSystemInfo

api-ms-win-core-errorhandling-l1-1-0

SetUnhandledExceptionFilter
RaiseException
SetLastError
GetLastError
UnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle
DuplicateHandle

api-ms-win-core-processthreads-l1-1-0

GetCurrentThreadId
GetThreadPriority
TlsGetValue
TlsFree
GetCurrentThread
CreateThread
TlsSetValue
TerminateProcess
SetThreadToken
SetThreadPriority
OpenThreadToken
GetCurrentProcessId
TlsAlloc
GetExitCodeThread
CreateProcessW
GetExitCodeProcess
OpenProcessToken
GetCurrentProcess
InitializeProcThreadAttributeList
DeleteProcThreadAttributeList
UpdateProcThreadAttribute
ResumeThread

api-ms-win-core-registry-l2-1-0

RegDeleteKeyTransactedW
RegOpenKeyTransactedW
RegDeleteKeyW
RegCreateKeyTransactedW

api-ms-win-security-base-l1-1-0

GetKernelObjectSecurity
ImpersonateSelf
GetAclInformation
SetSecurityDescriptorDacl
GetAce
CreateRestrictedToken
DuplicateToken
InitializeSecurityDescriptor
GetTokenInformation
GetLengthSid
IsValidSid
AllocateAndInitializeSid
CopySid
SetFileSecurityW
AdjustTokenPrivileges
DuplicateTokenEx
IsValidAcl
IsValidSecurityDescriptor
DestroyPrivateObjectSecurity
GetSecurityDescriptorLength
MakeSelfRelativeSD
GetSecurityDescriptorControl
CreatePrivateObjectSecurityWithMultipleInheritance
AddAccessAllowedAceEx
InitializeAcl
CheckTokenMembership
AddAce
FreeSid
RevertToSelf

api-ms-win-core-processthreads-l1-1-1

OpenProcess
IsProcessorFeaturePresent

api-ms-win-security-sddl-l1-1-0

ConvertStringSidToSidW
ConvertStringSecurityDescriptorToSecurityDescriptorW
ConvertSecurityDescriptorToStringSecurityDescriptorW
ConvertSidToStringSidW

api-ms-win-core-heap-obsolete-l1-1-0

LocalFree
LocalAlloc
GlobalFree
GlobalAlloc
GlobalUnlock
GlobalLock

api-ms-win-core-debug-l1-1-0

OutputDebugStringA
OutputDebugStringW
DebugBreak
IsDebuggerPresent

api-ms-win-core-com-l1-1-0

CoImpersonateClient
CoTaskMemFree
StringFromCLSID
CoRevertToSelf
CoUnmarshalInterface
CoTaskMemAlloc
CLSIDFromString
CoGetMalloc
CreateStreamOnHGlobal
CoInitializeEx
CoUninitialize
CoGetCallContext
CoCreateInstance
StringFromGUID2
CoCreateGuid

api-ms-win-core-kernel32-legacy-l1-1-0

RaiseFailFastException
MoveFileW
CopyFileW
LoadLibraryW

api-ms-win-core-file-l2-1-0

CreateHardLinkW
CopyFileExW
GetFileInformationByHandleEx
MoveFileExW

api-ms-win-eventing-provider-l1-1-0

EventWrite
EventRegister
EventUnregister
EventWriteTransfer
EventProviderEnabled

api-ms-win-core-version-l1-1-0

VerQueryValueW
GetFileVersionInfoExW
GetFileVersionInfoSizeExW

api-ms-win-core-io-l1-1-0

DeviceIoControl

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter
QueryPerformanceFrequency

api-ms-win-core-kernel32-private-l1-1-1

PrivCopyFileExW

api-ms-win-security-provider-l1-1-0

GetNamedSecurityInfoW
SetNamedSecurityInfoW

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpW
lstrcmpA

api-ms-win-eventing-legacy-l1-1-0

FlushTraceW

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

api-ms-win-core-heap-l1-1-0

HeapFree
HeapDestroy
GetProcessHeap
HeapAlloc
HeapCreate

api-ms-win-core-timezone-l1-1-0

SystemTimeToFileTime
SystemTimeToTzSpecificLocalTime

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
CloseThreadpoolTimer
SetThreadpoolTimer
CreateThreadpoolTimer

api-ms-win-core-localization-l1-2-0

FormatMessageW
GetThreadPreferredUILanguages
GetLocaleInfoEx

api-ms-win-core-memory-l1-1-0

WriteProcessMemory
VirtualQueryEx
UnmapViewOfFile
ReadProcessMemory
CreateFileMappingW
MapViewOfFile

api-ms-win-security-cryptoapi-l1-1-0

CryptHashData
CryptDestroyHash
CryptReleaseContext
CryptCreateHash
CryptAcquireContextW
CryptAcquireContextA
CryptGetHashParam

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureStackBackTrace

api-ms-win-core-privateprofile-l1-1-0

GetPrivateProfileStringW

api-ms-win-security-lsalookup-l2-1-0

LookupAccountSidW

api-ms-win-core-file-l1-2-1

GetCompressedFileSizeW

ntdll

NtDeleteValueKey
RtlAddAce
NtQueryAttributesFile
NtFlushBuffersFile
NtDuplicateObject
NtFsControlFile
NtYieldExecution
NtOpenThreadToken
RtlCreateAcl
NtCreateKey
NtOpenKeyTransactedEx
NtQueryVolumeInformationFile
RtlCreateSecurityDescriptor
RtlDestroyEnvironment
NtQueryDirectoryFile
NtQuerySecurityObject
NtSetValueKey
RtlGetDaclSecurityDescriptor
RtlDeleteSecurityObject
RtlCopyUnicodeString
RtlDuplicateUnicodeString
RtlAppendUnicodeStringToString
RtlEqualUnicodeString
RtlLengthSecurityDescriptor
RtlGetControlSecurityDescriptor
RtlMakeSelfRelativeSD
RtlSetEnvironmentVariable
RtlCreateEnvironment
RtlDeleteCriticalSection
RtlQueryInformationAcl
RtlDestroyHeap
RtlLeaveCriticalSection
NtQuerySystemTime
RtlSetControlSecurityDescriptor
RtlAnsiCharToUnicodeChar
RtlUnicodeToMultiByteN
RtlIsTextUnicode
RtlUnicodeToMultiByteSize
RtlConvertSidToUnicodeString
RtlValidAcl
NtAdjustPrivilegesToken
RtlSetSaclSecurityDescriptor
RtlValidSid
NtDuplicateToken
RtlGetSaclSecurityDescriptor
RtlGetOwnerSecurityDescriptor
RtlAllocateAndInitializeSid
RtlGetGroupSecurityDescriptor
RtlCopySid
RtlSetGroupSecurityDescriptor
RtlFindAceByType
NtQueryInformationToken
NtDelayExecution
RtlGetCurrentTransaction
RtlExpandEnvironmentStrings_U
NtQueryLicenseValue
RtlNtStatusToDosErrorNoTeb
RtlTimeToTimeFields
LdrGetDllHandle
DbgPrint
RtlCreateUnicodeStringFromAsciiz
RtlRunOnceComplete
RtlRunOnceBeginInitialize
RtlFindNextForwardRunClear
RtlNumberOfSetBits
RtlInitializeSRWLock
RtlReleaseSRWLockExclusive
RtlAcquireSRWLockExclusive
RtlpApplyLengthFunction
NtQueryPerformanceCounter
RtlGetAce
NtOpenKeyEx
RtlSetDaclSecurityDescriptor
NtEnumerateValueKey
NtWriteFile
RtlGetLengthWithoutLastFullDosOrNtPathElement
NtEnumerateKey
RtlSetCurrentTransaction
RtlSetOwnerSecurityDescriptor
NtOpenProcessToken
NtDeleteKey
NtQueryKey
RtlReAllocateHeap
RtlUpcaseUnicodeChar
RtlDowncaseUnicodeChar
DbgPrintEx
RtlMultiByteToUnicodeN
RtlMultiByteToUnicodeSize
NtWaitForSingleObject
NtQueryEaFile
RtlReleaseRelativeName
NtSetEaFile
RtlDosPathNameToRelativeNtPathName_U_WithStatus
NtLoadKey2
NtOpenFile
RtlQueryEnvironmentVariable_U
NtSetSecurityObject
NtDeleteFile
RtlNewSecurityObjectEx
NtCreateKeyTransacted
RtlAddAccessAllowedAceEx
RtlCreateEnvironmentEx
NtSetInformationFile
NtReadFile
NtClose
NtQueryInformationProcess
NtQueryOpenSubKeysEx
RtlInitUnicodeString
NtQueryObject
NtSetInformationThread
NtQueryInformationThread
NtCreateTransaction
NtRollbackTransaction
RtlInitUnicodeStringEx
NtCommitTransaction
RtlDosPathNameToNtPathName_U
NtQueryInformationFile
RtlFreeHeap
NtCreateFile
RtlAllocateHeap
RtlLengthSid
NtOpenKey
NtQueryValueKey
LdrGetProcedureAddress
LdrUnloadDll
LdrLoadDll
RtlNtStatusToDosError
RtlDestroyProcessParameters
RtlCreateHeap
RtlCreateProcessParameters
RtlCreateUserProcess
NtResumeThread
RtlFreeSid
NtUnloadKey2
RtlEnterCriticalSection
RtlTimeToSecondsSince1980
RtlInitializeCriticalSection
RtlRaiseStatus

userenv

GetProfilesDirectoryW

rpcrt4

UuidCreate

api-ms-win-core-sysinfo-l1-2-0

VerSetConditionMask

api-ms-win-core-kernel32-legacy-l1-1-1

VerifyVersionInfoW

api-ms-win-core-wow64-l1-1-0

IsWow64Process

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

oleaut32

VariantInit
VariantClear
SysFreeString
SysAllocString

crypt32

CryptMsgUpdate
CertGetSubjectCertificateFromStore
CertVerifyCertificateChainPolicy
CertOpenStore
CertFreeCertificateChain
CryptHashCertificate2
CertCreateCTLContext
CryptDecodeObject
CertFreeCTLContext
CertCreateContext
CryptStringToBinaryW
CertAddStoreToCollection
CertAddEncodedCertificateToStore
CryptMsgClose
CertGetEnhancedKeyUsage
CertCloseStore
CertGetCertificateChain
CertFreeCertificateContext
CryptMsgGetAndVerifySigner
CertFindSubjectInCTL
CryptMsgOpenToDecode
CryptMsgGetParam

bcrypt

BCryptDestroyHash
BCryptHashData
BCryptOpenAlgorithmProvider
BCryptCloseAlgorithmProvider
BCryptGetProperty
BCryptCreateHash
BCryptFinishHash

wintrust

WinVerifyTrust
WTHelperProvDataFromStateData
WTHelperGetProvSignerFromChain
WTHelperGetProvCertFromChain

Exports

Exports

CbsCoreEnsureNoStartupProcessing
CbsCoreFinalize
CbsCoreFinalizeShutdownProcessing
CbsCoreGetActiveOfflineSession
CbsCoreInitialize
CbsCoreInitializeDelayedPortion
CbsCoreIsExecutionEngineIdle
CbsCoreLoadComponentStore
CbsCorePrepareShutdownProcessing
CbsCoreServiceIdleProcessing
CbsCoreSetCustomLogging
CbsCoreSetState
CbsCoreShutdownProcessing
CbsCoreStartupProcessing
CbsCoreStopIdleProcessing
CbsCreateSessionNotify
CbsCreateSessionNotifyFinalize
CbsCreateSessionNotifyInitialize
CbsSetCbsCorePathInOfflineImage
SetRebootInProgressFlag
SetTestMode

Sections

.text
Size: 2.0MB - Virtual size: 2.0MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

PAGE
Size: 7KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 17KB - Virtual size: 17KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 95KB - Virtual size: 94KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/Cache_Data/certmgr.dll
.dll regsvr32 windows:10 windows x86 arch:x86

Password: 1234

ca188497e79abc1def20615c73631f36

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

certmgr.pdb

Imports

mfc42u

ord3718
ord797
ord2362
ord2291
ord2371
ord3133
ord4294
ord4162
ord6193
ord6375
ord2110
ord3871
ord1197
ord3867
ord2857
ord4215
ord2576
ord3649
ord2430
ord1143
ord1637
ord2858
ord6266
ord3905
ord3288
ord4238
ord2293
ord6211
ord3296
ord1635
ord3084
ord2776
ord941
ord4118
ord5949
ord5852
ord496
ord4616
ord4254
ord4709
ord3695
ord4425
ord2046
ord4433
ord5284
ord1683
ord3870
ord3798
ord4253
ord489
ord768
ord2281
ord2729
ord1258
ord1899
ord491
ord3614
ord2406
ord3621
ord2854
ord1634
ord826
ord269
ord600
ord1240
ord1571
ord1250
ord1568
ord1570
ord342
ord1179
ord1248
ord1115
ord1194
ord1563
ord3733
ord1083
ord5617
ord4399
ord6640
ord2820
ord6279
ord6278
ord925
ord922
ord5568
ord2914
ord1128
ord2717
ord3948
ord561
ord815
ord2821
ord2810
ord538
ord2578
ord6303
ord521
ord602
ord3562
ord3569
ord4390
ord2567
ord616
ord535
ord1001
ord3577
ord4392
ord802
ord542
ord3087
ord6330
ord940
ord825
ord942
ord3281
ord6451
ord6896
ord4219
ord268
ord1560
ord2644
ord2385
ord1662
ord6898
ord2859
ord4970
ord3991
ord795
ord3716
ord693
ord3635
ord3365
ord4396
ord2574
ord823
ord5155
ord5156
ord5154
ord4899
ord4736
ord4942
ord4352
ord5261
ord4371
ord4848
ord4992
ord2506
ord6048
ord1767
ord5283
ord4829
ord4419
ord3694
ord1184
ord6928
ord858
ord6195
ord4155
ord4704
ord2294
ord692
ord3634
ord4395
ord2573
ord4214
ord2016
ord2405
ord6362
ord2570
ord4213
ord2015
ord2403
ord4847
ord1594
ord4272
ord4370
ord5276
ord3592
ord810
ord3728
ord3393
ord686
ord384
ord5947
ord2637
ord3092
ord4229
ord641
ord324
ord6024
ord5798
ord2809
ord3090
ord2634
ord4198
ord927
ord2520
ord1008
ord5855
ord3979
ord1565
ord6868
ord4124
ord2755
ord5706
ord2910
ord5817
ord3657
ord998
ord5977
ord609
ord4199
ord2455
ord1644
ord2756
ord6137
ord543
ord803
ord3579
ord713
ord414
ord3697
ord5436
ord6379
ord5446
ord6390
ord3658
ord501
ord1145
ord5603
ord773
ord5293
ord6371
ord4480
ord2546
ord2504
ord5727
ord3917
ord1089
ord5193
ord2388
ord3341
ord5296
ord5298
ord4074
ord4692
ord5303
ord5285
ord5710
ord2606
ord3396
ord1764
ord656
ord567
ord818
ord3605
ord4418
ord4621
ord4075
ord3074
ord3820
ord3826
ord3825
ord3397
ord2971
ord3076
ord2980
ord3257
ord3131
ord4459
ord3254
ord3142
ord2977
ord5273
ord2116
ord2438
ord5257
ord1720
ord5059
ord3744
ord6372
ord2047
ord2640
ord4435
ord4831
ord3793
ord5286
ord4347
ord6370
ord5157
ord2377
ord5237
ord4401
ord1768
ord4073
ord6051
ord861
ord1165
ord6466
ord800
ord540
ord771

msvcrt

memset
_purecall
wcslen
wcscmp
_stricmp
memcmp
_wcsicmp
free
wcstok_s
realloc
strlen
mbstowcs
strcmp
??_V@YAXPAX@Z
memcpy
_wcsupr
wcsstr
wcscspn
_vsnwprintf
__CxxFrameHandler3
wcschr
wcscoll
malloc
_wcsnicmp
wcstol
wcsncmp
iswdigit
swprintf_s
_wtol
wcscat_s
wcscpy_s
_onexit
__dllonexit
_unlock
_lock
_except_handler4_common
??1type_info@@UAE@XZ
?terminate@@YAXXZ
_initterm
_amsg_exit
_XcptFilter
_CxxThrowException
__RTDynamicCast
_itow
wcstoul
wcsrchr
iswspace
_beginthreadex
_endthreadex
memmove
qsort
_wtoi

atl

ord44
ord32
ord16
ord21
ord15
ord30
ord43

ntdll

RtlInitUnicodeString
RtlCompareUnicodeString
RtlNtStatusToDosError

certca

ord416
ord411
ord413
ord414
ord445
ord450
ord451
ord433
ord459
ord405
ord442
ord444
ord446
ord412
ord424
ord455
ord452
ord453
ord460
ord435
ord404

certenroll

ord29
ord16
ord19
ord15
ord18
ord31
ord21
ord23
ord22
ord40
ord33

kernel32

GetCurrentProcessId
QueryPerformanceCounter
SleepConditionVariableSRW
WakeAllConditionVariable
AcquireSRWLockExclusive
ReleaseSRWLockExclusive
TerminateProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
Sleep
InterlockedPopEntrySList
InterlockedPushEntrySList
FlushInstructionCache
IsProcessorFeaturePresent
DecodePointer
EncodePointer
LoadLibraryExA
VirtualAlloc
VirtualFree
FreeLibrary
HeapFree
UnmapViewOfFile
MapViewOfFile
GetProcessHeap
HeapAlloc
CreateFileMappingW
GetUserDefaultLangID
GetFileTime
GetFileSizeEx
ResetEvent
SetEvent
WaitForSingleObject
CreateEventW
GlobalUnlock
GlobalLock
WideCharToMultiByte
ReadFile
GetFileSize
CreateFileW
GetCurrentThreadId
CloseHandle
GetCurrentProcess
GetComputerNameW
GlobalFree
GlobalAlloc
LeaveCriticalSection
EnterCriticalSection
InitializeCriticalSection
DeleteCriticalSection
LoadLibraryA
CompareStringW
GetSystemWindowsDirectoryW
GetVersionExW
FormatMessageW
GetTimeFormatW
GetDateFormatW
FileTimeToSystemTime
FileTimeToLocalFileTime
GetCommandLineW
OutputDebugStringA
GetModuleFileNameW
LoadLibraryW
LoadLibraryExW
GetModuleHandleW
GetModuleHandleA
GetProcAddress
SetLastError
MultiByteToWideChar
GetACP
SystemTimeToFileTime
GetSystemTime
CompareFileTime
RaiseException
lstrcmpiW
GetSystemTimeAsFileTime
LocalAlloc
LocalFree
GetLastError
GetTickCount
CreateActCtxW
ReleaseActCtx
ActivateActCtx
DeactivateActCtx
GetComputerNameExW
ExpandEnvironmentStringsA
InitOnceExecuteOnce

user32

ScreenToClient
GetWindowRect
GetMenu
EnableMenuItem
SetMenu
LoadMenuW
DestroyWindow
CallWindowProcW
DefWindowProcW
SetFocus
GetKeyState
CloseClipboard
SetClipboardData
EmptyClipboard
OpenClipboard
IsDlgButtonChecked
CheckDlgButton
GetSysColor
GetClientRect
MessageBoxW
SetWindowLongW
GetWindowTextW
ShowWindow
SetWindowTextW
SendDlgItemMessageW
GetWindow
GetDlgItem
GetSystemMetrics
RegisterClipboardFormatW
GetParent
PostMessageW
WinHelpW
GetDlgCtrlID
SendMessageW
EnableWindow
LoadBitmapW
LoadImageW
LoadIconW
DestroyIcon
IsWindowVisible
UpdateWindow
CallNextHookEx
UnhookWindowsHookEx
SetWindowsHookExW
GetWindowThreadProcessId
FindWindowExW
ChildWindowFromPointEx
GetSubMenu
InvalidateRect
LoadStringW
GetFocus
ReleaseDC
GetDC
GetWindowLongW
SystemParametersInfoW

oleaut32

SafeArrayGetUBound
SafeArrayGetLBound
SysFreeString
SysAllocString
SysStringLen
VariantClear
SysAllocStringLen
SysStringByteLen
SafeArrayUnaccessData
BstrFromVector
SafeArrayAccessData
VariantInit

ole32

CoUninitialize
CoCreateInstance
CreateStreamOnHGlobal
ReleaseStgMedium
CoCreateGuid
CLSIDFromString
CoInitialize
StringFromCLSID
CoTaskMemAlloc
GetHGlobalFromStream
CoTaskMemFree

advapi32

RegOpenKeyExA
GetSecurityDescriptorLength
CopySid
GetLengthSid
RegCloseKey
RegSetValueExW
RegCreateKeyExW
RegDeleteValueW
RegQueryValueExW
RegEnumKeyExW
RegOpenKeyExW
RegDeleteKeyW
GetUserNameW
SaferCreateLevel
SaferCloseLevel
AllocateAndInitializeSid
CheckTokenMembership
FreeSid
OpenProcessToken
GetTokenInformation
SaferGetLevelInformation
SaferiPopulateDefaultsInRegistry
SaferGetPolicyInformation
RegQueryValueExA
RegSetValueExA
RegDeleteTreeW
CryptGetProvParam
LookupAccountNameW
OpenSCManagerW
GetServiceDisplayNameW
CloseServiceHandle
SaferSetPolicyInformation
SaferSetLevelInformation
SaferiChangeRegistryScope
CryptSetProvParam
EnumServicesStatusW

netutils

NetpwNameValidate
NetApiBufferFree
NetpwNameCanonicalize

dsrole

DsRoleGetPrimaryDomainInformation
DsRoleFreeMemory

srvcli

NetServerGetInfo

shell32

SHGetPathFromIDListW
SHGetMalloc
SHBindToParent
SHBrowseForFolderW
SHGetFileInfoW

cryptui

CryptUIDlgSelectCertificateW
CryptUIDlgViewCertificatePropertiesW
CryptUIDlgAddPolicyServerWithPriority
CryptUIWizBuildCTL
CryptUIWizExport
CryptUIWizImport
CryptUIGetCertificatePropertiesPagesW
CryptUIDlgViewCRLW
CryptUIDlgPropertyPolicy
CryptUIDlgViewCertificateW
CryptUIDlgViewCTLW

crypt32

CryptBinaryToStringW
CryptEncodeObject
CryptMsgGetParam
CryptMsgUpdate
CertAddEncodedCTLToStore
CertAddStoreToCollection
CertGetCRLFromStore
CertAddCRLContextToStore
CertEnumCRLsInStore
CertEnumCTLsInStore
CertGetSubjectCertificateFromStore
CertDeleteCRLFromStore
CertGetStoreProperty
CryptFindLocalizedName
CertFreeCRLContext
CertControlStore
CryptMsgClose
CryptDecodeObject
CertFindExtension
CertGetCertificateContextProperty
CertFreeCertificateContext
CertDuplicateCertificateContext
CertGetEnhancedKeyUsage
CertDeleteCertificateFromStore
CertFindCertificateInStore
CertSetCertificateContextProperty
CryptDecodeObjectEx
CertNameToStrW
CryptFindOIDInfo
CertGetNameStringW
CryptImportPublicKeyInfoEx2
CertGetCertificateChain
CertFreeCertificateChain
CertCompareCertificate
CryptAcquireCertificatePrivateKey
CertGetCTLContextProperty
CertDeleteCTLFromStore
CertFindCTLInStore
CertVerifyRevocation
CertVerifyTimeValidity
CryptMsgEncodeAndSignCTL
CertEnumCertificatesInStore
CertOpenStore
CertCloseStore
CertEnumSystemStore
CryptFindCertificateKeyProvInfo
CertEnumPhysicalStore
CryptEnumOIDInfo
CertAddCertificateContextToStore
CertAddCTLContextToStore
CertDuplicateCTLContext
CertFreeCTLContext
CertGetIntendedKeyUsage
CertDuplicateCRLContext
CryptMsgOpenToDecode
CertGetPublicKeyLength
CertAddSerializedElementToStore
CryptQueryObject

gdi32

CreateFontIndirectW
GetDeviceCaps
DeleteObject

ntdsapi

DsCrackNamesW
DsFreeNameResultW
DsBindW
DsUnBindW

ncrypt

BCryptDestroyKey
BCryptOpenAlgorithmProvider
BCryptCreateHash
BCryptHashData
NCryptSetProperty
NCryptGetProperty
NCryptIsKeyHandle
BCryptCloseAlgorithmProvider
BCryptDestroyHash
BCryptFinishHash
BCryptGetProperty

shlwapi

SHDeleteKeyW
PathFindExtensionW
StrTrimW

wintrust

WTHelperGetProvCertFromChain
WTHelperGetProvSignerFromChain
WTHelperProvDataFromStateData
WinVerifyTrust
WTHelperGetFileHash

version

GetFileVersionInfoExW
VerQueryValueW
GetFileVersionInfoSizeExW

imagehlp

ImageLoad
ImageUnload

secur32

GetUserNameExW

aclui

ord2

iphlpapi

ParseNetworkString

slc

SLGetWindowsInformationDWORD

logoncli

DsGetDcNameW

activeds

ord9

Exports

Exports

DllCanUnloadNow
DllGetClassObject
DllInstall
DllRegisterServer
DllUnregisterServer

Sections

.text
Size: 648KB - Virtual size: 647KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 10KB - Virtual size: 20KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1.2MB - Virtual size: 1.2MB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 48KB - Virtual size: 47KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/Aspnet_perf.dll
.dll windows:6 windows x86 arch:x86

Password: 1234

33099121b9268fefa42b3a9b21dd165f

Code Sign

33:00:00:01:3a:28:a9:62:84:34:04:3a:68:00:00:00:00:01:3a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/10/2019, 23:17

Not After

21/01/2021, 23:17

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:AB41-4B27-F026,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

e1:4e:5d:6f:c4:ab:f0:8c:78:2d:74:33:fd:a3:20:83:3f:f1:c8:08:b9:38:a2:52:32:44:6a:db:22:7b:0b:1a
Signer

Actual PE Digest

e1:4e:5d:6f:c4:ab:f0:8c:78:2d:74:33:fd:a3:20:83:3f:f1:c8:08:b9:38:a2:52:32:44:6a:db:22:7b:0b:1a

Digest Algorithm

sha256

PE Digest Matches

true

b5:00:f6:37:29:ed:8d:a7:fd:ac:20:92:8f:b6:31:0b:ba:ff:39:cf
Signer

Actual PE Digest

b5:00:f6:37:29:ed:8d:a7:fd:ac:20:92:8f:b6:31:0b:ba:ff:39:cf

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

aspnet_perf.pdb

Imports

kernel32

GetLastError
GetOverlappedResult
CancelIo
SetEvent
ResetEvent
WaitForSingleObject
CreateEventW
InterlockedIncrement
InterlockedDecrement
InterlockedExchange
InterlockedCompareExchange
SwitchToThread
CloseHandle
ExitThread
ResumeThread
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
HeapAlloc
HeapReAlloc
WriteFile
HeapCreate
ReadFile
CreateFileW
LoadLibraryW
GetModuleFileNameW
DisableThreadLibraryCalls
GetProcessHeap
CreateThread
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
QueryPerformanceCounter
HeapFree
GetProcessAffinityMask
GetCurrentProcess
HeapSize
Sleep

advapi32

RegCloseKey
RegQueryValueExW
RegOpenKeyExW
RegNotifyChangeKeyValue
RegEnumValueW

vcruntime140_clr0400

memset
__std_type_info_destroy_list
_except_handler4_common
memcpy
memcmp

ucrtbase_clr0400

__stdio_common_vswscanf
wcsncmp
_initterm
_initterm_e
_seh_filter_dll
_configure_narrow_argv
_initialize_narrow_environment
_initialize_onexit_table
_register_onexit_function
_execute_onexit_table
_crt_atexit
_cexit

Exports

Exports

ClosePerfCommonData
CloseStateServicePerfData
CloseVersionedPerfData
CollectPerfCommonData
CollectStateServicePerfData
CollectVersionedPerfData
GetPerfCountersRevision
OpenPerfCommonData
OpenStateServicePerfData
OpenVersionedPerfData

Sections

.text
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 5KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 736B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/InstallUtilLib.dll
.dll windows:5 windows x86 arch:x86

Password: 1234

822076004448a06c9b61fe57e1705503

Code Sign

33:00:00:01:27:f8:da:df:a8:8b:f4:8a:59:00:00:00:00:01:27
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/09/2019, 20:39

Not After

04/12/2020, 20:39

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:B8EC-30A4-7144,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

72:f1:4d:71:0b:75:ae:11:98:99:6a:f4:00:ff:ed:e0:b4:21:00:ff:0c:18:e8:f1:bc:d1:c0:d6:86:1a:f5:e5
Signer

Actual PE Digest

72:f1:4d:71:0b:75:ae:11:98:99:6a:f4:00:ff:ed:e0:b4:21:00:ff:0c:18:e8:f1:bc:d1:c0:d6:86:1a:f5:e5

Digest Algorithm

sha256

PE Digest Matches

true

dc:6c:b7:27:cd:5b:64:b8:dd:dd:e3:30:12:f9:89:aa:f1:60:88:8c
Signer

Actual PE Digest

dc:6c:b7:27:cd:5b:64:b8:dd:dd:e3:30:12:f9:89:aa:f1:60:88:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

InstallUtilLib.pdb

Imports

kernel32

GetProcAddress
LoadLibraryW
GetLastError
SetErrorMode
InterlockedExchange
InterlockedCompareExchange
SwitchToThread
FreeLibrary
LocalAlloc
LocalFree
FormatMessageW
lstrlenW
LoadLibraryA
MultiByteToWideChar
RaiseException
CloseHandle
WriteConsoleW
FlushFileBuffers
SetFilePointerEx
GetConsoleMode
GetConsoleCP
WriteFile
HeapReAlloc
HeapSize
IsProcessorFeaturePresent
IsDebuggerPresent
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetStartupInfoW
GetModuleHandleW
GetCurrentProcess
TerminateProcess
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
InterlockedFlushSList
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
RtlUnwind
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
WideCharToMultiByte
HeapFree
HeapAlloc
GetACP
GetStdHandle
GetFileType
LCMapStringW
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStringTypeW
SetStdHandle
CreateFileW

user32

MessageBoxW

oleaut32

SysFreeString
SysAllocString

msi

ord125
ord74
ord103
ord121
ord17

mscoree

ClrCreateManagedInstance
CorBindToRuntimeHost

Exports

Exports

ManagedInstall
_DecodePointerInternal@4
_EncodePointerInternal@4

Sections

.text
Size: 87KB - Virtual size: 86KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/PenIMC_v0400.dll
.dll windows:6 windows x86 arch:x86

Password: 1234

10764327bfaac46b699ab3d849224585

Code Sign

33:00:00:01:2a:30:bf:85:c5:0e:b1:e2:8c:00:00:00:00:01:2a
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/09/2019, 20:40

Not After

04/12/2020, 20:40

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:7D2E-3782-B0F7,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ed:b6:f1:80:b4:9a:07:13:e5:bf:20:9e:86:0e:61:d0:74:99:5d:8a:57:0d:6c:b8:db:3c:18:61:e6:89:d1:8b
Signer

Actual PE Digest

ed:b6:f1:80:b4:9a:07:13:e5:bf:20:9e:86:0e:61:d0:74:99:5d:8a:57:0d:6c:b8:db:3c:18:61:e6:89:d1:8b

Digest Algorithm

sha256

PE Digest Matches

true

3d:01:52:b0:96:0a:97:e8:33:58:2b:ba:df:7b:3d:2b:d4:15:33:c5
Signer

Actual PE Digest

3d:01:52:b0:96:0a:97:e8:33:58:2b:ba:df:7b:3d:2b:d4:15:33:c5

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

Placeholder.pdb

Imports

vcruntime140_clr0400

__std_type_info_destroy_list
memset
_except_handler4_common

ucrtbase_clr0400

_cexit
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm

kernel32

SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
IsProcessorFeaturePresent
UnhandledExceptionFilter

Sections

.text
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 908B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 844B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 300B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/PresentationNative_v0400.dll
.dll windows:6 windows x86 arch:x86

1dca172dc886a8a79fd3c0091bf90812

Code Sign

33:00:00:01:2f:0d:ca:5a:e9:ea:70:8d:f5:00:00:00:00:01:2f
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/09/2019, 20:40

Not After

04/12/2020, 20:40

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:728D-C45F-F9EB,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

80:5a:66:3d:d4:69:f7:fa:68:b5:18:aa:b3:60:e6:03:21:24:fb:86:f1:f7:08:4a:48:99:8c:eb:7e:aa:9c:aa
Signer

Actual PE Digest

80:5a:66:3d:d4:69:f7:fa:68:b5:18:aa:b3:60:e6:03:21:24:fb:86:f1:f7:08:4a:48:99:8c:eb:7e:aa:9c:aa

Digest Algorithm

sha256

PE Digest Matches

true

67:a8:8a:08:bf:16:81:5f:ff:87:0d:4b:2a:30:10:ca:d2:98:6b:60
Signer

Actual PE Digest

67:a8:8a:08:bf:16:81:5f:ff:87:0d:4b:2a:30:10:ca:d2:98:6b:60

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

PresentationNative_v0400.pdb

Imports

kernel32

GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetCurrentThread
TerminateThread
IsDebuggerPresent
VerSetConditionMask
GetSystemTimeAsFileTime
OutputDebugStringW
GetLastError
GlobalDeleteAtom
SetLastError
GetProcessHeap
LeaveCriticalSection
GetProcAddress
EnterCriticalSection
LoadLibraryExW
InitializeCriticalSectionEx
InitializeSListHead
OutputDebugStringA
HeapReAlloc
DeleteCriticalSection
DisableThreadLibraryCalls
InitializeCriticalSection
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
HeapAlloc
HeapFree

ole32

CoCreateInstance
CoTaskMemFree

oleaut32

SysAllocString
VariantInit
VariantChangeType
VariantClear

user32

SetScrollPos
SetFocus
MapWindowPoints
GetWindowTextLengthW
GetWindowTextW
SetWindowLongW
GetWindow
GetParent
GetMenuBarInfo
GetKeyboardLayoutList
GetAncestor
FindWindowExW
EnableWindow
GetWindowLongW

gdi32

GetTextExtentPoint32W

mscoree

CLRCreateInstance

vcruntime140_clr0400

memset
_except_handler4_common
__std_type_info_destroy_list
_purecall
__CxxFrameHandler3
memcpy

ucrtbase_clr0400

_initterm_e
_crt_atexit
_execute_onexit_table
_register_onexit_function
_initterm
_initialize_onexit_table
_initialize_narrow_environment
wcscpy_s
free
iswpunct
_cexit
_configure_narrow_argv
__stdio_common_vsprintf
_seh_filter_dll

ntdll

DbgPrompt
DbgBreakPoint
DbgPrintEx
NtQuerySystemInformation
RtlVerifyVersionInfo

Exports

Exports

CreateDocContext
CreateInstalledObjectsInfo
CreateTextAnalysisSink
CreateTextAnalysisSource
DestroyDocContext
DestroyInstalledObjectsInfo
EnableWindowWrapper
FindWindowExWrapper
FsAddFigureObstacle
FsClearUpdateInfoInPage
FsClearUpdateInfoInSubpage
FsClearUpdateInfoInSubtrack
FsClearUpdateInfoInTableSrv
FsCommitFilledRectangle
FsCompareSubpages
FsCompareSubtrack
FsCompareTableSrv
FsCreateDocContext
FsCreateDummyFootnoteRejector
FsCreatePageBottomless
FsCreatePageFinite
FsCreateSubpageBottomless
FsCreateSubpageFinite
FsDestroyDocContext
FsDestroyFootnoteRejector
FsDestroyPage
FsDestroyPageBreakRecord
FsDestroySubpage
FsDestroySubpageBreakRecord
FsDestroySubtrack
FsDestroySubtrackBreakRecord
FsDestroyTableSrv
FsDestroyTableSrvBreakRecord
FsDuplicateGeometry
FsDuplicatePageBreakRecord
FsDuplicateSubpageBreakRecord
FsDuplicateSubtrackBreakRecord
FsDuplicateTableSrvBreakRecord
FsFAllFootnotesAllowed
FsFFootnoteAllowed
FsFormatSubtrackBottomless
FsFormatSubtrackFinite
FsFormatTableSrvBottomless
FsFormatTableSrvFinite
FsGetClientHandle
FsGetColumnRectangle
FsGetEmptySpaces
FsGetFigureObstacleData
FsGetFloaterFsimethods
FsGetIntervals
FsGetMaxNumberEmptySpaces
FsGetMaxNumberIntervals
FsGetNextTick
FsGetNumberSubpageFootnotes
FsGetNumberSubtrackFootnotes
FsGetPageRectangle
FsGetShiftOffset
FsGetSubpageColumnBalancingInfo
FsGetSubpageFootnoteInfo
FsGetSubtrackColumnBalancingInfo
FsGetSubtrackFootnoteInfo
FsGetTableObjFsimethods
FsGetTableSrvColumnBalancingInfo
FsGetTableSrvFootnoteInfo
FsGetTableSrvNumberFootnotes
FsJustifySubpage
FsQueryAttachedObjectList
FsQueryCompositeColumnDetails
FsQueryCompositeColumnFootnoteList
FsQueryDcpLineVariantsFromCachedTextPara
FsQueryEndnoteColumnDetails
FsQueryFigureObjectDetails
FsQueryFloaterDetails
FsQueryFootnoteColumnDetails
FsQueryFootnoteColumnTrackList
FsQueryHeightDefinedColumnSpanAreaList
FsQueryLineCompositeElementList
FsQueryLineListComposite
FsQueryLineListSingle
FsQueryPageDetails
FsQueryPageFootnoteColumnList
FsQueryPageSectionList
FsQuerySectionBasicColumnList
FsQuerySectionCompositeColumnList
FsQuerySectionDetails
FsQuerySectionEndnoteColumnList
FsQuerySegmentDefinedColumnSpanAreaList
FsQuerySubpageBasicColumnList
FsQuerySubpageDetails
FsQuerySubpageHeightDefinedColumnSpanAreaList
FsQuerySubpageSegmentDefinedColumnSpanAreaList
FsQuerySubtrackDetails
FsQuerySubtrackParaList
FsQueryTableObjCellList
FsQueryTableObjDetails
FsQueryTableObjFigureCountWord
FsQueryTableObjFigureListWord
FsQueryTableObjRowDetails
FsQueryTableObjRowList
FsQueryTableObjTableProperDetails
FsQueryTableSrvCellList
FsQueryTableSrvRowDetails
FsQueryTableSrvRowList
FsQueryTableSrvTableDetails
FsQueryTextDetails
FsQueryTrackDetails
FsQueryTrackParaList
FsRegisterFloatObstacle
FsReleaseGeometry
FsResolveOverlap
FsRestoreGeometry
FsShiftSubtrackVertical
FsSynchronizeBottomlessSubtrack
FsTransferDisplayInfoSubpage
FsTransferDisplayInfoSubtrack
FsTransferDisplayInfoTableSrv
FsTransformBbox
FsTransformPoint
FsTransformRectangle
FsTransformVector
FsUpdateBottomlessPage
FsUpdateBottomlessSubpage
FsUpdateBottomlessSubtrack
FsUpdateBottomlessTableSrv
FsUpdateFinitePage
GetAncestorWrapper
GetFloaterHandlerInfo
GetKeyboardLayoutListWrapper
GetMenuBarInfoWrapper
GetNumberSubstitutionList
GetParentWrapper
GetScriptAnalysisList
GetTableObjHandlerInfo
GetTextExtentPoint32Wrapper
GetWindowLongPtrWrapper
GetWindowLongWrapper
GetWindowTextLengthWrapper
GetWindowTextWrapper
GetWindowWrapper
GlobalDeleteAtomWrapper
IsPrintPackageTargetSupported
IsStartXpsPrintJobSupported
IsWindows10OrGreater
IsWindows10RS1OrGreater
IsWindows10RS2OrGreater
IsWindows10RS3OrGreater
IsWindows10RS5OrGreater
IsWindows10TH1OrGreater
IsWindows10TH2OrGreater
IsWindows7OrGreater
IsWindows7SP1OrGreater
IsWindows8OrGreater
IsWindows8Point1OrGreater
IsWindowsServer
IsWindowsVistaOrGreater
IsWindowsVistaSP1OrGreater
IsWindowsVistaSP2OrGreater
IsWindowsXPOrGreater
IsWindowsXPSP1OrGreater
IsWindowsXPSP2OrGreater
IsWindowsXPSP3OrGreater
LateBoundStartXpsPrintJob
LoAcquireBreakRecord
LoAcquirePenaltyModule
LoCloneBreakRecord
LoCreateBreaks
LoCreateContext
LoCreateLine
LoCreateParaBreakingSession
LoDestroyContext
LoDisplayLine
LoDisposeBreakRecord
LoDisposeLine
LoDisposeParaBreakingSession
LoDisposePenaltyModule
LoEnumLine
LoGetEscString
LoGetPenaltyModuleInternalHandle
LoQueryLineCpPpoint
LoQueryLinePointPcp
LoRelievePenaltyResource
LoSetBreaking
LoSetDoc
LoSetTabs
LocbkGetObjectHandlerInfo
MILGetClassificationTables
MapWindowPointsWrapper
NlCreateHyphenator
NlDestroyHyphenator
NlGetClassObject
NlHyphenate
NlLoad
NlUnload
PrintToPackageTarget
SetFocusWrapper
SetScrollPosWrapper
SetWindowLongPtrWrapper
SetWindowLongWrapper
TryGetRequestedCLRRuntime

Sections

.text
Size: 873KB - Virtual size: 872KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/PrimitiveTransformers.dll
.dll windows:10 windows x64 arch:x64

df3ec708e62f0fccfe951a485496547f

Code Sign

33:00:00:04:15:82:95:a1:a3:d8:2e:28:57:00:00:00:00:04:15
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

ad:27:ce:82:8a:11:d3:be:7a:e0:95:9c:e1:c3:31:c8:bf:f4:c3:9f:69:c1:f5:cc:02:b1:a0:ec:5d:fc:6d:fd
Signer

Actual PE Digest

ad:27:ce:82:8a:11:d3:be:7a:e0:95:9c:e1:c3:31:c8:bf:f4:c3:9f:69:c1:f5:cc:02:b1:a0:ec:5d:fc:6d:fd

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

PrimitiveTransformers.pdb

Imports

msvcrt

memcmp
memset
memcpy
_initterm
_amsg_exit
_XcptFilter
_callnewh
malloc
free
__C_specific_handler

api-ms-win-core-libraryloader-l1-1-0

DisableThreadLibraryCalls

api-ms-win-core-synch-l1-1-0

DeleteCriticalSection
InitializeCriticalSection

api-ms-win-core-heap-l1-1-0

HeapDestroy

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentProcess
GetCurrentThreadId
GetCurrentProcessId

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime
GetTickCount

api-ms-win-core-rtlsupport-l1-1-0

RtlLookupFunctionEntry
RtlVirtualUnwind
RtlCaptureContext

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetUnhandledExceptionFilter

wcp

?RtlTraceFormat_PCULONG@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
?RtlTraceFormat_PCLUNICODE_STRING_AsLiteralString@Rtl@WCP@Windows@@YAXPEAUIRtlFormattedOutputStream@13@PEBX@Z
RtlSplitLUnicodeString
?RtlTraceVa@Rtl@WCP@Windows@@YAXKKPEAU_RTL_TRACING_FACILITY@123@QEBD_KPEAD@Z
RtlHashLUnicodeString
RtlReallocateLUnicodeString
RtlDecodeUtf16LE
RtlFreeLBlob
RtlAllocateLBlob
RtlDuplicateLUnicodeString
RtlCombineNtPathSegments
RtlSplitNtPath
RtlFreeLUnicodeString
RtlReportErrorOrigination
ConvertNtStatusToHResult
?GetNtFilePathParameter@Rtl@Transformers@WCP@Windows@@YAJKPEAUICSITransformerServices@@AEBU_LUNICODE_STRING@@PEAV?$Auto@U_LUNICODE_STRING@@@4@PEAKK@Z
?GetNtRegistryPathParameter@Rtl@Transformers@WCP@Windows@@YAJKPEAUICSITransformerServices@@AEBU_LUNICODE_STRING@@PEAV?$Auto@U_LUNICODE_STRING@@@4@PEAKK@Z
?GetLUnicodeParameter@Rtl@Transformers@WCP@Windows@@YAJKPEAUICSITransformerServices@@AEBU_LUNICODE_STRING@@PEAV?$Auto@U_LUNICODE_STRING@@@4@PEAK@Z

Exports

Exports

DllCanUnloadNow
DllCsiGetHandler

Sections

.text
Size: 36KB - Virtual size: 36KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 11KB - Virtual size: 11KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/ServiceModelPerformanceCounters.dll
.dll windows:6 windows x86 arch:x86

28e7b9798d6684e7e1487700c6fbd72f

Code Sign

33:00:00:01:30:30:3e:28:0c:ec:3c:4d:01:00:00:00:00:01:30
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/09/2019, 20:40

Not After

04/12/2020, 20:40

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:5847-F761-4F70,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d4:e2:4c:b9:90:da:0b:fa:28:e2:33:63:c5:c7:c6:a9:12:5e:ac:37:6b:dc:63:14:8b:98:20:6d:ce:57:06:00
Signer

Actual PE Digest

d4:e2:4c:b9:90:da:0b:fa:28:e2:33:63:c5:c7:c6:a9:12:5e:ac:37:6b:dc:63:14:8b:98:20:6d:ce:57:06:00

Digest Algorithm

sha256

PE Digest Matches

true

64:3a:da:d5:12:0e:93:75:0d:9b:1c:a8:24:99:96:8c:cb:03:a2:38
Signer

Actual PE Digest

64:3a:da:d5:12:0e:93:75:0d:9b:1c:a8:24:99:96:8c:cb:03:a2:38

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

ServiceModelPerformanceCounters.pdb

Imports

kernel32

IsProcessorFeaturePresent
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
IsDebuggerPresent
GetStartupInfoW
GetModuleHandleW
InterlockedFlushSList
RtlUnwind
GetLastError
SetLastError
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
FreeLibrary
GetProcAddress
LoadLibraryExW
ExitProcess
GetModuleHandleExW
GetModuleFileNameA
MultiByteToWideChar
WideCharToMultiByte
HeapFree
HeapAlloc
LCMapStringW
TerminateProcess
FindClose
FindFirstFileExA
FindNextFileA
IsValidCodePage
GetACP
GetOEMCP
GetCPInfo
GetCommandLineA
GetCommandLineW
GetEnvironmentStringsW
FreeEnvironmentStringsW
GetProcessHeap
GetStdHandle
GetFileType
GetStringTypeW
HeapSize
HeapReAlloc
SetStdHandle
WriteFile
FlushFileBuffers
GetConsoleCP
GetConsoleMode
SetFilePointerEx
CloseHandle
WriteConsoleW
DecodePointer
CreateFileW
RaiseException
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter

Sections

.text
Size: 60KB - Virtual size: 59KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/SettingsHandlers_OneDriveBackup.dll
.dll windows:10 windows x64 arch:x64

d8d8b3c8cea022e3fef194f7c16e2106

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

SettingsHandlers_OneDriveBackup.pdb

Imports

api-ms-win-crt-runtime-l1-1-0

_initterm_e
_initterm

api-ms-win-crt-private-l1-1-0

_o__crt_atexit
_o__errno
_o__execute_onexit_table
_o__initialize_narrow_environment
_o__initialize_onexit_table
_o__invalid_parameter_noinfo
_o__purecall
_o__register_onexit_function
_o__seh_filter_dll
_o___std_exception_copy
memmove
_o_bsearch_s
_o_free
_o_malloc
_o_terminate
__C_specific_handler
_o__configure_narrow_argv
_o___stdio_common_vswscanf
_o___stdio_common_vswprintf
_o___stdio_common_vsnprintf_s
__std_terminate
__CxxFrameHandler3
_CxxThrowException
__CxxFrameHandler4
memcmp
memcpy
_o__cexit
_o__callnewh
_o___std_type_info_destroy_list
_o___std_exception_destroy

api-ms-win-crt-string-l1-1-0

memset

api-ms-win-core-libraryloader-l1-2-0

GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleHandleExW
LockResource
LoadResource
GetModuleFileNameA
FindResourceExW

api-ms-win-core-synch-l1-2-0

InitOnceComplete
InitOnceExecuteOnce
InitOnceBeginInitialize

api-ms-win-core-synch-l1-1-0

CreateSemaphoreExW
LeaveCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
EnterCriticalSection
ReleaseSemaphore
ReleaseMutex
ReleaseSRWLockExclusive
DeleteCriticalSection
AcquireSRWLockShared
CreateMutexExW
ReleaseSRWLockShared
OpenSemaphoreW
WaitForSingleObjectEx
AcquireSRWLockExclusive
InitializeSRWLock

api-ms-win-core-heap-l1-1-0

HeapFree
HeapAlloc
GetProcessHeap

api-ms-win-core-errorhandling-l1-1-0

UnhandledExceptionFilter
SetLastError
RaiseException
SetUnhandledExceptionFilter
GetLastError

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-string-l1-1-0

CompareStringOrdinal

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
TerminateProcess
GetCurrentProcessId
GetCurrentThreadId
CreateThread

api-ms-win-core-localization-l1-2-0

FormatMessageW

api-ms-win-core-debug-l1-1-0

DebugBreak
OutputDebugStringW
IsDebuggerPresent

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-winrt-error-l1-1-0

RoOriginateError
RoTransformError

api-ms-win-core-winrt-string-l1-1-0

WindowsGetStringRawBuffer
WindowsCreateStringReference
WindowsCreateString
WindowsDeleteString

api-ms-win-core-rtlsupport-l1-1-0

RtlCaptureContext
RtlVirtualUnwind
RtlLookupFunctionEntry

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-sysinfo-l1-1-0

GetSystemTimeAsFileTime

api-ms-win-core-interlocked-l1-1-0

InitializeSListHead

netapi32

NetGetAadJoinInformation
NetFreeAadJoinInformation
NetApiBufferFree
NetGetJoinInformation

api-ms-win-core-com-l1-1-0

CoUninitialize
CoCreateFreeThreadedMarshaler
CoTaskMemFree
CoInitializeEx
CoTaskMemAlloc
CoTaskMemRealloc

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventSetInformation
EventRegister
EventWriteTransfer

api-ms-win-core-registry-l1-1-0

RegGetValueW

api-ms-win-core-winrt-error-l1-1-1

RoReportFailedDelegate
IsErrorPropagationEnabled
RoGetMatchingRestrictedErrorInfo

api-ms-win-core-winrt-l1-1-0

RoUninitialize
RoGetActivationFactory
RoInitialize

api-ms-win-core-threadpool-l1-2-0

WaitForThreadpoolTimerCallbacks
SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer

Exports

Exports

DllCanUnloadNow
DllGetClassObject
GetSetting

Sections

.text
Size: 69KB - Virtual size: 69KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 22KB - Virtual size: 22KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 4KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1024B - Virtual size: 692B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/System.AddIn.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.AddIn.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 148KB - Virtual size: 145KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/System.Speech.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Speech.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 664KB - Virtual size: 661KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/System.Transactions.dll
.dll windows:5 windows x86 arch:x86

7469780bb6fda5f25da4408eda0b3bb8

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Transactions.pdb

Imports

msvcr80

_crt_debugger_hook
_except_handler4_common
_onexit
_lock
__dllonexit
_unlock
__clean_type_info_names_internal
__CppXcptFilter
_adjust_fdiv
_amsg_exit
_initterm_e
_initterm
_decode_pointer
_encoded_null
free
_malloc_crt
_encode_pointer
_wcsicmp
??2@YAPAXI@Z
??3@YAXPAX@Z

kernel32

GetLastError
IsDebuggerPresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
DisableThreadLibraryCalls
Sleep
GetSystemDirectoryW
LoadLibraryExW
GetProcAddress
CloseHandle
GetSystemInfo
EnterCriticalSection
LeaveCriticalSection
SetEvent
GetCurrentProcess
DuplicateHandle
InterlockedExchange
InterlockedIncrement
InterlockedDecrement
InterlockedCompareExchange
DeleteCriticalSection
InitializeCriticalSectionAndSpinCount

ole32

CoCreateFreeThreadedMarshaler
CoTaskMemAlloc
CoTaskMemFree

mscoree

_CorDllMain

Exports

Exports

_GetNotificationFactory@8

Sections

.text
Size: 250KB - Virtual size: 249KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 868B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/System.Web.DynamicData.Design.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

System.Web.DynamicData.Design.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 20KB - Virtual size: 17KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/WMINet_Utils.dll
.dll regsvr32 windows:6 windows x86 arch:x86

2c305302a504b098dd13608a5e3f7401

Code Sign

33:00:00:01:39:87:5d:99:a9:13:4e:5c:e2:00:00:00:00:01:39
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/10/2019, 23:17

Not After

21/01/2021, 23:17

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Ireland Operations Limited+OU=Thales TSS ESN:179E-4BB0-8246,O=Microsoft Corporation,L=Redmond,ST=WA,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

8e:61:1e:ec:60:b9:01:f4:fb:b8:98:93:9c:ad:09:0d:64:c9:24:d9:70:24:e6:08:1d:22:38:42:3a:91:b3:9b
Signer

Actual PE Digest

8e:61:1e:ec:60:b9:01:f4:fb:b8:98:93:9c:ad:09:0d:64:c9:24:d9:70:24:e6:08:1d:22:38:42:3a:91:b3:9b

Digest Algorithm

sha256

PE Digest Matches

true

e4:30:20:2c:b5:aa:fa:be:c9:50:06:09:5b:33:b7:84:75:23:a9:c3
Signer

Actual PE Digest

e4:30:20:2c:b5:aa:fa:be:c9:50:06:09:5b:33:b7:84:75:23:a9:c3

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

WMINet_Utils.pdb

Imports

advapi32

AddAce
AllocateAndInitializeSid
CopySid
FreeSid
GetLengthSid
InitializeAcl
InitializeSecurityDescriptor
SetSecurityDescriptorDacl
RegCloseKey
RegCreateKeyExA
RegSetKeySecurity
SetThreadToken
OpenProcessToken
OpenThreadToken
AdjustTokenPrivileges
GetTokenInformation
RevertToSelf

kernel32

GetLastError
HeapDestroy
HeapAlloc
HeapFree
InitializeCriticalSection
EnterCriticalSection
LeaveCriticalSection
DeleteCriticalSection
InterlockedIncrement
InterlockedDecrement
GetVersionExA
DisableThreadLibraryCalls
CloseHandle
GetCurrentProcess
GetCurrentThread
GetSystemDirectoryA
GetProcAddress
LoadLibraryExA
TerminateProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetProcessHeap
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter

vcruntime140_clr0400

memset
__std_type_info_destroy_list
_CxxThrowException
_except_handler4_common
__CxxFrameHandler3
__std_terminate
__std_exception_destroy
__std_exception_copy

ucrtbase_clr0400

free
_cexit
_initterm_e
_initterm
_wcsnicmp
_execute_onexit_table
_initialize_onexit_table
_initialize_narrow_environment
_configure_narrow_argv
_seh_filter_dll
malloc
_callnewh

ole32

CoTaskMemAlloc
CoCreateInstance
CoTaskMemFree

oleaut32

GetErrorInfo
SysAllocStringLen
SysFreeString
SysStringLen
SysAllocString

Exports

Exports

BeginEnumeration
BeginMethodEnumeration
BlessIWbemServices
BlessIWbemServicesObject
Clone
CloneEnumWbemClassObject
CompareTo
ConnectServerWmi
CreateClassEnumWmi
CreateInstanceEnumWmi
Delete
DeleteMethod
DllCanUnloadNow
DllGetClassObject
DllRegisterServer
DllUnregisterServer
EndEnumeration
EndMethodEnumeration
ExecNotificationQueryWmi
ExecQueryWmi
Get
GetCurrentApartmentType
GetDemultiplexedStub
GetErrorInfo
GetMethod
GetMethodOrigin
GetMethodQualifierSet
GetNames
GetObjectText
GetPropertyHandle
GetPropertyInfoByHandle
GetPropertyOrigin
GetPropertyQualifierSet
GetQualifierSet
InheritsFrom
Initialize
Lock
Next
NextMethod
Put
PutClassWmi
PutInstanceWmi
PutMethod
QualifierSet_BeginEnumeration
QualifierSet_Delete
QualifierSet_EndEnumeration
QualifierSet_Get
QualifierSet_GetNames
QualifierSet_Next
QualifierSet_Put
ReadDWORD
ReadPropertyValue
ReadQWORD
ResetSecurity
SetSecurity
SpawnDerivedClass
SpawnInstance
UFunc
Unlock
VerifyClientKey
WriteDWORD
WriteDouble
WritePropertyValue
WriteQWORD
WriteSingle

Sections

.text
Size: 103KB - Virtual size: 103KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/WindowsBase.resources.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

mscoree

_CorDllMain

Sections

.text
Size: 96KB - Virtual size: 93KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 4KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/msvcr90.dll
.dll windows:5 windows x86 arch:x86

0fda4497453286b1daa098623dfc53ce

Code Sign

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

c1:00:8b:3c:3c:88:11:d1:3e:f6:63:ec:df:40
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

10/01/1997, 07:00

Not After

31/12/2020, 07:00

Subject

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

2e:ab:11:dc:50:ff:5c:9d:cb:c0
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

22/08/2007, 22:31

Not After

25/08/2012, 07:00

Subject

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0f:78:4d:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Code Signing PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

23/08/2007, 00:23

Not After

23/02/2009, 00:33

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

61:47:52:ba:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

16/09/2006, 01:53

Not After

16/09/2011, 02:03

Subject

CN=Microsoft Timestamping Service,OU=nCipher DSE ESN:D8A9-CFCC-579C,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

6a:0b:99:4f:c0:00:25:ab:11:db:45:1f:58:7a:67:a2
Certificate

Issuer

CN=Microsoft Root Authority,OU=Copyright (c) 1997 Microsoft Corp.+OU=Microsoft Corporation

Not Before

16/09/2006, 01:04

Not After

15/09/2019, 07:00

Subject

CN=Microsoft Timestamping PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

54:13:79:94:a8:94:70:d8:e8:ea:19:5c:85:d8:c4:57:81:82:2d:8c
Signer

Actual PE Digest

54:13:79:94:a8:94:70:d8:e8:ea:19:5c:85:d8:c4:57:81:82:2d:8c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

msvcr90.i386.pdb

Imports

kernel32

GetModuleFileNameA
GetModuleFileNameW
GetModuleHandleW
Sleep
GetProcAddress
ExitProcess
WriteFile
GetStdHandle
GetSystemWindowsDirectoryW
GetSystemDirectoryW
GetLongPathNameW
GetCurrentThreadId
TlsGetValue
DebugBreak
OutputDebugStringA
GetCommandLineA
DeleteCriticalSection
LeaveCriticalSection
EnterCriticalSection
ExitThread
CloseHandle
GetLastError
ResumeThread
CreateThread
TlsAlloc
TlsSetValue
TlsFree
InterlockedIncrement
SetLastError
InterlockedDecrement
GetCurrentThread
FindNextFileA
FindFirstFileA
FindClose
FindNextFileW
FindFirstFileW
GetLogicalDrives
GetDiskFreeSpaceA
FileTimeToSystemTime
FileTimeToLocalFileTime
SetErrorMode
Beep
GetFileAttributesA
SetFileAttributesA
SetEnvironmentVariableA
GetCurrentDirectoryA
SetCurrentDirectoryA
GetFullPathNameA
GetDriveTypeA
GetCurrentProcessId
CreateDirectoryA
MoveFileA
RemoveDirectoryA
DeleteFileA
GetFileAttributesW
SetEnvironmentVariableW
GetCurrentDirectoryW
SetCurrentDirectoryW
SetFileAttributesW
GetFullPathNameW
CreateDirectoryW
MoveFileW
RemoveDirectoryW
GetDriveTypeW
DeleteFileW
GetExitCodeProcess
WaitForSingleObject
CreateProcessA
LoadLibraryA
FreeLibrary
CreateProcessW
ReadFile
DuplicateHandle
GetCurrentProcess
GetSystemTimeAsFileTime
GetTimeZoneInformation
GetLocalTime
WideCharToMultiByte
SetFileTime
LocalFileTimeToFileTime
SystemTimeToFileTime
SetLocalTime
MultiByteToWideChar
GetCPInfo
GetACP
GetOEMCP
IsValidCodePage
GetTimeFormatA
GetDateFormatA
RtlUnwind
RaiseException
HeapFree
HeapAlloc
GetProcessHeap
GetEnvironmentVariableA
HeapDestroy
HeapCreate
VirtualFree
HeapSize
HeapReAlloc
VirtualAlloc
HeapValidate
HeapCompact
HeapWalk
VirtualProtect
GetSystemInfo
VirtualQuery
SetHandleCount
GetFileType
GetStartupInfoA
SetFilePointer
GetConsoleCP
GetConsoleMode
CreateFileA
FlushFileBuffers
CreatePipe
CreateFileW
SetStdHandle
ReadConsoleInputA
SetConsoleMode
PeekConsoleInputA
GetNumberOfConsoleInputEvents
ReadConsoleInputW
WriteConsoleA
GetConsoleOutputCP
WriteConsoleW
IsDBCSLeadByteEx
ReadConsoleA
ReadConsoleW
SetEndOfFile
GetFileInformationByHandle
PeekNamedPipe
InterlockedExchange
LockFile
UnlockFile
TerminateProcess
UnhandledExceptionFilter
SetUnhandledExceptionFilter
IsDebuggerPresent
SetConsoleCtrlHandler
InitializeCriticalSectionAndSpinCount
FreeEnvironmentStringsW
GetEnvironmentStringsW
GetCommandLineW
FreeEnvironmentStringsA
GetEnvironmentStrings
QueryPerformanceCounter
GetTickCount
GetStringTypeW
GetStringTypeA
LCMapStringA
LCMapStringW
CompareStringA
CompareStringW
GetLocaleInfoW
GetLocaleInfoA
GetUserDefaultLCID
EnumSystemLocalesA
IsValidLocale
LoadLibraryW
GetModuleHandleA

Exports

Exports

$I10_OUTPUT
??0__non_rtti_object@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@ABV01@@Z
??0bad_cast@std@@QAE@PBD@Z
??0bad_typeid@std@@QAE@ABV01@@Z
??0bad_typeid@std@@QAE@PBD@Z
??0exception@std@@QAE@ABQBD@Z
??0exception@std@@QAE@ABQBDH@Z
??0exception@std@@QAE@ABV01@@Z
??0exception@std@@QAE@XZ
??1__non_rtti_object@std@@UAE@XZ
??1bad_cast@std@@UAE@XZ
??1bad_typeid@std@@UAE@XZ
??1exception@std@@UAE@XZ
??1type_info@@UAE@XZ
??2@YAPAXI@Z
??2@YAPAXIHPBDH@Z
??3@YAXPAX@Z
??4__non_rtti_object@std@@QAEAAV01@ABV01@@Z
??4bad_cast@std@@QAEAAV01@ABV01@@Z
??4bad_typeid@std@@QAEAAV01@ABV01@@Z
??4exception@std@@QAEAAV01@ABV01@@Z
??8type_info@@QBE_NABV0@@Z
??9type_info@@QBE_NABV0@@Z
??_7__non_rtti_object@std@@6B@
??_7bad_cast@std@@6B@
??_7bad_typeid@std@@6B@
??_7exception@@6B@
??_7exception@std@@6B@
??_Fbad_cast@std@@QAEXXZ
??_Fbad_typeid@std@@QAEXXZ
??_U@YAPAXI@Z
??_U@YAPAXIHPBDH@Z
??_V@YAXPAX@Z
?_Name_base@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Name_base_internal@type_info@@CAPBDPBV1@PAU__type_info_node@@@Z
?_Type_info_dtor@type_info@@CAXPAV1@@Z
?_Type_info_dtor_internal@type_info@@CAXPAV1@@Z
?_ValidateExecute@@YAHP6GHXZ@Z
?_ValidateRead@@YAHPBXI@Z
?_ValidateWrite@@YAHPAXI@Z
?_inconsistency@@YAXXZ
?_invalid_parameter@@YAXPBG00II@Z
?_is_exception_typeof@@YAHABVtype_info@@PAU_EXCEPTION_POINTERS@@@Z
?_name_internal_method@type_info@@QBEPBDPAU__type_info_node@@@Z
?_open@@YAHPBDHH@Z
?_query_new_handler@@YAP6AHI@ZXZ
?_query_new_mode@@YAHXZ
?_set_new_handler@@YAP6AHI@ZH@Z
?_set_new_handler@@YAP6AHI@ZP6AHI@Z@Z
?_set_new_mode@@YAHH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZH@Z
?_set_se_translator@@YAP6AXIPAU_EXCEPTION_POINTERS@@@ZP6AXI0@Z@Z
?_sopen@@YAHPBDHHH@Z
?_type_info_dtor_internal_method@type_info@@QAEXXZ
?_wopen@@YAHPB_WHH@Z
?_wsopen@@YAHPB_WHHH@Z
?before@type_info@@QBEHABV1@@Z
?name@type_info@@QBEPBDPAU__type_info_node@@@Z
?raw_name@type_info@@QBEPBDXZ
?set_new_handler@@YAP6AXXZP6AXXZ@Z
?set_terminate@@YAP6AXXZH@Z
?set_terminate@@YAP6AXXZP6AXXZ@Z
?set_unexpected@@YAP6AXXZH@Z
?set_unexpected@@YAP6AXXZP6AXXZ@Z
?swprintf@@YAHPAGIPBGZZ
?swprintf@@YAHPA_WIPB_WZZ
?terminate@@YAXXZ
?unexpected@@YAXXZ
?vswprintf@@YAHPA_WIPB_WPAD@Z
?what@exception@std@@UBEPBDXZ
_CIacos
_CIasin
_CIatan
_CIatan2
_CIcos
_CIcosh
_CIexp
_CIfmod
_CIlog
_CIlog10
_CIpow
_CIsin
_CIsinh
_CIsqrt
_CItan
_CItanh
_CRT_RTC_INIT
_CRT_RTC_INITW
_CreateFrameInfo
_CxxThrowException
_EH_prolog
_FindAndUnlinkFrame
_Getdays
_Getmonths
_Gettnames
_HUGE
_IsExceptionObjectToBeDestroyed
_NLG_Dispatch2
_NLG_Return
_NLG_Return2
_Strftime
_XcptFilter
__AdjustPointer
__BuildCatchObject
__BuildCatchObjectHelper
__CppXcptFilter
__CxxCallUnwindDelDtor
__CxxCallUnwindDtor
__CxxCallUnwindStdDelDtor
__CxxCallUnwindVecDtor
__CxxDetectRethrow
__CxxExceptionFilter
__CxxFrameHandler
__CxxFrameHandler2
__CxxFrameHandler3
__CxxLongjmpUnwind
__CxxQueryExceptionSize
__CxxRegisterExceptionObject
__CxxUnregisterExceptionObject
__DestructExceptionObject
__FrameUnwindFilter
__RTCastToVoid
__RTDynamicCast
__RTtypeid
__STRINGTOLD
__STRINGTOLD_L
__TypeMatch
___fls_getvalue@4
___fls_setvalue@8
___lc_codepage_func
___lc_collate_cp_func
___lc_handle_func
___mb_cur_max_func
___mb_cur_max_l_func
___setlc_active_func
___unguarded_readlc_active_add_func
__argc
__argv
__badioinfo
__clean_type_info_names_internal
__control87_2
__create_locale
__crtCompareStringA
__crtCompareStringW
__crtGetLocaleInfoW
__crtGetStringTypeW
__crtLCMapStringA
__crtLCMapStringW
__daylight
__dllonexit
__doserrno
__dstbias
__fpecode
__free_locale
__get_app_type
__get_current_locale
__get_flsindex
__get_tlsindex
__getmainargs
__initenv
__iob_func
__isascii
__iscsym
__iscsymf
__iswcsym
__iswcsymf
__lc_clike
__lc_codepage
__lc_collate_cp
__lc_handle
__lconv
__lconv_init
__libm_sse2_acos
__libm_sse2_acosf
__libm_sse2_asin
__libm_sse2_asinf
__libm_sse2_atan
__libm_sse2_atan2
__libm_sse2_atanf
__libm_sse2_cos
__libm_sse2_cosf
__libm_sse2_exp
__libm_sse2_expf
__libm_sse2_log
__libm_sse2_log10
__libm_sse2_log10f
__libm_sse2_logf
__libm_sse2_pow
__libm_sse2_powf
__libm_sse2_sin
__libm_sse2_sinf
__libm_sse2_tan
__libm_sse2_tanf
__mb_cur_max
__p___argc
__p___argv
__p___initenv
__p___mb_cur_max
__p___wargv
__p___winitenv
__p__acmdln
__p__amblksiz
__p__commode
__p__daylight
__p__dstbias
__p__environ
__p__fmode
__p__iob
__p__mbcasemap
__p__mbctype
__p__pctype
__p__pgmptr
__p__pwctype
__p__timezone
__p__tzname
__p__wcmdln
__p__wenviron
__p__wpgmptr
__pctype_func
__pioinfo
__pwctype_func
__pxcptinfoptrs
__report_gsfailure
__set_app_type
__set_flsgetvalue
__setlc_active
__setusermatherr
__strncnt
__swprintf_l
__sys_errlist
__sys_nerr
__threadhandle
__threadid
__timezone
__toascii
__tzname
__unDName
__unDNameEx
__unDNameHelper
__uncaught_exception
__unguarded_readlc_active
__vswprintf_l
__wargv
__wcserror
__wcserror_s
__wcsncnt
__wgetmainargs
__winitenv
_abnormal_termination
_abs64
_access
_access_s
_acmdln
_adj_fdiv_m16i
_adj_fdiv_m32
_adj_fdiv_m32i
_adj_fdiv_m64
_adj_fdiv_r
_adj_fdivr_m16i
_adj_fdivr_m32
_adj_fdivr_m32i
_adj_fdivr_m64
_adj_fpatan
_adj_fprem
_adj_fprem1
_adj_fptan
_adjust_fdiv
_aexit_rtn
_aligned_free
_aligned_malloc
_aligned_msize
_aligned_offset_malloc
_aligned_offset_realloc
_aligned_offset_recalloc
_aligned_realloc
_aligned_recalloc
_amsg_exit
_assert
_atodbl
_atodbl_l
_atof_l
_atoflt
_atoflt_l
_atoi64
_atoi64_l
_atoi_l
_atol_l
_atoldbl
_atoldbl_l
_beep
_beginthread
_beginthreadex
_byteswap_uint64
_byteswap_ulong
_byteswap_ushort
_c_exit
_cabs
_callnewh
_calloc_crt
_cexit
_cgets
_cgets_s
_cgetws
_cgetws_s
_chdir
_chdrive
_chgsign
_chkesp
_chmod
_chsize
_chsize_s
_clearfp
_close
_commit
_commode
_configthreadlocale
_control87
_controlfp
_controlfp_s
_copysign
_cprintf
_cprintf_l
_cprintf_p
_cprintf_p_l
_cprintf_s
_cprintf_s_l
_cputs
_cputws
_creat
_create_locale
_crt_debugger_hook
_cscanf
_cscanf_l
_cscanf_s
_cscanf_s_l
_ctime32
_ctime32_s
_ctime64
_ctime64_s
_cwait
_cwprintf
_cwprintf_l
_cwprintf_p
_cwprintf_p_l
_cwprintf_s
_cwprintf_s_l
_cwscanf
_cwscanf_l
_cwscanf_s
_cwscanf_s_l
_daylight
_decode_pointer
_difftime32
_difftime64
_dosmaperr
_dstbias
_dup
_dup2
_dupenv_s
_ecvt
_ecvt_s
_encode_pointer
_encoded_null
_endthread
_endthreadex
_environ
_eof
_errno
_except_handler2
_except_handler3
_except_handler4_common
_execl
_execle
_execlp
_execlpe
_execv
_execve
_execvp
_execvpe
_exit
_expand
_fclose_nolock
_fcloseall
_fcvt
_fcvt_s
_fdopen
_fflush_nolock
_fgetchar
_fgetwc_nolock
_fgetwchar
_filbuf
_filelength
_filelengthi64
_fileno
_findclose
_findfirst32
_findfirst32i64
_findfirst64
_findfirst64i32
_findnext32
_findnext32i64
_findnext64
_findnext64i32
_finite
_flsbuf
_flushall
_fmode
_fpclass
_fpieee_flt
_fpreset
_fprintf_l
_fprintf_p
_fprintf_p_l
_fprintf_s_l
_fputchar
_fputwc_nolock
_fputwchar
_fread_nolock
_fread_nolock_s
_free_locale
_freea
_freea_s
_freefls
_fscanf_l
_fscanf_s_l
_fseek_nolock
_fseeki64
_fseeki64_nolock
_fsopen
_fstat32
_fstat32i64
_fstat64
_fstat64i32
_ftell_nolock
_ftelli64
_ftelli64_nolock
_ftime32
_ftime32_s
_ftime64
_ftime64_s
_ftol
_fullpath
_futime32
_futime64
_fwprintf_l
_fwprintf_p
_fwprintf_p_l
_fwprintf_s_l
_fwrite_nolock
_fwscanf_l
_fwscanf_s_l
_gcvt
_gcvt_s
_get_amblksiz
_get_current_locale
_get_daylight
_get_doserrno
_get_dstbias
_get_errno
_get_fmode
_get_heap_handle
_get_invalid_parameter_handler
_get_osfhandle
_get_output_format
_get_pgmptr
_get_printf_count_output
_get_purecall_handler
_get_sbh_threshold
_get_terminate
_get_timezone
_get_tzname
_get_unexpected
_get_wpgmptr
_getc_nolock
_getch
_getch_nolock
_getche
_getche_nolock
_getcwd
_getdcwd
_getdcwd_nolock
_getdiskfree
_getdllprocaddr
_getdrive
_getdrives
_getmaxstdio
_getmbcp
_getpid
_getptd
_getsystime
_getw
_getwch
_getwch_nolock
_getwche
_getwche_nolock
_getws
_getws_s
_global_unwind2
_gmtime32

Sections

.text
Size: 598KB - Virtual size: 598KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 17KB - Virtual size: 25KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 968B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/sppinst.dll
.dll windows:10 windows x64 arch:x64

bad65dbeacd0fec7bc112c5f4dea09f2

Code Sign

33:00:00:04:13:31:bc:19:88:07:a9:07:74:00:00:00:00:04:13
Certificate

Issuer

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

03/02/2023, 00:05

Not After

01/02/2024, 00:05

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:07:76:56:00:00:00:00:00:08
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

19/10/2011, 18:41

Not After

19/10/2026, 18:51

Subject

CN=Microsoft Windows Production PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

76:bf:a9:a2:93:b3:ba:77:21:4b:13:2c:65:64:8a:4c:50:4f:ae:2f:35:b5:8a:e5:cf:0e:73:07:eb:29:31:00
Signer

Actual PE Digest

76:bf:a9:a2:93:b3:ba:77:21:4b:13:2c:65:64:8a:4c:50:4f:ae:2f:35:b5:8a:e5:cf:0e:73:07:eb:29:31:00

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_HIGH_ENTROPY_VA
IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

sppinst.pdb

Imports

msvcrt

_unlock
_lock
_onexit
memcpy
malloc
free
_amsg_exit
__dllonexit
__C_specific_handler
memmove
_vsnwprintf
_XcptFilter
_initterm
_purecall
memcmp
memset

ntdll

RtlCaptureContext
RtlLookupFunctionEntry
RtlVirtualUnwind

oleaut32

SysFreeString

api-ms-win-core-heap-l1-1-0

HeapAlloc
GetProcessHeap
HeapFree

api-ms-win-core-libraryloader-l1-1-0

FreeLibrary
GetProcAddress
DisableThreadLibraryCalls
GetModuleHandleExW
LoadLibraryExW

api-ms-win-core-errorhandling-l1-1-0

RaiseException
GetLastError
SetLastError
UnhandledExceptionFilter
SetUnhandledExceptionFilter

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-core-registry-l1-1-0

RegQueryValueExW
RegOpenKeyExW
RegCloseKey

api-ms-win-core-util-l1-1-0

EncodePointer
DecodePointer

api-ms-win-core-synch-l1-1-0

CreateEventW
DeleteCriticalSection
EnterCriticalSection
InitializeCriticalSectionAndSpinCount
WaitForSingleObject
ReleaseSemaphore
SetEvent
LeaveCriticalSection

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-string-l1-1-0

MultiByteToWideChar
WideCharToMultiByte

api-ms-win-core-heap-obsolete-l1-1-0

LocalAlloc
LocalFree

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemTimeAsFileTime
GetVersionExA

api-ms-win-core-kernel32-legacy-l1-1-0

CreateSemaphoreW

api-ms-win-core-processthreads-l1-1-0

GetCurrentProcess
GetCurrentProcessId
TerminateProcess
GetCurrentThreadId

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

Exports

Exports

DllCanUnloadNow
DllGetClassObject

Sections

.text
Size: 22KB - Virtual size: 21KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.pdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 148B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/dll/webengine.dll
.dll windows:6 windows x86 arch:x86

8603c13963bd7ceef1ddddf8b79927cc

Code Sign

33:00:00:01:2e:8f:84:66:68:39:bf:05:bd:00:00:00:00:01:2e
Certificate

Issuer

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06/09/2019, 20:40

Not After

04/12/2020, 20:40

Subject

CN=Microsoft Time-Stamp Service,OU=Microsoft Operations Puerto Rico+OU=Thales TSS ESN:B1B7-F67F-FEC2,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:16:68:34:00:00:00:00:00:1c
Certificate

Issuer

CN=Microsoft Root Certificate Authority,0.9.2342.19200300.100.1.25=#13096d6963726f736f6674,0.9.2342.19200300.100.1.25=#1303636f6d

Not Before

03/04/2007, 12:53

Not After

03/04/2021, 13:03

Subject

CN=Microsoft Time-Stamp PCA,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

33:00:00:01:51:9e:8d:8f:40:71:a3:0e:41:00:00:00:00:01:51
Certificate

Issuer

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

02/05/2019, 21:37

Not After

02/05/2020, 21:37

Subject

CN=Microsoft Corporation,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0e:90:d2:00:00:00:00:00:03
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

08/07/2011, 20:59

Not After

08/07/2026, 21:09

Subject

CN=Microsoft Code Signing PCA 2011,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

61:85:b6:26:52:d4:c2:3c:63:60:5e:1c:d0:5a:0e:8d:58:c7:4c:3b:e6:d4:8d:d3:61:3f:42:96:5e:62:93:91
Signer

Actual PE Digest

61:85:b6:26:52:d4:c2:3c:63:60:5e:1c:d0:5a:0e:8d:58:c7:4c:3b:e6:d4:8d:d3:61:3f:42:96:5e:62:93:91

Digest Algorithm

sha256

PE Digest Matches

true

20:c5:ff:9d:5c:a9:db:ce:50:3d:f3:af:0a:da:94:91:ae:70:88:5d
Signer

Actual PE Digest

20:c5:ff:9d:5c:a9:db:ce:50:3d:f3:af:0a:da:94:91:ae:70:88:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

webengine.pdb

Imports

kernel32

DisableThreadLibraryCalls
GetModuleFileNameW
GetProcAddress
lstrlenW
LoadLibraryW
GetCurrentProcess
IsProcessorFeaturePresent
SetUnhandledExceptionFilter
UnhandledExceptionFilter
IsDebuggerPresent
InitializeSListHead
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
TerminateProcess

vcruntime140_clr0400

memset
_except_handler4_common
__std_type_info_destroy_list

ucrtbase_clr0400

_execute_onexit_table
_initialize_onexit_table
_configure_narrow_argv
_seh_filter_dll
_initterm_e
_initterm
_cexit
_initialize_narrow_environment

Exports

Exports

GetIsapiProcessHost

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 904B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 1024B - Virtual size: 980B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 336B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
updates/res_mods/1.25.0.0/readme.txt
updates/res_mods/GdiPlus.dll
.dll windows:10 windows x86 arch:x86

a56220c2309938f551658c7cdd527f0f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

gdiplus.pdb

Imports

msvcrt

_lock
_initterm
malloc
_unlock
_XcptFilter
_vsnprintf
wcsnlen
_wcsdup
__dllonexit
wcscpy_s
_wcsupr_s
wcsncpy_s
wcsrchr
memcpy
memcmp
floor
_finite
wcsstr
wcsncmp
_wtoi
_onexit
_except_handler4_common
memmove
free
_amsg_exit
memmove_s
_purecall
memcpy_s
_vsnwprintf
_resetstkoflw
_CIatan
_CIatan2
_CIcos
_CIexp
_CIfmod
_CIlog
_CIsin
_CIsqrt
_ftol2
_ftol2_sse
memset

api-ms-win-core-libraryloader-l1-2-0

LoadLibraryExW
FindResourceExW
GetModuleHandleA
LoadResource
FreeLibrary
LoadLibraryExA
DisableThreadLibraryCalls
GetModuleHandleW
GetModuleFileNameW
GetProcAddress
LockResource
GetModuleHandleExW
GetModuleFileNameA
FreeLibraryAndExitThread

api-ms-win-core-synch-l1-1-0

ReleaseSemaphore
LeaveCriticalSection
SetEvent
CreateEventA
DeleteCriticalSection
EnterCriticalSection
OpenSemaphoreW
InitializeCriticalSection
InitializeCriticalSectionEx
WaitForSingleObject
ReleaseSRWLockShared
CreateSemaphoreExW
ReleaseMutex
ReleaseSRWLockExclusive
WaitForSingleObjectEx
AcquireSRWLockExclusive
AcquireSRWLockShared
CreateMutexExW

api-ms-win-core-heap-l1-1-0

HeapCreate
HeapFree
GetProcessHeap
HeapAlloc
HeapReAlloc
HeapDestroy

api-ms-win-core-errorhandling-l1-1-0

GetLastError
UnhandledExceptionFilter
SetLastError
SetUnhandledExceptionFilter

api-ms-win-core-threadpool-l1-2-0

SetThreadpoolTimer
CloseThreadpoolTimer
CreateThreadpoolTimer
WaitForThreadpoolTimerCallbacks

api-ms-win-core-processthreads-l1-1-0

TerminateProcess
GetCurrentThreadId
GetCurrentProcess
OpenProcessToken
GetCurrentProcessId
CreateThread

api-ms-win-core-localization-l1-2-0

IsDBCSLeadByteEx
LocaleNameToLCID
ConvertDefaultLocale
FormatMessageW
GetLocaleInfoW
IsValidLocale
GetACP
GetSystemDefaultLCID

api-ms-win-core-debug-l1-1-0

DebugBreak
IsDebuggerPresent
OutputDebugStringW

api-ms-win-core-handle-l1-1-0

CloseHandle

api-ms-win-eventing-provider-l1-1-0

EventUnregister
EventWriteTransfer
EventSetInformation
EventRegister

api-ms-win-core-com-l1-1-0

CoTaskMemFree
PropVariantClear
CreateStreamOnHGlobal
CoTaskMemAlloc

api-ms-win-core-heap-l2-1-0

LocalAlloc
LocalReAlloc
GlobalAlloc
GlobalFree
LocalFree

api-ms-win-core-file-l1-1-0

SetFilePointer
GetFileTime
GetFileInformationByHandle
CreateFileA
ReadFile
WriteFile
CreateFileW
LockFile
FlushFileBuffers
GetFileSize
SetEndOfFile
UnlockFile

api-ms-win-core-memory-l1-1-0

VirtualAlloc
MapViewOfFile
UnmapViewOfFile
VirtualFree

api-ms-win-core-string-l1-1-0

WideCharToMultiByte
CompareStringW
MultiByteToWideChar

api-ms-win-security-base-l1-1-0

GetTokenInformation

api-ms-win-core-sysinfo-l1-1-0

GetTickCount
GetSystemDirectoryW
GetSystemTimeAsFileTime
GetVersionExA
GetSystemInfo

api-ms-win-core-processenvironment-l1-1-0

SearchPathW

api-ms-win-core-rtlsupport-l1-2-0

RtlRaiseException

api-ms-win-core-synch-l1-2-0

Sleep

api-ms-win-core-profile-l1-1-0

QueryPerformanceCounter

api-ms-win-core-libraryloader-l1-2-1

FindResourceW

api-ms-win-core-processthreads-l1-1-1

IsProcessorFeaturePresent

api-ms-win-core-kernel32-legacy-l1-1-0

CreateFileMappingA
MulDiv

api-ms-win-core-heap-obsolete-l1-1-0

GlobalLock
GlobalSize
GlobalUnlock

api-ms-win-core-string-obsolete-l1-1-0

lstrcmpiW

user32

WindowFromDC
GetWindowRect
GetSysColor
DefWindowProcW
RegisterClassW
RegisterWindowMessageW
CreateWindowExW
SetWindowPos
DestroyWindow
UnregisterClassW
MsgWaitForMultipleObjects
PeekMessageW
TranslateMessage
GetClientRect
GetIconInfo
CreateIconIndirect
GetDCEx
GetWindowLongW
GetClassLongW
ClientToScreen
IntersectRect
IsRectEmpty
LoadImageW
GetSystemMetrics
SystemParametersInfoW
GetDC
ReleaseDC
DispatchMessageW
InflateRect
SetRectEmpty
UnionRect
GetDesktopWindow
OffsetRect

gdi32

SetICMMode
LPtoDP
GetDCOrgEx
GetRandomRgn
GetDeviceCaps
ArcTo
SetArcDirection
SetPaletteEntries
ResizePalette
RoundRect
Ellipse
Pie
Chord
Arc
AngleArc
PolyDraw
GetPath
AbortPath
FlattenPath
WidenPath
GetTextCharset
GetCurrentPositionEx
GetWinMetaFileBits
PlayEnhMetaFile
ExcludeClipRect
GetRgnBox
OffsetClipRgn
PlgBlt
BitBlt
OffsetViewportOrgEx
SetMapperFlags
CombineTransform
ScaleViewportExtEx
ScaleWindowExtEx
IsValidEnhMetaRecordOffExt
CreatePen
CreateDIBitmap
CreatePatternBrush
EnumFontsW
GetClipRgn
ExtCreateRegion
SelectClipPath
PolyPolyline
Polyline
StrokeAndFillPath
FillPath
PolyBezier
SetPolyFillMode
LineTo
ModifyWorldTransform
GetGraphicsMode
ExtTextOutA
ExtSelectClipRgn
GetPixel
SetMiterLimit
FillRgn
CreateSolidBrush
StrokePath
EndPath
CloseFigure
PolylineTo
PolyBezierTo
MoveToEx
BeginPath
StretchBlt
GetNearestPaletteIndex
CreateCompatibleBitmap
GetNearestColor
SetStretchBltMode
PolyPolygon
PlayMetaFileRecord
SetTextJustification
SetTextAlign
Polygon
IntersectClipRect
CreatePenIndirect
ExtCreatePen
DPtoLP
CreateDIBPatternBrushPt
Rectangle
SetROP2
GetROP2
GetWorldTransform
CombineRgn
StretchDIBits
GetPolyFillMode
GetArcDirection
GetTextAlign
GetBkMode
GetMiterLimit
GetWindowExtEx
GetViewportExtEx
GetWindowOrgEx
GetMapMode
SelectClipRgn
SetBrushOrgEx
GetTextColor
GetBkColor
TranslateCharsetInfo
GetTextCharsetInfo
ExtTextOutW
SetBitmapBits
GetDCDpiScaleValue
SetDIBColorTable
CreateEnhMetaFileW
GdiComment
GetEnhMetaFileBits
CopyMetaFileA
CopyEnhMetaFileA
GetEnhMetaFileW
GetMetaFileW
GetObjectType
GetEnhMetaFileHeader
GetMetaFileBitsEx
SetMetaFileBitsEx
CloseEnhMetaFile
PlayMetaFile
CreateEnhMetaFileA
SetEnhMetaFileBits
DeleteMetaFile
DeleteEnhMetaFile
SetWorldTransform
SetGraphicsMode
SetViewportExtEx
SetViewportOrgEx
SetWindowExtEx
SetWindowOrgEx
SetMapMode
SaveDC
SetMetaRgn
EnumMetaFile
EnumEnhMetaFile
PlayEnhMetaFileRecord
RestoreDC
DrawEscape
CreateICA
EnumFontFamiliesExW
GetTextFaceW
GetTextMetricsW
CreateFontIndirectA
CreateFontIndirectW
RealizePalette
GetPaletteEntries
SetDIBits
SetBkMode
SetBkColor
SetTextColor
CreateBitmap
PatBlt
CreateBrushIndirect
GdiFlush
CreateDIBSection
GetObjectW
GetStockObject
GetDIBColorTable
DeleteDC
GetDIBits
SelectObject
CreateCompatibleDC
SelectPalette
Escape
ExtEscape
GetObjectA
GetCurrentObject
DeleteObject
GetViewportOrgEx
GetRegionData
GetSystemPaletteEntries
CreatePalette
GetSystemPaletteUse
ScaleRgn
CreateRectRgn

api-ms-win-core-delayload-l1-1-1

ResolveDelayLoadedAPI

api-ms-win-core-delayload-l1-1-0

DelayLoadFailureHook

Exports

Exports

GdipAddPathArc
GdipAddPathArcI
GdipAddPathBezier
GdipAddPathBezierI
GdipAddPathBeziers
GdipAddPathBeziersI
GdipAddPathClosedCurve
GdipAddPathClosedCurve2
GdipAddPathClosedCurve2I
GdipAddPathClosedCurveI
GdipAddPathCurve
GdipAddPathCurve2
GdipAddPathCurve2I
GdipAddPathCurve3
GdipAddPathCurve3I
GdipAddPathCurveI
GdipAddPathEllipse
GdipAddPathEllipseI
GdipAddPathLine
GdipAddPathLine2
GdipAddPathLine2I
GdipAddPathLineI
GdipAddPathPath
GdipAddPathPie
GdipAddPathPieI
GdipAddPathPolygon
GdipAddPathPolygonI
GdipAddPathRectangle
GdipAddPathRectangleI
GdipAddPathRectangles
GdipAddPathRectanglesI
GdipAddPathString
GdipAddPathStringI
GdipAlloc
GdipBeginContainer
GdipBeginContainer2
GdipBeginContainerI
GdipBitmapApplyEffect
GdipBitmapConvertFormat
GdipBitmapCreateApplyEffect
GdipBitmapGetHistogram
GdipBitmapGetHistogramSize
GdipBitmapGetPixel
GdipBitmapLockBits
GdipBitmapSetPixel
GdipBitmapSetResolution
GdipBitmapUnlockBits
GdipClearPathMarkers
GdipCloneBitmapArea
GdipCloneBitmapAreaI
GdipCloneBrush
GdipCloneCustomLineCap
GdipCloneFont
GdipCloneFontFamily
GdipCloneImage
GdipCloneImageAttributes
GdipCloneMatrix
GdipClonePath
GdipClonePen
GdipCloneRegion
GdipCloneStringFormat
GdipClosePathFigure
GdipClosePathFigures
GdipCombineRegionPath
GdipCombineRegionRect
GdipCombineRegionRectI
GdipCombineRegionRegion
GdipComment
GdipConvertToEmfPlus
GdipConvertToEmfPlusToFile
GdipConvertToEmfPlusToStream
GdipCreateAdjustableArrowCap
GdipCreateBitmapFromDirectDrawSurface
GdipCreateBitmapFromFile
GdipCreateBitmapFromFileICM
GdipCreateBitmapFromGdiDib
GdipCreateBitmapFromGraphics
GdipCreateBitmapFromHBITMAP
GdipCreateBitmapFromHICON
GdipCreateBitmapFromResource
GdipCreateBitmapFromScan0
GdipCreateBitmapFromStream
GdipCreateBitmapFromStreamICM
GdipCreateCachedBitmap
GdipCreateCustomLineCap
GdipCreateEffect
GdipCreateFont
GdipCreateFontFamilyFromName
GdipCreateFontFromDC
GdipCreateFontFromLogfontA
GdipCreateFontFromLogfontW
GdipCreateFromHDC
GdipCreateFromHDC2
GdipCreateFromHWND
GdipCreateFromHWNDICM
GdipCreateHBITMAPFromBitmap
GdipCreateHICONFromBitmap
GdipCreateHalftonePalette
GdipCreateHatchBrush
GdipCreateImageAttributes
GdipCreateLineBrush
GdipCreateLineBrushFromRect
GdipCreateLineBrushFromRectI
GdipCreateLineBrushFromRectWithAngle
GdipCreateLineBrushFromRectWithAngleI
GdipCreateLineBrushI
GdipCreateMatrix
GdipCreateMatrix2
GdipCreateMatrix3
GdipCreateMatrix3I
GdipCreateMetafileFromEmf
GdipCreateMetafileFromFile
GdipCreateMetafileFromStream
GdipCreateMetafileFromWmf
GdipCreateMetafileFromWmfFile
GdipCreatePath
GdipCreatePath2
GdipCreatePath2I
GdipCreatePathGradient
GdipCreatePathGradientFromPath
GdipCreatePathGradientI
GdipCreatePathIter
GdipCreatePen1
GdipCreatePen2
GdipCreateRegion
GdipCreateRegionHrgn
GdipCreateRegionPath
GdipCreateRegionRect
GdipCreateRegionRectI
GdipCreateRegionRgnData
GdipCreateSolidFill
GdipCreateStreamOnFile
GdipCreateStringFormat
GdipCreateTexture
GdipCreateTexture2
GdipCreateTexture2I
GdipCreateTextureIA
GdipCreateTextureIAI
GdipDeleteBrush
GdipDeleteCachedBitmap
GdipDeleteCustomLineCap
GdipDeleteEffect
GdipDeleteFont
GdipDeleteFontFamily
GdipDeleteGraphics
GdipDeleteMatrix
GdipDeletePath
GdipDeletePathIter
GdipDeletePen
GdipDeletePrivateFontCollection
GdipDeleteRegion
GdipDeleteStringFormat
GdipDisposeImage
GdipDisposeImageAttributes
GdipDrawArc
GdipDrawArcI
GdipDrawBezier
GdipDrawBezierI
GdipDrawBeziers
GdipDrawBeziersI
GdipDrawCachedBitmap
GdipDrawClosedCurve
GdipDrawClosedCurve2
GdipDrawClosedCurve2I
GdipDrawClosedCurveI
GdipDrawCurve
GdipDrawCurve2
GdipDrawCurve2I
GdipDrawCurve3
GdipDrawCurve3I
GdipDrawCurveI
GdipDrawDriverString
GdipDrawEllipse
GdipDrawEllipseI
GdipDrawImage
GdipDrawImageFX
GdipDrawImageI
GdipDrawImagePointRect
GdipDrawImagePointRectI
GdipDrawImagePoints
GdipDrawImagePointsI
GdipDrawImagePointsRect
GdipDrawImagePointsRectI
GdipDrawImageRect
GdipDrawImageRectI
GdipDrawImageRectRect
GdipDrawImageRectRectI
GdipDrawLine
GdipDrawLineI
GdipDrawLines
GdipDrawLinesI
GdipDrawPath
GdipDrawPie
GdipDrawPieI
GdipDrawPolygon
GdipDrawPolygonI
GdipDrawRectangle
GdipDrawRectangleI
GdipDrawRectangles
GdipDrawRectanglesI
GdipDrawString
GdipEmfToWmfBits
GdipEndContainer
GdipEnumerateMetafileDestPoint
GdipEnumerateMetafileDestPointI
GdipEnumerateMetafileDestPoints
GdipEnumerateMetafileDestPointsI
GdipEnumerateMetafileDestRect
GdipEnumerateMetafileDestRectI
GdipEnumerateMetafileSrcRectDestPoint
GdipEnumerateMetafileSrcRectDestPointI
GdipEnumerateMetafileSrcRectDestPoints
GdipEnumerateMetafileSrcRectDestPointsI
GdipEnumerateMetafileSrcRectDestRect
GdipEnumerateMetafileSrcRectDestRectI
GdipFillClosedCurve
GdipFillClosedCurve2
GdipFillClosedCurve2I
GdipFillClosedCurveI
GdipFillEllipse
GdipFillEllipseI
GdipFillPath
GdipFillPie
GdipFillPieI
GdipFillPolygon
GdipFillPolygon2
GdipFillPolygon2I
GdipFillPolygonI
GdipFillRectangle
GdipFillRectangleI
GdipFillRectangles
GdipFillRectanglesI
GdipFillRegion
GdipFindFirstImageItem
GdipFindNextImageItem
GdipFlattenPath
GdipFlush
GdipFree
GdipGetAdjustableArrowCapFillState
GdipGetAdjustableArrowCapHeight
GdipGetAdjustableArrowCapMiddleInset
GdipGetAdjustableArrowCapWidth
GdipGetAllPropertyItems
GdipGetBrushType
GdipGetCellAscent
GdipGetCellDescent
GdipGetClip
GdipGetClipBounds
GdipGetClipBoundsI
GdipGetCompositingMode
GdipGetCompositingQuality
GdipGetCustomLineCapBaseCap
GdipGetCustomLineCapBaseInset
GdipGetCustomLineCapStrokeCaps
GdipGetCustomLineCapStrokeJoin
GdipGetCustomLineCapType
GdipGetCustomLineCapWidthScale
GdipGetDC
GdipGetDpiX
GdipGetDpiY
GdipGetEffectParameterSize
GdipGetEffectParameters
GdipGetEmHeight
GdipGetEncoderParameterList
GdipGetEncoderParameterListSize
GdipGetFamily
GdipGetFamilyName
GdipGetFontCollectionFamilyCount
GdipGetFontCollectionFamilyList
GdipGetFontHeight
GdipGetFontHeightGivenDPI
GdipGetFontSize
GdipGetFontStyle
GdipGetFontUnit
GdipGetGenericFontFamilyMonospace
GdipGetGenericFontFamilySansSerif
GdipGetGenericFontFamilySerif
GdipGetHatchBackgroundColor
GdipGetHatchForegroundColor
GdipGetHatchStyle
GdipGetHemfFromMetafile
GdipGetImageAttributesAdjustedPalette
GdipGetImageBounds
GdipGetImageDecoders
GdipGetImageDecodersSize
GdipGetImageDimension
GdipGetImageEncoders
GdipGetImageEncodersSize
GdipGetImageFlags
GdipGetImageGraphicsContext
GdipGetImageHeight
GdipGetImageHorizontalResolution
GdipGetImageItemData
GdipGetImagePalette
GdipGetImagePaletteSize
GdipGetImagePixelFormat
GdipGetImageRawFormat
GdipGetImageThumbnail
GdipGetImageType
GdipGetImageVerticalResolution
GdipGetImageWidth
GdipGetInterpolationMode
GdipGetLineBlend
GdipGetLineBlendCount
GdipGetLineColors
GdipGetLineGammaCorrection
GdipGetLinePresetBlend
GdipGetLinePresetBlendCount
GdipGetLineRect
GdipGetLineRectI
GdipGetLineSpacing
GdipGetLineTransform
GdipGetLineWrapMode
GdipGetLogFontA
GdipGetLogFontW
GdipGetMatrixElements
GdipGetMetafileDownLevelRasterizationLimit
GdipGetMetafileHeaderFromEmf
GdipGetMetafileHeaderFromFile
GdipGetMetafileHeaderFromMetafile
GdipGetMetafileHeaderFromStream
GdipGetMetafileHeaderFromWmf
GdipGetNearestColor
GdipGetPageScale
GdipGetPageUnit
GdipGetPathData
GdipGetPathFillMode
GdipGetPathGradientBlend
GdipGetPathGradientBlendCount
GdipGetPathGradientCenterColor
GdipGetPathGradientCenterPoint
GdipGetPathGradientCenterPointI
GdipGetPathGradientFocusScales
GdipGetPathGradientGammaCorrection
GdipGetPathGradientPath
GdipGetPathGradientPointCount
GdipGetPathGradientPresetBlend
GdipGetPathGradientPresetBlendCount
GdipGetPathGradientRect
GdipGetPathGradientRectI
GdipGetPathGradientSurroundColorCount
GdipGetPathGradientSurroundColorsWithCount
GdipGetPathGradientTransform
GdipGetPathGradientWrapMode
GdipGetPathLastPoint
GdipGetPathPoints
GdipGetPathPointsI
GdipGetPathTypes
GdipGetPathWorldBounds
GdipGetPathWorldBoundsI
GdipGetPenBrushFill
GdipGetPenColor
GdipGetPenCompoundArray
GdipGetPenCompoundCount
GdipGetPenCustomEndCap
GdipGetPenCustomStartCap
GdipGetPenDashArray
GdipGetPenDashCap197819
GdipGetPenDashCount
GdipGetPenDashOffset
GdipGetPenDashStyle
GdipGetPenEndCap
GdipGetPenFillType
GdipGetPenLineJoin
GdipGetPenMiterLimit
GdipGetPenMode
GdipGetPenStartCap
GdipGetPenTransform
GdipGetPenUnit
GdipGetPenWidth
GdipGetPixelOffsetMode
GdipGetPointCount
GdipGetPropertyCount
GdipGetPropertyIdList
GdipGetPropertyItem
GdipGetPropertyItemSize
GdipGetPropertySize
GdipGetRegionBounds
GdipGetRegionBoundsI
GdipGetRegionData
GdipGetRegionDataSize
GdipGetRegionHRgn
GdipGetRegionScans
GdipGetRegionScansCount
GdipGetRegionScansI
GdipGetRenderingOrigin
GdipGetSmoothingMode
GdipGetSolidFillColor
GdipGetStringFormatAlign
GdipGetStringFormatDigitSubstitution
GdipGetStringFormatFlags
GdipGetStringFormatHotkeyPrefix
GdipGetStringFormatLineAlign
GdipGetStringFormatMeasurableCharacterRangeCount
GdipGetStringFormatTabStopCount
GdipGetStringFormatTabStops
GdipGetStringFormatTrimming
GdipGetTextContrast
GdipGetTextRenderingHint
GdipGetTextureImage
GdipGetTextureTransform
GdipGetTextureWrapMode
GdipGetVisibleClipBounds
GdipGetVisibleClipBoundsI
GdipGetWorldTransform
GdipGraphicsClear
GdipGraphicsSetAbort
GdipImageForceValidation
GdipImageGetFrameCount
GdipImageGetFrameDimensionsCount
GdipImageGetFrameDimensionsList
GdipImageRotateFlip
GdipImageSelectActiveFrame
GdipImageSetAbort
GdipInitializePalette
GdipInvertMatrix
GdipIsClipEmpty
GdipIsEmptyRegion
GdipIsEqualRegion
GdipIsInfiniteRegion
GdipIsMatrixEqual
GdipIsMatrixIdentity
GdipIsMatrixInvertible
GdipIsOutlineVisiblePathPoint
GdipIsOutlineVisiblePathPointI
GdipIsStyleAvailable
GdipIsVisibleClipEmpty
GdipIsVisiblePathPoint
GdipIsVisiblePathPointI
GdipIsVisiblePoint
GdipIsVisiblePointI
GdipIsVisibleRect
GdipIsVisibleRectI
GdipIsVisibleRegionPoint
GdipIsVisibleRegionPointI
GdipIsVisibleRegionRect
GdipIsVisibleRegionRectI
GdipLoadImageFromFile
GdipLoadImageFromFileICM
GdipLoadImageFromStream
GdipLoadImageFromStreamICM
GdipMeasureCharacterRanges
GdipMeasureDriverString
GdipMeasureString
GdipMultiplyLineTransform
GdipMultiplyMatrix
GdipMultiplyPathGradientTransform
GdipMultiplyPenTransform
GdipMultiplyTextureTransform
GdipMultiplyWorldTransform
GdipNewInstalledFontCollection
GdipNewPrivateFontCollection
GdipPathIterCopyData
GdipPathIterEnumerate
GdipPathIterGetCount
GdipPathIterGetSubpathCount
GdipPathIterHasCurve
GdipPathIterIsValid
GdipPathIterNextMarker
GdipPathIterNextMarkerPath
GdipPathIterNextPathType
GdipPathIterNextSubpath
GdipPathIterNextSubpathPath
GdipPathIterRewind
GdipPlayMetafileRecord
GdipPlayTSClientRecord
GdipPrivateAddFontFile
GdipPrivateAddMemoryFont
GdipRecordMetafile
GdipRecordMetafileFileName
GdipRecordMetafileFileNameI
GdipRecordMetafileI
GdipRecordMetafileStream
GdipRecordMetafileStreamI
GdipReleaseDC
GdipRemovePropertyItem
GdipResetClip
GdipResetImageAttributes
GdipResetLineTransform
GdipResetPageTransform
GdipResetPath
GdipResetPathGradientTransform
GdipResetPenTransform
GdipResetTextureTransform
GdipResetWorldTransform
GdipRestoreGraphics
GdipReversePath
GdipRotateLineTransform
GdipRotateMatrix
GdipRotatePathGradientTransform
GdipRotatePenTransform
GdipRotateTextureTransform
GdipRotateWorldTransform
GdipSaveAdd
GdipSaveAddImage
GdipSaveGraphics
GdipSaveImageToFile
GdipSaveImageToStream
GdipScaleLineTransform
GdipScaleMatrix

Sections

.text
Size: 1.3MB - Virtual size: 1.3MB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 11KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.didat
Size: 512B - Virtual size: 16B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 70KB - Virtual size: 70KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 37KB - Virtual size: 37KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
version.xml

Sharing

General

Malware Config

Signatures

Files

Password: 1234

Password: 1234

Password: 1234

be41bf7b8cc010b614bd36bbca606973

Code Sign

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9Certificate

Extended Key Usages

Key Usages

07:a6:1e:cf:a7:4c:c7:b2:ce:b4:20:35:c7:72:be:1dCertificate

Extended Key Usages

Key Usages

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16Certificate

Extended Key Usages

Key Usages

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5bCertificate

Extended Key Usages

Key Usages

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5aCertificate

Key Usages

cd:47:8d:2b:83:9b:58:d4:f6:84:e6:74:df:e4:1b:39:24:91:bc:59:dc:f8:9d:e9:91:9a:46:60:d9:b4:06:f2Signer

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

version

Sections

.text Size: 27KB - Virtual size: 27KB

.rdata Size: 11KB - Virtual size: 10KB

.data Size: 512B - Virtual size: 415KB

.ndata Size: - Virtual size: 516KB

.rsrc Size: 126KB - Virtual size: 126KB

.reloc Size: 4KB - Virtual size: 3KB

Password: 1234

40e63787dbd8b01e488b84c1b879e331

Code Sign

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5fCertificate

Extended Key Usages

61:07:76:56:00:00:00:00:00:08Certificate

Key Usages

f1:01:e3:e1:c5:ee:48:ab:ed:e3:6c:68:fb:4c:1e:a9:e4:95:a9:75:79:c0:94:fe:bd:90:3a:6f:29:ba:77:15Signer

Headers

DLL Characteristics

File Characteristics

PDB Paths

Imports

oleaut32

api-ms-win-core-errorhandling-l1-1-0

api-ms-win-core-heap-l1-1-0

api-ms-win-core-com-l1-1-0

api-ms-win-core-string-l1-1-0

api-ms-win-core-localization-l1-2-0

api-ms-win-core-string-obsolete-l1-1-0

api-ms-win-core-handle-l1-1-0

api-ms-win-core-winrt-error-l1-1-0

api-ms-win-core-synch-l1-1-0

api-ms-win-core-util-l1-1-0

api-ms-win-core-processthreads-l1-1-0

api-ms-win-core-libraryloader-l1-2-0

api-ms-win-core-debug-l1-1-0

api-ms-win-eventing-provider-l1-1-0

api-ms-win-core-string-l2-1-0

api-ms-win-core-registry-l1-1-0

ntdll

api-ms-win-core-profile-l1-1-0

api-ms-win-eventing-classicprovider-l1-1-0

rpcrt4

api-ms-win-core-synch-l1-2-0

propsys

08:ad:40:b2:60:d2:9c:4c:9f:5e:cd:a9:bd:93:ae:d9
Certificate

07:a6:1e:cf:a7:4c:c7:b2:ce:b4:20:35:c7:72:be:1d
Certificate

05:44:af:f3:94:9d:08:39:a6:bf:db:3f:5f:e5:61:16
Certificate

07:36:37:b7:24:54:7c:d8:47:ac:fd:28:66:2a:5e:5b
Certificate

0e:9b:18:8e:f9:d0:2d:e7:ef:db:50:e2:08:40:18:5a
Certificate

cd:47:8d:2b:83:9b:58:d4:f6:84:e6:74:df:e4:1b:39:24:91:bc:59:dc:f8:9d:e9:91:9a:46:60:d9:b4:06:f2
Signer

.text
Size: 27KB - Virtual size: 27KB

.rdata
Size: 11KB - Virtual size: 10KB

.data
Size: 512B - Virtual size: 415KB

.ndata
Size: - Virtual size: 516KB

.rsrc
Size: 126KB - Virtual size: 126KB

.reloc
Size: 4KB - Virtual size: 3KB

33:00:00:04:5f:f3:c9:6c:1a:7f:f7:da:1d:00:00:00:00:04:5f
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

f1:01:e3:e1:c5:ee:48:ab:ed:e3:6c:68:fb:4c:1e:a9:e4:95:a9:75:79:c0:94:fe:bd:90:3a:6f:29:ba:77:15
Signer

.text
Size: 1.7MB - Virtual size: 1.7MB

RT_CODE
Size: 14KB - Virtual size: 13KB

RT_BSS
Size: - Virtual size: 40B

.data
Size: 16KB - Virtual size: 40KB

.idata
Size: 11KB - Virtual size: 11KB

.didat
Size: 512B - Virtual size: 120B

RT_DATA
Size: 8KB - Virtual size: 7KB

RT_CONST
Size: 5KB - Virtual size: 4KB

.rsrc
Size: 11KB - Virtual size: 11KB

.reloc
Size: 50KB - Virtual size: 50KB

33:00:00:02:ed:2c:45:e4:c1:45:cf:48:44:00:00:00:00:02:ed
Certificate

61:07:76:56:00:00:00:00:00:08
Certificate

77:0a:c0:ca:0a:e2:c6:60:fe:a7:a0:4e:c6:66:a6:87:2a:4f:c7:08:16:f8:35:d1:f4:e3:f4:75:6d:43:3e:3c
Signer