EasyBCD2[.]4 (1)[.]exe

Sharing

Copy URL

Twitter E-mail

General

Target

EasyBCD2.4 (1).exe
Size

2.2MB
MD5

2e06476ebe1137f543ee7176d34716e7
SHA1

6eaa6aa0e829ce8af54213f6de77e748c4388e23
SHA256

0a94a43af2db7bdbada87b34bf03d3b221110d1ca21bbebec55b08767c1281cc
SHA512

4f038b1bab87a9c552672a69d2122800e5f6809c6230c2cea4f14000d0c8555393621af0e4e85ef9471a6527d9458a6315576aab9de10058b3c320549f9d0c1e
SSDEEP

49152:vHQLkhcj2sy/yOnZMS3NTQDxX7Cc8kRD7zei:vwLKcjW/yGMoN+Obk1zD

Score

3^/10

Malware Config

Signatures

Unsigned PE 13 IoCs

Checks for missing Authenticode signature.

resource
unpack001/$PLUGINSDIR/INetC.dll
unpack001/$PLUGINSDIR/InstallOptions.dll
unpack001/$PLUGINSDIR/System.dll
unpack001/$PLUGINSDIR/nsExec.dll
unpack001/NeoSmart.Localization.dll
unpack001/Newtonsoft.Json.dll
unpack001/bin/bcdboot.exe
unpack001/bin/bcdedit.exe
unpack001/bin/udefrag-kernel.dll
unpack001/bin/udefrag.dll
unpack001/bin/udefrag.exe
unpack001/bin/zenwinx.dll
unpack004/$PLUGINSDIR/System.dll

NSIS installer 4 IoCs

installer

resource	yara_rule
sample	nsis_installer_1
sample	nsis_installer_2
static1/unpack001/uninstall.exe	nsis_installer_1
static1/unpack001/uninstall.exe	nsis_installer_2

Files

EasyBCD2.4 (1).exe
.exe windows:4 windows x86 arch:x86

57e98d9a5a72c8d7ad8fb7a6a58b3daf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ba:8a:eb:c9:83:ee:22:11:b0:f9:7d:ca:f0:4d:41:4b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-10-2014 00:00

Not After

01-10-2019 23:59

Subject

CN=NeoSmart Technologies,O=NeoSmart Technologies,POSTALCODE=60634,STREET=4038 N McVicker Ave,L=Wheaton,ST=IL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

c3:40:3a:5a:56:cb:8a:9d:74:45:10:1a:f6:6d:8e:c0:49:28:b1:5b
Signer

Actual PE Digest

c3:40:3a:5a:56:cb:8a:9d:74:45:10:1a:f6:6d:8e:c0:49:28:b1:5b

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetCurrentDirectoryA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 68KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 64KB - Virtual size: 64KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$0/The NeoSmart Files.url
$PLUGINSDIR/INetC.dll
.dll windows:4 windows x86 arch:x86

8ef3613e48db9e7b48e33704238cd659

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

LoadLibraryA
LocalFree
lstrcpynA
DeleteFileA
CreateThread
WideCharToMultiByte
lstrcpyA
TerminateThread
LocalAlloc
MulDiv
WaitForSingleObject
GetModuleHandleA
ReadFile
lstrlenA
lstrcatA
GetTickCount
CreateFileA
GetFileSize
GetLastError
lstrcmpiA
CloseHandle
GetProcAddress
lstrcmpA
WriteFile
GlobalFree
GlobalAlloc
SleepEx
SetFilePointer

user32

RedrawWindow
GetMessageA
wsprintfA
DestroyWindow
EnableWindow
GetDlgItem
UpdateWindow
LoadIconA
SetWindowTextA
IsWindowVisible
SystemParametersInfoA
GetWindowLongA
GetParent
MessageBoxA
SetWindowLongA
DispatchMessageA
KillTimer
PostMessageA
GetWindowTextA
IsWindow
SendDlgItemMessageA
CreateDialogParamA
TranslateMessage
ShowWindow
IsDialogMessageA
GetWindowRect
SetTimer
SetDlgItemTextA
SetWindowPos
SendMessageA
GetClientRect
FindWindowExA

comctl32

ord17

wininet

InternetReadFile
InternetErrorDlg
HttpQueryInfoA
InternetQueryOptionA
InternetSetOptionA
FtpCreateDirectoryA
InternetConnectA
InternetWriteFile
InternetSetFilePointer
FtpOpenFileA
HttpEndRequestA
HttpAddRequestHeadersA
HttpSendRequestA
InternetOpenA
InternetGetLastResponseInfoA
InternetCrackUrlA
HttpOpenRequestA
HttpSendRequestExA
InternetCloseHandle

Exports

Exports

get
head
post
put

Sections

.text
Size: 14KB - Virtual size: 13KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/InstallOptions.dll
.dll windows:4 windows x86 arch:x86

610235b90207a63ccf481f0d4375d329

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetPrivateProfileIntA
GetCurrentDirectoryA
MultiByteToWideChar
GetPrivateProfileStringA
SetCurrentDirectoryA
GetModuleHandleA
lstrcmpiA
WritePrivateProfileStringA
lstrcatA
lstrcpynA
GlobalFree
lstrlenA
lstrcpyA
GlobalUnlock
GlobalAlloc
GlobalLock

user32

MapWindowPoints
PtInRect
CloseClipboard
LoadCursorA
GetDlgCtrlID
OpenClipboard
GetClientRect
SetWindowRgn
DrawFocusRect
LoadImageA
SetWindowLongA
CreateWindowExA
MapDialogRect
SetWindowPos
GetWindowRect
CreateDialogParamA
ShowWindow
DrawTextA
SetCursor
EnableWindow
GetDlgItem
DestroyIcon
DestroyWindow
DispatchMessageA
TranslateMessage
GetMessageA
IsDialogMessageA
CallWindowProcA
PostMessageA
MessageBoxA
GetSysColor
CharNextA
wsprintfA
GetWindowTextA
SetWindowTextA
SendMessageA
GetWindowLongA
EnableMenuItem
GetSystemMenu
GetClipboardData
LoadIconA

gdi32

DeleteObject
CombineRgn
SetTextColor
GetDIBits
SelectObject
CreateRectRgn
GetObjectA
CreateCompatibleDC

shell32

SHBrowseForFolderA
SHGetPathFromIDListA
ShellExecuteA
SHGetDesktopFolder

comdlg32

GetOpenFileNameA
GetSaveFileNameA
CommDlgExtendedError

ole32

CoTaskMemFree

Exports

Exports

dialog
initDialog
show

Sections

.text
Size: 7KB - Virtual size: 6KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 2KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 2KB - Virtual size: 10KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 512B - Virtual size: 152B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
$PLUGINSDIR/ioSpecial.ini
$PLUGINSDIR/modern-wizard.bmp
$PLUGINSDIR/nsExec.dll
.dll windows:4 windows x86 arch:x86

46f8b6973f33717335c0f6d8087de67b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

GetModuleHandleA
lstrlenA
GetExitCodeProcess
WaitForSingleObject
Sleep
TerminateProcess
GlobalReAlloc
GlobalUnlock
GlobalSize
lstrcpynA
ReadFile
PeekNamedPipe
GetTickCount
lstrcpyA
CreateProcessA
GetStartupInfoA
GetProcAddress
GetVersion
DeleteFileA
lstrcmpiA
GetCurrentProcess
CloseHandle
UnmapViewOfFile
MapViewOfFile
CreateFileMappingA
CreateFileA
CopyFileA
GetTempFileNameA
GlobalFree
GlobalAlloc
GetModuleFileNameA
ExitProcess
GetCommandLineA
CreatePipe
GlobalLock
lstrcatA

user32

SendMessageA
OemToCharBuffA
FindWindowExA
CharNextA
wsprintfA
CharPrevA

advapi32

InitializeSecurityDescriptor
SetSecurityDescriptorDacl

Exports

Exports

Exec
ExecToLog
ExecToStack

Sections

.text
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 512B - Virtual size: 458B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EasyBCD.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ba:8a:eb:c9:83:ee:22:11:b0:f9:7d:ca:f0:4d:41:4b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-10-2014 00:00

Not After

01-10-2019 23:59

Subject

CN=NeoSmart Technologies,O=NeoSmart Technologies,POSTALCODE=60634,STREET=4038 N McVicker Ave,L=Wheaton,ST=IL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

cb:a3:2c:5a:b0:72:f1:66:c5:00:bc:34:06:3d:16:dc:b8:ac:0e:2f
Signer

Actual PE Digest

cb:a3:2c:5a:b0:72:f1:66:c5:00:bc:34:06:3d:16:dc:b8:ac:0e:2f

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\GIT\EasyBCD\EasyBCD\bin\optimized\EasyBCD.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 885KB - Virtual size: 885KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 73KB - Virtual size: 72KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
EasyBCD.exe.config
.xml
LICENSE
NeoSmart.Localization.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Users\Mahmoud\source\repos\Localization\Localization\obj\Debug\NeoSmart.Localization.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 23KB - Virtual size: 22KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
Newtonsoft.Json.dll
.dll windows:4 windows x86 arch:x86

dae02f32a21e03ce65412f6e56942daa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_DLL

PDB Paths

C:\Development\Releases\Json\Working\Newtonsoft.Json\Working-Signed\Src\Newtonsoft.Json\obj\Release\Net20\Newtonsoft.Json.pdb

Imports

mscoree

_CorDllMain

Sections

.text
Size: 470KB - Virtual size: 469KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/BootGrabber.exe
.exe windows:5 windows x86 arch:x86

3bb6de0fe97e410e3173f97d03dcdc3f

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ba:8a:eb:c9:83:ee:22:11:b0:f9:7d:ca:f0:4d:41:4b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-10-2014 00:00

Not After

01-10-2019 23:59

Subject

CN=NeoSmart Technologies,O=NeoSmart Technologies,POSTALCODE=60634,STREET=4038 N McVicker Ave,L=Wheaton,ST=IL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

d2:cb:52:bd:7d:b6:bd:7e:3c:ee:bf:f9:f2:93:f3:0a:35:ae:22:5d
Signer

Actual PE Digest

d2:cb:52:bd:7d:b6:bd:7e:3c:ee:bf:f9:f2:93:f3:0a:35:ae:22:5d

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\GIT\EasyBCD\Release\BootGrabber.pdb

Imports

kernel32

CreateFileW
WriteFile
HeapDestroy
HeapSize
HeapReAlloc
HeapFree
HeapAlloc
GetProcessHeap
DefineDosDeviceW
WaitForSingleObject
GetFileAttributesW
GetModuleFileNameW
WideCharToMultiByte
SizeofResource
ReadFile
LoadResource
FindResourceW
FindResourceExW
InitializeCriticalSectionAndSpinCount
RaiseException
DeleteCriticalSection
GetCurrentProcess
LocalFree
GetExitCodeProcess
CreatePipe
DuplicateHandle
CreateProcessW
WriteConsoleW
SetFilePointerEx
GetLastError
DeviceIoControl
FindVolumeClose
FindNextVolumeW
GetVolumePathNamesForVolumeNameW
GetVolumeInformationW
FindFirstVolumeW
CloseHandle
FreeLibrary
GetProcAddress
LockResource
GetConsoleMode
GetConsoleCP
FlushFileBuffers
SetStdHandle
FindNextFileW
FindFirstFileExW
FindClose
IsDebuggerPresent
OutputDebugStringW
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
TerminateProcess
IsProcessorFeaturePresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
LoadLibraryExW
SetLastError
RtlUnwind
ExitProcess
GetModuleHandleExW
MultiByteToWideChar
GetStdHandle
GetCommandLineA
GetCommandLineW
GetACP
GetFileType
CompareStringW
LCMapStringW
GetStringTypeW
IsValidCodePage
GetOEMCP
GetCPInfo
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
LoadLibraryW

advapi32

SystemFunction036
AdjustTokenPrivileges
LookupPrivilegeValueW
FreeSid
OpenProcessToken
SetNamedSecurityInfoW
SetEntriesInAclW
AllocateAndInitializeSid
RegCloseKey
RegEnumValueW
RegOpenKeyExW

shlwapi

PathRemoveFileSpecW
PathAddBackslashW

version

VerQueryValueW
GetFileVersionInfoW
GetFileVersionInfoSizeW

Sections

.text
Size: 124KB - Virtual size: 124KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 40KB - Virtual size: 40KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 3KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 13B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/NST Downloader.exe
.exe windows:4 windows x86 arch:x86

f34d5f2d4577ed6d9ceec516c1f5a744

Code Sign

42:1a:f2:94:09:84:19:1f:52:0a:4b:c6:24:26:a7:4b
Certificate

Issuer

CN=AddTrust External CA Root,OU=AddTrust External TTP Network,O=AddTrust AB,C=SE

Not Before

07-06-2005 08:09

Not After

30-05-2020 10:48

Subject

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

47:8a:8e:fb:59:e1:d8:3f:0c:e1:42:d2:a2:87:07:be
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

10-05-2010 00:00

Not After

10-05-2015 23:59

Subject

CN=COMODO Time Stamping Signer,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature
KeyUsageContentCommitment

10:70:9d:4f:f5:54:08:d7:30:60:01:d8:ea:91:75:bb
Certificate

Issuer

CN=UTN-USERFirst-Object,OU=http://www.usertrust.com,O=The USERTRUST Network,L=Salt Lake City,ST=UT,C=US

Not Before

24-08-2011 00:00

Not After

30-05-2020 10:48

Subject

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

70:17:f7:e7:e2:fa:2c:79:fc:ec:1f:6e:54:62:27:a3
Certificate

Issuer

CN=COMODO Code Signing CA 2,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

28-10-2011 00:00

Not After

27-10-2014 23:59

Subject

CN=NeoSmart Technologies,O=NeoSmart Technologies,POSTALCODE=60634,STREET=4038 N McVicker Ave,L=Chicago,ST=IL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

df:86:23:f0:f7:1c:4e:eb:ad:23:fd:d4:c5:62:b6:1b:6e:1b:4b:4c
Signer

Actual PE Digest

df:86:23:f0:f7:1c:4e:eb:ad:23:fd:d4:c5:62:b6:1b:6e:1b:4b:4c

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\SVN\NST Downloader\trunk\NST Downloader\obj\Release\NST Downloader.pdb

Imports

mscoree

_CorExeMain

Sections

.text
Size: 9KB - Virtual size: 9KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 12B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/NetTest.exe
.exe windows:5 windows x86 arch:x86

985b895e753af60fbabd2758e677a2e0

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ba:8a:eb:c9:83:ee:22:11:b0:f9:7d:ca:f0:4d:41:4b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-10-2014 00:00

Not After

01-10-2019 23:59

Subject

CN=NeoSmart Technologies,O=NeoSmart Technologies,POSTALCODE=60634,STREET=4038 N McVicker Ave,L=Wheaton,ST=IL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

94:43:91:9f:19:74:b9:0e:e1:82:45:99:ef:48:51:9b:a8:8e:9c:71
Signer

Actual PE Digest

94:43:91:9f:19:74:b9:0e:e1:82:45:99:ef:48:51:9b:a8:8e:9c:71

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\GIT\nettest\Release\NetTest.pdb

Imports

wininet

InternetGetConnectedState

kernel32

ExitProcess

Sections

.text
Size: 512B - Virtual size: 55B

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 572B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 8B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 28B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/UtfRedirect.exe
.exe windows:5 windows x86 arch:x86

30ea4f8642e4e4c0e302dc34d72b9019

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ba:8a:eb:c9:83:ee:22:11:b0:f9:7d:ca:f0:4d:41:4b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-10-2014 00:00

Not After

01-10-2019 23:59

Subject

CN=NeoSmart Technologies,O=NeoSmart Technologies,POSTALCODE=60634,STREET=4038 N McVicker Ave,L=Wheaton,ST=IL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5b:a9:8d:85:4c:42:a4:94:f8:ba:e1:9a:93:5c:5f:b1:28:47:95:b7
Signer

Actual PE Digest

5b:a9:8d:85:4c:42:a4:94:f8:ba:e1:9a:93:5c:5f:b1:28:47:95:b7

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

D:\GIT\UtfRedirect\Release\UtfRedirect.pdb

Imports

kernel32

GetLastError
GetProcAddress
InitializeCriticalSectionAndSpinCount
DeleteCriticalSection
LoadLibraryW
CloseHandle
WaitForSingleObject
FreeLibrary
HeapDestroy
HeapAlloc
RaiseException
HeapReAlloc
HeapSize
GetProcessHeap
SetConsoleCP
SetConsoleOutputCP
GetStdHandle
SetStdHandle
CreateProcessW
GetExitCodeProcess
HeapFree
CreateFileW
EnterCriticalSection
LeaveCriticalSection
SetEvent
ResetEvent
WaitForSingleObjectEx
CreateEventW
GetModuleHandleW
UnhandledExceptionFilter
SetUnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
IsProcessorFeaturePresent
IsDebuggerPresent
GetStartupInfoW
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
InitializeSListHead
WideCharToMultiByte
SetLastError
TlsAlloc
TlsGetValue
TlsSetValue
TlsFree
CompareStringW
LCMapStringW
GetLocaleInfoW
GetStringTypeW
GetCPInfo
OutputDebugStringW
LoadLibraryExW
GetModuleFileNameW
RtlUnwind
ExitProcess
GetModuleHandleExW
WriteFile
GetCommandLineA
GetCommandLineW
GetACP
GetFileType
IsValidLocale
GetUserDefaultLCID
EnumSystemLocalesW
IsValidCodePage
GetOEMCP
GetEnvironmentStringsW
FreeEnvironmentStringsW
SetEnvironmentVariableW
FindClose
FindFirstFileExW
FindNextFileW
FlushFileBuffers
GetConsoleCP
GetConsoleMode
ReadFile
SetFilePointerEx
WriteConsoleW
ReadConsoleW
MultiByteToWideChar

advapi32

SystemFunction036

Sections

.text
Size: 123KB - Virtual size: 122KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 44KB - Virtual size: 44KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 4KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.tls
Size: 512B - Virtual size: 9B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 8KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/bcdboot.exe
.exe windows:10 windows x86 arch:x86

a6faca78f3a0e9fb9cf5b9d15ded6a9a

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_GUARD_CF
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

bcdboot.pdb

Imports

kernel32

Sleep
UnhandledExceptionFilter
GetFileType
GetProcAddress
GetStdHandle
GetConsoleOutputCP
GetModuleFileNameW
WriteConsoleW
FormatMessageW
GetConsoleMode
LoadLibraryW
WideCharToMultiByte
WriteFile
GetProcessHeap
HeapFree
HeapAlloc
FreeLibrary
SetLastError
GetLastError
GetCurrentProcess
TerminateProcess
GetModuleHandleA
QueryPerformanceCounter
GetCurrentProcessId
GetCurrentThreadId
GetSystemTimeAsFileTime
GetTickCount
LoadLibraryExW
GetVolumePathNameW
QueryDosDeviceW
LocalFree
MapViewOfFile
UnmapViewOfFile
GetCurrentThread
CreateFileW
GetFileSizeEx
CreateFileMappingW
CloseHandle
GetVolumeNameForVolumeMountPointW
FindFirstFileW
MoveFileExW
GetFileAttributesW
FindClose
GetUserDefaultUILanguage
GetVersionExW
LoadResource
FindResourceExW
GetSystemDefaultUILanguage
SearchPathW
CreateDirectoryW
GetFileInformationByHandle
DeviceIoControl
GetModuleHandleW
CopyFileExW
GetFullPathNameW
GetLocaleInfoW
GetVolumeInformationW
SetFileAttributesW
GetPrivateProfileSectionW
FindNextFileW
SetUnhandledExceptionFilter

msvcrt

wcstoul
wcscat_s
_ultow_s
wcsncpy_s
wcsstr
memset
_wcslwr
_snwscanf_s
strncmp
wcsncmp
bsearch
__iob_func
memcmp
memcpy
wcschr
_vsnwprintf_s
fflush
fwprintf
_vsnwprintf
wcsnlen
wcsrchr
memmove
_wcsupr
_except_handler4_common
_controlfp
?terminate@@YAXXZ
_initterm
__setusermatherr
__p__fmode
_cexit
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
wcscpy_s
_wsetlocale
_wcsicmp
swprintf_s
_wcsnicmp

rpcrt4

UuidCreate

imagehlp

CheckSumMappedFile

shlwapi

PathRemoveBackslashW

ntdll

NtEnumerateBootEntries
NtOpenDirectoryObject
NtQueryDirectoryObject
NtQueryBootEntryOrder
NtResetEvent
NtQueryValueKey
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtOpenKey
ZwResetEvent
ZwDeviceIoControlFile
ZwOpenSymbolicLinkObject
RtlGetVersion
ZwQuerySymbolicLinkObject
ZwCreateEvent
NtAdjustPrivilegesToken
NtOpenThreadTokenEx
RtlImpersonateSelf
NtOpenProcessTokenEx
LdrGetDllHandle
LdrGetProcedureAddress
RtlInitAnsiString
ZwAllocateUuids
RtlSetOwnerSecurityDescriptor
ZwOpenKey
ZwQueryKey
RtlCreateSecurityDescriptor
RtlLengthSid
ZwEnumerateKey
ZwDeleteKey
RtlAllocateAndInitializeSid
ZwLoadKey
RtlAddAccessAllowedAceEx
ZwSetSecurityObject
RtlLengthSecurityDescriptor
ZwQueryValueKey
ZwCreateFile
ZwSaveKey
ZwSetValueKey
ZwDeleteValueKey
RtlSetDaclSecurityDescriptor
RtlFreeSid
RtlCreateAcl
ZwCreateKey
ZwUnloadKey
RtlAppendUnicodeToString
ZwQueryAttributesFile
ZwOpenFile
ZwClose
ZwWaitForSingleObject
ZwReleaseMutant
ZwOpenMutant
ZwQuerySystemInformation
NtSetInformationFile
RtlAllocateHeap
RtlFreeHeap
LdrFindResource_U
LdrAccessResource
NtQuerySystemInformation
NtOpenFile
RtlImageNtHeader
NtOpenProcess
NtCreateEvent
NtClose
NtSetInformationThread
NtWaitForSingleObject
NtQueryInformationProcess
NtQueryInformationFile
NtQueryInformationThread
NtDeviceIoControlFile
RtlCompareMemory
RtlNtStatusToDosError
RtlFreeUnicodeString
RtlStringFromGUID
RtlGUIDFromString
RtlInitUnicodeString
NtTranslateFilePath

advapi32

OpenThreadToken
GetTokenInformation
GetSecurityDescriptorControl
SetNamedSecurityInfoW
LookupPrivilegeValueW
GetSecurityDescriptorOwner
ConvertStringSecurityDescriptorToSecurityDescriptorW
GetSecurityDescriptorSacl
AdjustTokenPrivileges
ConvertSidToStringSidW
GetSecurityDescriptorGroup
GetSecurityDescriptorDacl
RegCloseKey
RegOpenKeyExW
OpenProcessToken
RegQueryValueExW

Sections

.text
Size: 122KB - Virtual size: 121KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.idata
Size: 6KB - Virtual size: 5KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.rsrc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 6KB - Virtual size: 6KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/bcdedit.exe
.exe windows:6 windows x86 arch:x86

9ca53f4e6c9f41a86cecfe8d2bc4a2fa

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

bcdedit.pdb

Imports

advapi32

CryptAcquireContextA
CryptGenRandom
CryptReleaseContext
RegOpenKeyExW
RegCloseKey
RegQueryValueExW

kernel32

GetFileType
GetConsoleMode
WriteConsoleW
GetConsoleOutputCP
WideCharToMultiByte
WriteFile
CreateFileW
CloseHandle
DeviceIoControl
FormatMessageW
LocalFree
GetModuleFileNameW
LoadLibraryExW
GetProcAddress
FreeLibrary
SetLastError
GetStdHandle
UnmapViewOfFile
MapViewOfFile
SearchPathW
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
OutputDebugStringA
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
SetUnhandledExceptionFilter
UnhandledExceptionFilter
InterlockedCompareExchange
InterlockedExchange
Sleep
QueryDosDeviceW
GetLastError
FindResourceExW
LoadResource
GetLocaleInfoW
GetVersionExW
CreateFileMappingW
GetUserDefaultUILanguage
GetSystemDefaultUILanguage

msvcrt

__setusermatherr
_initterm
memcpy
memset
memmove
?terminate@@YAXXZ
_controlfp
__p__fmode
isdigit
isxdigit
isleadbyte
_fileno
calloc
free
localeconv
mbtowc
__mb_cur_max
_iob
_snprintf
_itoa
wctomb
malloc
ferror
iswctype
wcstombs
_read
__badioinfo
__pioinfo
realloc
_isatty
_write
_lseeki64
ungetc
bsearch
wcsncmp
strncmp
wcsstr
wcsrchr
_cexit
memcmp
_exit
exit
__set_app_type
__wgetmainargs
_amsg_exit
__p__commode
_XcptFilter
_errno
_wcsupr
_wcslwr
_wsetlocale
towupper
iswspace
_vsnwprintf
wcschr
_wcstoui64
wcstoul
_wcsnicmp
_wcsicmp

ntdll

RtlUnwind
NtClose
NtOpenFile
RtlStringFromGUID
RtlGUIDFromString
RtlInitUnicodeString
RtlFreeUnicodeString
RtlCompareMemory
RtlAllocateHeap
RtlFreeHeap
RtlNtStatusToDosError
ZwClose
ZwOpenFile
ZwQuerySystemInformation
ZwCreateEvent
ZwWaitForSingleObject
ZwDeviceIoControlFile
ZwUnloadKey
ZwCreateKey
ZwOpenThreadTokenEx
RtlCreateAcl
ZwQueryAttributesFile
RtlFreeSid
RtlSetDaclSecurityDescriptor
ZwDeleteValueKey
ZwSetValueKey
ZwAdjustPrivilegesToken
ZwSaveKey
ZwOpenProcessTokenEx
ZwCreateFile
ZwQueryValueKey
RtlLengthSecurityDescriptor
ZwSetSecurityObject
RtlAddAccessAllowedAceEx
ZwLoadKey
RtlAllocateAndInitializeSid
ZwDeleteKey
ZwEnumerateKey
RtlLengthSid
RtlCreateSecurityDescriptor
ZwQueryKey
ZwOpenKey
RtlSetOwnerSecurityDescriptor
ZwQuerySymbolicLinkObject
RtlInitAnsiString
RtlGetVersion
LdrGetProcedureAddress
LdrGetDllHandle
ZwOpenSymbolicLinkObject
ZwQueryVolumeInformationFile
ZwDeleteFile
ZwResetEvent
ZwQueryInformationFile
NtQuerySystemInformation
ZwAllocateUuids
NtOpenKey
NtDeviceIoControlFile
NtOpenSymbolicLinkObject
NtQuerySymbolicLinkObject
NtWaitForSingleObject
NtCreateEvent
NtQueryValueKey
NtSetValueKey
NtResetEvent
NtCreateKey
NtSetSecurityObject
NtDeleteKey
RtlDosPathNameToNtPathName_U

Sections

.text
Size: 162KB - Virtual size: 161KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 145KB - Virtual size: 144KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/bootsect.exe
.exe windows:6 windows x86 arch:x86

24a75d89d1ec171f38f6581ac583e6bd

Code Sign

61:08:b9:a4:00:00:00:00:00:10
Certificate

Issuer

CN=Microsoft Windows PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

14-03-2011 21:45

Not After

14-06-2012 21:55

Subject

CN=Microsoft Windows,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

61:0c:6a:19:00:00:00:00:00:04
Certificate

Issuer

CN=Microsoft Root Certificate Authority 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Not Before

06-07-2010 20:40

Not After

06-07-2025 20:50

Subject

CN=Microsoft Windows PCA 2010,O=Microsoft Corporation,L=Redmond,ST=Washington,C=US

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

aa:b9:cd:72:47:f4:2f:f3:a3:34:49:75:67:d4:6a:87:44:99:8f:5a:be:11:78:1f:2f:a3:87:e2:08:b4:0f:aa
Signer

Actual PE Digest

aa:b9:cd:72:47:f4:2f:f3:a3:34:49:75:67:d4:6a:87:44:99:8f:5a:be:11:78:1f:2f:a3:87:e2:08:b4:0f:aa

Digest Algorithm

sha256

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_32BIT_MACHINE

PDB Paths

bootsect.pdb

Imports

kernel32

QueryDosDeviceW
WideCharToMultiByte
GetConsoleMode
FormatMessageW
WriteConsoleW
GetModuleFileNameW
GetConsoleOutputCP
GetStdHandle
LocalAlloc
GetFileType
LocalFree
GetLastError
IsProcessorFeaturePresent
TerminateProcess
GetCurrentProcess
UnhandledExceptionFilter
GetTickCount
GetSystemTimeAsFileTime
GetCurrentThreadId
GetCurrentProcessId
QueryPerformanceCounter
GetModuleHandleA
SetUnhandledExceptionFilter
OutputDebugStringA
InterlockedCompareExchange
InterlockedExchange
Sleep
ReadFile
WriteFile
SetFilePointer
SearchPathW
MapViewOfFile
UnmapViewOfFile
GetSystemDefaultUILanguage
FindResourceExW
FreeLibrary
LoadResource
LoadLibraryExW
GetLocaleInfoW
GetVersionExW
CreateFileW
SetLastError
CreateFileMappingW
GetUserDefaultUILanguage
CloseHandle

msvcrt

__setusermatherr
_initterm
memcpy
memset
__p__fmode
free
malloc
iswctype
?terminate@@YAXXZ
_controlfp
isdigit
isxdigit
isleadbyte
_fileno
calloc
localeconv
mbtowc
_snprintf
_itoa
wctomb
ferror
wcstombs
_read
__badioinfo
__pioinfo
realloc
_isatty
_write
_lseeki64
ungetc
wcsstr
bsearch
wcsncmp
_cexit
_exit
exit
__set_app_type
__getmainargs
_amsg_exit
__p__commode
_XcptFilter
_iob
__mb_cur_max
_errno
_wcslwr
iswxdigit
_vsnwprintf
isalpha
_wcsnicmp
_wcsicmp
_stricmp

ntdll

RtlUnwind
NtResetEvent
NtCreateEvent
NtOpenDirectoryObject
RtlAllocateHeap
NtQueryDirectoryObject
NtWaitForSingleObject
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
RtlFreeHeap
NtDeviceIoControlFile
NtOpenFile
NtClose
RtlNtStatusToDosError
NtQueryVolumeInformationFile
NtFsControlFile
RtlInitUnicodeString
NtQuerySystemInformation
NtOpenKey
NtQueryValueKey

advapi32

RegQueryValueExW
RegCloseKey
RegOpenKeyExW

Sections

.text
Size: 55KB - Virtual size: 54KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 23KB - Virtual size: 28KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 16KB - Virtual size: 15KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 4KB - Virtual size: 3KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/udefrag-kernel.dll
.dll windows:5 windows x86 arch:x86

15cf95070b7a4df0085c336ce6867741

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\vc\myprojects\ultradefrag\src\archive\4.4.0\ultradefrag-4.4.0\src\obj\udefrag-kernel\objfre_wnet_x86\i386\udefrag-kernel.pdb

Imports

ntdll

NtSetEvent
_strupr
NtClearEvent
NtWaitForSingleObject
_wcslwr
wcslen
wcsstr
_wtol
_snprintf
_snwprintf
RtlFreeUnicodeString
_allmul
_aulldiv
_wcsupr
wcscmp
NtClose
RtlCreateUnicodeString
wcschr
NtCreateFile
NtFsControlFile
wcscpy
wcsncpy
NtQueryDirectoryFile
RtlInitUnicodeString
_alldiv
NtReadFile
_aullrem

zenwinx

winx_dbg_print
winx_list_insert_item
winx_heap_alloc_ex
winx_list_destroy
winx_heap_free
winx_dfbsize
winx_query_env_variable
winx_create_event
winx_destroy_event
winx_get_os_version
winx_dbg_print_ex
winx_xtime
winx_get_volume_information
winx_list_remove_item
winx_wcsistr
winx_delete_file
winx_fwrite
winx_fclose
winx_fopen
winx_fbopen
winx_fflush

Exports

Exports

udefrag_kernel_get_statistic
udefrag_kernel_native_init
udefrag_kernel_native_unload
udefrag_kernel_start
udefrag_kernel_stop

Sections

.text
Size: 41KB - Virtual size: 40KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 1008B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 984B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 3KB - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/udefrag.dll
.dll windows:5 windows x86 arch:x86

2001b5029c259349dd1e19901149c84b

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\vc\myprojects\ultradefrag\src\archive\4.4.0\ultradefrag-4.4.0\src\obj\udefrag\objfre_wnet_x86\i386\udefrag.pdb

Imports

ntdll

_wtoi
_snprintf
_allmul
strncpy
NtClose

zenwinx

winx_str2time
winx_query_env_variable
winx_dbg_print
winx_printf
winx_heap_alloc_ex
winx_heap_free
winx_sleep
winx_create_thread
winx_get_volume_information
winx_get_drive_type
winx_set_system_error_mode
winx_create_event
zenwinx_native_unload
zenwinx_native_init
winx_fbsize
winx_dfbsize
winx_exit_thread

udefrag-kernel

udefrag_kernel_get_statistic
udefrag_kernel_stop
udefrag_kernel_start
udefrag_kernel_native_unload
udefrag_kernel_native_init

Exports

Exports

udefrag_dfbsize
udefrag_fbsize
udefrag_get_default_formatted_results
udefrag_get_error_description
udefrag_get_map
udefrag_get_progress
udefrag_get_vollist
udefrag_init
udefrag_monolithic_native_app_init
udefrag_monolithic_native_app_unload
udefrag_release_default_formatted_results
udefrag_release_vollist
udefrag_start
udefrag_stop
udefrag_unload
udefrag_validate_volume

Sections

.text
Size: 5KB - Virtual size: 5KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: - Virtual size: 4B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 952B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 512B - Virtual size: 212B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
bin/udefrag.exe
.exe windows:5 windows x86 arch:x86

ec78e763b737542e59bca1ba11251c3d

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

PDB Paths

d:\work\vc\myprojects\ultradefrag\src\archive\4.4.0\ultradefrag-4.4.0\src\obj\console\objfre_wnet_x86\i386\udefrag.pdb

Imports

msvcrt

__set_app_type
_except_handler3
_controlfp
__p__fmode
__p__commode
_adjust_fdiv
__setusermatherr
_initterm
printf
__getmainargs
__initenv
_cexit
_XcptFilter
_exit
_c_exit
remove
time
srand
rand
_snprintf
exit
strstr
sscanf
atoi
strncmp
_iob
getenv
malloc
fprintf
free

kernel32

Sleep
SetUnhandledExceptionFilter
UnhandledExceptionFilter
GetCurrentProcess
TerminateProcess
GetSystemTimeAsFileTime
GetCurrentProcessId
GetCurrentThreadId
GetTickCount
QueryPerformanceCounter
CreateThread
CloseHandle
LoadLibraryA
GetProcAddress
OutputDebugStringA
GetCurrentThread
SetThreadPriority
SetConsoleWindowInfo
SetConsoleCursorPosition
GetStdHandle
GetConsoleScreenBufferInfo
SetConsoleCtrlHandler
GetLastError
FormatMessageA
LocalFree
SetConsoleTextAttribute

udefrag

udefrag_get_error_description
udefrag_release_vollist
udefrag_fbsize
udefrag_get_vollist
udefrag_stop
udefrag_unload
udefrag_release_default_formatted_results
udefrag_get_default_formatted_results
udefrag_get_progress
udefrag_start
udefrag_init
udefrag_validate_volume
udefrag_get_map

Sections

.text
Size: 20KB - Virtual size: 20KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 2KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 2KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
bin/zenwinx.dll
.dll windows:5 windows x86 arch:x86

7dadb6686767d26b6d5e23898bb41f51

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_NO_SEH

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

PDB Paths

d:\work\vc\myprojects\ultradefrag\src\archive\4.4.0\ultradefrag-4.4.0\src\obj\zenwinx\objfre_wnet_x86\i386\zenwinx.pdb

Imports

ntdll

NtCreateEvent
RtlInitUnicodeString
NtOpenEvent
NtClose
NtWaitForSingleObject
NtDeviceIoControlFile
NtCancelIoFile
NtReadFile
NtCreateFile
_snwprintf
NtAllocateVirtualMemory
NtFreeVirtualMemory
RtlAllocateHeap
RtlFreeHeap
RtlCreateHeap
RtlDestroyHeap
NtDisplayString
RtlFreeUnicodeString
RtlAnsiStringToUnicodeString
RtlInitAnsiString
_vsnprintf
_snprintf
DbgBreakPoint
RtlNormalizeProcessParams
NtTerminateProcess
NtShutdownSystem
NtDelayExecution
NtQuerySymbolicLinkObject
NtOpenSymbolicLinkObject
NtSetInformationProcess
NtLoadDriver
NtUnloadDriver
NtQueryValueKey
NtOpenKey
wcsstr
_wcsupr
strncat
LdrGetProcedureAddress
LdrGetDllHandle
RtlCreateUserThread
ZwTerminateThread
NtAdjustPrivilegesToken
NtOpenProcessToken
NtSetValueKey
NtFlushKey
wcscpy
wcscmp
wcslen
_atoi64
strchr
_strupr
_allmul
NtQueryVolumeInformationFile
NtQueryInformationProcess
toupper
strstr
wcsncpy
NtWriteFile
NtFsControlFile
NtFlushBuffersFile
NtQueryInformationFile
NtDeleteFile
RtlQueryEnvironmentVariable_U
RtlSetEnvironmentVariable
NtSetEvent
strncpy
NtUnmapViewOfSection
NtMapViewOfSection
NtOpenSection
NtQueryPerformanceCounter
_alldiv
towlower
NtQueryDirectoryFile
_aulldiv

Exports

Exports

winx_breakhit
winx_create_directory
winx_create_event
winx_create_thread
winx_dbg_print
winx_dbg_print_ex
winx_delete_file
winx_destroy_event
winx_destroy_history
winx_dfbsize
winx_enable_privilege
winx_exit
winx_exit_thread
winx_fbopen
winx_fbsize
winx_fclose
winx_fflush
winx_fopen
winx_fread
winx_fsize
winx_ftw
winx_ftw_release
winx_fwrite
winx_get_drive_type
winx_get_file_contents
winx_get_os_version
winx_get_proc_address
winx_get_volume_information
winx_get_windows_boot_options
winx_get_windows_directory
winx_getch
winx_getche
winx_gets
winx_heap_alloc_ex
winx_heap_free
winx_init
winx_init_history
winx_ioctl
winx_kb_read
winx_kbhit
winx_list_destroy
winx_list_insert_item
winx_list_remove_item
winx_load_driver
winx_open_event
winx_print_array_of_strings
winx_printf
winx_prompt
winx_prompt_ex
winx_putch
winx_puts
winx_query_env_variable
winx_query_symbolic_link
winx_reboot
winx_register_boot_exec_command
winx_release_file_contents
winx_scan_disk
winx_set_env_variable
winx_set_system_error_mode
winx_shutdown
winx_sleep
winx_str2time
winx_time2str
winx_unload_driver
winx_unregister_boot_exec_command
winx_virtual_alloc
winx_virtual_free
winx_wcsistr
winx_windows_in_safe_mode
winx_xtime
zenwinx_native_init
zenwinx_native_unload

Sections

.text
Size: 41KB - Virtual size: 41KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 1024B - Virtual size: 888B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.reloc
Size: 1KB - Virtual size: 1KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ
lang/README.md
lang/ar/AboutBox.xml
lang/ar/BcdLibrary.xml
lang/ar/DefragDialog.xml
lang/ar/DonationDialog.xml
lang/ar/DriveSelect.xml
lang/ar/EasyBCD.xml
lang/ar/LanguageDialog.xml
lang/ar/LicenseDialog.xml
lang/ar/MainUI.xml
lang/ar/OptionsDialog.xml
lang/ar/ProgressDialog.xml
lang/ar/SdiMaker.xml
lang/ar/properties.xml
lang/bg/AboutBox.xml
lang/bg/BcdLibrary.xml
lang/bg/DefragDialog.xml
lang/bg/DonationDialog.xml
lang/bg/DriveSelect.xml
lang/bg/EasyBCD.xml
lang/bg/LanguageDialog.xml
lang/bg/LicenseDialog.xml
lang/bg/MainUI.xml
lang/bg/OptionsDialog.xml
lang/bg/ProgressDialog.xml
lang/bg/SdiMaker.xml
lang/bg/properties.xml
lang/ca/AboutBox.xml
lang/ca/BcdLibrary.xml
lang/ca/DefragDialog.xml
lang/ca/DonationDialog.xml
lang/ca/DriveSelect.xml
lang/ca/EasyBCD.xml
lang/ca/LanguageDialog.xml
lang/ca/LicenseDialog.xml
lang/ca/MainUI.xml
lang/ca/OptionsDialog.xml
lang/ca/ProgressDialog.xml
lang/ca/SdiMaker.xml
lang/ca/properties.xml
lang/cs/AboutBox.xml
lang/cs/BcdLibrary.xml
lang/cs/DefragDialog.xml
lang/cs/DonationDialog.xml
lang/cs/DriveSelect.xml
lang/cs/EasyBCD.xml
lang/cs/LanguageDialog.xml
lang/cs/LicenseDialog.xml
lang/cs/MainUI.xml
lang/cs/OptionsDialog.xml
lang/cs/ProgressDialog.xml
lang/cs/SdiMaker.xml
lang/cs/properties.xml
lang/de/AboutBox.xml
lang/de/BcdLibrary.xml
lang/de/DefragDialog.xml
lang/de/DonationDialog.xml
lang/de/DriveSelect.xml
lang/de/EasyBCD.xml
lang/de/LanguageDialog.xml
lang/de/LicenseDialog.xml
lang/de/MainUI.xml
lang/de/OptionsDialog.xml
lang/de/ProgressDialog.xml
lang/de/SdiMaker.xml
lang/de/properties.xml
lang/el/AboutBox.xml
lang/el/BcdLibrary.xml
lang/el/DefragDialog.xml
lang/el/DonationDialog.xml
lang/el/DriveSelect.xml
lang/el/EasyBCD.xml
lang/el/LanguageDialog.xml
lang/el/LicenseDialog.xml
lang/el/MainUI.xml
lang/el/OptionsDialog.xml
lang/el/ProgressDialog.xml
lang/el/SdiMaker.xml
lang/el/properties.xml
lang/en-US/AboutBox.xml
lang/en-US/BcdLibrary.xml
lang/en-US/DefragDialog.xml
lang/en-US/DonationDialog.xml
lang/en-US/DriveSelect.xml
lang/en-US/EasyBCD.xml
lang/en-US/EasyRE.xml
lang/en-US/LanguageDialog.xml
lang/en-US/LicenseDialog.xml
lang/en-US/MainUI.xml
lang/en-US/OptionsDialog.xml
lang/en-US/ProgressDialog.xml
lang/en-US/SdiMaker.xml
lang/en-US/properties.xml
lang/es/AboutBox.xml
lang/es/BcdLibrary.xml
lang/es/DefragDialog.xml
lang/es/DonationDialog.xml
lang/es/DriveSelect.xml
lang/es/EasyBCD.xml
lang/es/LanguageDialog.xml
lang/es/LicenseDialog.xml
lang/es/MainUI.xml
lang/es/OptionsDialog.xml
lang/es/ProgressDialog.xml
lang/es/SdiMaker.xml
lang/es/properties.xml
lang/fi/AboutBox.xml
lang/fi/BcdLibrary.xml
lang/fi/DefragDialog.xml
lang/fi/DonationDialog.xml
lang/fi/DriveSelect.xml
lang/fi/EasyBCD.xml
lang/fi/LanguageDialog.xml
lang/fi/LicenseDialog.xml
lang/fi/MainUI.xml
lang/fi/OptionsDialog.xml
lang/fi/ProgressDialog.xml
lang/fi/SdiMaker.xml
lang/fi/properties.xml
lang/fr/AboutBox.xml
lang/fr/BcdLibrary.xml
lang/fr/DefragDialog.xml
lang/fr/DonationDialog.xml
lang/fr/DriveSelect.xml
lang/fr/EasyBCD.xml
lang/fr/LanguageDialog.xml
lang/fr/LicenseDialog.xml
lang/fr/MainUI.xml
lang/fr/OptionsDialog.xml
lang/fr/ProgressDialog.xml
lang/fr/SdiMaker.xml
lang/fr/properties.xml
lang/he/AboutBox.xml
lang/he/BcdLibrary.xml
lang/he/DefragDialog.xml
lang/he/DonationDialog.xml
lang/he/DriveSelect.xml
lang/he/EasyBCD.xml
lang/he/LanguageDialog.xml
lang/he/LicenseDialog.xml
lang/he/MainUI.xml
lang/he/OptionsDialog.xml
lang/he/ProgressDialog.xml
lang/he/SdiMaker.xml
lang/he/properties.xml
lang/hu/AboutBox.xml
lang/hu/BcdLibrary.xml
lang/hu/DefragDialog.xml
lang/hu/DonationDialog.xml
lang/hu/DriveSelect.xml
lang/hu/EasyBCD.xml
lang/hu/LanguageDialog.xml
lang/hu/LicenseDialog.xml
lang/hu/MainUI.xml
lang/hu/OptionsDialog.xml
lang/hu/ProgressDialog.xml
lang/hu/SdiMaker.xml
lang/hu/properties.xml
lang/it/AboutBox.xml
lang/it/BcdLibrary.xml
lang/it/DefragDialog.xml
lang/it/DonationDialog.xml
lang/it/DriveSelect.xml
lang/it/EasyBCD.xml
lang/it/LanguageDialog.xml
lang/it/LicenseDialog.xml
lang/it/MainUI.xml
lang/it/OptionsDialog.xml
lang/it/ProgressDialog.xml
lang/it/SdiMaker.xml
lang/it/properties.xml
lang/ko/AboutBox.xml
lang/ko/BcdLibrary.xml
lang/ko/DefragDialog.xml
lang/ko/DonationDialog.xml
lang/ko/DriveSelect.xml
lang/ko/EasyBCD.xml
lang/ko/LanguageDialog.xml
lang/ko/LicenseDialog.xml
lang/ko/MainUI.xml
lang/ko/OptionsDialog.xml
lang/ko/ProgressDialog.xml
lang/ko/SdiMaker.xml
lang/ko/properties.xml
lang/pl/AboutBox.xml
lang/pl/BcdLibrary.xml
lang/pl/DefragDialog.xml
lang/pl/DonationDialog.xml
lang/pl/DriveSelect.xml
lang/pl/EasyBCD.xml
lang/pl/LanguageDialog.xml
lang/pl/LicenseDialog.xml
lang/pl/MainUI.xml
lang/pl/OptionsDialog.xml
lang/pl/ProgressDialog.xml
lang/pl/SdiMaker.xml
lang/pl/properties.xml
lang/pt/AboutBox.xml
lang/pt/BcdLibrary.xml
lang/pt/DefragDialog.xml
lang/pt/DonationDialog.xml
lang/pt/DriveSelect.xml
lang/pt/EasyBCD.xml
lang/pt/LanguageDialog.xml
lang/pt/LicenseDialog.xml
lang/pt/MainUI.xml
lang/pt/OptionsDialog.xml
lang/pt/ProgressDialog.xml
lang/pt/SdiMaker.xml
lang/pt/properties.xml
lang/ru/AboutBox.xml
lang/ru/BcdLibrary.xml
lang/ru/DefragDialog.xml
lang/ru/DonationDialog.xml
lang/ru/DriveSelect.xml
lang/ru/EasyBCD.xml
lang/ru/LanguageDialog.xml
lang/ru/LicenseDialog.xml
lang/ru/MainUI.xml
lang/ru/OptionsDialog.xml
lang/ru/ProgressDialog.xml
lang/ru/SdiMaker.xml
lang/ru/properties.xml
lang/sl/AboutBox.xml
lang/sl/BcdLibrary.xml
lang/sl/DefragDialog.xml
lang/sl/DonationDialog.xml
lang/sl/DriveSelect.xml
lang/sl/EasyBCD.xml
lang/sl/LanguageDialog.xml
lang/sl/LicenseDialog.xml
lang/sl/MainUI.xml
lang/sl/OptionsDialog.xml
lang/sl/ProgressDialog.xml
lang/sl/SdiMaker.xml
lang/sl/properties.xml
lang/sv/AboutBox.xml
lang/sv/BcdLibrary.xml
lang/sv/DefragDialog.xml
lang/sv/DonationDialog.xml
lang/sv/DriveSelect.xml
lang/sv/EasyBCD.xml
lang/sv/LanguageDialog.xml
lang/sv/LicenseDialog.xml
lang/sv/MainUI.xml
lang/sv/OptionsDialog.xml
lang/sv/ProgressDialog.xml
lang/sv/SdiMaker.xml
lang/sv/properties.xml
lang/tags
lang/tr/AboutBox.xml
lang/tr/BcdLibrary.xml
lang/tr/DefragDialog.xml
lang/tr/DonationDialog.xml
lang/tr/DriveSelect.xml
lang/tr/EasyBCD.xml
lang/tr/LanguageDialog.xml
lang/tr/LicenseDialog.xml
lang/tr/MainUI.xml
lang/tr/OptionsDialog.xml
lang/tr/ProgressDialog.xml
lang/tr/SdiMaker.xml
lang/tr/properties.xml
lang/uk/AboutBox.xml
lang/uk/BcdLibrary.xml
lang/uk/DefragDialog.xml
lang/uk/DonationDialog.xml
lang/uk/DriveSelect.xml
lang/uk/EasyBCD.xml
lang/uk/LanguageDialog.xml
lang/uk/LicenseDialog.xml
lang/uk/MainUI.xml
lang/uk/OptionsDialog.xml
lang/uk/ProgressDialog.xml
lang/uk/SdiMaker.xml
lang/uk/properties.xml
lang/zh-CHS/AboutBox.xml
lang/zh-CHS/BcdLibrary.xml
lang/zh-CHS/DefragDialog.xml
lang/zh-CHS/DonationDialog.xml
lang/zh-CHS/DriveSelect.xml
lang/zh-CHS/EasyBCD.xml
lang/zh-CHS/LanguageDialog.xml
lang/zh-CHS/LicenseDialog.xml
lang/zh-CHS/MainUI.xml
lang/zh-CHS/OptionsDialog.xml
lang/zh-CHS/ProgressDialog.xml
lang/zh-CHS/SdiMaker.xml
lang/zh-CHS/properties.xml
lang/zh-TW/AboutBox.xml
lang/zh-TW/BcdLibrary.xml
lang/zh-TW/DefragDialog.xml
lang/zh-TW/DonationDialog.xml
lang/zh-TW/DriveSelect.xml
lang/zh-TW/EasyBCD.xml
lang/zh-TW/LanguageDialog.xml
lang/zh-TW/LicenseDialog.xml
lang/zh-TW/MainUI.xml
lang/zh-TW/OptionsDialog.xml
lang/zh-TW/ProgressDialog.xml
lang/zh-TW/SdiMaker.xml
lang/zh-TW/properties.xml
profiles/NeoSmart.bcd
profiles/boot0
profiles/detect
profiles/easyldr2
profiles/grldr
profiles/grldr.mbr
profiles/menu.txt
profiles/nst_mac.iso
.iso
Extra/Extensions/AHCIPortInjector.kext/Contents/Info.plist
.xml
Extra/Extensions/ATAPortInjector.kext/Contents/Info.plist
.xml
Extra/Extensions/Disabler.kext/Contents/Info.plist
.xml
Extra/Extensions/Disabler.kext/Contents/MacOS/Disabler
Extra/Extensions/IOAHCIBlockStorageInjector.kext/Contents/Info.plist
.xml
Extra/Extensions/JMicronATAInjector.kext/Contents/Info.plist
.xml
Extra/com.apple.Boot.plist
.xml
[BOOT]/Boot-NoEmul.img
usr/standalone/i386/boot
usr/standalone/i386/boot0
usr/standalone/i386/boot1f32
usr/standalone/i386/boot1h
usr/standalone/i386/boot1he
usr/standalone/i386/boot1hp
usr/standalone/i386/cdboot
usr/standalone/i386/chain0
usr/standalone/i386/fdisk
.macho macos arch:x86
profiles/nst_mac.mbr
profiles/plop.iso
.iso
[BOOT]/Boot-NoEmul.img
boot.catalog
isolinux.bin
isolinux.cfg
licence.txt
liesmich.html
.html
liesmich.txt
plpbt.bin
readme.html
.html
readme.txt
profiles/pmbr
uninstall.exe
.exe windows:4 windows x86 arch:x86

57e98d9a5a72c8d7ad8fb7a6a58b3daf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

Issuer

CN=Thawte Timestamping CA,OU=Thawte Certification,O=Thawte,L=Durbanville,ST=Western Cape,C=ZA

Not Before

21-12-2012 00:00

Not After

30-12-2020 23:59

Subject

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageCertSign
KeyUsageCRLSign

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

Issuer

CN=Symantec Time Stamping Services CA - G2,O=Symantec Corporation,C=US

Not Before

18-10-2012 00:00

Not After

29-12-2020 23:59

Subject

CN=Symantec Time Stamping Services Signer - G4,O=Symantec Corporation,C=US

Extended Key Usages

ExtKeyUsageTimeStamping

Key Usages

KeyUsageDigitalSignature

ba:8a:eb:c9:83:ee:22:11:b0:f9:7d:ca:f0:4d:41:4b
Certificate

Issuer

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

01-10-2014 00:00

Not After

01-10-2019 23:59

Subject

CN=NeoSmart Technologies,O=NeoSmart Technologies,POSTALCODE=60634,STREET=4038 N McVicker Ave,L=Wheaton,ST=IL,C=US

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

Issuer

CN=COMODO RSA Certification Authority,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Not Before

09-05-2013 00:00

Not After

08-05-2028 23:59

Subject

CN=COMODO RSA Code Signing CA,O=COMODO CA Limited,L=Salford,ST=Greater Manchester,C=GB

Extended Key Usages

ExtKeyUsageCodeSigning

Key Usages

KeyUsageDigitalSignature
KeyUsageCertSign
KeyUsageCRLSign

5d:1d:17:5f:37:46:86:ec:10:20:38:55:58:58:aa:82:a0:be:60:27
Signer

Actual PE Digest

5d:1d:17:5f:37:46:86:ec:10:20:38:55:58:58:aa:82:a0:be:60:27

Digest Algorithm

sha1

PE Digest Matches

true

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_RELOCS_STRIPPED
IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_32BIT_MACHINE

Imports

kernel32

SetEnvironmentVariableA
CreateFileA
GetFileSize
GetModuleFileNameA
ReadFile
GetCurrentProcess
CopyFileA
Sleep
GetTickCount
GetWindowsDirectoryA
GetTempPathA
GetCommandLineA
lstrlenA
GetVersion
SetErrorMode
lstrcpynA
ExitProcess
SetCurrentDirectoryA
GlobalLock
CreateThread
GetLastError
CreateDirectoryA
CreateProcessA
RemoveDirectoryA
GetTempFileNameA
WriteFile
lstrcpyA
MoveFileExA
lstrcatA
GetSystemDirectoryA
GetProcAddress
GetExitCodeProcess
WaitForSingleObject
CompareFileTime
SetFileAttributesA
GetFileAttributesA
GetShortPathNameA
MoveFileA
GetFullPathNameA
SetFileTime
SearchPathA
CloseHandle
lstrcmpiA
GlobalUnlock
GetDiskFreeSpaceA
lstrcmpA
FindFirstFileA
FindNextFileA
DeleteFileA
SetFilePointer
GetPrivateProfileStringA
FindClose
MultiByteToWideChar
FreeLibrary
MulDiv
WritePrivateProfileStringA
LoadLibraryExA
GetModuleHandleA
GlobalAlloc
GlobalFree
ExpandEnvironmentStringsA

user32

ScreenToClient
GetSystemMenu
SetClassLongA
IsWindowEnabled
SetWindowPos
GetSysColor
GetWindowLongA
SetCursor
LoadCursorA
CheckDlgButton
GetMessagePos
LoadBitmapA
CallWindowProcA
IsWindowVisible
CloseClipboard
SetClipboardData
EmptyClipboard
PostQuitMessage
GetWindowRect
EnableMenuItem
CreatePopupMenu
GetSystemMetrics
SetDlgItemTextA
GetDlgItemTextA
MessageBoxIndirectA
CharPrevA
DispatchMessageA
PeekMessageA
ReleaseDC
EnableWindow
InvalidateRect
SendMessageA
DefWindowProcA
BeginPaint
GetClientRect
FillRect
DrawTextA
EndDialog
RegisterClassA
SystemParametersInfoA
CreateWindowExA
GetClassInfoA
DialogBoxParamA
CharNextA
ExitWindowsEx
GetDC
CreateDialogParamA
SetTimer
GetDlgItem
SetWindowLongA
SetForegroundWindow
LoadImageA
IsWindow
SendMessageTimeoutA
FindWindowExA
OpenClipboard
TrackPopupMenu
AppendMenuA
EndPaint
DestroyWindow
wsprintfA
ShowWindow
SetWindowTextA

gdi32

SelectObject
SetBkMode
CreateFontIndirectA
SetTextColor
DeleteObject
GetDeviceCaps
CreateBrushIndirect
SetBkColor

shell32

SHGetSpecialFolderLocation
ShellExecuteExA
SHGetPathFromIDListA
SHBrowseForFolderA
SHGetFileInfoA
SHFileOperationA

advapi32

AdjustTokenPrivileges
RegCreateKeyExA
RegOpenKeyExA
SetFileSecurityA
OpenProcessToken
LookupPrivilegeValueA
RegEnumValueA
RegDeleteKeyA
RegDeleteValueA
RegCloseKey
RegSetValueExA
RegQueryValueExA
RegEnumKeyA

comctl32

ImageList_Create
ImageList_AddMasked
ImageList_Destroy
ord17

ole32

OleUninitialize
OleInitialize
CoTaskMemFree
CoCreateInstance

Sections

.text
Size: 24KB - Virtual size: 24KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 5KB - Virtual size: 4KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 1024B - Virtual size: 106KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.ndata
Size: - Virtual size: 36KB

IMAGE_SCN_CNT_UNINITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.rsrc
Size: 17KB - Virtual size: 16KB

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
$PLUGINSDIR/System.dll
.dll windows:4 windows x86 arch:x86

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

IMAGE_DLLCHARACTERISTICS_DYNAMIC_BASE
IMAGE_DLLCHARACTERISTICS_NX_COMPAT
IMAGE_DLLCHARACTERISTICS_NO_SEH
IMAGE_DLLCHARACTERISTICS_TERMINAL_SERVER_AWARE

File Characteristics

IMAGE_FILE_EXECUTABLE_IMAGE
IMAGE_FILE_LINE_NUMS_STRIPPED
IMAGE_FILE_LOCAL_SYMS_STRIPPED
IMAGE_FILE_LARGE_ADDRESS_AWARE
IMAGE_FILE_32BIT_MACHINE
IMAGE_FILE_DLL

Imports

kernel32

MultiByteToWideChar
GlobalFree
GlobalSize
lstrcpynA
lstrcpyA
GetProcAddress
VirtualFree
FreeLibrary
lstrlenA
LoadLibraryA
GetModuleHandleA
GlobalAlloc
WideCharToMultiByte
VirtualAlloc
VirtualProtect
GetLastError

user32

wsprintfA

ole32

StringFromGUID2
CLSIDFromString

Exports

Exports

Alloc
Call
Copy
Free
Get
Int64Op
Store
StrAlloc

Sections

.text
Size: 8KB - Virtual size: 7KB

IMAGE_SCN_CNT_CODE
IMAGE_SCN_MEM_EXECUTE
IMAGE_SCN_MEM_READ

.rdata
Size: 1024B - Virtual size: 867B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ

.data
Size: 512B - Virtual size: 104B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_READ
IMAGE_SCN_MEM_WRITE

.reloc
Size: 1024B - Virtual size: 636B

IMAGE_SCN_CNT_INITIALIZED_DATA
IMAGE_SCN_MEM_DISCARDABLE
IMAGE_SCN_MEM_READ

Sharing

General

Malware Config

Signatures

Files

57e98d9a5a72c8d7ad8fb7a6a58b3daf

Code Sign

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3bCertificate

Extended Key Usages

Key Usages

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50Certificate

Extended Key Usages

Key Usages

ba:8a:eb:c9:83:ee:22:11:b0:f9:7d:ca:f0:4d:41:4bCertificate

Extended Key Usages

Key Usages

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:afCertificate

Extended Key Usages

Key Usages

c3:40:3a:5a:56:cb:8a:9d:74:45:10:1a:f6:6d:8e:c0:49:28:b1:5bSigner

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

advapi32

comctl32

ole32

Sections

.text Size: 24KB - Virtual size: 24KB

.rdata Size: 5KB - Virtual size: 4KB

.data Size: 1024B - Virtual size: 106KB

.ndata Size: - Virtual size: 68KB

.rsrc Size: 64KB - Virtual size: 64KB

8ef3613e48db9e7b48e33704238cd659

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

comctl32

wininet

Exports

Exports

Sections

.text Size: 14KB - Virtual size: 13KB

.data Size: 2KB - Virtual size: 15KB

.rsrc Size: 2KB - Virtual size: 2KB

.reloc Size: 2KB - Virtual size: 1KB

610235b90207a63ccf481f0d4375d329

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

gdi32

shell32

comdlg32

ole32

Exports

Exports

Sections

.text Size: 7KB - Virtual size: 6KB

.rdata Size: 2KB - Virtual size: 2KB

.data Size: 2KB - Virtual size: 10KB

.rsrc Size: 512B - Virtual size: 152B

.reloc Size: 1KB - Virtual size: 1KB

8c8a576201f68de1a3f26fc723b9f30f

Headers

DLL Characteristics

File Characteristics

Imports

kernel32

user32

ole32

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

ba:8a:eb:c9:83:ee:22:11:b0:f9:7d:ca:f0:4d:41:4b
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

c3:40:3a:5a:56:cb:8a:9d:74:45:10:1a:f6:6d:8e:c0:49:28:b1:5b
Signer

.text
Size: 24KB - Virtual size: 24KB

.rdata
Size: 5KB - Virtual size: 4KB

.data
Size: 1024B - Virtual size: 106KB

.ndata
Size: - Virtual size: 68KB

.rsrc
Size: 64KB - Virtual size: 64KB

.text
Size: 14KB - Virtual size: 13KB

.data
Size: 2KB - Virtual size: 15KB

.rsrc
Size: 2KB - Virtual size: 2KB

.reloc
Size: 2KB - Virtual size: 1KB

.text
Size: 7KB - Virtual size: 6KB

.rdata
Size: 2KB - Virtual size: 2KB

.data
Size: 2KB - Virtual size: 10KB

.rsrc
Size: 512B - Virtual size: 152B

.reloc
Size: 1KB - Virtual size: 1KB

.text
Size: 8KB - Virtual size: 7KB

.rdata
Size: 1024B - Virtual size: 867B

.data
Size: 512B - Virtual size: 104B

.reloc
Size: 1024B - Virtual size: 636B

.text
Size: 3KB - Virtual size: 2KB

.rdata
Size: 1KB - Virtual size: 1KB

.data
Size: 512B - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 458B

7e:93:eb:fb:7c:c6:4e:59:ea:4b:9a:77:d4:06:fc:3b
Certificate

0e:cf:f4:38:c8:fe:bf:35:6e:04:d8:6a:98:1b:1a:50
Certificate

ba:8a:eb:c9:83:ee:22:11:b0:f9:7d:ca:f0:4d:41:4b
Certificate

2e:7c:87:cc:0e:93:4a:52:fe:94:fd:1c:b7:cd:34:af
Certificate

cb:a3:2c:5a:b0:72:f1:66:c5:00:bc:34:06:3d:16:dc:b8:ac:0e:2f
Signer

.text
Size: 885KB - Virtual size: 885KB

.rsrc
Size: 73KB - Virtual size: 72KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 23KB - Virtual size: 22KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B

.text
Size: 470KB - Virtual size: 469KB

.rsrc
Size: 1KB - Virtual size: 1KB

.reloc
Size: 512B - Virtual size: 12B